MIME-Version: 1.0
Reply-To: erik@q32.com
In-Reply-To: <20170406024910.GA1271@savin.petertodd.org>
References: <CAAS2fgR84898xD0nyq7ykJnB7qkdoCJYnFg6z5WZEUu0+-=mMA@mail.gmail.com>
	<20170406023123.GA1071@savin.petertodd.org>
	<CA+KqGkqSxeAUZFVFqM_QkEWcGFHgZXwGuOE==7HpXp1+D_Tj3Q@mail.gmail.com>
	<20170406024910.GA1271@savin.petertodd.org>
From: Erik Aronesty <earonesty@gmail.com>
Date: Wed, 5 Apr 2017 23:11:53 -0400
Message-ID: <CAJowKgL_BfJyyp=z6PB3mj+KBy0y9ParspbbnhoOTA0Cfr6C6g@mail.gmail.com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>,
	Peter Todd <pete@petertodd.org>
Content-Type: multipart/alternative; boundary=001a1144dcd6fa66d1054c76ded2
Subject: Re: [bitcoin-dev] BIP proposal: Inhibiting a covert attack on the
 Bitcoin POW function
Precedence: list

--001a1144dcd6fa66d1054c76ded2
Content-Type: text/plain; charset=UTF-8

If the primary purpose of pow is to destroy value, then a masked proof of
burn to an expanded address that assigns the private key holder the right
to mine only in the next Nth block would be sufficient.  Expanding the
address space so that addresses can only be proven invalid only with the
private key.  Miners can then not trivially game the system by excluding
tx...without killing the entire system.  ( Like POW ... miners lose many
burns since only one valid proof is deterministically selected. Difficult
adjusted upward based on the number of valid proofs per block.)

The other part of "real POW" is that miners take *time* to mine.  Proof of
destroyed value us not sufficient.  Proof of time spent is critical....
something even a masked burn cannot provide.

On Apr 5, 2017 10:49 PM, "Peter Todd via bitcoin-dev" <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> On Wed, Apr 05, 2017 at 07:39:08PM -0700, Bram Cohen wrote:
> > On Wed, Apr 5, 2017 at 7:31 PM, Peter Todd via bitcoin-dev <
> > > While I'm in favour of blocking covert usage of ASICBOOST, there's
> every
> > > reason
> > > to block non-covert usage of it as well. In a low margin business like
> > > mining,
> > > the advatange it gives is enormous - quite possibly 10x your profit
> margin
> > > -
> > > and given that barrier free access to being able to purchase ASICs is
> > > already
> > > an archilles heal for Bitcoin there is every reason to eliminate this
> legal
> > > vulnerability. Additionally, it's a technical vulnerability as well: we
> > > want
> > > getting into the ASIC manufacturing and design business to have as low
> > > barriers
> > > to entry as is feasible, and the ASICBOOST exploit significantly
> increases
> > > the
> > > minimum capital requirements to do so.
> > >
> >
> > Asicboost also has the problem that it isn't treating the hashing as a
> > black box, and thus has impacts on what gets mined. In particular it
> > creates an incentive to make blocks smaller. That's a very unwanted
> effect,
> > and anything like it should be engineered out on principle.
>
> Agreed! There's no benefit to Bitcoin for having it - one way or the other
> miners are going to destroy ~12BTC/block worth of energy. Meanwhile it
> appears
> to have lead to something like a year of stupid political bullshit based
> on a
> secret advantage - there's no reason to invite a repeat of this episode.
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>

--001a1144dcd6fa66d1054c76ded2
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto">If the primary purpose of pow is to destroy value, then a=
 masked proof of burn to an expanded address that assigns the private key h=
older the right to mine only in the next Nth block would be sufficient.=C2=
=A0 Expanding the address space so that addresses can only be proven invali=
d only with the private key.=C2=A0 Miners can then not trivially game the s=
ystem by excluding tx...without killing the entire system. =C2=A0( Like POW=
 ... miners lose many burns since only one valid proof is deterministically=
 selected. Difficult adjusted upward based on the number of valid proofs pe=
r block.)<div dir=3D"auto"><br></div><div dir=3D"auto">The other part of &q=
uot;real POW&quot; is that miners take *time* to mine.=C2=A0 Proof of destr=
oyed value us not sufficient.=C2=A0 Proof of time spent is critical.... som=
ething even a masked burn cannot provide.</div></div><div class=3D"gmail_ex=
tra"><br><div class=3D"gmail_quote">On Apr 5, 2017 10:49 PM, &quot;Peter To=
dd via bitcoin-dev&quot; &lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfound=
ation.org">bitcoin-dev@lists.linuxfoundation.org</a>&gt; wrote:<br type=3D"=
attribution"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;b=
order-left:1px #ccc solid;padding-left:1ex">On Wed, Apr 05, 2017 at 07:39:0=
8PM -0700, Bram Cohen wrote:<br>
&gt; On Wed, Apr 5, 2017 at 7:31 PM, Peter Todd via bitcoin-dev &lt;<br>
&gt; &gt; While I&#39;m in favour of blocking covert usage of ASICBOOST, th=
ere&#39;s every<br>
&gt; &gt; reason<br>
&gt; &gt; to block non-covert usage of it as well. In a low margin business=
 like<br>
&gt; &gt; mining,<br>
&gt; &gt; the advatange it gives is enormous - quite possibly 10x your prof=
it margin<br>
&gt; &gt; -<br>
&gt; &gt; and given that barrier free access to being able to purchase ASIC=
s is<br>
&gt; &gt; already<br>
&gt; &gt; an archilles heal for Bitcoin there is every reason to eliminate =
this legal<br>
&gt; &gt; vulnerability. Additionally, it&#39;s a technical vulnerability a=
s well: we<br>
&gt; &gt; want<br>
&gt; &gt; getting into the ASIC manufacturing and design business to have a=
s low<br>
&gt; &gt; barriers<br>
&gt; &gt; to entry as is feasible, and the ASICBOOST exploit significantly =
increases<br>
&gt; &gt; the<br>
&gt; &gt; minimum capital requirements to do so.<br>
&gt; &gt;<br>
&gt;<br>
&gt; Asicboost also has the problem that it isn&#39;t treating the hashing =
as a<br>
&gt; black box, and thus has impacts on what gets mined. In particular it<b=
r>
&gt; creates an incentive to make blocks smaller. That&#39;s a very unwante=
d effect,<br>
&gt; and anything like it should be engineered out on principle.<br>
<br>
Agreed! There&#39;s no benefit to Bitcoin for having it - one way or the ot=
her<br>
miners are going to destroy ~12BTC/block worth of energy. Meanwhile it appe=
ars<br>
to have lead to something like a year of stupid political bullshit based on=
 a<br>
secret advantage - there&#39;s no reason to invite a repeat of this episode=
.<br>
<br>
--<br>
<a href=3D"https://petertodd.org" rel=3D"noreferrer" target=3D"_blank">http=
s://petertodd.org</a> &#39;peter&#39;[:-1]@<a href=3D"http://petertodd.org"=
 rel=3D"noreferrer" target=3D"_blank">petertodd.org</a><br>
<br>______________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
<wbr>linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-<wbr>dev</a><br>
<br></blockquote></div></div>

--001a1144dcd6fa66d1054c76ded2--