10s of seconds if no further restrictions are placed. It would be trivial to include a new per input rule that reduces it to ~1s without cutting off any non-attack script (require sigops per input to be limited to witness/sig size). secp256k1 is now fast enough that we don’t need a separate sigop limit.
> On Sep 30, 2017, at 4:23 PM, Luke Dashjr <l...@dashjr.org> wrote: > > On Thursday 07 September 2017 12:38:55 AM Mark Friedenbach via bitcoin-dev > wrote: >> Tail-call execution semantics >> BIP: https://gist.github.com/maaku/f7b2e710c53f601279549aa74eeb5368 >> Code: https://github.com/maaku/bitcoin/tree/tail-call-semantics > > Just noticed this doesn't count sigops toward the block sigop limit. > Is that really safe? How long would it take, to verify a malicious block with > only inputs such that there is nearly 4 MB of sigops? > > (I do already understand the difficulty in supporting the sigop limit.) > > Luke _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev