Re: [bitcoin-dev] BIP 158 Flexibility and Filter Size

2018-06-01 Thread Jim Posen via bitcoin-dev
To address the at-least-one-honest peer security assumption for light clients, I think this is a rather good security model for light clients. First it significantly reduces the chances that an attacker can eclipse a client just by chance, and clients can implement measures like ensuring

Re: [bitcoin-dev] BIP 158 Flexibility and Filter Size

2018-06-01 Thread Gregory Maxwell via bitcoin-dev
On Sat, Jun 2, 2018 at 12:01 AM, Olaoluwa Osuntokun wrote: >> A typical network attacker (e.g. someone on your lan or wifi segmet, or >> someone who has compromised or operates an upstream router) can be all of >> your peers. > > This is true, but it cannot make us accept any invalid filters

Re: [bitcoin-dev] BIP 158 Flexibility and Filter Size

2018-06-01 Thread Olaoluwa Osuntokun via bitcoin-dev
> A typical network attacker (e.g. someone on your lan or wifi segmet, or > someone who has compromised or operates an upstream router) can be all of > your peers. This is true, but it cannot make us accept any invalid filters unless the attacker is also creating invalid blocks w/ valid PoW. >

Re: [bitcoin-dev] SIGHASH2 for version 1 witness programme

2018-06-01 Thread Johnson Lau via bitcoin-dev
> On 2 Jun 2018, at 2:15 AM, Russell O'Connor wrote: > > > I prefer a different opcode for CHECKSIGFROMSTACK because I dislike opcodes > that pop a non-static number of elements off the stack. Popping a dynamic > number of stack elements makes it more difficult to validate that a Script >

Re: [bitcoin-dev] SIGHASH2 for version 1 witness programme

2018-06-01 Thread Russell O'Connor via bitcoin-dev
On Fri, Jun 1, 2018 at 1:03 PM, Johnson Lau wrote: > On 1 Jun 2018, at 11:03 PM, Russell O'Connor > wrote: > On Thu, May 31, 2018 at 2:35 PM, Johnson Lau via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org> wrote: > >> >> Double SHA256 of the serialization of: >> > > Should we replace

Re: [bitcoin-dev] SIGHASH2 for version 1 witness programme

2018-06-01 Thread Johnson Lau via bitcoin-dev
> On 1 Jun 2018, at 11:03 PM, Russell O'Connor wrote: > > > > On Thu, May 31, 2018 at 2:35 PM, Johnson Lau via bitcoin-dev > > wrote: > > Double SHA256 of the serialization of: > > Should we replace the Double SHA256 with a Single SHA256?

Re: [bitcoin-dev] SIGHASH2 for version 1 witness programme

2018-06-01 Thread Russell O'Connor via bitcoin-dev
On Thu, May 31, 2018 at 2:35 PM, Johnson Lau via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > > Double SHA256 of the serialization of: > Should we replace the Double SHA256 with a Single SHA256? There is no possible length extension attack here. Or are we speculating that