1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
|
Return-Path: <fresheneesz@gmail.com>
Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])
by lists.linuxfoundation.org (Postfix) with ESMTP id 5F38CC0001
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 25 May 2021 08:01:26 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp1.osuosl.org (Postfix) with ESMTP id 408DB83B4E
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 25 May 2021 08:01:26 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: 0.602
X-Spam-Level:
X-Spam-Status: No, score=0.602 tagged_above=-999 required=5
tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: smtp1.osuosl.org (amavisd-new);
dkim=pass (2048-bit key) header.d=gmail.com
Received: from smtp1.osuosl.org ([127.0.0.1])
by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 0EnpK56MNm9i
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 25 May 2021 08:01:25 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com
[IPv6:2a00:1450:4864:20::52c])
by smtp1.osuosl.org (Postfix) with ESMTPS id 55F8D83C22
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 25 May 2021 08:01:25 +0000 (UTC)
Received: by mail-ed1-x52c.google.com with SMTP id a25so35027221edr.12
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 25 May 2021 01:01:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=3YfI14D2BVirtT3SXaaHiT4QQHdsysjeNYGeDvvZvVI=;
b=hsYgADvJxvc7cSS57toXN+dfl+4F9Csc11sxE3Qvq+hHzb1jsazZ/ItB9wUZhnY4tp
lWyxz2c2A6z2gNZCQGbZ1VzgANHcehegdq4xXkBbGCHaXW/BN1Ed+lYita9C95rfoTXQ
mZ8LYyC6Y8OMvcf5/ShGYtVRWJ7yIxs7v45XLc33ptX50Tb91ux8OAe66fYO/UBJ3LuT
33ROanirBmclBGN/POzrmV/y1wZEpoyqQF3N4aE8+txoR0eYn0wExrJ8nAgO0lOnaqgd
obOe7z1gfeN5UZED5EECh/18MuQpZ/4WyM/lQhTWCtdRlH+davYd1DKiJ8ooRpSvSuhm
2NbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=3YfI14D2BVirtT3SXaaHiT4QQHdsysjeNYGeDvvZvVI=;
b=ll7qx9X6RBfSCQEK+ixPkphSd8mMSF/D35igIGTKvIlO/FZhAEV5W3NXxYJzr7Yqc2
YTKK/sE0c+zU/6/XnRuhhJBK++COYJCem8rmk70U8/QuEsZNIgd/jjKK9vDW2jqETl83
WhLdVQEUw2LTE6x0WUAQalYTSIJBQgEpavcz77BftBJdznD0rGRUQxQQdHQmfQiUVkQh
bodtumz8y5XQbYXurHx7n/VZ0J9UznWXG358nZNw6e8u9DWGtdFb6zgntSzHtFqFtrgN
OEglWf5kjLg9KStyZ8pCo7RbwyzLy6UK/U0Sy5Lw80HJeGh2CI2KcofKf7Bc72Po+p67
6XzA==
X-Gm-Message-State: AOAM532wJAlJLcO/Znru3Cz9NLDv7ud1vFTZBeQlVAhSt3JMqEIEPKxB
+7sRzhrDRogunQGf4PjgU7d/TTRgGXYU8J95SO8=
X-Google-Smtp-Source: ABdhPJzas+U6Ya7m74cuKVKjsfKzLivaHegmrDzNb+67A6/EEbIc0JiV3AQVcN3Y7W+ghznI7o5Lytav1ihFlXsX+Kc=
X-Received: by 2002:a05:6402:190e:: with SMTP id
e14mr30597041edz.146.1621929683432;
Tue, 25 May 2021 01:01:23 -0700 (PDT)
MIME-Version: 1.0
References: <CANQHGB1N4E9=cqrkxDiUH5hAHgzURAJv+S7Vkf8xWEMJ=+T_AQ@mail.gmail.com>
<KVDgWlVOrIW9ahW8jA8W1eSK-w0OzVEjx585MpJiNL-SuX9x-td_VzNEtFSDNj-bwulh_nLExtNBl4WD6x2Ipjp9bQvT4Jo3NIqoyDxoBBM=@protonmail.com>
<CALL-=e7hHYm96KJEFEiTgEaSjK0VTcNcGypLVekmaxYNN+egEA@mail.gmail.com>
<G3RgofdarOhSiEJjyDNaN2Dv27WCpb_0CSOpya6acUnPbpPQ-oygklpP_e0rLdxglK5FCo5dq7Qkv6GinA3qCXiOM6GzEcNvcxxM7kbwFhY=@protonmail.com>
<CALL-=e6deZdsA+LLWBXJwYDf9x2x4sRxC1s=8fb2wH1paXpMBA@mail.gmail.com>
<CAGpPWDYJHP1WsJA9Rymb3GwMomCipVV7UV_eSVb_g-DbBkw32w@mail.gmail.com>
<CALL-=e5BKBBkw3EkeYhHgzvEBuRdOOS1QnXpwh5qF1J6TEK3Hw@mail.gmail.com>
In-Reply-To: <CALL-=e5BKBBkw3EkeYhHgzvEBuRdOOS1QnXpwh5qF1J6TEK3Hw@mail.gmail.com>
From: Billy Tetrud <billy.tetrud@gmail.com>
Date: Mon, 24 May 2021 22:01:07 -1000
Message-ID: <CAGpPWDbDg+N72ce8ird_A_=vY-DHP87E+WCH-d40MnWasbk-6g@mail.gmail.com>
To: Karl <gmkarl@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000a1b76b05c322ee2d"
X-Mailman-Approved-At: Tue, 25 May 2021 08:34:20 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Reducing block reward via soft fork
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 25 May 2021 08:01:26 -0000
--000000000000a1b76b05c322ee2d
Content-Type: text/plain; charset="UTF-8"
> It seems to me bitcoin's biggest vulnerabilities are either covert
compromise of mining pool operations, or widespread compromise of networked
mining systems and client node
Stratum v2 will solve the mining pool problem. Widespread compromise of
mining systems seems far fetched. That would involve compromising hundreds
of thousands or perhaps millions of systems in disparate areas with
disparate operating systems and security procedures, run by people who
probably understand computer security better than most (given their
involvement in bitcoin).
I think the biggest vulnerability bitcoin has is a sybil attack draining
the resources of public full nodes. We only have like 10,000 public full
nodes serving the whole network. It wouldn't take that much money to create
a sybil botnet of 100,000 or 1 million nodes that connect to the bitcoin
network and simply take up public node resources, denying service to most
people's full nodes.
> I don't see why it would necessarily be made public if a government
compromised their nation's mining farms. Governments have skilled
operatives for things like that.
Skilled operatives have their limits. It could be kept secret if spies were
hired as employees and then systematically infected all the machines in a
mining operation's machines. But spies aren't magic, no matter how skilled.
One mistake and the jig is up. It would be more likely to be a backroom
deal, which would be harder to keep secret, especially in large operations.
Propaganda has its limits too, sure you could convince some people things
are fine, but sophisticated people like miners? I doubt it.
On Mon, May 24, 2021 at 2:55 PM Karl <gmkarl@gmail.com> wrote:
> If bitcoin were to ever consider changing their PoW algorithm a
> little, it seems that would immediately make purchased ASIC mining
> equipment partially or wholly unusable to compromise the chain (and
> temporarily reduce energy usage without necessarily reducing
> security). One possible plan to deter a multibillionaire attack.
>
> Also regarding the word "security" here, a 51% attack impacts some
> parts of chain operations, but not others.
>
> It seems to me bitcoin's biggest vulnerabilities are either covert
> compromise of mining pool operations, or widespread compromise of
> networked mining systems and client nodes. Far easier than
> outcompeting the mining network with hardware.
>
> I don't see why it would necessarily be made public if a government
> compromised their nation's mining farms. Governments have skilled
> operatives for things like that. People would guess it happened, and
> the government would cover up the guesses with more powerful stories.
>
--000000000000a1b76b05c322ee2d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">>=C2=A0
It seems to me bitcoin's biggest vulnerabilities are either covert comp=
romise of mining pool operations, or widespread compromise of networked min=
ing systems and client node<div><br></div><div>Stratum v2 will solve the mi=
ning pool problem. Widespread compromise of mining=C2=A0systems seems far f=
etched. That would involve compromising hundreds of thousands or perhaps mi=
llions of systems in disparate areas with disparate operating systems and s=
ecurity procedures,=C2=A0run=C2=A0by people who probably understand compute=
r security better than most (given their involvement in bitcoin).=C2=A0</di=
v><div><br></div><div>I think the biggest vulnerability bitcoin has is a sy=
bil attack draining the resources of public full nodes. We only have like 1=
0,000 public=C2=A0full nodes serving the whole network. It wouldn't tak=
e that much money to create a sybil botnet of 100,000 or 1 million nodes th=
at connect to the bitcoin network and simply take up public node resources,=
denying service to most people's full nodes.=C2=A0</div><div><br></div=
><div>> I don't see why it would necessarily be made public if a gov=
ernment compromised their nation's mining farms. Governments have skill=
ed operatives for things like that.=C2=A0=C2=A0</div><div><br></div><div>Sk=
illed operatives have their limits. It could be kept secret if spies were h=
ired as employees and then systematically infected all the machines in a mi=
ning operation's=C2=A0machines. But spies aren't magic, no matter h=
ow skilled. One mistake and the jig is up. It would be more likely to be a =
backroom deal, which would be harder to keep secret, especially in large op=
erations. Propaganda has its limits too, sure you could convince some peopl=
e things are fine, but sophisticated people like miners? I doubt it.=C2=A0<=
/div><div><div><br></div><div><br></div></div></div><br><div class=3D"gmail=
_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, May 24, 2021 at 2:55 =
PM Karl <<a href=3D"mailto:gmkarl@gmail.com" target=3D"_blank">gmkarl@gm=
ail.com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"=
margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-lef=
t:1ex">If bitcoin were to ever consider changing their PoW algorithm a<br>
little, it seems that would immediately make purchased ASIC mining<br>
equipment partially or wholly unusable to compromise the chain (and<br>
temporarily reduce energy usage without necessarily reducing<br>
security).=C2=A0 One possible plan to deter a multibillionaire attack.<br>
<br>
Also regarding the word "security" here, a 51% attack impacts som=
e<br>
parts of chain operations, but not others.<br>
<br>
It seems to me bitcoin's biggest vulnerabilities are either covert<br>
compromise of mining pool operations, or widespread compromise of<br>
networked mining systems and client nodes.=C2=A0 Far easier than<br>
outcompeting the mining network with hardware.<br>
<br>
I don't see why it would necessarily be made public if a government<br>
compromised their nation's mining farms.=C2=A0 Governments have skilled=
<br>
operatives for things like that.=C2=A0 People would guess it happened, and<=
br>
the government would cover up the guesses with more powerful stories.<br>
</blockquote></div>
--000000000000a1b76b05c322ee2d--
|