Published on: 2015-06-21T19:49:41+00:00
In a series of email exchanges among Bitcoin developers, the topic of non-repudiation and the ability of the Bitcoin network to withstand double-spend attacks is discussed. Eric Lombrozo argues that non-repudiation is not necessary in the Bitcoin protocol, as there is no association of identity with signatures. He warns against blindly accepting unconfirmed transactions without assessing the risks involved. Jorge Timón disagrees, stating that non-repudiation can be built on top of the payment protocol layer. The two also discuss the network's ability to handle double-spend attacks, with Lombrozo emphasizing the need for merchants to assess the risks before accepting unconfirmed transactions. Timón cites Satoshi's statement that as long as a majority of CPU power is not cooperating to attack the network, they will outpace attackers. Lombrozo clarifies that he is not suggesting unconfirmed transactions are part of global consensus, but rather cautioning against accepting them without considering the risks.The discussion also touches on the design of the Bitcoin network to withstand double-spend attacks. Lombrozo argues that the network should be designed with this requirement in mind, while another participant cites Satoshi's statement about the majority of CPU power generating the longest chain. They clarify that attacking the network means attempting to rewrite valid, proof-of-work-timestamped history, which unconfirmed transactions are not yet part of. Lombrozo emphasizes that unconfirmed transactions should not be accepted as final without assessing the risks.The concept of non-repudiation mechanisms in the Bitcoin protocol is also discussed. Lombrozo suggests that if such a mechanism is desired, it should be explicitly defined rather than relying on assumptions. Timón believes that non-repudiation can be built on top of the payment protocol layer using ECDSA signatures. The importance of accurately defining mechanisms and not relying on assumptions is emphasized.The context also includes discussions on the implications of Bitcoin for users and businesses. Coinbase's decision to restrict firearms businesses from accepting Bitcoins is mentioned, leading to a debate over alternate payment options. The context also mentions F2Pool enabling full replace-by-fee (RBF) support, which may create risks for merchants using payment processors/transaction APIs. The need for confirmations prior to accepting orders is highlighted.The safety of unconfirmed transactions is discussed, with arguments made about their relative security compared to credit card payments that can be charged back. The potential for double-spending is acknowledged, but it is noted that most people have better things to do than try to steal small amounts, and vendors have learned to tolerate a certain level of risk. Analogies are made to vending machines selling newspapers, which are often left unmonitored despite the potential for abuse.Overall, the discussions revolve around the need for assessing risks, designing the network to withstand attacks, defining non-repudiation mechanisms, and considering the safety of unconfirmed transactions in the Bitcoin ecosystem.Adrian Macneil, Wladimir van der Laan, and Gregory Maxwell criticized Chainalysis's actions, referring to it as a Sybil attack. They argued that the Bitcoin P2P network is resilient when the chance of any one node going down is uncorrelated with others. However, if a bug exists in a node that fails to relay transactions or blocks properly, it can disrupt a large portion of the network simultaneously. Coinbase, a major player in the Bitcoin industry, runs multiple nodes of Bitcoin Core and accepts zeroconf payments from customers. Their goal is to drive bitcoin adoption by making it easy for people to spend their bitcoin with online merchants. However, there are concerns about the systemic risks of failure caused by Coinbase connecting to many nodes on the network.There is a discussion about the meaning of "prima facie" and whether fraud should be assumed by default. It is suggested that the null hypothesis should be the default assumption instead. The author argues that no assumption should be made about the possibility of double-spending being fraudulent or not without any information.Peter Todd expresses disappointment in F2Pool enabling full Replace-by-Fee (RBF) instead of the safer first-seen-safe RBF. He believes that the fees gained by supporting full RBF over FSS RBF would be negligible. He also discusses the differences between standard and zeroconf versions of replace-by-fee patch.Eric Lombrozo warns that relaxing the assumption that the Bitcoin network can withstand deliberate double-spend attacks could result in terrible security practice. He suggests that it's dangerous to assume that security measures are safe because they have never been hacked before. Lombrozo argues that miners must still intervene in cases of human misbehavior, even if the signed transaction itself is proof of intention to pay.Chun Wang claims to have performed a successful bitcoin double spend in 2013 without any mining power.
Updated on: 2023-08-01T13:25:58.026253+00:00