Published on: 2015-07-25T00:47:51+00:00
Gavin Andresen, the former lead developer of Bitcoin, has proposed new consensus rules to address potential CPU exhaustion denial-of-service attacks. The proposal suggests limiting the number of ECDSA signature verifications and bytes hashed per block. This change would require updates to transaction assembly and validation software. Transactions larger than 100,000 bytes have already been considered "non-standard" for years, making the proposal compatible with existing transaction-creation software. The proposal will be deployed with either BIP 100 or BIP 101.The discussion surrounding the proposal highlights the need to consider N^2 costs related to repeated hashing in checksig, which the current approach overlooks. Gavin Andresen agrees with this concern but emphasizes that counting signature operations is not as straightforward as checking transaction size. He proposes adding a field for N_SIG_OPS in transaction metadata to simplify implementation. He also suggests using SIGHASH_ANYONECANPAY instead of SIGHASH_ALL for transactions with many inputs to expedite validation. Feedback from maintainers of other full implementations is sought regarding the implementation of counting hashed bytes as a consensus rule.Another member of the bitcoin-dev group argues that limiting transaction size alone is an indirect approach that fails to address the N^2 costs. They propose a more direct approach that would be less restrictive. However, Gavin Andresen points out that accurately counting the number of signature operations is necessary and preferable to imposing a limit on transaction size.In response to concerns raised about decreasing the maximum transaction size limit, Gavin Andresen argues against adding unnecessary complexity to code for an unlikely scenario. He also clarifies that transaction size limits are unrelated to the issue being addressed in the current Bitcoin Improvement Proposal (BIP).Gavin Andresen suggests limiting the maximum size of a transaction included in a block to mitigate potential CPU exhaustion denial-of-service attacks. The proposal addresses the computation of signature hashes for OP_CHECKSIG/OP_CHECKMULTISIG, which could result in significant validation times for maliciously constructed blocks. The proposed change would limit the serialized size of a transaction to 100,000 bytes. However, concerns are raised about rendering future applications involving larger signatures unspendable. Alternative approaches include limiting the number of signature operations and making rule exceptions for certain transactions.The proposal drafted by Gavin Andresen aims to prevent a potential CPU exhaustion attack. It suggests limiting the size of a transaction included in a block to mitigate denial-of-service attacks. Sergio Demian Lerner's report on the computation of signature hashes for OP_CHECKSIG/OP_CHECKMULTISIG highlights the need for this mitigation. Transactions larger than 100,000 bytes have already been considered "non-standard," making the proposed change compatible with existing software. However, updates to transaction assembly and validation software are necessary. Alternatives to the proposal include limiting the number of signature operations or fixing the SIG opcodes. References provided include Sergio Demian Lerner's original report.
Updated on: 2023-08-01T14:25:11.054095+00:00