Mark Friedenbach [ARCHIVE] on Nostr: 📅 Original date posted:2017-09-12 📝 Original message:On Sep 12, 2017, at 1:55 ...
📅 Original date posted:2017-09-12
📝 Original message:On Sep 12, 2017, at 1:55 AM, Johnson Lau <jl2012 at xbt.hk> wrote:
> This is ugly and actually broken, as different script path may
> require different number of stack items, so you don't know how many
> OP_TOALTSTACK do you need. Easier to just use a new witness version
DEPTH makes this relatively easy to do. Just repeat the following for
the maximum number of stack elements that might be used:
DEPTH 1SUB IF SWAP TOALTSTACK ENDIF
There are probably more compact alternatives.
Using a new script version is easier, but not faster. There's a number
of things that might be fixed in a v1 upgrade, and various design
decisions to sort out regarding specification of a witness version
(version in the witness rather than the scriptPubKey).
Tree signatures and MAST are immediately useful to many services,
however, and I would hate to delay usage by six months to a year or
more by serializing dependencies instead of doing them in parallel.
> Otherwise, one could attack relay and mining nodes by sending many
> small size txs with many sigops, forcing them to validate, and
> discard due to insufficient fees.
>
> Technically it might be ok if we commit the total validation cost
> (sigop + hashop + whatever) as the first witness stack item
That is what I'm suggesting. And yes, there are changes that would
have to be made to the p2p layer and transaction processing to handle
this safely. I'm arguing that the cost of doing so is worth it, and a
better path forward.
> Without the limit I think we would be DoS-ed to dead
4MB of secp256k1 signatures takes 10s to validate on my 5 year old
laptop (125,000 signatures, ignoring public keys and other things that
would consume space). That's much less than bad blocks that can be
constructed using other vulnerabilities.
> So to make it functionally comparable with your proposal, the
> IsMSV0Stack() function is not needed. The new 249-254 lines in
> interpreter.cpp could be removed. The new 1480-1519 lines could be
> replaced by a few lines copied from the existing P2WSH code. I can
> make a minimal version if you want to see how it looks like
That's alright, I don't think it's necessary to purposefully restrict
one to compare them head to head with the same features. They are
different proposals with different pros and cons.
Kind regards,
Mark Friedenbach
Published at
2023-06-07 18:05:36Event JSON
{
"id": "44552af96d1ab4faf2bc2777f22ba0f0fbddfe1a3420ef5736802d2b93cb7145",
"pubkey": "1c61d995949cbfaf14f767784e166bde865c7b8783d7aa3bf0a1d014b70c0069",
"created_at": 1686161136,
"kind": 1,
"tags": [
[
"e",
"0d97933d6393537f8afa1f55574e0ec2278e08b49a828e8a6bf1f6fff59c2613",
"",
"root"
],
[
"e",
"324a4417f7638f24ada197166daa0d7728edb7884f9a1808f4b907905ec97173",
"",
"reply"
],
[
"p",
"492fa402e838904bdc8eb2c8fafa1aa895df26438bfd998c71b01cb9db550ff7"
]
],
"content": "📅 Original date posted:2017-09-12\n📝 Original message:On Sep 12, 2017, at 1:55 AM, Johnson Lau \u003cjl2012 at xbt.hk\u003e wrote:\n\n\u003e This is ugly and actually broken, as different script path may\n\u003e require different number of stack items, so you don't know how many\n\u003e OP_TOALTSTACK do you need. Easier to just use a new witness version\n\nDEPTH makes this relatively easy to do. Just repeat the following for\nthe maximum number of stack elements that might be used:\n\n DEPTH 1SUB IF SWAP TOALTSTACK ENDIF\n\nThere are probably more compact alternatives.\n\nUsing a new script version is easier, but not faster. There's a number\nof things that might be fixed in a v1 upgrade, and various design\ndecisions to sort out regarding specification of a witness version\n(version in the witness rather than the scriptPubKey).\n\nTree signatures and MAST are immediately useful to many services,\nhowever, and I would hate to delay usage by six months to a year or\nmore by serializing dependencies instead of doing them in parallel.\n\n\u003e Otherwise, one could attack relay and mining nodes by sending many\n\u003e small size txs with many sigops, forcing them to validate, and\n\u003e discard due to insufficient fees.\n\u003e\n\u003e Technically it might be ok if we commit the total validation cost\n\u003e (sigop + hashop + whatever) as the first witness stack item\n\nThat is what I'm suggesting. And yes, there are changes that would\nhave to be made to the p2p layer and transaction processing to handle\nthis safely. I'm arguing that the cost of doing so is worth it, and a\nbetter path forward.\n\n\u003e Without the limit I think we would be DoS-ed to dead\n\n4MB of secp256k1 signatures takes 10s to validate on my 5 year old\nlaptop (125,000 signatures, ignoring public keys and other things that\nwould consume space). That's much less than bad blocks that can be\nconstructed using other vulnerabilities.\n\n\u003e So to make it functionally comparable with your proposal, the\n\u003e IsMSV0Stack() function is not needed. The new 249-254 lines in\n\u003e interpreter.cpp could be removed. The new 1480-1519 lines could be\n\u003e replaced by a few lines copied from the existing P2WSH code. I can\n\u003e make a minimal version if you want to see how it looks like\n\nThat's alright, I don't think it's necessary to purposefully restrict\none to compare them head to head with the same features. They are\ndifferent proposals with different pros and cons.\n\nKind regards,\nMark Friedenbach",
"sig": "d97895e2553b04cabfe33559c3b4bcc743f0a828fbe5947c61d8bcb32ce45f7657e0073a52e17c45614b4c0776bef749db2152bc700728d822398868f981c51e"
}