On Sat, Jun 09, 2018 at 01:03:53PM +0200, Sergio Demian Lerner wrote: > Hi Peter, > We reported this as CVE-2017-12842, although it may have been known by > developers before us.
It's been known so long ago that I incorrectly thought the attack was ok to discuss in public; I had apparently incorrectly remembered a conversation I had with Greg Maxwell over a year ago where I thought he said it was fine to discuss because it was well known. My apologies to anyone who thinks my post was jumping the gun by discussing this in public; cats out of the bag now anyway. > There are hundreds of SPV wallets out there, without even considering other > more sensitive systems relying on SPV proofs. > As I said we, at RSK, discovered this problem in 2017. For RSK it's very > important this is fixed because our SPV bridge uses SPV proofs. > I urge all people participating in this mailing list and the rest of the > Bitcoin community to work on this issue for the security and clean-design > of Bitcoin. My post is arguing that we *don't* need to fix the attack, because we can make pruned nodes invulerable to it while retaining the ability to verify merkle path tx inclusion proofs. As for SPV, there is no attack to fix: they can be attacked at much lower cost by simply generating fake blocks. -- https://petertodd.org 'peter'[:-1]@petertodd.org
signature.asc
Description: PGP signature
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
