Thursday 29 June 2017

Adding nLocktime-based replay protection for Mycelium and Electrum for BIP148 Preparation


A topic that often came up during discussion is the use of nLocktime as a replay protection. Basically it works on the principle that nLocktimed transaction can't be relayed and mined before time specified in nLocktime field of Bitcoin transaction. As deadline to BIP148 draws nearer I’ve made an attempt to create Electrum and Mycelium fork that supports nLocktimed transaction.What you need to do is specify the block number where you want the transaction to be mined in the field given in the user interface. Before that particular block the transaction will not be mined and before block number – 1 the transaction will not be relayed. Since the only way for the legacy chain to survive is to be longer than BIP148 chain we can make it such that the transaction can only be mined in the legacy chain by setting the nLocktime to be higher than legacy chain block but lower than BIP148 chain block in legacy chain, sending your bitcoin to a new address, make sure for it to be mined then send the transaction in BIP148 chain without locktime using the original Electrum/Mycelium to a different address.If you happen to have the transaction broadcasted but not yet mined there is no worry since nLocktimed transactions are marked as non-final and can be replaced by marking the transaction as final. In a way this works like opt-in RBF that’s why you need to make sure to click the RBF checkbox in Electrum. I’ve also included this feature in Electrum by going to replace tab, right click, and click on increase fee. The dialog box will now ask you for a new address. Doing the same thing with Mycelium is a little bit tricky because Mycelium still accepts your transaction even if the chain is nowhere near the block time. So I’ve created yet another fork where you can resend your transaction. However this version will not send your transaction because Mycelium back-end will reject it for double-spending so what you need to do is paste your automatically copied transaction into somewhere you can push your raw transaction. You also only can input your new address using Clipboard because the inability to double spend the transaction makes it more difficult for me to do testing in Mycelium.You can check the binaries in releases tab but please make sure you play around in testnet first before you try it in the mainnet. You can do this with –testnet switch in Electrum and running testnet apk instead of prodnet in Mycelium. Mycelium binaries doesn't support resend feature though. You can compile them yourselves with Android Studio if you are interested.The implication of this kind of replay protection should be pretty obvious. It is much easier to sell Bitcoin in legacy chain than in BIP148 chain. That means if legacy chain’s value is higher than BIP148 chain that would mean there is a higher downward pressure for the value to move to BIP148 chain. When BIP148 chain’s value is actually higher the legacy chain will be wiped out. At this stage running Core is more dangerous than running BIP148. via /r/Bitcoin http://bit.ly/2toA1c8

No comments :

Post a Comment