On Mon, Nov 07, 2011 at 10:27:57AM -0500, Luke-Jr wrote: > On Monday, November 07, 2011 10:02:43 AM Pieter Wuille wrote: > > Maybe a short interval (1 minute? 10 minutes?) instead of a fixed > > value could be allowed for the multiple-of-2016 blocks. > > Reminder that there is *already* a short interval only allowed for blocks in > general...
In chains where no timejacking attack is going on, yes. In the common case the timestamp is limited to a range of [5 blocks in the past ... 2 hours in the future]. However, during a timejacking attack, the timestamps of multiple-of-2016 blocks are essentially independent from the others. In such a case, most timestamps are very low, and only those of multiple-of-2016-blocks correspond to the current time. Each 2016*N-1 to 2016*N transition incurs an arbitrary large forward shift to the present time, each 2016*N to 2016*N+1 transition does a time shift backwards again that is allowed because the median allows single outliers. By fixing the timestamp occasionally more tightly to the maximum, instead of the median, no such time lapses are possible. Updated proposed rule: limit the timestamp of multiple-of-2016-blocks to [max(past 11 timestamps)+1 ... current_time+7200], essentially just using a maximum instead of a median. I believe that is enough to prevent the attack. -- Pieter ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
