Return-Path: <da2ce7@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 986C6B3F
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 24 May 2017 17:59:34 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-lf0-f65.google.com (mail-lf0-f65.google.com
	[209.85.215.65])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id AA8B322C
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 24 May 2017 17:59:33 +0000 (UTC)
Received: by mail-lf0-f65.google.com with SMTP id h4so11540400lfj.3
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 24 May 2017 10:59:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=mime-version:subject:from:in-reply-to:date:cc
	:content-transfer-encoding:message-id:references:to;
	bh=D19yaEoCqjRgRLWoAkstij7tWJ4FYasNhHeSh1YD9io=;
	b=DUHwLovPgKYLLooZnhm4JroG8BobHEl+2nc4ZJGjUPAgQ3XJRnDOWpAcIQaVm1KKei
	z61nq7ZJOugrTDQwwM02mpe6zIEGqFkdh9/tAb8Y3vGn4y8kIAmQe28sw5E4meVozPHH
	4kXvBPXP5QoNf5FcSKBRcTs7o5d/Rc3FBEfHMloH8vOxfkUcyRtjY8CvJj0ppVMrdKn3
	JufhqiosMkFhuvdkNCCpI6d9j2tdIHq93Wcju5/FVRtTmfi02LxAISuwtyyn8Yq7NBL1
	SuXPcrZA7etvkoL0DGuPTgYEWHhoTQVsVgURc1kAizt2qHW4snoGgU7hF/WTtpKwav17
	1AEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
	:content-transfer-encoding:message-id:references:to;
	bh=D19yaEoCqjRgRLWoAkstij7tWJ4FYasNhHeSh1YD9io=;
	b=ucT1X1HnWtlVEymwcmKK2iPPadJOE0bkVEZsTvrTmbBCow+gelk7W+I/aRXDm73PTw
	6x/RewatkjoWvWkP2kpHMGneaeNEdHVzklxqcGp29B5/bN6AvJlfPTTTTJTBDax1W1bA
	b4Ojy/DQlUXixCk1jkiif9VFbtFnOQXu33cpA8PSJNnb62+UUlIfMTEyVCuucXvagnoC
	8WwtwFFJoxIdgTWNfTwEHiByHcwL7aq8zdzX6ylbLaNwXjbndfDg/3ZW++7VzrCPSomB
	bC3unkXWLAd8Ay1tkifU/GXD/G3JiO2csWxrRNS5Te46KdqzCHCq1PfQK2GkCENiJ0c9
	y9oA==
X-Gm-Message-State: AODbwcCIlQb6/BZJIqXmFbPyFpdwPiQKRegNBMZsijexzCglTxVDZmbe
	d2kvQbDwAFwY9g==
X-Received: by 10.46.76.18 with SMTP id z18mr8379477lja.9.1495648771929;
	Wed, 24 May 2017 10:59:31 -0700 (PDT)
Received: from [10.5.32.121] ([95.131.180.190])
	by smtp.gmail.com with ESMTPSA id f82sm944769lff.40.2017.05.24.10.59.29
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 24 May 2017 10:59:30 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Cameron Garnham <da2ce7@gmail.com>
In-Reply-To: <CAJowKg+MZfdfSkZQQutKsFY=rcQSAhLtpRT7dAEH=qyYPNN67A@mail.gmail.com>
Date: Wed, 24 May 2017 20:59:28 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <A2E37BF2-F1FF-4273-A0CE-08384D41E450@gmail.com>
References: <4BA0FA5D-7B29-4A7F-BC5B-361ED00D5CB2@gmail.com>
	<CAMnpzfoe1jNu6Uj8uXTJeGNLHG1O9DGtvy=aMJd=6OBS+_weSw@mail.gmail.com>
	<CAJowKgLurok+bTKrt8EAAF0Q7u=cEDwfxOuQJkYNKieFpCPErQ@mail.gmail.com>
	<CAJowKg+r3XKaoN3ys3o3FWhpJ3w8An1q0oYMmu_KzDfNdzF8Vg@mail.gmail.com>
	<CAJowKgKf22b2jjRbmG+k53g4bOzXrk7AHVcR02xqXPU8ZLJhaQ@mail.gmail.com>
	<CAJowKg+LAcVCsH7gbuZhKnnv8p5=WXqNCs5oqub3bacRpQ7n9w@mail.gmail.com>
	<CAJowKg+MZfdfSkZQQutKsFY=rcQSAhLtpRT7dAEH=qyYPNN67A@mail.gmail.com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
X-Mailer: Apple Mail (2.3273)
X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,
	RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Cc: cve-request@mitre.org, Jeremy Rubin <jeremy.l.rubin.travel@gmail.com>
Subject: Re: [bitcoin-dev]
 =?utf-8?b?VHJlYXRpbmcg4oCYQVNJQ0JPT1NU4oCZIGFzIGEg?=
 =?utf-8?q?Security_Vulnerability?=
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 24 May 2017 17:59:34 -0000

Hello Bitcoin-Dev,

A quick update that CVE-2017-9230 has been assigned for the security =
vulnerability commonly called =E2=80=98ASICBOOST=E2=80=99:

"The Bitcoin Proof-of-Work algorithm does not consider a certain attack =
methodology related to 80-byte block headers with a variety of initial =
64-byte chunks followed by the same 16-byte chunk, multiple candidate =
root values ending with the same 4 bytes, and calculations involving =
sqrt numbers. This violates the security assumptions of (1) the choice =
of input, outside of the dedicated nonce area, fed into the =
Proof-of-Work function should not change its difficulty to evaluate and =
(2) every Proof-of-Work function execution should be independent.=E2=80=9D=


I would like to especially thank the CVE team at Mitre for their =
suggested description that was more appropriate than my proposed text.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=3D+CVE-2017-9230

Cameron.



