Re: [Bitcoin-development] SPV clients and relaying double spends

2014-09-27 Thread Tom Harding
On 9/25/2014 7:37 PM, Aaron Voisine wrote: > Of course you wouldn't want nodes to propagate alerts without > independently verifying them How would a node independently verify a double-spend alert, other than by having access to an actual signed double-spend? #4570 relays the first double-spend A

Re: [Bitcoin-development] SPV clients and relaying double spends

2014-09-26 Thread s7r
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/26/2014 5:16 AM, Matt Whitlock wrote: > Probably the first double-spend attempt (i.e., the second > transaction to spend the same output(s) as another tx already in > the mempool) would still need to be relayed. A simple > "double-spend alert"

Re: [Bitcoin-development] SPV clients and relaying double spends

2014-09-25 Thread Christophe Biocca
A lot of this discussion has already occured. Some code was even merged into master, then reverted. See: https://github.com/bitcoin/bitcoin/issues/4550 https://github.com/bitcoin/bitcoin/pull/4570 It would probably be a good idea to start from that code, as it addresses many of the possible pitfa

Re: [Bitcoin-development] SPV clients and relaying double spends

2014-09-25 Thread Aaron Voisine
Of course you wouldn't want nodes to propagate alerts without independently verifying them, otherwise anyone could just issue alerts for every new transaction. Aaron Voisine breadwallet.com On Thu, Sep 25, 2014 at 7:16 PM, Matt Whitlock wrote: > Probably the first double-spend attempt (i.e., th

Re: [Bitcoin-development] SPV clients and relaying double spends

2014-09-25 Thread Matt Whitlock
What's to stop an attacker from broadcasting millions of spends of the same output(s) and overwhelming nodes with slower connections? Might it be a better strategy not to relay the actual transactions (after the first) but rather only propagate (once) some kind of double-spend alert? On Thursd

Re: [Bitcoin-development] SPV clients and relaying double spends

2014-09-25 Thread Matt Whitlock
Probably the first double-spend attempt (i.e., the second transaction to spend the same output(s) as another tx already in the mempool) would still need to be relayed. A simple "double-spend alert" wouldn't work because it could be forged. But after there have been two attempts to spend the same

Re: [Bitcoin-development] SPV clients and relaying double spends

2014-09-25 Thread Aaron Voisine
Something like that would be a great help for SPV clients that can't detect double spends on their own. (still limited of course to sybil attack concerns) Aaron Voisine breadwallet.com On Thu, Sep 25, 2014 at 7:07 PM, Matt Whitlock wrote: > What's to stop an attacker from broadcasting millions

[Bitcoin-development] SPV clients and relaying double spends

2014-09-25 Thread Aaron Voisine
There was some discussion of having nodes relay double-spends in order to alert the network about double spend attempts. A lot more users will be using SPV wallets in the future, and one of the techniques SPV clients use to judge how likely a transaction is to be confirmed is if it propagates acro