1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
Return-Path: <rgrant@rgrant.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 0567AB78
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 18 May 2017 19:29:12 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-yw0-f171.google.com (mail-yw0-f171.google.com
[209.85.161.171])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 707F015B
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 18 May 2017 19:29:09 +0000 (UTC)
Received: by mail-yw0-f171.google.com with SMTP id l74so25742775ywe.2
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 18 May 2017 12:29:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=rgrant-org.20150623.gappssmtp.com; s=20150623;
h=mime-version:sender:in-reply-to:references:from:date:message-id
:subject:to:content-transfer-encoding;
bh=PUNvqSvy8lQf3TlIjYRS09hVMu55hEPImZrp5MZc6yI=;
b=KYo3g3tYbFsk3wWr6k6p2oZhRNuRdqwv36tvZcbKmIPKBXA33A5UH2aJgyBn6yuBIA
0l9s6hVVmu/YvbfmklST/6Rkm6HOY29Ng8BwQlnjCJ3zkjKLnESc8YUSMYHXGN83FHsB
/ZZjmPQp8pSKCAf1uIVUnxb8qGXMxqvgdfXr3RDJcnRsKTCsIBmdhhaKdVFODBGdwp6p
yzGMG5iOa4wn/7/jg5sUwHE7OzExcvYDlnNmMyBm076oe/eVbuJKM8hbPtPqKKERBJC9
gBPKwj0I99t29nu6ms+FaRTJYW1MA3TKk962NoPETSrbxLmpx1/PsnhH6IV/JglSVfdr
Qvew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
:date:message-id:subject:to:content-transfer-encoding;
bh=PUNvqSvy8lQf3TlIjYRS09hVMu55hEPImZrp5MZc6yI=;
b=p2ElEEJUkJ6SYdfz+qPFxH4oomknj8NsTnRRKR6A2sqDozZwrkU9QGT53ymugGx51N
J1OyhpMI6WsLm40zC+Tg/Hjbs4ck8OioIvIlwd/OdHw4Exl2xXYVDIA6bwiOwu+UcpcF
yRNsbGIABOcOXGV3aR+VfINSBDyTlAR+Lk0b38ccoc515rC6q1ULnYfTld2sGmGhOA9/
K6YB/zi+AvO/+g3JeVfkHcXNDSfyMtjFnjqflNO3a5ljtEsNJ2xphT7tFl/V/lMymo6w
7fjQQ2qpCzwtOQGX+1BYwptExpsbHH5YG5S6dnk/BjQ/5dvs97yCgX98ygF7xWQyKgV+
j6AQ==
X-Gm-Message-State: AODbwcA3ehPN2bgS1MNJcBC6kVRLKWsnNSgxrcSqh+wTQnXrQEchPfGn
O0M7cjyStg6RfaxrSXQwVZtF4IutIhyAOGKe8g==
X-Received: by 10.129.153.8 with SMTP id q8mr4772147ywg.134.1495135748846;
Thu, 18 May 2017 12:29:08 -0700 (PDT)
MIME-Version: 1.0
Sender: rgrant@rgrant.org
Received: by 10.37.63.65 with HTTP; Thu, 18 May 2017 12:28:38 -0700 (PDT)
In-Reply-To: <4BA0FA5D-7B29-4A7F-BC5B-361ED00D5CB2@gmail.com>
References: <4BA0FA5D-7B29-4A7F-BC5B-361ED00D5CB2@gmail.com>
From: Ryan Grant <bitcoin-dev@rgrant.org>
Date: Thu, 18 May 2017 15:28:38 -0400
X-Google-Sender-Auth: 6jClIHIeNV9a0dGWfQRrHT5_8CA
Message-ID: <CAMnpzfoe1jNu6Uj8uXTJeGNLHG1O9DGtvy=aMJd=6OBS+_weSw@mail.gmail.com>
To: bitcoin-dev@lists.linuxfoundation.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, RCVD_IN_DNSWL_NONE,
RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev]
=?utf-8?b?VHJlYXRpbmcg4oCYQVNJQ0JPT1NU4oCZIGFzIGEg?=
=?utf-8?q?Security_Vulnerability?=
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 18 May 2017 19:29:12 -0000
On Thu, May 18, 2017 at 9:44 AM, Cameron Garnham via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
> 3. We should assign a CVE to the vulnerability exploited by =E2=80=98=
ASICBOOST=E2=80=99.
>
> =E2=80=98ASICBOOST=E2=80=99 is an attack on this Bitcoin=E2=80=99s securi=
ty assumptions and
> should be considered an exploit of the Bitcoin Proof-of-Work
> Function.
On Thu, May 18, 2017 at 10:59 AM, Tier Nolan via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
> Arguably as long as the effort to find a block is proportional to the blo=
ck
> difficulty parameter, then it isn't an exploit. It is just an optimisati=
on.
One principled way to proceed would be to fault not the exploit, but
the protocol design.
Bits in the block header have been discovered which could be used for
dual meanings, and at least one meaning does not preserve the
incentive balances intended and assumed by others. This unexpectedly
creates an incentive to block protocol improvements. The protocol
must be repaired.
In this view, which focuses on covert-ASICBOOST, how work is done is
up to the implementation. But if the hashing work specified possibly
could gain from blocking development work, then we have a
vulnerability.
I believe this is clear grounds for taking action without any delay.
|