Author: Gavin Andresen 2015-07-23 15:41:18
Published on: 2015-07-23T15:41:18+00:00
In a Bitcoin-dev mailing list, Gavin Andresen proposed a method to mitigate a potential CPU exhaustion denial-of-service attack by limiting the maximum size of a transaction included in a block. However, Gregory Maxwell argued this approach was indirect as it ignored the potential N^2 costs relating to repeated hashing in checksig. In response, Andresen implemented changes to Core that would count exactly how many signature operations and how many bytes are hashed to compute sighashes to determine the implementation complexity/correctness tradeoff. Andresen suggested a consensus rule that directly addresses the attack and maintains that the performance impact would be minimal compared to other processes. Andresen also proposed a simple optimization to use SIGHASH_ANYONECANPAY for all inputs instead of SIGHASH_ALL for transactions with lots of inputs to speed up validation. He also asked for feedback from maintainers of other full implementations on how hard it would be to keep track of the number of bytes hashed to validate a transaction or block and use it as a consensus rule.
Updated on: 2023-06-10T03:01:26.710105+00:00