Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 0D9B8A64 for ; Tue, 3 Oct 2017 15:52:20 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wm0-f52.google.com (mail-wm0-f52.google.com [74.125.82.52]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id DF107431 for ; Tue, 3 Oct 2017 15:52:18 +0000 (UTC) Received: by mail-wm0-f52.google.com with SMTP id l68so4072713wmd.5 for ; Tue, 03 Oct 2017 08:52:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=pKWSz/17hXuQohumGXJcmry59wLQixgrrJuug7GqY78=; b=bexSHpmSVjSv0pL5uHv1ndTZhDIhV3LNLEC7iuPsDWqtXOH7M2qxPJChnsJZdA/6tk kB1kxBWr8b5lPWTRjNAnl4GfA4MzS0b4+w21IoW3XxAbQrKXhBz2f6K+XXtUyCoTYalk kDKGiD6WLBz+cjkf2sDZ+bZKrLIqO/PHvGl+t+vRcAE4exFUPueCXlDMrq3Qgn6Fz0Ie lnZLnF/QnLOkoDStSdn7IbI/fco7xtP1tA1OE8SPmHd4oNwH4nRQ15rbs6J14OsgjFhf rjwG54QOTmYsmmhenmxVSjD6Rt3StMVffiVmMvFxmLjAU45zV98Kz6eAzIS4GQwL9ZTj d4hw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=pKWSz/17hXuQohumGXJcmry59wLQixgrrJuug7GqY78=; b=S7hXr9MfOkZRHwn+3elxmocz3TmcH7FLBzmPQLJ9GvO6FJQAIU65GmwiKn9f1wXYT4 tKx4W7/2pihM7zH1kW2p3P8KWlNIB+TOd7BNd3h/TeLWs6AvMk7RWfdrvFlHVi3fClrj yrZJ/bjLYldMIsINjuZu6uJlbSKCgUXBsmqGfUiSrVfO8Gwt/fyagAeR5Q4H/CnENrYU iEKy0rE030g5XJeahb12ID7tfI2ficCuAsd4RyrEJB6EgU0s+EXvN5Qhr6f6mJlcjvYB oamueRw58Eum8a8CgLQfAC0PjmgxdbY4mlEy644oaaKo3UBvoZu/2OTr4HqDQR0lqMiZ +U8g== X-Gm-Message-State: AHPjjUiFIY/fcaDGGe7z1ouzYf7DqOmUBm0Q8OuPBpN1fnUHe1hIFrk+ hcyS2FVzz/aO79cuPA9M5vPcXw6SBfvvJ+Y9ptD95UEN X-Google-Smtp-Source: AOwi7QBTW4YzbzvvwKwyEzsYCYQXRbzb6vElILKDZbPWeL69u9LceweXkcJ6j4EYLSRc/Onc2M1NeSPyQfmnPOLJ37Q= X-Received: by 10.80.136.81 with SMTP id c17mr24767416edc.13.1507045937279; Tue, 03 Oct 2017 08:52:17 -0700 (PDT) MIME-Version: 1.0 Received: by 10.80.216.6 with HTTP; Tue, 3 Oct 2017 08:52:16 -0700 (PDT) From: =?UTF-8?B?5r2Y5b+X5b2q?= Date: Tue, 3 Oct 2017 23:52:16 +0800 Message-ID: To: bitcoin-dev@lists.linuxfoundation.org Content-Type: multipart/alternative; boundary="94eb2c0df462c076ae055aa6794d" X-Spam-Status: No, score=0.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_SPAM autolearn=disabled version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Fri, 06 Oct 2017 11:51:19 +0000 Subject: [bitcoin-dev] A solution may solve Block Withholding Attack X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2017 15:52:20 -0000 --94eb2c0df462c076ae055aa6794d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Here is a solution may solve Block Withholding Attack. The general idea is came from Aviv Zohar(avivz@cs.huji.ac.il), I made it work for Bitcoin. Anyway, thanks Aviv. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D DIFF_1 =3D 0x00000000FFFF00000000000000000000000000000000000000000000000000= 00; Diff =3D DIFF_1 / target this is equal to Diff =3D DIFF_1 / (target - 0) or Diff =3D DIFF_1 / abs(target - 0) now, we change diff algo to below: New_Diff =3D DIFF_1 / abs(target - offset) Offset is 32 bytes, like uint256 in Bitcoin, range is [0, 2^256), define: offset_hash =3D DSHA256(offset). we need to do a little change to the merkle root hash algo, put the offset_hash as a tx hash in the front of tx hashes. [offset_hash, coinbase_tx_hash, tx01_hash, tx02_hash, =E2=80=A6 , tx_n_hash= ] Actually could put offset_hash in any place in the array of hashes. network_hash_range =3D network_hash_end - network_hash_begin miner_hash_range =3D miner_hash_end - miner_hash_begin The offset value MUST between network_hash_begin/end or miner_hash_begin/end. https://user-images.githubusercontent.com/514951/31133378-e00d9ca2-a891-11e= 7-8c61-73325f59f6ed.JPG When mining pool send a job to miners, put the PoW hash range (miner_hash_begin/end) in the job. So if the miners find a hash which value is between [miner_hash_begin, miner_hash_end], means it's SHOULD be a valid share, could submit the share to the pool. If the hash value is between [network_hash_begin, network_hash_end] means find a valid block. The network_diff is much much high than the miner's diff, means the network_hash_range is much much smaller than miner_hash_range. By now, a typical miner's pool diff is around 16K, network diff is 1123863285132, so miner_hash_range is at least million times bigger than network_hash_range. The miners only know miner_hash_range, it's impossible for cheat miners to find out which share could make a valid block or not. Problems: 1. it's a hard fork. 2. will make existed asic dsha256 chips useless, but I think it's only a small change to make new asic chips based on existed tech. --94eb2c0df462c076ae055aa6794d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Here is a solution may solve Block Withholding Attack= . The general idea is=C2=A0
came from Aviv Zohar(avivz@cs.huji.ac.il), I made it work for Bitcoin= .=C2=A0
Anyway, thanks Aviv.

=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

=
DIFF_1 =3D 0x00000000FFFF000000000000000000000000000000000000000000000= 0000000;

Diff =3D DIFF_1 / target

this is equal to=C2=A0

Diff =3D DIFF_1 / = (target - 0) or Diff =3D DIFF_1 / abs(target - 0)

= now, we change diff algo to below:

New_Diff =3D DI= FF_1 / abs(target - offset)

Offset is 32 bytes, li= ke uint256 in Bitcoin, range is [0, 2^256),=C2=A0
define: offset_= hash =3D DSHA256(offset).

we need to do a little c= hange to the merkle root hash algo, put the=C2=A0
offset_hash as = a tx hash in the front of tx hashes.

[offset_hash,= coinbase_tx_hash, tx01_hash, tx02_hash, =E2=80=A6 , tx_n_hash]
<= br>
Actually could put offset_hash in any place in the array of h= ashes.

network_hash_range =3D network_hash_end - n= etwork_hash_begin

miner_hash_range =3D miner_hash_= end - miner_hash_begin

The offset value MUST betwe= en network_hash_begin/end or miner_hash_begin/end.

https://user-images.githubusercontent.= com/514951/31133378-e00d9ca2-a891-11e7-8c61-73325f59f6ed.JPG
=
When mining pool send a job to miners, put the PoW hash rang= e=C2=A0
(miner_hash_begin/end) in the job. So if the miners find = a hash which value
is between [miner_hash_begin, miner_hash_end],= means it's SHOULD be a=C2=A0
valid share, could submit the s= hare to the pool. If the hash value is=C2=A0
between [network_has= h_begin, network_hash_end] means find a valid block.

The network_diff is much much high than the miner's diff, means the= =C2=A0
network_hash_range is much much smaller than miner_hash_ra= nge. By now,=C2=A0
a typical miner's pool diff is around 16K,= network diff is 1123863285132,=C2=A0
so miner_hash_range is at l= east million times bigger than network_hash_range.=C2=A0
The mine= rs only know miner_hash_range, it's impossible for cheat miners=C2=A0
to find out which share could make a valid block or not.

Problems:
1. it's a hard fork.
2. w= ill make existed asic dsha256 chips useless, but I think it's only a sm= all change to make new asic chips based on existed tech.
--94eb2c0df462c076ae055aa6794d--