Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: Need OP_BLOCKNUMBER to allow "time" limited transactions
by
ByteCoin
on 18/11/2010, 02:16:15 UTC
Quote from: satoshi on November 15, 2010, 06:37:44 PM
We can't safely do OP_BLOCKNUMBER.  In the event of a block chain reorg after a segmentation, transactions need to be able to get into the chain in a later block.  The OP_BLOCKNUMBER transaction and all its dependants would become invalid.  This wouldn't be fair to later owners of the coins who weren't involved in the time limited transaction.

OP_BLOCKNUMBER does not introduce any new vulnurabilities compared to the existing system as segmentation can be exploited to defraud people at the moment. This is accomplished as follows:

An opportunistic attacker has clients running in multiple locations around the world. The attacker's clients have the same wallets and connect to different subsets of peers, probably perferring local ones and definitely keeping in touch with local mining peers. The clients communicate with each other at intervals to check whether the network has segmented and exchange the list of peers that they are talking to.
If communication is lost to one or more of the attacker's clients (they go offline) then the remaining clients attempt to communicate with all the offline client's peers. If they all succeed then it's likely that that attacker's client has just crashed or lost its internet connection. If however that client goes offline and a number of the peers are uncontactable then it's possible that the network has segmented. The attacker's clients determine whether they are on the network portion with the majority of the mining power or the minority. They also guess whether the other inaccessible portion of the network has enough mining power to generate blocks over the time it is imagined to be isolated. If the conditions are favourable then the attack proceeds as follows:
The attacker's clients on the majority of the network send coins from the wallet to new addresses in plausible innocent looking transactions. The attacker's clients on the minority of the network use the same coins in the same wallet to buy whatever goods they can find for sale on the subnetwork. When the network joins up again, it's highly likely that the majority part of the network has generated more blocks and all the transactions in blocks on the minority part of the chain re-enter the transaction pool. The attacker's transactions on the shorter chain are discarded as the coins have already been spent on the longer chain. Fraud complete!

So you can see that OP_BLOCKNUMBER does not introduce any new risks and that the real prevention of segmentation-based fraud must rely on some sort of detection of the loss of mining power.

ByteCoin