On Wed, 2018-01-24 at 19:51 +0100, Natanael wrote: > > That's not the type of attack I'm imagining. Both versions of your > scheme are essentially equivalent in terms of this attack. > > Intended steps: > 1: You publish a hash commitment. > 2: The hash ends up in the blockchain. > 3: You publish the transaction itself, and it matches the hash > commitment. > 4: Because it matches, miners includes it. It's now in the > blockchain.
I think you misread my second proposal. The first step is not only to publish the hash but to publish a *pair* consisting of the hash and the transaction. If the attacker changes the transaction on the wire, the user does not care and will try again. By the way: As described here, everybody could do this first step and flood the blockchain with it. We cannot immediately subtract a fee, because it's not clear that some transaction will take place at all. So we need to take the fee from somewhere else or do something else to prevent spam. But that's entirely different issue... _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev