summaryrefslogtreecommitdiff
path: root/9e/af1235bc4179fc58385b0ba6aedffa93bc558f
blob: cd78cdb810952dd0d31b1c0c73e17478100bc2d9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
Return-Path: <rgrant@rgrant.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 0567AB78
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 18 May 2017 19:29:12 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-yw0-f171.google.com (mail-yw0-f171.google.com
	[209.85.161.171])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 707F015B
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 18 May 2017 19:29:09 +0000 (UTC)
Received: by mail-yw0-f171.google.com with SMTP id l74so25742775ywe.2
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 18 May 2017 12:29:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=rgrant-org.20150623.gappssmtp.com; s=20150623;
	h=mime-version:sender:in-reply-to:references:from:date:message-id
	:subject:to:content-transfer-encoding;
	bh=PUNvqSvy8lQf3TlIjYRS09hVMu55hEPImZrp5MZc6yI=;
	b=KYo3g3tYbFsk3wWr6k6p2oZhRNuRdqwv36tvZcbKmIPKBXA33A5UH2aJgyBn6yuBIA
	0l9s6hVVmu/YvbfmklST/6Rkm6HOY29Ng8BwQlnjCJ3zkjKLnESc8YUSMYHXGN83FHsB
	/ZZjmPQp8pSKCAf1uIVUnxb8qGXMxqvgdfXr3RDJcnRsKTCsIBmdhhaKdVFODBGdwp6p
	yzGMG5iOa4wn/7/jg5sUwHE7OzExcvYDlnNmMyBm076oe/eVbuJKM8hbPtPqKKERBJC9
	gBPKwj0I99t29nu6ms+FaRTJYW1MA3TKk962NoPETSrbxLmpx1/PsnhH6IV/JglSVfdr
	Qvew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
	:date:message-id:subject:to:content-transfer-encoding;
	bh=PUNvqSvy8lQf3TlIjYRS09hVMu55hEPImZrp5MZc6yI=;
	b=p2ElEEJUkJ6SYdfz+qPFxH4oomknj8NsTnRRKR6A2sqDozZwrkU9QGT53ymugGx51N
	J1OyhpMI6WsLm40zC+Tg/Hjbs4ck8OioIvIlwd/OdHw4Exl2xXYVDIA6bwiOwu+UcpcF
	yRNsbGIABOcOXGV3aR+VfINSBDyTlAR+Lk0b38ccoc515rC6q1ULnYfTld2sGmGhOA9/
	K6YB/zi+AvO/+g3JeVfkHcXNDSfyMtjFnjqflNO3a5ljtEsNJ2xphT7tFl/V/lMymo6w
	7fjQQ2qpCzwtOQGX+1BYwptExpsbHH5YG5S6dnk/BjQ/5dvs97yCgX98ygF7xWQyKgV+
	j6AQ==
X-Gm-Message-State: AODbwcA3ehPN2bgS1MNJcBC6kVRLKWsnNSgxrcSqh+wTQnXrQEchPfGn
	O0M7cjyStg6RfaxrSXQwVZtF4IutIhyAOGKe8g==
X-Received: by 10.129.153.8 with SMTP id q8mr4772147ywg.134.1495135748846;
	Thu, 18 May 2017 12:29:08 -0700 (PDT)
MIME-Version: 1.0
Sender: rgrant@rgrant.org
Received: by 10.37.63.65 with HTTP; Thu, 18 May 2017 12:28:38 -0700 (PDT)
In-Reply-To: <4BA0FA5D-7B29-4A7F-BC5B-361ED00D5CB2@gmail.com>
References: <4BA0FA5D-7B29-4A7F-BC5B-361ED00D5CB2@gmail.com>
From: Ryan Grant <bitcoin-dev@rgrant.org>
Date: Thu, 18 May 2017 15:28:38 -0400
X-Google-Sender-Auth: 6jClIHIeNV9a0dGWfQRrHT5_8CA
Message-ID: <CAMnpzfoe1jNu6Uj8uXTJeGNLHG1O9DGtvy=aMJd=6OBS+_weSw@mail.gmail.com>
To: bitcoin-dev@lists.linuxfoundation.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, RCVD_IN_DNSWL_NONE,
	RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev]
	=?utf-8?b?VHJlYXRpbmcg4oCYQVNJQ0JPT1NU4oCZIGFzIGEg?=
	=?utf-8?q?Security_Vulnerability?=
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 18 May 2017 19:29:12 -0000

On Thu, May 18, 2017 at 9:44 AM, Cameron Garnham via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
> 3.     We should assign a CVE to the vulnerability exploited by =E2=80=98=
ASICBOOST=E2=80=99.
>
> =E2=80=98ASICBOOST=E2=80=99 is an attack on this Bitcoin=E2=80=99s securi=
ty assumptions and
> should be considered an exploit of the Bitcoin Proof-of-Work
> Function.

On Thu, May 18, 2017 at 10:59 AM, Tier Nolan via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
> Arguably as long as the effort to find a block is proportional to the blo=
ck
> difficulty parameter, then it isn't an exploit.  It is just an optimisati=
on.

One principled way to proceed would be to fault not the exploit, but
the protocol design.

Bits in the block header have been discovered which could be used for
dual meanings, and at least one meaning does not preserve the
incentive balances intended and assumed by others.  This unexpectedly
creates an incentive to block protocol improvements.  The protocol
must be repaired.

In this view, which focuses on covert-ASICBOOST, how work is done is
up to the implementation.  But if the hashing work specified possibly
could gain from blocking development work, then we have a
vulnerability.

I believe this is clear grounds for taking action without any delay.