asciilifeform: (nuke the keychain idiocy)

asciilifeform: natively gpg doesn't even ~carry~ the notion of 'for this set, Message, Signature, Pubkey, say if well-formed'

asciilifeform: davout: carefully read this routine and follow the calls all the way down, or this thread will make ~0 sense

asciilifeform: davout: per current trb rules (which , see earlier, is different from prb's ! even) A gotta be spent before it can reappear.

asciilifeform: my nodes, for instance, reorged in different places than mircea_popescu's

asciilifeform: davout: correct. and recall, reorg is a local, rather than global, phenomenon

asciilifeform: so it merely needs to get mined again.

asciilifeform: davout: it would not, because A is not 'marked spent', it does not exist in the index at all after the reorg.

asciilifeform: davout: correct, but only tells half of the story. it is unspendable in the sense that whoever mined the original A, is left to be sad. but A can be reintroduced now. and with it, all of the tx that used it as an input.

asciilifeform: if you can re-introduce an old coinbase -- which you can , if it has been spent, per trb rules -- you (or anyone else) can afterwards reintroduce any and all tx that had that coinbase as an input

asciilifeform: and wuille's thing does 0 against it.

asciilifeform: davout: as i understand, the attack described in 7th paragraph, with the transplanted tree, would still work today.

asciilifeform: oh hah it was right there wasn't it.

asciilifeform: looks like it describes exactly the scenario in this thread. and wuille sat down with his handler and asked, 'how do we 'solve' this but without actually solving it? hmm'

asciilifeform: where'd you dig this up, davout ?

asciilifeform: because it was built by somebody who was dropped as a baby, and uses tx id as if it were guaranteed unique, then turns around and 'oops, they aren't, but it doesn't matter Because Reasons'

asciilifeform: davout: definitionally not, bitcoin has marvels such as being able to annihilate a coinbase from tx index using a (local! nobody but your node has to see it) reorg.

asciilifeform: simply by not catering to the patently idiotic expectation of being able to spend the output of a tx that hasn't been mined yet.

asciilifeform: and yes that means they have to live in a block, that you're reasonably sure won't be orphaned.

asciilifeform: davout: right ! want to make a tx ? know the indices of the outputs you're using.

asciilifeform: ^ likewise it is unclear to me why to even have a merkle tree, and not hash the tx one after another. but that's a separate thread.

asciilifeform: (which would only be calculated for the merkle root, and for no other purpose)

asciilifeform: with the difference being, that you can ONLY refer to a position in an existing block, and never to a tx hash.

asciilifeform: you can do it with a system otherwise identical to traditional bitcoin

asciilifeform: davout: it doesn't even require the cask scheme

asciilifeform: unfortunately , per grandfather's pistol , a tx ~in~ a block can spend the output of another, in same block; so verification of block tx is O(N^2) but the N is the count of tx in the block.

asciilifeform: trb, i will note, already will not relay any attempt to spend anything not already in a block.

asciilifeform: if you had to write, e.g., (91722,1,1) instead of (e3bf3d07d4b0375638d5f1db5255fe07ba2c4cb067cd81b84ee974b6585fb468, 1) to spend an output -- none of this would be a thing.

asciilifeform: astonishing how much retardation flows from this one little turd, the use of hashes (rather than positions) as tx pointers.

asciilifeform: it's a textbook mircea_popescuan tv-raft. 'can't fix the problem, That Would Be Wrong, have a raft made of your tv to float on;

asciilifeform: prune their ears, nose, arms, legs, cocks.

asciilifeform: 'Fully-spent transactions are allowed to be duplicated in order not to hinder pruning at some point in the future. Not allowing any transaction to be duplicated would require evidence to be kept for each transaction ever made.'

asciilifeform: https://github.com/bitcoin/bips/blob/master/bip-0030.mediawiki << found it earlier, prior to thread, but the lulzy bit is that their 'solution' is not a solution

asciilifeform: so a prb user can be fucked during sync, so long as the fuckblock fed to him isn't numbered 91842 or 91880 ...

asciilifeform: they cut out the time parameter, and replaced with this

asciilifeform: http://btc.yt/lxr/satoshi/source/src/main.cpp?v=0.10.0rc4#1670 << this is pretty great, prb turns 91842/91880 into a special case !

asciilifeform: btw this thread is unpleasantly reminiscent of , e.g., asciilifeform's conversations with his elderly parents , re thebezzle. 'look outside, sky not fallen, not moved a centimetre, you idiot'

asciilifeform: it is going on the conveyor mircea_popescu .

asciilifeform: ^ this is a question that can be answered exactly , using a patched trb

asciilifeform: you just have a 'i can't believe it's not bitcoin' rather than bitcoin.

asciilifeform: so you end up with a parentless tx in the index.

asciilifeform: see the links, it will become very clear

asciilifeform: as in the 2 linked examples on mimisbrunnr

asciilifeform: whole thread was about these.

asciilifeform: the one that has input 0

asciilifeform: aha, the first tx in a block

asciilifeform: and are exempt thereby from 'doublespent because input was spent' rule

asciilifeform: nope. you take one that's been spent.

asciilifeform: (take the tx verbatim)

asciilifeform: but it isn't hard to do otherwise, just recycle old coinbase

asciilifeform: you forgo the mannafromheaven from mining the block, aha

asciilifeform: this could, potentially, account for some wedges observed in the wild. in theory.

asciilifeform: (will not accept a block where they are spent)

asciilifeform: it would instead manifest as one or more chains of tx that a trb node -- a particular one, that saw the particular magic orphan -- mysteriously does not want to spend the outputs of.

asciilifeform: the imho most tickling part re the hypothesis, is that the symptom would not necessarily leave any permanent sign in the mainchain blockchain

asciilifeform: ( would have to fudge the difficulty on the toy planet, or alternatively remove the time parameter from http://btc.yt/lxr/satoshi/source/src/main.cpp?v=makefiles#0977 , but otherwise doable )

asciilifeform: is likely the easiest demo.

asciilifeform: probably will have to replicate it on a toy planet.