Occured to me that this hasn't been mentioned before... We can trivially fix the quadratic CHECK(MULTI)SIG execution time issue by soft-forking in a limitation on just SignatureHash() to only return true if the tx size is <100KB. (or whatever limit makes sense)
This fix has the advantage over schemes that limit all txs, or try to count sigops, of being trivial to implement, while still allowing for a future CHECKSIG2 soft-fork that properly fixes the quadratic hashing issue; >100KB txs would still be technically allowed, it's just that (for now) there'd be no way for them to spend coins that are cryptographically secured. For example, if we had an issue with a major miner exploiting slow-to-propagate blocks(1) to harm their competitors, this simple fix could be deployed as a soft-fork in a matter of days, stopping the attack quickly. 1) www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg03200.html -- 'peter'[:-1]@petertodd.org 0000000000000000094afcbbad10aa6c82ddd8aad102020e553d50a60b6c678f
signature.asc
Description: Digital signature
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