> Begin forwarded message:
>=20
> From: <cve-request@mitre.org>
> Subject: Re: [scr-xxxxx] Bitcoin - All
> Date: 24 May 2017 at 18:52:22 GMT+3
> To: <da2ce7@gmail.com>
> Cc: <cve-request@mitre.org>
>=20
> Signed PGP part
> > [Suggested description]
> > The Bitcoin Proof-of-Work algorithm does not consider a certain =
attack
> > methodology related to 80-byte block headers with a variety of =
initial
> > 64-byte chunks followed by the same 16-byte chunk, multiple =
candidate
> > root values ending with the same 4 bytes, and calculations involving
> > sqrt numbers. This violates the security assumptions of (1) the =
choice
> > of input, outside of the dedicated nonce area, fed into the
> > Proof-of-Work function should not change its difficulty to evaluate
> > and (2) every Proof-of-Work function execution should be =
independent.
> >
> > ------------------------------------------
> >
> > [Additional Information]
> > ASICBOOST, originality promoted as a patented mining =
optimisation(1).
> > Has under detailed study (2), become regarded as an actively =
exploited
> > (3), security vulnerability (4), of Bitcoin.
> >
> > The Bitcoin Proof-of-Work Algorithm is dependent on the following =
two
> > security assumptions that are both broken by 'ASICBOOST':
> > 1. The choice of input, outside of the dedicated nonce area, fed =
into
> > the Proof-of-Work function should not change it's difficulty to
> > evaluate.
> > 2.  Every Proof-of-Work function execution should be independent.
> >
> > 'ASICBOOST' creates a layer-violation where the structure of the =
input
> > outside of the dedicated nonce area will change the performance of =
the
> > mining calculations (5). 'ASICBOOST' exploits a vulnerability where
> > the Proof-of-Work function execution is not independent (6).
> >
> > References:
> > (1) Original Whitepaper by Dr. Timo Hanke: =
https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf
> > (2) Academic Write-up by Jeremy Rubin: =
http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf
> > (3) Evidence of Active Exploit by Gregory Maxwell:
> >  =
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.=
html
> > (4) Discussion to assign a CVE Number, by Cameron Garnham:
> >   =
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.ht=
ml
> > (5) Discussion of the perverse incentives created by 'ASICBOOST' by =
Ryan Grant:
> >   =
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.ht=
ml
> > (6) Discussion of ASICBOOST's non-independent PoW calculation by =
Tier Nolan:
> >   =
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.ht=
ml
> >
> > The patent holder of this particular security vulnerability has a =
dedicated website: https://www.asicboost.com/
> >
> > ------------------------------------------
> >
> > [VulnerabilityType Other]
> > Cryptocurrency Mining Algorithm Weakness
> >
> > ------------------------------------------
> >
> > [Vendor of Product]
> > Bitcoin
> >
> > ------------------------------------------
> >
> > [Affected Product Code Base]
> > Bitcoin - All
> >
> > ------------------------------------------
> >
> > [Affected Component]
> > Bitcoin
> >
> > ------------------------------------------
> >
> > [Attack Type Other]
> > Cryptocurrency Proof-of-Work Algorithm Weakness
> >
> > ------------------------------------------
> >
> > [CVE Impact Other]
> > Creation of Perverse Incentives in a Cryptocurrency
> >
> > ------------------------------------------
> >
> > [Attack Vectors]
> > Bitcoin Mining Unfair Advantage
> > Bitcoin Layer-Violations Creating Perverse System Incentives
> >
> > ------------------------------------------
> >
> > [Reference]
> > https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf
> > http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf
> > =
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.=
html
> > =
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.ht=
ml
> > =
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.ht=
ml
> > =
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.ht=
ml
> >
> > ------------------------------------------
> >
> > [Has vendor confirmed or acknowledged the vulnerability?]
> > true
> >
> > ------------------------------------------
> >
> > [Discoverer]
> > Original Discovery: Dr. Timo Hanke and Sergio Lerner. Proof of =
Active
> > Exploit: Gregory Maxwell. CVE Reporter: Cameron Garnham
>=20
> Use CVE-2017-9230.
>=20
>=20
> --
> CVE Assignment Team
> M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
> [ A PGP key is available for encrypted communications at
>   http://cve.mitre.org/cve/request_id.html ]
>=20