1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
Return-Path: <rgrant@rgrant.org>
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
by lists.linuxfoundation.org (Postfix) with ESMTP id B1BF9C000D
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 1 Oct 2021 20:16:35 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id 9A2504023A
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 1 Oct 2021 20:16:35 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5
tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_NONE=-0.0001,
RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001]
autolearn=ham autolearn_force=no
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id lGYVpvzuCXpp
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 1 Oct 2021 20:16:34 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
Received: from mail-ua1-f41.google.com (mail-ua1-f41.google.com
[209.85.222.41])
by smtp2.osuosl.org (Postfix) with ESMTPS id 0AAC0400E6
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 1 Oct 2021 20:16:33 +0000 (UTC)
Received: by mail-ua1-f41.google.com with SMTP id k32so7515744uae.2
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 01 Oct 2021 13:16:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=hMKWu/ZMWpa9XSBVVEJlxsOhXDZQor0FI+WLJ8SKOBI=;
b=N75BuZ8laIHQkrvcrdc0T4p/pPYUu/JEXqH2tfpcrTmVrNHOkisgBmjtMkSr8qiw7d
VasoQlzSHjyxVHlNRa9QkfksRcV4CAXoYifK/74Ep2IAgimKZsbw/0mobvHoDORbgWO0
bIMkemTHkY5McfVAVo4+icDWwEnl6aF4WrpWgpcwtEvrDTKpyl6SNjkRpRv9IZglzMaF
ejIKLunH4LJ1r0OFbv+SlmDDIhCHzIOHEAXMdag/dSyzrEabTAh5fAZbuV4QvX+be/o6
xrcSyOH4ZfHiV9viFAjDyeg2DcXoUH4NU5l+hqGxrGNRFZybZQTgU18LXFOfVw7hMXzW
+tMA==
X-Gm-Message-State: AOAM532fjWGKGW212kToF5eTgT669RDdmanA2kDZ/SRsli18AKZARiQZ
Je9I9xZgPimTs0iTDS0ppBnhcgJ2ykExGYQPJRMO13Dlof6sDw==
X-Google-Smtp-Source: ABdhPJzm68vCOKF3Ade2Tl+0auYs8/ir7ELcwzDLA4zn7iz19plwfvgVQAOxFCdsBjpSotgKT3JEUnWeD3129FA6I+Y=
X-Received: by 2002:ab0:550f:: with SMTP id t15mr12265636uaa.49.1633119392640;
Fri, 01 Oct 2021 13:16:32 -0700 (PDT)
MIME-Version: 1.0
References: <MkZx3Hv--3-2@tutanota.de>
<yp9mJ2Poc_Ce91RkrhjnTA3UPvdh0wUyw2QhRPZEyO3gPHZPhmnhqER_4b7ChvmRh8GcYVPEkoud6vamJ9lGlQPi-POF-kyimBWNHz2RH3A=@protonmail.com>
<MkdYcV9--3-2@tutanota.de>
<CAPv7TjbvRE-b33MeYucUfr6CTooCRSH42hwSn5dMiJ4LODATRQ@mail.gmail.com>
<MktnWM7--3-2@tutanota.de>
<qNjz-H23x07OJjnf5Try4Qp8l5s23SQxhEE8yAfNbrniN34u2vM72FVFSDJxHg4HNTL8tdcm-KKT8h6XVRwOwN0ZmckxzWiMlNFmLbMNuHc=@protonmail.com>
<MkwZGYl--7-2@tutanota.de>
In-Reply-To: <MkwZGYl--7-2@tutanota.de>
From: Ryan Grant <bitcoin-dev@rgrant.org>
Date: Fri, 1 Oct 2021 20:15:56 +0000
Message-ID: <CAMnpzfrNZ0vpiMVoH=0KW9jy1-vppudX3D7Z+aXpSp4h_7s=zw@mail.gmail.com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: text/plain; charset="UTF-8"
Cc: Prayank <prayank@tutanota.de>
Subject: Re: [bitcoin-dev] Mock introducing vulnerability in important
Bitcoin projects
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Oct 2021 20:16:35 -0000
Due to the uneven reputation factor of various devs, and uneven review
attention for new pull requests, this exercise would work best as a
secret sortition.
Sortition would encourage everyone to always be on their toes rather
than only when dealing with new github accounts or declared Red Team
devs. The ceremonial aspects would encourage more devs to participate
without harming their reputation.
https://en.wikipedia.org/wiki/Sortition
https://en.wikipedia.org/wiki/Red_team
The scheme should include public precommitments collected at
ceremonial intervals.
where:
hash1 /* sortition ticket */ = double-sha256(secret)
hash2 /* public precommitment */ = double-sha256(hash1)
The random oracle could be block hashes. They could be matched to
hash1, the sortition ticket. A red-team-concurrency difficulty
parameter could control how many least-significant bits must match to
be secretly selected. The difficulty parameter could be a matter of
group consensus at the ceremonial intervals, based on a group decision
on how much positive effect the Red Team exercise is providing.
Upon assignment, the dev would have community approval to
opportunistically insert a security flaw; which, when either caught,
merged, or on timeout, they would reveal along with the sortition
ticket that hashes to their public precommitment.
Sortition Precommitment Day might be once or twice a year.
|
