From: Cameron Garnham <da2ce7@gmail•com>
To: Tier Nolan <tier.nolan@gmail•com>
Cc: Bitcoin Dev <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Treating ‘ASICBOOST’ as a Security Vulnerability
Date: Fri, 19 May 2017 10:32:36 +0300 [thread overview]
Message-ID: <B3FCB9B3-3E0F-48A4-82D9-61019B4672B5@gmail.com> (raw)
In-Reply-To: <CAE-z3OX2b4V+ERAYszokAUrSRPqpOCd2TovxBiqfeRTj4yuVpw@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2159 bytes --]
(message was originally sent off-list by mistake).
Hello Tier,
Thank-you for your insightful reply,
Am I correct that this suggest is that you think it is an optimisation to find some nonces having lower difficulty than other nonces?
I would agree with you if this was limited to a dedicated nonce area of the Bitcoin System.
However, in the case of Bitcoin it is a layer violation that the PoW function difficulty could be affected by the choice the transaction ordering, or the content of the Coinbase Transaction, etc. Possibly giving unnatural and unintended incentives to other parts of the Bitcoin System.
I can see two issues at play here:
1. The choice of input, outside of the dedicated nonce area, fed the PoW function should not change it’s difficulty to evaluate.
2. Every PoW function execution should be independent.
I think that both of these are security assumptions of the Bitcoin PoW function.
I consider ASICBOOST as an attack upon both accounts.
Cameron.
>
> On 18 May 2017, at 17:59 , Tier Nolan via bitcoin-dev <bitcoin-dev@lists•linuxfoundation.org> wrote:
>
> On Thu, May 18, 2017 at 2:44 PM, Cameron Garnham via bitcoin-dev <bitcoin-dev@lists•linuxfoundation.org> wrote:
> 1. Significant deviations from the Bitcoin Security Model have been acknowledged as security vulnerabilities.
>
> The Bitcoin Security Model assumes that every input into the Proof-of-Work function should have the same difficulty of producing a desired output.
>
> This isn't really that clear.
>
> Arguably as long as the effort to find a block is proportional to the block difficulty parameter, then it isn't an exploit. It is just an optimisation.
>
> A quantum computer, for example, could find a block with effort proportional to the square root of the difficulty parameter, so that would count as an attack. Though in that case, the fix would likely be to tweak the difficulty parameter update calculation.
>
> A better definition would be something like "when performing work, each hash should be independent".
>
> ASICBOOST does multiple checks in parallel, so would violate that.
[-- Attachment #2: Type: text/html, Size: 4866 bytes --]
next prev parent reply other threads:[~2017-05-19 7:32 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-18 13:44 Cameron Garnham
2017-05-18 13:57 ` James Hilliard
2017-05-18 14:59 ` Tier Nolan
2017-05-19 7:32 ` Cameron Garnham [this message]
2017-05-18 19:28 ` Ryan Grant
[not found] ` <CAJowKgLurok+bTKrt8EAAF0Q7u=cEDwfxOuQJkYNKieFpCPErQ@mail.gmail.com>
[not found] ` <CAJowKg+r3XKaoN3ys3o3FWhpJ3w8An1q0oYMmu_KzDfNdzF8Vg@mail.gmail.com>
[not found] ` <CAJowKgKf22b2jjRbmG+k53g4bOzXrk7AHVcR02xqXPU8ZLJhaQ@mail.gmail.com>
[not found] ` <CAJowKg+LAcVCsH7gbuZhKnnv8p5=WXqNCs5oqub3bacRpQ7n9w@mail.gmail.com>
2017-05-19 7:16 ` Erik Aronesty
2017-05-24 17:59 ` Cameron Garnham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=B3FCB9B3-3E0F-48A4-82D9-61019B4672B5@gmail.com \
--to=da2ce7@gmail$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=tier.nolan@gmail$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox