1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
Return-Path: <da2ce7@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id D9A5DD16
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 26 May 2017 19:20:49 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-lf0-f49.google.com (mail-lf0-f49.google.com
[209.85.215.49])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A3AF318F
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 26 May 2017 19:20:48 +0000 (UTC)
Received: by mail-lf0-f49.google.com with SMTP id m18so10793324lfj.0
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 26 May 2017 12:20:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:subject:from:in-reply-to:date:cc
:content-transfer-encoding:message-id:references:to;
bh=ki+6PKvYvmCXH80uUBhMG5VG+7lbgmmK1lHsXoe06ps=;
b=Bws7BEo0y+6RxrL73bn2s5+1jBFa4b0bHugUGmlj99y1dFj9Qo5WQ8EOesDrLXsfC4
p6w2uv+BRercYIMFeQl2eAvn3ReVNT2z0S++SnhAgBDb0AEO68/PljV/bAfCLISOa48T
B3TaRUAXbfaD5FFoc20eYLZdOowai0flIPAiD+p2KxDIxL5lGL2aGwvN3/XsPgY21X/v
ZBdDfQhnEr7um/dQysJfVdItf0/TyUr+M4SFBnABj7ukgp1BCBAzHJgs948SRENnADrt
rT2Qkqbk2xUM+rmu+fYCJq3Ozrqf7cctFpA330pwZQ/8U4d12yRxfy08P2NzfK2bTO+x
6ZPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
:content-transfer-encoding:message-id:references:to;
bh=ki+6PKvYvmCXH80uUBhMG5VG+7lbgmmK1lHsXoe06ps=;
b=owq7HpHIzqKKEvsxuaBPnE/t1BRgsMUYDJb9pScIwJ0mWo4TvM278GySjMKP27DhKN
Ef4RI26w/nChbWifznaqdQYFFNjIZbICaP2aczzYlR4J5+ZeWJh6TsUu8FeGHeSEFBzu
SOAHdRwyszHRgAKMRlQRqaw4GtRKSTTig6kgNiwfL49PlF3dcS4Y9whmG4Z61wpCUDNB
oPEVAFiUtPC89rlt9fV7VE8CbJB3nQ9boV3bTn3MUi9ixb3oj/ko8+HNfNx+TFkI8KXj
aTML9Rsxba0Mybl23RwsmxQZytIssePvNB81oQ/vHbI3qqMAAhgmxCv0g/UgHEDRveBV
t7jQ==
X-Gm-Message-State: AODbwcDjt6FcOG5T58dHz2o0s4PcHTOtbxx0TlQxfFNCee2Vtx9+GMvA
fMy1qlQNmWzY40uWpfY=
X-Received: by 10.46.13.2 with SMTP id 2mr1247390ljn.93.1495826446949;
Fri, 26 May 2017 12:20:46 -0700 (PDT)
Received: from [192.168.1.64] (37-145-225-221.broadband.corbina.ru.
[37.145.225.221])
by smtp.gmail.com with ESMTPSA id v9sm353142ljd.17.2017.05.26.12.20.45
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 26 May 2017 12:20:46 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Cameron Garnham <da2ce7@gmail.com>
In-Reply-To: <c771e922-1121-e323-f4b8-ad99e0d930b8@voskuil.org>
Date: Fri, 26 May 2017 22:20:42 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <7235D229-AB07-4CBE-AB69-1E6EBE0E2FDC@gmail.com>
References: <D0299438-E848-4696-B323-8D0E810AE491@gmail.com>
<CAFmyj8zNkPj3my3CLzkXdpJ1xkD0GQk8ODg09qYnnj_ONGUtsQ@mail.gmail.com>
<2E6BB6FA-65FF-497F-8AEA-4CC8655BAE69@gmail.com>
<c771e922-1121-e323-f4b8-ad99e0d930b8@voskuil.org>
To: Eric Voskuil <eric@voskuil.org>
X-Mailer: Apple Mail (2.3273)
X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,
RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Emergency Deployment of SegWit as a partial
mitigation of CVE-2017-9230
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 26 May 2017 19:20:50 -0000
Hello Eric,
Thank you for your question and your time off-list clarifying your =
position. I=E2=80=99m posting to the list so that a wider audience may =
benefit.
Original Question: =E2=80=98Presumably the "very serious security =
vulnerability" posed is one of increased centralization of hash power. =
Would this danger exist without the patent risk?=E2=80=99
I would postulate that if ASICBOOST was originally released without the =
patent risk, then much of the risk would have been avoided; all of the =
mining manufactures would have implemented ASICBOOST and had a similar =
advantage. However, now time has passed and the damage of the patent =
monopoly exploiting CVE-2017-9230 has been already done. If the =
ASICBOOST patent was released to the public for free today, while a good =
thing, it wouldn=E2=80=99t soften the severity of the vulnerability we =
face today.
The ASICBOOST PATENT provides a miner with a constant-factor advantage. =
This is a huge problem with zero-sum games, such as mining. In =
game-theory, a constant factor advantage gives an exponential advantage =
over the time period maintained.
This explains why the Bitcoin Community initially took very little =
notice to ASICBOOST: The effects of ASICBOOST stated at virtually =
nothing, and it took a while for the advantage to been seen over the =
normal variance of mining. However, it=E2=80=99s influence has been =
exponentially growing since then: creating an emergency problem that we =
now face.
The result of ASICBOOST going unchecked is that very quickly from now, =
surprisingly quickly, the only profitable miners will be the miners who =
make use of ASICBOOST. This is a grave concern.
I will again reiterate that the virtue-signalling over perceived =
political motivations is ridiculous in the light what I consider a =
looming catastrophe, we should be judging by what is real not just =
perceived.
The catastrophe that I fear is one company (or a single politically =
connected group) gaining a virtual complete monopoly of Bitcoin Mining. =
This is more important to me than avoiding chain-splits. Without a =
well-distributed set of miners Bitcoin isn=E2=80=99t Bitcoin.
Cameron.
PS.
This attack is part of a larger set of licensing attacks, where patens =
are just one form of licensing attack. These attacks are particularly =
damaging in competitive markets such as mining. We should be vigilant =
for other attempts to create state-enforced licensing around =
mathematical algorithms. ASICBOOST is an illustrative example of what =
the Bitcoin Community needs to defend against.
> On 26 May 2017, at 11:15 , Eric Voskuil <eric@voskuil.org> wrote:
>=20
> Signed PGP part
> Hi Cameron,
>=20
> Presumably the "very serious security vulnerability" posed is one of
> increased centralization of hash power. Would this danger exist
> without the patent risk?
>=20
> e
>=20
|