Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 14EC95AE for ; Wed, 11 May 2016 22:49:30 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-lf0-f54.google.com (mail-lf0-f54.google.com [209.85.215.54]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 01F79123 for ; Wed, 11 May 2016 22:49:28 +0000 (UTC) Received: by mail-lf0-f54.google.com with SMTP id u64so62551437lff.3 for ; Wed, 11 May 2016 15:49:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=dKh5Q17slN8XLe6H/TnWgtZykEo672WPbVgv5NU0euw=; b=FZjP/XLCteQy7Amd3C6KbkbvKEm51N0vvTpbJDSs4F9TeNtuZV8TmqXFGF6R1MSW+X ++epzO03y7BdUsycdbyYmBd1w/6uBu/kcbjnY9gkwwoWXwssb717VOsir8ZuR4A81uWN iT9dcBPhmj/B2quV6tjqlb7fRueG7lVXVjAX467FyUmL6MTYjc7Bh6Hd6uKuWaGJQFTI LC8aE3u9WCZsRN9mlPNDXMFYR3UpK457ACHJIAIdYsentcoMpiqGiC/w+hpwu13hs2aQ 0VYyAXQ3O7TVQUT30Uz9VjnSgBGb7rJFFJHkq/5q/Qiufzx5g5aY0kr2dDOZp7+FwAvY cFjw== X-Gm-Message-State: AOPr4FVG9YO0tDMc4Ahe0eh18FUxFr4A2cdGJ1194MW9/h1NifjmxTiaGofFbzS8IdR0sw== X-Received: by 10.25.161.141 with SMTP id k135mr2791511lfe.101.1463006967459; Wed, 11 May 2016 15:49:27 -0700 (PDT) Received: from mail-lb0-f174.google.com (mail-lb0-f174.google.com. [209.85.217.174]) by smtp.gmail.com with ESMTPSA id oq7sm777190lbb.47.2016.05.11.15.49.26 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 May 2016 15:49:27 -0700 (PDT) Received: by mail-lb0-f174.google.com with SMTP id h1so2626106lbj.3 for ; Wed, 11 May 2016 15:49:26 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.112.10.9 with SMTP id e9mr2761333lbb.142.1463006965913; Wed, 11 May 2016 15:49:25 -0700 (PDT) Received: by 10.25.144.8 with HTTP; Wed, 11 May 2016 15:49:25 -0700 (PDT) In-Reply-To: References: <20160510185728.GA1149@fedora-21-dvm> <201605111428.25918.luke@dashjr.org> Date: Wed, 11 May 2016 15:49:25 -0700 X-Gmail-Original-Message-ID: Message-ID: From: Timo Hanke To: Luke Dashjr , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary=001a1136069c81e2e9053298da52 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Making AsicBoost irrelevant X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2016 22:49:30 -0000 --001a1136069c81e2e9053298da52 Content-Type: text/plain; charset=UTF-8 Ups, I forgot that you take the midstate which of course depends on the version number. So forget everything I said about the version bits. You are right. But why take the midstate? It can be any hash of the first chunk. So you probably want to take a hash function that's available in standard software libraries. And I suppose midstate() is not. On Wed, May 11, 2016 at 11:28 AM, Timo Hanke wrote: > Sorry, you must have meant all 12 bytes. That makes finding a collision > substantially harder. However, you may have to restrict yourself to 10 > bytes because you don't know if any hardware does timestamp rolling > on-chip. Also you create an incentive to mess around with the version bits > instead, so you would have to fix that as well. So it basically means a new > mining header with the real blockheader as a child header. > > On Wed, May 11, 2016 at 9:24 AM, Timo Hanke wrote: > >> Luke, do you mean to replace the first 4 bytes of the second chunk (bytes >> 64..67 in 0-based counting) by the XOR of those 4 bytes with the first 4 >> bytes of the midstate? (I assume you don't care about 12 bytes but rather >> those 4 bytes.) >> >> This does not work. All it does is adding another computational step >> before you can check for a collision in those 4 bytes. It makes finding a >> collision only marginally harder. >> >> On Wed, May 11, 2016 at 7:28 AM, Luke Dashjr via bitcoin-dev < >> bitcoin-dev@lists.linuxfoundation.org> wrote: >> >>> On Wednesday, May 11, 2016 12:20:55 PM Sergio Demian Lerner via >>> bitcoin-dev >>> wrote: >>> > On Tue, May 10, 2016 at 6:43 PM, Sergio Demian Lerner < >>> > sergio.d.lerner@gmail.com> wrote: >>> > > You can find it here: >>> > > >>> https://bitslog.wordpress.com/2014/03/18/the-re-design-of-the-bitcoin-blo >>> > > ck-header/ >>> > > >>> > > Basically, the idea is to put in the first 64 bytes a 4 byte hash of >>> the >>> > > second 64-byte chunk. That design also allows increased nonce space >>> in >>> > > the first 64 bytes. >>> > >>> > My mistake here. I didn't recalled correctly my own idea. The idea is >>> to >>> > include in the second 64-byte chunk a 4-byte hash of the first chunk, >>> not >>> > the opposite. >>> >>> What if we XOR bytes 64..76 with the first 12 bytes of the SHA2 midstate? >>> Would that work? >>> >>> Luke >>> _______________________________________________ >>> bitcoin-dev mailing list >>> bitcoin-dev@lists.linuxfoundation.org >>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >>> >> >> > --001a1136069c81e2e9053298da52 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Ups, I forgot that you take the midstate which of course d= epends on the version number. So forget everything I said about the version= bits. You are right. But why take the midstate? It can be any hash of the = first chunk. So you probably want to take a hash function that's availa= ble in standard software libraries. And I suppose midstate() is not.

On = Wed, May 11, 2016 at 11:28 AM, Timo Hanke <timo.hanke@web.de> wrote:
Sorry, you must= have meant all 12 bytes. That makes finding a collision substantially hard= er. However, you may have to restrict yourself to 10 bytes because you don&= #39;t know if any hardware does timestamp rolling on-chip. Also you create = an incentive to mess around with the version bits instead, so you would hav= e to fix that as well. So it basically means a new mining header with the r= eal blockheader as a child header.=C2=A0

On Wed= , May 11, 2016 at 9:24 AM, Timo Hanke <timo.hanke@web.de> wr= ote:
Luke, do you mean t= o replace the first 4 bytes of the second chunk (bytes 64..67 in 0-based co= unting) by the XOR of those 4 bytes with the first 4 bytes of the midstate?= (I assume you don't care about 12 bytes but rather those 4 bytes.)
This does not work. All it does is adding another computati= onal step before you can check for a collision in those 4 bytes. It makes f= inding a collision only marginally harder.

On Wed, May 11, 2016 at 7:2= 8 AM, Luke Dashjr via bitcoin-dev <bitcoin-dev@lists.l= inuxfoundation.org> wrote:
= On Wednesday, May 11, 2016 12:20:55 PM Sergio Demian Lerner via bitcoin-dev=
wrote:
> On Tue, May 10, 2016 at 6:43 PM, Sergio Demian Lerner < > sergio.= d.lerner@gmail.com> wrote:
> > You can find it here:
> > https://bitslog.w= ordpress.com/2014/03/18/the-re-design-of-the-bitcoin-blo
> > ck-header/
> >
> > Basically, the idea is to put in the first 64 bytes a 4 byte hash= of the
> > second 64-byte chunk. That design also allows increased nonce spa= ce in
> > the first 64 bytes.
>
> My mistake here. I didn't recalled correctly my own idea. The idea= is to
> include in the second 64-byte chunk a 4-byte hash of the first chunk, = not
> the opposite.

What if we XOR bytes 64..76 with the first 12 bytes of the SHA2= midstate?
Would that work?

Luke
_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev



--001a1136069c81e2e9053298da52--