Return-Path: Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id A45B9C0051 for ; Thu, 1 Oct 2020 01:36:52 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 750592040F for ; Thu, 1 Oct 2020 01:36:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U+yZEY1eh4wU for ; Thu, 1 Oct 2020 01:36:50 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail4.protonmail.ch (mail4.protonmail.ch [185.70.40.27]) by silver.osuosl.org (Postfix) with ESMTPS id B81E3203BF for ; Thu, 1 Oct 2020 01:36:49 +0000 (UTC) Date: Thu, 01 Oct 2020 01:36:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t=1601516207; bh=kQuM22+qfTBNBgXDjNpD2oerK03oq4wex3FP4FbQUfo=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=CpgU9YL0hwINZJe/dqIy2NQQ3zJprVQsniXb6wUy4dkVe17LSnGCrU2nvLvUNLWtN +9zW/C2nzfku1SUnEDKyVAYiNv/UBeiQLiIDV8LydGo4e5s2G7HBfZYJB0I08KN1lu XFbguPFDv5ZtjZyxZDN7Bm/NEQ5cpMqgc9yeazas= To: Mike Brooks From: ZmnSCPxj Reply-To: ZmnSCPxj Message-ID: <6DNfWVT6VsuQvFamBbqyGZYokENNopo28FZO6P5-4F0uoOMz2xAAQQZxBxsOmue4J3miOoMq_2MJVpiTtUy3bE9-qMOSVXqRhQoyfriTpXU=@protonmail.com> In-Reply-To: References: <5RgK7X_rcpeMbdOdFxKiWkzg6dVcjD0uF_KI8Wt2w7WCBd7dB552EZuRqNQiBbgF4dGBcojwE9GzdWdJeCNmaAlYGYDMAyz6yzSl2QmLC98=@protonmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: Bitcoin Protocol Discussion , Mike Brooks Subject: Re: [bitcoin-dev] Floating-Point Nakamoto Consensus X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Oct 2020 01:36:52 -0000 Good morning Mike, > ZmnSCPxj, > > The growing tare in growing disagreement continues to divide mining capac= ity while the network waits for formation of future blocks - you'll never g= et to complete=C2=A0consensus=C2=A0unless three is a way to avoid ambiguity= in=C2=A0disagreement,=C2=A0which you have not addressed.=C2=A0 The topic o= f my discussion is an exploitable condition, your three block plan does not= add up. > > I wrote the exploit before I wrote the paper. It is telling that still no= one here has refenced the threat model, which is the largest section of th= e entire 8 page paper.=C2=A0 The security came before the introduction of F= PNC because security=C2=A0fundamentals=C2=A0is what drives the necessity fo= r the solution. > > The text you are reading right now was delivered using the mailing list m= anager=C2=A0Majordomo2, which I shelled in 2011 and got a severity metric a= nd an alert in the DHS newsletter. Correct me if I am wrong, but I bet that= just of my exploits has probably=C2=A0popped more shells than everyone on = this thread combined.=C2=A0=C2=A0 Cryptography?=C2=A0 Sure, I'll brag about= the time I hacked Square Inc. This is actually my current favorite crypto = exploit=C2=A0=E2=80=94 it was the time I used DKIM signature-malleability t= o conduct a replay-attack that allowed an adversary to replay another user'= s transactions an unlimited number of times. After receiving=C2=A0a normal = payment from another Square user you could empty their account.=C2=A0 This = was reported ethically and it was a mutual joy to work with such a great te= am.=C2=A0 Now it is not just impact, but I am also getting the feeling that= I have collected more CVEs, all this is to say that I'm not new to difficu= lt vendors. Argument screens off authority, thus, even if I have no CVEs under this pse= udonym, argument must still be weighted more highly than any authority you = may claim. > To be blunt; some of you on this thread are behaving like a virgin=C2= =A0reading a trashy love novel and failing to see the point =E2=80=94 Just = because you aren't excited, doesn't mean that it isn't hot. > > The exploit described in this paper was delivered to the Bitcoin-core sec= urity team on August 4 at 9:36 PM PST.=C2=A0 The industry standard of 90 da= ys gives you until November 2nd. Now clearly, we need more time. However,= =C2=A0if the consensus is a rejection, then there shouldn't be any concerns= with a sensible 90-day disclosure policy.=C2=A0 I am not a member of this security team, and they may have better informati= on and arguments than I do, in which case, I would defer to them if they ar= e willing to openly discuss it and I find their arguments compelling. The attack you describe is: * Not fixable by floating-point Nakamoto consensus, as such a powerful adve= rsary can just as easily prevent propagation of a higher-score block. * Broken by even a single, manually-created connection between both sides o= f the chain-split. Regards, ZmnSCPxj