On Tue, Sep 12, 2017 at 3:57 PM, Mark Friedenbach via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote:
> > 4MB of secp256k1 signatures takes 10s to validate on my 5 year old > laptop (125,000 signatures, ignoring public keys and other things that > would consume space). That's much less than bad blocks that can be > constructed using other vulnerabilities. If there were no sigops limits, I believe the worst case block could have closer to 1,000,000 CHECKSIG operations. Signature checks are cached so while repeating the sequence "2DUP CHECKSIGVERIFY" does create a lot of checksig operations, the cached values prevent a lot of work being done. To defeat the cache one can repeat the sequence "2DUP CHECKSIG DROP CODESEPARATOR", which will create unique signature validation requests every 4 bytes.
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
