Simple change to the Bitcoin MERKLEBLOCK command to protect from Leaf-Node weakness in Transaction Merkle Tree

Recently a fix to the Bitcoin Merkle tree design weakness in the RSK’s bridge was built by making invalid SPV proofs whose internal hashes are valid Bitcoin transaction. While this solves the problem, it is by no means a “clean” solution: it creates false-negative cases (with very low probability)  and it reduces verification efficiency. While […]

Leaf-Node weakness in Bitcoin Merkle Tree Design

  This document describes a weakness in Bitcoin Design that reduces the security of SPV proofs and therefore SPV Wallets.  The weakness was discovered by me on August 2017, but during the responsable disclosure process I learnt it was previously known by some prominent members of the Bitcoin Core team. Using this weakness an attacker […]

Blockchain State Storage Rent Revised

(This post is an updated re-post of a previous post in RSK blog) In a nutshell, storage rent is a fee users pay in order to have their accounts, contracts and memory live on the network at any time, so their data can be accessed fast and at a low cost. Storage rent does not fulfill any purpose in […]

Scaling Bitcoin to One Billion Users, Part I

The most important comparative properties of cryptocurrencies are decentralization, scalability, confidentiality, stability, usability, security.  But scalability is always in conflict with the rest of the properties. To scale higher, some blockchains sacrifice security, usability or privacy. For example, Bitcoin sacrifices some security because it lacks stateful smart-contracts, so users cannot set daily withdrawal limits or […]

New quadratic delays in Bitcoin scripts

I have a fixation with algorithm complexity. When I was young I was an early optimizer, and, I must admit, that didn’t help me much in dates. Today I occasionally code a sub-optimized algorithm when there is no need for high performance, but it stills bothers me when I do. When I review code, it […]

The relation between Segwit and AsicBoost, covert and overt

I will try to explain the relation between Segwit and AsicBoost, in both the covert and overt forms, in certain detail. I will also try to explain why a method was recently proposed to reduce the interference between covert-AsicBoost and some protocol improvements, by reducing the incentives for covert AsicBoost. The proposal makes covert AsicBoost more expensive, […]

A Bitcoin transaction that takes 5 hours to verify

In 2013 I found a Bitcoin transaction that takes 3 minutes to verify (CVE-2013-2292) related to O(N^2) hashing in signatures. Since then, the O(N^2) argument has popped up in many contexts, mainly in discussions about a block size increase. Now the problem is partially solved by Segwit. During January 2016 I tried to beat the […]