Re: [bitcoin-dev] Emergency Deployment of SegWit as a partial mitigation of CVE-2017-9230

From: "Andreas M. Antonopoulos" <andreas@antonopoulos•com>
To: Cameron Garnham <da2ce7@gmail•com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Emergency Deployment of SegWit as a partial mitigation of CVE-2017-9230
Date: Fri, 26 May 2017 16:52:26 +1000	[thread overview]
Message-ID: <CAFmyj8zNkPj3my3CLzkXdpJ1xkD0GQk8ODg09qYnnj_ONGUtsQ@mail.gmail.com> (raw)
In-Reply-To: <D0299438-E848-4696-B323-8D0E810AE491@gmail.com>

[-- Attachment #1: Type: text/plain, Size: 3044 bytes --]

I rarely post here, out of respect to the mailing list. But since my name
was mentioned...

I much prefer Gregory Maxwell's proposal to defuse covert ASICBOOST (only)
with a segwit-like commitment to the coinbase which does not obligate
miners to signal Segwit or implement Segwit, thus disarming any suspicion
that the issue is being exploited only to activate Segwit.

This proposal is unnecessarily conflating two contentious issues and will
attract criticism of self serving motivation.

Politicising CVE  is damaging to the long term bitcoin development and to
its security. Not claiming that is the intent here, but the damage is done
by the mere appearance of motive.

On May 26, 2017 16:30, "Cameron Garnham via bitcoin-dev" <
bitcoin-dev@lists•linuxfoundation.org> wrote:

> Hello Bitcoin-Dev,
>
> CVE-2017-9230 (1) (2), or commonly known as ‘ASICBOOST’ is a severe (3)
> (4) and actively exploited (5) security vulnerability.
>
> To learn more about this vulnerability please read Jeremy Rubin’s detailed
> report:
> http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf
>
> Andreas Antonopoulos has an excellent presentation on why asicboost is
> dangerous:
> https://www.youtube.com/watch?v=t6jJDD2Aj8k
>
> In decisions on the #bitcoin-core-dev IRC channel; It was proposed,
> without negative feedback, that SegWit be used as a partial-mitigation of
> CVE-2017-9230.
>
> SegWit partially mitigates asicboost with the common reasonable assumption
> that any block that doesn’t include a witness commit in it's coinbase
> transaction was mined using covert asicboost.  Making the use of covert
> asicboost far more conspicuous.
>
> It was also proposed that this partial mitigation should be quickly
> strengthened via another soft-fork that makes the inclusion of witness
> commits mandatory, without negative feedback.
>
> The security trade-offs of deploying a partial-mitigation to CVE-2017-9230
> quickly vs more slowly but more conservatively is under intense debate.
> The author of this post has a strong preference to the swiftest viable
> option.
>
> Cameron.
>
>
> (1) CVE Entry:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=+CVE-2017-9230
>
> (2) Announcement of CVE to Mailing List:
> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/
> 2017-May/014416.html
>
> (3) Discussion of the perverse incentives created by 'ASICBOOST' by Ryan
> Grant:
>  https://lists.linuxfoundation.org/pipermail/bitcoin-dev/
> 2017-May/014352.html
>
> (4) Discussion of ASICBOOST's non-independent PoW calculation by Tier
> Nolan:
>  https://lists.linuxfoundation.org/pipermail/bitcoin-dev/
> 2017-May/014351.html
>
> (5) Evidence of Active Exploit by Gregory Maxwell:
> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/
> 2017-April/013996.html
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

[-- Attachment #2: Type: text/html, Size: 4620 bytes --]