On Tue, Jul 30, 2019 at 10:27:17PM +0100, Chris Belcher wrote: > And any ECC-alternative or hash-function-alternative fork will > probably take a couple of months to be designed, implemented and > deployed as well, giving a chance for lockers to move coins.
Probably. A stronger form of my argument would apply to single-wallet (or wallet library) problems of the type we see with depressing regularity, such as reused nonces, weak nonces, brainwallets, and weak HD seeds. In some cases, this leads directly to theft and loss---but in others, the problem is detected by a friendly party and funds can be moved to a secure address before the problem is publicly disclosed and attackers try to exploit it themselves. If funds are timelocked, there's a greater chance that the issue will become publicly known and easily exploitable while the funds are inaccessible. Then, at the time the lock expires, it'll become a race between attackers and the coin owner to see who can get a spending transaction confirmed first. > This scheme could be attacked using address reuse. An attacker could > create an aged coin on a heavily-reused address, which would force an > SPV client using this scheme to download all the blocks which contain > this reused address which could result in many gigabytes of extra > download requirement. Good point. There's also the case that some Electrum-style indexers don't index more than a certain number of outputs sent to the same address. E.g., I believe Electrs[1] stops indexing by default after 100 outputs to the same address. [1] https://github.com/romanz/electrs > So to fix this: a condition for aged coins is that their address has not > been reused, if the coin is on a reused address then the value of the > fidelity bond becomes zero. I don't think that works. If Bob sends 100 BTC to bc1foo and then uses that UTXO as his fidelity bond, Mallory can subsequently send some dust to bc1foo to invalidate Bob's bond. To use compact block filters in a way that prevents spamming, I think we'd need a different filter type that allowed you to filter by outpoint. -Dave _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
