This solution has flaws, but is better than nothing.
The concerns about a possible weaknesses in ECDSA are serious and not addressing them ASAP is irresponsible, to say the least.
Topic: The use of Guy Fawkes Signature in case of ECDSA zero-day exploits - page 2. (Read 6630 times)
October 29, 2013, 08:18:41 AM
October 29, 2013, 03:59:31 AM
With the soft-fork, any old-style transactions without a SPV proof are simply invalid.
Pretty sure that invalidating the de facto transaction is a hard fork.
No. Invalidating a valid transaction is soft-fork by definition.
October 29, 2013, 03:53:58 AM
With the soft-fork, any old-style transactions without a SPV proof are simply invalid.
Pretty sure that invalidating the de facto transaction is a hard fork.
October 29, 2013, 03:00:17 AM
Thoughts?
Doesn't protect against a mining operation that is attempting to subvert signed transactions with its own, which is generally accepted as a requirement needed to (reliably) steal funds from transactions sent into the wild. Unless, as part of the soft-fork, miners are directed to reject blocks containing non-"SPV" transactions after having received an "SPV" one, this is, however, a ridiculously easy way for anyone to troll the network.
With the soft-fork, any old-style transactions without a SPV proof are simply invalid.
October 29, 2013, 02:48:29 AM
Thoughts?
Doesn't protect against a mining operation that is attempting to subvert signed transactions with its own, which is generally accepted as a requirement needed to (reliably) steal funds from transactions sent into the wild. Unless, as part of the soft-fork, miners are directed to reject blocks containing non-"SPV" transactions after having received an "SPV" one, this is, however, a ridiculously easy way for anyone to troll the network.
October 29, 2013, 02:40:34 AM
Senarios: ECDSA is suddenly broken. Private key of a public key could be derived in less than 10 minutes on an average desktop computer.
Bitcoins in reused addresses will not be protected at all, but we can allow people to safely transfer bitcoins from an first time address to a new scheme address (e.g. Lamport address).
We can use Guy Fawkes Signature scheme. To spend bitcoins in an old pay-to-keyhash or P2SH address, the user will sign the transaction as usual, but not publishing the transaction. The user will then timestamp the transaction hash to the blockchain. After 6 or more confirmations (the longer the safer), the user will publish the transaction, with the SPV proof of the timestamp. A new soft-fork rule requires miners to accept a transaction of this type only if it contains such SPV proof.
Thoughts?
(Minor notes: inserting SPV proof to the transaction will change the transaction hash, but one can't obtain the SPV proof before the hash is calculated. This becomes a chicken and egg problem. Therefore, miners have to calculate the transaction hash with the SPV proof removed, and compare with the timestamp.)
Bitcoins in reused addresses will not be protected at all, but we can allow people to safely transfer bitcoins from an first time address to a new scheme address (e.g. Lamport address).
We can use Guy Fawkes Signature scheme. To spend bitcoins in an old pay-to-keyhash or P2SH address, the user will sign the transaction as usual, but not publishing the transaction. The user will then timestamp the transaction hash to the blockchain. After 6 or more confirmations (the longer the safer), the user will publish the transaction, with the SPV proof of the timestamp. A new soft-fork rule requires miners to accept a transaction of this type only if it contains such SPV proof.
Thoughts?
(Minor notes: inserting SPV proof to the transaction will change the transaction hash, but one can't obtain the SPV proof before the hash is calculated. This becomes a chicken and egg problem. Therefore, miners have to calculate the transaction hash with the SPV proof removed, and compare with the timestamp.)
Jump to: