On Wed, Sep 13, 2017 at 4:57 AM, Mark Friedenbach via bitcoin-dev <firstname.lastname@example.org> wrote: >> Without the limit I think we would be DoS-ed to dead > > 4MB of secp256k1 signatures takes 10s to validate on my 5 year old > laptop (125,000 signatures, ignoring public keys and other things that > would consume space). That's much less than bad blocks that can be > constructed using other vulnerabilities.
Sidenote-ish, but I also believe it would be fairly trivial to keep a per UTXO tally and demand additional fees when trying to respend a UTXO which was previously "spent" with an invalid op count. I.e. if you sign off on an input for a tx that you know is bad, the UTXO in question will be penalized proportionately to the wasted ops when included in another transaction later. That would probably kill that DoS attack as the attacker would effectively lose bitcoin every time, even if it was postponed until they spent the UTXO. The only thing clients would need to do is to add a fee rate penalty ivar and a mapping of outpoint to penalty value, probably stored as a separate .dat file. I think. _______________________________________________ bitcoin-dev mailing list email@example.com https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev