1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
|
Return-Path: <eric@voskuil.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id DCEF894F
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 26 May 2017 08:15:59 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-pf0-f171.google.com (mail-pf0-f171.google.com
[209.85.192.171])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 4320212A
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 26 May 2017 08:15:59 +0000 (UTC)
Received: by mail-pf0-f171.google.com with SMTP id m17so4952887pfg.3
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 26 May 2017 01:15:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=voskuil-org.20150623.gappssmtp.com; s=20150623;
h=subject:to:references:cc:from:message-id:date:user-agent
:mime-version:in-reply-to:content-transfer-encoding;
bh=adymTD5ZU2lJrRnz1C/o+LKI9Ppekh6epoc1jPgqZ9g=;
b=FH7oA3xQfhIeifiRVKYevkri/4qgOf3pEyhbxcXZSnhDhIS4VjTbyBX/DY0jkFbtu9
JXpGIOCj4kgl5RnycsRQkvjxpnUForKz3wI1IT25bwZUsX9hb4hgNnAZopBDMt7vwerg
7VyGJc9HjxFvtdUYzJP4defngNh4FAH8LfXpewMRy6qMsumb5vkRo76WXXJY7oRMlEct
ohw3GWMqb/xAb0yswZVN75EAUn4v99vMHcKxLGqyOmp88cgAvICBooPWQVcSf6xzuRyq
JQMgOThy3R2G9Q2JY8Fic1FA+/4gh+3bu0adV05QLZ0MYPK+UjlvJsM7jsd+QAgxhrJj
+zXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:subject:to:references:cc:from:message-id:date
:user-agent:mime-version:in-reply-to:content-transfer-encoding;
bh=adymTD5ZU2lJrRnz1C/o+LKI9Ppekh6epoc1jPgqZ9g=;
b=c7tRyGU+ZccFjFY0yOT4+OB5qQqy09a/bA8BKcHTuGc9vR+nm2wkCdGgS50pVgnD9B
XFFk3OS4QsxTz7F95tPmbnZK17iOYCSKB8u4mOLKMtAuhG2dYcTEL13WYvAwPBgxaoeL
L/dJZhO5FxV5q88B4BSUXZ7mA9QUvmU4tZ9oNq/fwD1E0Bkp00xAFVDEMnbnCohwwo5l
0p+hpaX68jU30HK7COO0CZwua/AlSc3PZMleVJo7N7+6jOYG9mpidVlc3EO7KCE8V0XU
8eswR/bHS/0vHR1OmtSzBsxG2xPmOlykblTIQ3Jv9k60cVlTllkQjsuacrUhlpfKhERp
h6nQ==
X-Gm-Message-State: AODbwcDMrfNcYaQKS59YrDrV+FHFDAEl0SGKEKWrEz9JYJVl2veMJEM3
iQdWCzS6kfE5C/YV
X-Received: by 10.84.216.10 with SMTP id m10mr55554989pli.4.1495786558232;
Fri, 26 May 2017 01:15:58 -0700 (PDT)
Received: from ?IPv6:2601:600:a080:16bb:7d26:ac61:e7ed:4ce?
([2601:600:a080:16bb:7d26:ac61:e7ed:4ce])
by smtp.gmail.com with ESMTPSA id o29sm303887pgc.27.2017.05.26.01.15.57
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 26 May 2017 01:15:57 -0700 (PDT)
To: Cameron Garnham <da2ce7@gmail.com>,
"Andreas M. Antonopoulos" <andreas@antonopoulos.com>
References: <D0299438-E848-4696-B323-8D0E810AE491@gmail.com>
<CAFmyj8zNkPj3my3CLzkXdpJ1xkD0GQk8ODg09qYnnj_ONGUtsQ@mail.gmail.com>
<2E6BB6FA-65FF-497F-8AEA-4CC8655BAE69@gmail.com>
From: Eric Voskuil <eric@voskuil.org>
X-Enigmail-Draft-Status: N1110
Message-ID: <c771e922-1121-e323-f4b8-ad99e0d930b8@voskuil.org>
Date: Fri, 26 May 2017 01:15:56 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <2E6BB6FA-65FF-497F-8AEA-4CC8655BAE69@gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, RCVD_IN_DNSWL_NONE,
RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Fri, 26 May 2017 13:59:31 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Emergency Deployment of SegWit as a partial
mitigation of CVE-2017-9230
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 26 May 2017 08:16:00 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi Cameron,
Presumably the "very serious security vulnerability" posed is one of
increased centralization of hash power. Would this danger exist
without the patent risk?
e
On 05/26/2017 01:02 AM, Cameron Garnham via bitcoin-dev wrote:
> Thank you for your reply Andreas,
>
> I can assure you that I have many motivations for activating
> SegWit.
>
> Before studding ASICBOOST I wanted to activate SegWit as it is a
wonderful upgrade for Bitcoin. It seems to me that virtually the
entire Bitcoin Ecosystem agrees with me. Except for around 67% of the
mining hash-rate who very conspicuously refuse to signal for it’s
activation.
>
> So, I started searching for the motivations of such a large amount
of the mining hash-rate holding a position that isn’t at-all
represented in the wider Bitcoin Community. My study of ASICBOOST lead
to a ‘bingo’ moment: If one assumes that the 67% of the hash rate
that refuse to signal for SegWit are using ASICBOOST. The entire
picture of this political stalemate became much more understandable.
>
> This only strengthened my resolve to activate SegWit: not only is
SegWit great, it partially mitigates a very serious security
vulnerability.
>
> This is why I call into question why you would suggest:
>
> “This proposal is unnecessarily conflating two contentious issues
and will attract criticism of self serving motivation.”
>
> 1. I am not conflating the issues. I would argue that very fact
that SegWit has not been activated yet is directly because of
CVE-2017-9230.
> 2. I have no reason to believe that SegWit is contentious, except
for the attackers who it would frustrate.
> 3. I have no negative responses to my endeavours to get ASICBOOST
> as
regarded as a legitimate security vulnerability. This would suggest
that it is not contentious in the wider technical community.
>
> If SegWit is NOT contentious within the technical community and it
is NOT contentious to regard CVE-2017-9230 as a credible security
vulnerability. Then using it as partial security fix for a security
vulnerability SHOULD NOT be contentious.
>
> If you believe that SegWit is contentious within the technical
community. Or you believe CVE-2017-9230 should not be regarded as a
credible security vulnerability. Then I would logically agree with you
that we should separate the issues so that we may gain consensus.
However, I just don’t see this as the case.
>
> Cameron.
>
>
>> On 26 May 2017, at 09:52 , Andreas M. Antonopoulos
<andreas@antonopoulos.com> wrote:
>>
>> I rarely post here, out of respect to the mailing list. But
>> since
my name was mentioned...
>>
>> I much prefer Gregory Maxwell's proposal to defuse covert
>> ASICBOOST
(only) with a segwit-like commitment to the coinbase which does not
obligate miners to signal Segwit or implement Segwit, thus disarming
any suspicion that the issue is being exploited only to activate Segwit.
>>
>> This proposal is unnecessarily conflating two contentious issues
and will attract criticism of self serving motivation.
>>
>> Politicising CVE is damaging to the long term bitcoin
>> development
and to its security. Not claiming that is the intent here, but the
damage is done by the mere appearance of motive.
>>
>>
>>
>> On May 26, 2017 16:30, "Cameron Garnham via bitcoin-dev"
<bitcoin-dev@lists.linuxfoundation.org> wrote:
>> Hello Bitcoin-Dev,
>>
>> CVE-2017-9230 (1) (2), or commonly known as ‘ASICBOOST’ is a
>> severe
(3) (4) and actively exploited (5) security vulnerability.
>>
>> To learn more about this vulnerability please read Jeremy
>> Rubin’s
detailed report:
>> http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf
>>
>> Andreas Antonopoulos has an excellent presentation on why
>> asicboost
is dangerous:
>> https://www.youtube.com/watch?v=t6jJDD2Aj8k
>>
>> In decisions on the #bitcoin-core-dev IRC channel; It was
>> proposed,
without negative feedback, that SegWit be used as a partial-mitigation
of CVE-2017-9230.
>>
>> SegWit partially mitigates asicboost with the common reasonable
assumption that any block that doesn’t include a witness commit in
it's coinbase transaction was mined using covert asicboost. Making
the use of covert asicboost far more conspicuous.
>>
>> It was also proposed that this partial mitigation should be
>> quickly
strengthened via another soft-fork that makes the inclusion of witness
commits mandatory, without negative feedback.
>>
>> The security trade-offs of deploying a partial-mitigation to
CVE-2017-9230 quickly vs more slowly but more conservatively is under
intense debate. The author of this post has a strong preference to
the swiftest viable option.
>>
>> Cameron.
>>
>>
>> (1) CVE Entry:
>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=+CVE-2017-9230
>>
>> (2) Announcement of CVE to Mailing List:
>>
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014416.
html
>>
>> (3) Discussion of the perverse incentives created by 'ASICBOOST'
>> by
Ryan Grant:
>>
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.
html
>>
>> (4) Discussion of ASICBOOST's non-independent PoW calculation by
Tier Nolan:
>>
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.
html
>>
>> (5) Evidence of Active Exploit by Gregory Maxwell:
>>
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/01399
6.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBCAAGBQJZJ+Q1AAoJEDzYwH8LXOFOqakH/R1YCifIGjV07vnnsxeC/77x
d6w5tBmtEd5MLzrX/6VtMoI8UzgLEcDM1WfFox3jDVz/HurkTVorliyJrr14BVsc
rL2nTbfychYh1rAdTIsNwFt15Wgjcp/5eAq7Lw5TM5OJ3YbPn2zWJY19QmjEAJ+M
kGz26R+IJL1095yed5RN2JoN8O9x+HVdtIjaHJJRJzLsy+3g22zMWgN1nZN0olhX
mFQJZbvS0gQyiRGJmNku3zP5Qg2cFzWt+VBtFrzNu1QTTkbK2e1owHOmpgfygTD3
g3F4VoDfyA7pBnpMMMjjTaCaG34Am3CvYu8iYnZXy85s2ZjC+XeKgqMkBLj4+q8=
=A3ne
-----END PGP SIGNATURE-----
|
