From: Sergio Demian Lerner <sergio.d.lerner@gmail•com>
To: Tier Nolan <tier.nolan@gmail•com>,
Bitcoin Protocol Discussion
<bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Making AsicBoost irrelevant
Date: Tue, 10 May 2016 18:43:01 -0300 [thread overview]
Message-ID: <CAKzdR-ou2FYjjxmRBLARhvfhHO-46weiMc2Q2f+GZf1E_JUEAg@mail.gmail.com> (raw)
In-Reply-To: <CAE-z3OWvLqONwaN+608jBn9=q1yUvU4ggGrMpA8rE6qmjDQHtg@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3934 bytes --]
Your idea of moving the Merkle root to the second chunk does not work.
The AsicBoost can change the version bits and it does not need to find a
collision.
(However *Spondoolies patent *only mentions Merkle collisions:
https://patentscope.wipo.int/search/docservicepdf_pct/id00000032873338/PAMPH/WO2016046820.pdf
)
Back in 2014 I designed a ASIC-compatible block header that prevents
AsicBoost in all its forms.
You can find it here:
https://bitslog.wordpress.com/2014/03/18/the-re-design-of-the-bitcoin-block-header/
Basically, the idea is to put in the first 64 bytes a 4 byte hash of the
second 64-byte chunk. That design also allows increased nonce space in the
first 64 bytes.
But it you want to do a simpler change, you can more easily use the first
32 bits of the Parent Block Hash (now currently zero) to store the first 4
bytes of the SHA256 of the last 16 bytes of the header. That way to "tie"
the two header chunks. It's a minimal change (but a hard-fork)
But some ASIC companies already have cores that are better (on power, cost,
rate, temperature, etc.) than competing companies ASICs. Why do you think a
10% improvement from AsicBoost is different from many of other improvements
they already have (secretly) added? Maybe we (?) should only allow ASICs
that have a 100% open source designs?
If we change the protocol then the message to the ecosystem is that ASIC
optimizations should be kept secret. It is fair to change the protocol
because we don't like that certain ASIC manufacturer has better chips, if
the chips are sold in the market and anyone can buy them? And what about
using approximate adders (30% improvement), or dual rail asynchronous
adders (also more than 10% improvement) ? How do we repair those?
Disclaimer: I have stake in AsicBoost, but I'm not sure about this.
On Tue, May 10, 2016 at 5:27 PM, Tier Nolan via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:
> The various chunks in the double SHA256 are
>
> Chunk 1: 64 bytes
> version
> previous_block_digest
> merkle_root[31:4]
>
> Chunk 2: 64 bytes
> merkle_root[3:0]
> nonce
> timestamp
> target
>
> Chunk 3: 64 bytes
> digest from first sha pass
>
> Their improvement requires that all data in Chunk 2 is identical except
> for the nonce. With 4 bytes, the birthday paradox means collisions can be
> found reasonable easily.
>
> If hard forks are allowed, then moving more of the merkle root into the
> 2nd chunk would make things harder. The timestamp and target could be
> moved into chunk 1. This increases the merkle root to 12 bytes in the 2nd
> chunk. Finding collisions would be made much more difficult.
>
> If ASIC limitations mean that the nonce must stay where it is, this would
> mean that the merkle root would be split into two pieces.
>
> On Tue, May 10, 2016 at 7:57 PM, Peter Todd via bitcoin-dev <
> bitcoin-dev@lists•linuxfoundation.org> wrote:
>
>> As part of the hard-fork proposed in the HK agreement(1) we'd like to
>> make the
>> patented AsicBoost optimisation useless, and hopefully make further
>> similar
>> optimizations useless as well.
>>
>> What's the best way to do this? Ideally this would be SPV compatible, but
>> if it
>> requires changes from SPV clients that's ok too. Also the fix this should
>> be
>> compatible with existing mining hardware.
>>
>>
>> 1)
>> https://medium.com/@bitcoinroundtable/bitcoin-roundtable-consensus-266d475a61ff
>>
>> 2)
>> http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-April/012596.html
>>
>> --
>> https://petertodd.org 'peter'[:-1]@petertodd.org
>>
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists•linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
>>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
[-- Attachment #2: Type: text/html, Size: 6163 bytes --]
next prev parent reply other threads:[~2016-05-10 21:43 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-10 18:57 Peter Todd
2016-05-10 20:27 ` Tier Nolan
2016-05-10 21:35 ` Matt Corallo
2016-05-10 21:43 ` Sergio Demian Lerner [this message]
2016-05-10 22:59 ` Matt Corallo
2016-05-11 12:20 ` Sergio Demian Lerner
2016-05-11 13:08 ` Marek Palatinus
2016-05-11 21:01 ` Matt Corallo
2016-05-11 22:16 ` Simon Liu
2016-05-11 22:50 ` Peter Todd
2016-05-11 14:28 ` Luke Dashjr
2016-05-11 16:24 ` Timo Hanke
2016-05-11 18:28 ` Timo Hanke
2016-05-11 22:49 ` Timo Hanke
2016-05-12 2:27 ` Tom Harding
2016-05-12 2:31 ` Allen Piscitello
2016-05-12 2:33 ` Peter Todd
2016-05-12 4:01 ` Tom Harding
2016-05-10 21:49 ` Marco Pontello
2016-05-10 22:17 ` Sergio Demian Lerner
2016-05-10 22:27 ` Chris Riley
2016-05-11 3:14 ` Timo Hanke
2016-05-11 9:21 ` Jannes Faber
2016-05-11 10:36 ` Henning Kopp
2016-05-11 10:47 ` Jannes Faber
2016-05-11 22:42 ` Timo Hanke
2016-05-11 22:58 ` Gregory Maxwell
2016-05-12 7:29 ` Tom
2016-05-12 11:05 ` Jorge Timón
2016-05-11 14:07 ` Jorge Timón
2016-05-11 14:18 ` Sergio Demian Lerner
2016-05-11 14:30 ` Jannes Faber
2016-05-11 20:50 ` Matt Corallo
2016-05-11 22:00 ` James Hilliard
2016-05-11 23:01 ` Peter Todd
2016-05-12 0:02 ` Gregory Maxwell
2016-05-12 1:23 ` Russell O'Connor
2016-05-12 1:58 ` Peter Todd
2016-05-12 1:58 ` Matt Corallo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAKzdR-ou2FYjjxmRBLARhvfhHO-46weiMc2Q2f+GZf1E_JUEAg@mail.gmail.com \
--to=sergio.d.lerner@gmail$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=tier.nolan@gmail$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox