MIME-Version: 1.0
From: =?UTF-8?B?5r2Y5b+X5b2q?= <bit.kevin@gmail.com>
Date: Tue, 3 Oct 2017 23:52:16 +0800
Message-ID: <CA+fZXJKuE_C7231-OHM2gvFUYBKjfoDoOfh+04YqHZuQF41eag@mail.gmail.com>
To: bitcoin-dev@lists.linuxfoundation.org
Content-Type: multipart/alternative; boundary="94eb2c0df462c076ae055aa6794d"
Subject: [bitcoin-dev] A solution may solve Block Withholding Attack
Precedence: list

--94eb2c0df462c076ae055aa6794d
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Here is a solution may solve Block Withholding Attack. The general idea is
came from Aviv Zohar(avivz@cs.huji.ac.il), I made it work for Bitcoin.
Anyway, thanks Aviv.

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

DIFF_1 =3D 0x00000000FFFF00000000000000000000000000000000000000000000000000=
00;

Diff =3D DIFF_1 / target

this is equal to

Diff =3D DIFF_1 / (target - 0) or Diff =3D DIFF_1 / abs(target - 0)

now, we change diff algo to below:

New_Diff =3D DIFF_1 / abs(target - offset)

Offset is 32 bytes, like uint256 in Bitcoin, range is [0, 2^256),
define: offset_hash =3D DSHA256(offset).

we need to do a little change to the merkle root hash algo, put the
offset_hash as a tx hash in the front of tx hashes.

[offset_hash, coinbase_tx_hash, tx01_hash, tx02_hash, =E2=80=A6 , tx_n_hash=
]

Actually could put offset_hash in any place in the array of hashes.

network_hash_range =3D network_hash_end - network_hash_begin

miner_hash_range =3D miner_hash_end - miner_hash_begin

The offset value MUST between network_hash_begin/end or
miner_hash_begin/end.

https://user-images.githubusercontent.com/514951/31133378-e00d9ca2-a891-11e=
7-8c61-73325f59f6ed.JPG

When mining pool send a job to miners, put the PoW hash range
(miner_hash_begin/end) in the job. So if the miners find a hash which value
is between [miner_hash_begin, miner_hash_end], means it's SHOULD be a
valid share, could submit the share to the pool. If the hash value is
between [network_hash_begin, network_hash_end] means find a valid block.

The network_diff is much much high than the miner's diff, means the
network_hash_range is much much smaller than miner_hash_range. By now,
a typical miner's pool diff is around 16K, network diff is 1123863285132,
so miner_hash_range is at least million times bigger than
network_hash_range.
The miners only know miner_hash_range, it's impossible for cheat miners
to find out which share could make a valid block or not.

Problems:
1. it's a hard fork.
2. will make existed asic dsha256 chips useless, but I think it's only a
small change to make new asic chips based on existed tech.

--94eb2c0df462c076ae055aa6794d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Here is a solution may solve Block Withholding Attack=
. The general idea is=C2=A0</div><div>came from Aviv Zohar(<a href=3D"mailt=
o:avivz@cs.huji.ac.il">avivz@cs.huji.ac.il</a>), I made it work for Bitcoin=
.=C2=A0</div><div>Anyway, thanks Aviv.</div><div><br></div><div>=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div><div><br></div>=
<div>DIFF_1 =3D 0x00000000FFFF000000000000000000000000000000000000000000000=
0000000;</div><div><br></div><div>Diff =3D DIFF_1 / target</div><div><br></=
div><div>this is equal to=C2=A0</div><div><br></div><div>Diff =3D DIFF_1 / =
(target - 0) or Diff =3D DIFF_1 / abs(target - 0)</div><div><br></div><div>=
now, we change diff algo to below:</div><div><br></div><div>New_Diff =3D DI=
FF_1 / abs(target - offset)</div><div><br></div><div>Offset is 32 bytes, li=
ke uint256 in Bitcoin, range is [0, 2^256),=C2=A0</div><div>define: offset_=
hash =3D DSHA256(offset).</div><div><br></div><div>we need to do a little c=
hange to the merkle root hash algo, put the=C2=A0</div><div>offset_hash as =
a tx hash in the front of tx hashes.</div><div><br></div><div>[offset_hash,=
 coinbase_tx_hash, tx01_hash, tx02_hash, =E2=80=A6 , tx_n_hash]</div><div><=
br></div><div>Actually could put offset_hash in any place in the array of h=
ashes.</div><div><br></div><div>network_hash_range =3D network_hash_end - n=
etwork_hash_begin</div><div><br></div><div>miner_hash_range =3D miner_hash_=
end - miner_hash_begin</div><div><br></div><div>The offset value MUST betwe=
en network_hash_begin/end or miner_hash_begin/end.</div><div><br></div><div=
><a href=3D"https://user-images.githubusercontent.com/514951/31133378-e00d9=
ca2-a891-11e7-8c61-73325f59f6ed.JPG">https://user-images.githubusercontent.=
com/514951/31133378-e00d9ca2-a891-11e7-8c61-73325f59f6ed.JPG</a></div><div>=
<br></div><div>When mining pool send a job to miners, put the PoW hash rang=
e=C2=A0</div><div>(miner_hash_begin/end) in the job. So if the miners find =
a hash which value</div><div>is between [miner_hash_begin, miner_hash_end],=
 means it&#39;s SHOULD be a=C2=A0</div><div>valid share, could submit the s=
hare to the pool. If the hash value is=C2=A0</div><div>between [network_has=
h_begin, network_hash_end] means find a valid block.</div><div><br></div><d=
iv>The network_diff is much much high than the miner&#39;s diff, means the=
=C2=A0</div><div>network_hash_range is much much smaller than miner_hash_ra=
nge. By now,=C2=A0</div><div>a typical miner&#39;s pool diff is around 16K,=
 network diff is 1123863285132,=C2=A0</div><div>so miner_hash_range is at l=
east million times bigger than network_hash_range.=C2=A0</div><div>The mine=
rs only know miner_hash_range, it&#39;s impossible for cheat miners=C2=A0</=
div><div>to find out which share could make a valid block or not.</div><div=
><br></div><div>Problems:</div><div>1. it&#39;s a hard fork.</div><div>2. w=
ill make existed asic dsha256 chips useless, but I think it&#39;s only a sm=
all change to make new asic chips based on existed tech.</div></div>

--94eb2c0df462c076ae055aa6794d--