Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 6476FA48 for ; Thu, 6 Apr 2017 12:13:28 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wr0-f170.google.com (mail-wr0-f170.google.com [209.85.128.170]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id BBA58AD for ; Thu, 6 Apr 2017 12:13:27 +0000 (UTC) Received: by mail-wr0-f170.google.com with SMTP id w11so54957825wrc.3 for ; Thu, 06 Apr 2017 05:13:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=vNWvL19ljAPn0xkEF38G5xlFM9bbIuhd+VdwyP8Vpiw=; b=QYSsed88nR2h8RXQ4s+i3LA2CD24pugxm4IwZZIdFbeF/mpOIzpdFx3hlxTJVYpHQg jblKbXnZbp2pBbGFTsm9GhSXODT6bW2jmKad9VV7IQdCGh/ARsCHUQuk1vb34uJJ5NVy Vvq4hAoUQkr4Mzu01xTx72E4PvHbxmOoZf0MU3VzC/+n+X0AnKuXJrFpSOFmIM4mzT64 0N94Nnt5BEDyqIwQj73eE8toUQ+c6IKiyIsaw0f8jH20YEOKXdWw1Quj4TcF6PkNaHRX wqjtlu4VnvOgRRBBcYbRJeQw6vavRw7qVoWzHncNDW4cmklFg2BPW1J+XHoggad4SHUg 8TWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=vNWvL19ljAPn0xkEF38G5xlFM9bbIuhd+VdwyP8Vpiw=; b=A6KBuwKFGrxBeI0XK/sNsQSow8aZMIy5FU+0pygKM8tVRtm7xryvn7aWaZsUyx0+51 6yMhNYiULGfRmFN9qqeRnZ3incfa9RNjPQ5XmviSo9YIp5JHuAneTDnufK/862DgvHbg bp7/k+oG6fQKm+cXaTwi+y6xdQPHr6+O68acCp1CMg1pQ20g2QSqztGd2s2sy++QpHFj Ygrz15N9SNbD2gIuQiLKslDVODaMgKoKYoeB30Ud+1MKjbeixX4Gew0pWGojyr7aVhi2 g34W7L8Zo1pjg/zTSGprjIJo00aKZ2p2B1cIXHgOBEdB6tRcHNnJdv0ETE9QrHLPGZeZ YFcg== X-Gm-Message-State: AFeK/H3KXw/jfF0pFiwHuJ6FcJwXXNY/AOsqxFIY7+6C+1VDxr8SWllu/cgUdkPvVBWZ46/S32b8ShqkYEIVSg== X-Received: by 10.28.97.2 with SMTP id v2mr22464986wmb.88.1491480804788; Thu, 06 Apr 2017 05:13:24 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.55.9 with HTTP; Thu, 6 Apr 2017 05:13:23 -0700 (PDT) In-Reply-To: References: From: David Vorick Date: Thu, 6 Apr 2017 08:13:23 -0400 Message-ID: To: praxeology_guy , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary=001a114a4c868f145f054c7e6f29 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] BIP proposal: Inhibiting a covert attack on the Bitcoin POW function X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Apr 2017 12:13:28 -0000 --001a114a4c868f145f054c7e6f29 Content-Type: text/plain; charset=UTF-8 > > Another thing that could be done is increase the number of times SHA256 is > performed... but now we are really talking about altering the PoW > algorithm. Correct me if I'm wrong: The more number of times its > performed, the less any patent-able pre or post calculation > skipping/caching have an effect on efficiency. > The more complex that the PoW algorithm is, the more likely it is that someone finds a unique and special method for optimizing it that they are able to patent. And the more difficult it is to create specialized hardware to run that algorithm, meaning that there will be fewer players who are able to do so profitably (higher fixed costs). If you want to talk about changing the PoW algorithm, you really want to be looking to simplify it so that it's more obvious (not that you can ever be completely sure) that there are no hidden or unexpected optimizations that someone could patent. We can even do a lot better than SHA. Cryptographic hash functions need to be collision resistant, and collision resistance is the property that usually breaks. Preimage resistance and partial preimage resistance (and second preimage resistance) is generally easier to protect - to the best of our knowledge, md5 would actually still be a secure PoW function today. It's bitterly ironic to me that so much research and effort has been put into making asic-resistant PoW algorithms when in the long run asic-resistance only leads to problems like these - single parties who have found significant optimizations and not shared them, completely destroying any chance of a level playing field and giving themselves a centralized monopoly - a result that is supremely unhealthy for the rest of the community. --001a114a4c868f145f054c7e6f29 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Another thing that could be done is increas= e the number of times SHA256 is performed... but now we are really talking = about altering the PoW algorithm.=C2=A0 Correct me if I'm wrong: The mo= re number of times its performed, the less any patent-able pre or post calc= ulation skipping/caching have an effect on efficiency.

The more complex that the PoW algorithm is, the more like= ly it is that someone finds a unique and special method for optimizing it t= hat they are able to patent. And the more difficult it is to create special= ized hardware to run that algorithm, meaning that there will be fewer playe= rs who are able to do so profitably (higher fixed costs).

If you want to talk about changing the PoW algorithm, you really want to b= e looking to simplify it so that it's more obvious (not that you can ev= er be completely sure) that there are no hidden or unexpected optimizations= that someone could patent.

We can even do a lot better t= han SHA. Cryptographic hash functions need to be collision resistant, and c= ollision resistance is the property that usually breaks. Preimage resistanc= e and partial preimage resistance (and second preimage resistance) is gener= ally easier to protect - to the best of our knowledge, md5 would actually s= till be a secure PoW function today.

It's bitterly ir= onic to me that so much research and effort has been put into making asic-r= esistant PoW algorithms when in the long run asic-resistance only leads to = problems like these - single parties who have found significant optimizatio= ns and not shared them, completely destroying any chance of a level playing= field and giving themselves a centralized monopoly - a result that is supr= emely unhealthy for the rest of the community.
--001a114a4c868f145f054c7e6f29--