Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id B1BF9C000D for ; Fri, 1 Oct 2021 20:16:35 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 9A2504023A for ; Fri, 1 Oct 2021 20:16:35 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lGYVpvzuCXpp for ; Fri, 1 Oct 2021 20:16:34 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-ua1-f41.google.com (mail-ua1-f41.google.com [209.85.222.41]) by smtp2.osuosl.org (Postfix) with ESMTPS id 0AAC0400E6 for ; Fri, 1 Oct 2021 20:16:33 +0000 (UTC) Received: by mail-ua1-f41.google.com with SMTP id k32so7515744uae.2 for ; Fri, 01 Oct 2021 13:16:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hMKWu/ZMWpa9XSBVVEJlxsOhXDZQor0FI+WLJ8SKOBI=; b=N75BuZ8laIHQkrvcrdc0T4p/pPYUu/JEXqH2tfpcrTmVrNHOkisgBmjtMkSr8qiw7d VasoQlzSHjyxVHlNRa9QkfksRcV4CAXoYifK/74Ep2IAgimKZsbw/0mobvHoDORbgWO0 bIMkemTHkY5McfVAVo4+icDWwEnl6aF4WrpWgpcwtEvrDTKpyl6SNjkRpRv9IZglzMaF ejIKLunH4LJ1r0OFbv+SlmDDIhCHzIOHEAXMdag/dSyzrEabTAh5fAZbuV4QvX+be/o6 xrcSyOH4ZfHiV9viFAjDyeg2DcXoUH4NU5l+hqGxrGNRFZybZQTgU18LXFOfVw7hMXzW +tMA== X-Gm-Message-State: AOAM532fjWGKGW212kToF5eTgT669RDdmanA2kDZ/SRsli18AKZARiQZ Je9I9xZgPimTs0iTDS0ppBnhcgJ2ykExGYQPJRMO13Dlof6sDw== X-Google-Smtp-Source: ABdhPJzm68vCOKF3Ade2Tl+0auYs8/ir7ELcwzDLA4zn7iz19plwfvgVQAOxFCdsBjpSotgKT3JEUnWeD3129FA6I+Y= X-Received: by 2002:ab0:550f:: with SMTP id t15mr12265636uaa.49.1633119392640; Fri, 01 Oct 2021 13:16:32 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Ryan Grant Date: Fri, 1 Oct 2021 20:15:56 +0000 Message-ID: To: Bitcoin Protocol Discussion Content-Type: text/plain; charset="UTF-8" Cc: Prayank Subject: Re: [bitcoin-dev] Mock introducing vulnerability in important Bitcoin projects X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Oct 2021 20:16:35 -0000 Due to the uneven reputation factor of various devs, and uneven review attention for new pull requests, this exercise would work best as a secret sortition. Sortition would encourage everyone to always be on their toes rather than only when dealing with new github accounts or declared Red Team devs. The ceremonial aspects would encourage more devs to participate without harming their reputation. https://en.wikipedia.org/wiki/Sortition https://en.wikipedia.org/wiki/Red_team The scheme should include public precommitments collected at ceremonial intervals. where: hash1 /* sortition ticket */ = double-sha256(secret) hash2 /* public precommitment */ = double-sha256(hash1) The random oracle could be block hashes. They could be matched to hash1, the sortition ticket. A red-team-concurrency difficulty parameter could control how many least-significant bits must match to be secretly selected. The difficulty parameter could be a matter of group consensus at the ceremonial intervals, based on a group decision on how much positive effect the Red Team exercise is providing. Upon assignment, the dev would have community approval to opportunistically insert a security flaw; which, when either caught, merged, or on timeout, they would reveal along with the sortition ticket that hashes to their public precommitment. Sortition Precommitment Day might be once or twice a year.