š
Original date posted:2018-06-09
š Original message:On Sat, Jun 09, 2018 at 02:21:17PM +0200, Sergio Demian Lerner wrote:
> Also it must be noted that an attacker having only 1.3M USD that can
> brute-force 72 bits (4 days of hashing on capable ASICs) can perform the
> same attack, so the attack is entirely feasible and no person should accept
> more than 1M USD using a SPV wallet.
That doesn't make any sense. Against a SPV wallet you don't need that attack;
with that kind of budget you can fool it by just creating a fake block at far
less cost, along with a sybil attack. Sybils aren't difficult to pull off when
you have the budget to be greating fake blocks.
> Also the attack can be repeated: once you create the "extension point"
> block, you can attack more and more parties without any additional
> computation.
That's technically incorrect: txouts can only be spent once, so you'll need to
do 2^40 work each time you want to repeat the attack to grind the matching part
of the prevout again.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180609/fd6ded5c/attachment.sig>;
Peter Todd [ARCHIVE] /
npub1m2ā¦a2np2
2023-06-07 18:12:58
in reply to nevent1qā¦9ccn
Author Public Key
npub1m230cem2yh3mtdzkg32qhj73uytgkyg5ylxsu083n3tpjnajxx4qqa2np2Published at
2023-06-07 18:12:58Event JSON
{
"id": "6e0fd3e53cccd7c4acb61fc2aeeb5d65b7308d293731ced9f6ee06df1f03a919",
"pubkey": "daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa",
"created_at": 1686161578,
"kind": 1,
"tags": [
[
"e",
"7a6928115f0482ae6ba69f7494f1e58497a12608fbde58f7bb3fa58e19c8ae03",
"",
"root"
],
[
"e",
"d502d50d3d9952f81884a01a1259c6c4bea7cc7561cc6cb2b7b6436c47830014",
"",
"reply"
],
[
"p",
"4b38603408f5be002091210e869a4ca86fc2aa1ffd0871036a0668068ee626ee"
]
],
"content": "š
Original date posted:2018-06-09\nš Original message:On Sat, Jun 09, 2018 at 02:21:17PM +0200, Sergio Demian Lerner wrote:\n\u003e Also it must be noted that an attacker having only 1.3M USD that can\n\u003e brute-force 72 bits (4 days of hashing on capable ASICs) can perform the\n\u003e same attack, so the attack is entirely feasible and no person should accept\n\u003e more than 1M USD using a SPV wallet.\n\nThat doesn't make any sense. Against a SPV wallet you don't need that attack;\nwith that kind of budget you can fool it by just creating a fake block at far\nless cost, along with a sybil attack. Sybils aren't difficult to pull off when\nyou have the budget to be greating fake blocks.\n\n\u003e Also the attack can be repeated: once you create the \"extension point\"\n\u003e block, you can attack more and more parties without any additional\n\u003e computation.\n\nThat's technically incorrect: txouts can only be spent once, so you'll need to\ndo 2^40 work each time you want to repeat the attack to grind the matching part\nof the prevout again.\n\n-- \nhttps://petertodd.org 'peter'[:-1]@petertodd.org\n-------------- next part --------------\nA non-text attachment was scrubbed...\nName: signature.asc\nType: application/pgp-signature\nSize: 488 bytes\nDesc: not available\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180609/fd6ded5c/attachment.sig\u003e",
"sig": "800bb5ca0a84daa886b954ba7d370ead31999d50fa43accebcb0fdd8f23f9877cdc53e602d150a593cfa7b587361664edca01f8f0b85976dad86df983b626bbb"
}