> So what's the cost in using
> the current filter (as it lets the client verify the filter if they want to,
An example of that cost is you arguing against specifying and
supporting the design that is closer to one that would be softforked,
which increases the time until we can make these filters
Yo can fool a SPV wallet even if it requires a thousands confirmations
using this attack, and you don't need a Sybil attack, so yes, it impacts
SPV wallets also. The protections a SPV node should have to prevent this
attack are different, so it must be considered separately.
It should be said
Also it must be noted that an attacker having only 1.3M USD that can
brute-force 72 bits (4 days of hashing on capable ASICs) can perform the
same attack, so the attack is entirely feasible and no person should accept
more than 1M USD using a SPV wallet.
Also the attack can be repeated: once you
Hi Peter,
We reported this as CVE-2017-12842, although it may have been known by
developers before us.
There are hundreds of SPV wallets out there, without even considering other
more sensitive systems relying on SPV proofs.
As I said we, at RSK, discovered this problem in 2017. For RSK it's very
On Sat, Jun 09, 2018 at 02:51:55PM +0200, Sergio Demian Lerner wrote:
> Yo can fool a SPV wallet even if it requires a thousands confirmations
> using this attack, and you don't need a Sybil attack, so yes, it impacts
> SPV wallets also. The protections a SPV node should have to prevent this
>
On Sat, Jun 09, 2018 at 01:03:53PM +0200, Sergio Demian Lerner wrote:
> Hi Peter,
> We reported this as CVE-2017-12842, although it may have been known by
> developers before us.
It's been known so long ago that I incorrectly thought the attack was ok to
discuss in public; I had apparently
On Sat, Jun 09, 2018 at 02:21:17PM +0200, Sergio Demian Lerner wrote:
> Also it must be noted that an attacker having only 1.3M USD that can
> brute-force 72 bits (4 days of hashing on capable ASICs) can perform the
> same attack, so the attack is entirely feasible and no person should accept
>
On Fri, Jun 08, 2018 at 04:35:29PM -0700, Olaoluwa Osuntokun via bitcoin-dev
wrote:
> 2. Since the coinbase transaction is the first in a block, it has the
> longest merkle proof path. As a result, it may be several hundred bytes
> (and grows with future capacity increases) to present
