Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Cameron Garnham <da2ce7@gmail.com>
In-Reply-To: <c771e922-1121-e323-f4b8-ad99e0d930b8@voskuil.org>
Date: Fri, 26 May 2017 22:20:42 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <7235D229-AB07-4CBE-AB69-1E6EBE0E2FDC@gmail.com>
References: <D0299438-E848-4696-B323-8D0E810AE491@gmail.com>
	<CAFmyj8zNkPj3my3CLzkXdpJ1xkD0GQk8ODg09qYnnj_ONGUtsQ@mail.gmail.com>
	<2E6BB6FA-65FF-497F-8AEA-4CC8655BAE69@gmail.com>
	<c771e922-1121-e323-f4b8-ad99e0d930b8@voskuil.org>
To: Eric Voskuil <eric@voskuil.org>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Emergency Deployment of SegWit as a partial
 mitigation of CVE-2017-9230
Precedence: list

Hello Eric,

Thank you for your question and your time off-list clarifying your =
position. I=E2=80=99m posting to the list so that a wider audience may =
benefit.

Original Question: =E2=80=98Presumably the "very serious security =
vulnerability" posed is one of increased centralization of hash power. =
Would this danger exist without the patent risk?=E2=80=99

I would postulate that if ASICBOOST was originally released without the =
patent risk, then much of the risk would have been avoided; all of the =
mining manufactures would have implemented ASICBOOST and had a similar =
advantage. However, now time has passed and the damage of the patent =
monopoly exploiting CVE-2017-9230 has been already done. If the =
ASICBOOST patent was released to the public for free today, while a good =
thing, it wouldn=E2=80=99t soften the severity of the vulnerability we =
face today.

The ASICBOOST PATENT provides a miner with a constant-factor advantage. =
This is a huge problem with zero-sum games, such as mining. In =
game-theory, a constant factor advantage gives an exponential advantage =
over the time period maintained.

This explains why the Bitcoin Community initially took very little =
notice to ASICBOOST: The effects of ASICBOOST stated at virtually =
nothing, and it took a while for the advantage to been seen over the =
normal variance of mining. However, it=E2=80=99s influence has been =
exponentially growing since then: creating an emergency problem that we =
now face.

The result of ASICBOOST going unchecked is that very quickly from now, =
surprisingly quickly, the only profitable miners will be the miners who =
make use of ASICBOOST.  This is a grave concern.

I will again reiterate that the virtue-signalling over perceived =
political motivations is ridiculous in the light what I consider a =
looming catastrophe, we should be judging by what is real not just =
perceived.

The catastrophe that I fear is one company (or a single politically =
connected group) gaining a virtual complete monopoly of Bitcoin Mining. =
This is more important to me than avoiding chain-splits.  Without a =
well-distributed set of miners Bitcoin isn=E2=80=99t Bitcoin.

Cameron.


PS.

This attack is part of a larger set of licensing attacks, where patens =
are just one form of licensing attack. These attacks are particularly =
damaging in competitive markets such as mining. We should be vigilant =
for other attempts to create state-enforced licensing around =
mathematical algorithms.  ASICBOOST is an illustrative example of what =
the Bitcoin Community needs to defend against.



> On 26 May 2017, at 11:15 , Eric Voskuil <eric@voskuil.org> wrote:
>=20
> Signed PGP part
> Hi Cameron,
>=20
> Presumably the "very serious security vulnerability" posed is one of
> increased centralization of hash power. Would this danger exist
> without the patent risk?
>=20
> e
>=20