1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
|
Return-Path: <earonesty@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id D0EDE95E
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 19 May 2017 07:16:21 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-qt0-f181.google.com (mail-qt0-f181.google.com
[209.85.216.181])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5C7ABF1
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 19 May 2017 07:16:21 +0000 (UTC)
Received: by mail-qt0-f181.google.com with SMTP id v27so51906177qtg.2
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 19 May 2017 00:16:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:reply-to:in-reply-to:references:from:date:message-id
:subject:to:cc;
bh=7b/52CbDTQ+0UH8nqHy3AJruSPr4jaA8M13ujsrWlEk=;
b=XmO9crBMtwO9cM+y0a6GpwGIyOdwNPweQKmVq0IkG3DlYd3lFiwvp+/bLgx8DcPP//
mBSe3JeKJhy1WUgqoM8y0XQEdhctEEvDql02r6Xrdpy9N1q72Bqn0Bm51s6fcbZT/+hg
AmmmjhZEUNVAcsIq8LbdBRK5YjigpmC0CwgbHGV1ZGnsUSFz/GtJeWH93Ler1v4KqiDG
WMZ9epCBqm1fmf43GjrZ6jvisuocIe7mpKYZLdfOo+9ncf3sQgYXq7vlbfGxSw4GtHAe
GvdN5uFyjxkicou4inBKF8nnLBqZqQtbITcrzI11xKFlftPHq94kE9pAhK80mD9cD7is
WPQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:reply-to:in-reply-to:references
:from:date:message-id:subject:to:cc;
bh=7b/52CbDTQ+0UH8nqHy3AJruSPr4jaA8M13ujsrWlEk=;
b=W7fH3+brrt2vbrSVGR62ixRJlboitL4exGsmn5bkZUqntvlvaHhVgxwhvwxa4izYQ4
ZXY0pYYjDpG5weJRVq+mGTp15H+cOZz9oEkt/I3H1CRsl+IGyaoFQ5WdsPumUUp1OsIS
NNEDNTvUgbUmXYbqE/yguc7ZmEV3WqZEyKo2iUGWtHeGtXZl6hBr7FMDf9O/0oeoQzBq
UphchT+z8NQzT7bc39x7zR9DiFt4y706IlpLRm68C6gbQkS8eNVepFi59jHBcGWPNq1d
eShJRdmoGUl3s2KrIqR3Zfkuj+HE8H9+w9ArhABuMIPw+5sP4cSynX6HvPyUk78p2bC1
HlOw==
X-Gm-Message-State: AODbwcB96fEWoJQPrMFLiDtt2KkpuOJwnF3kdrRm8S/liPkgUUwtV0gp
fyafMcKb48nHeAMBEoViYNC2X5j3QDqD
X-Received: by 10.237.36.151 with SMTP id t23mr7559454qtc.115.1495178180588;
Fri, 19 May 2017 00:16:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.237.48.102 with HTTP; Fri, 19 May 2017 00:16:20 -0700 (PDT)
Received: by 10.237.48.102 with HTTP; Fri, 19 May 2017 00:16:20 -0700 (PDT)
Reply-To: erik@q32.com
In-Reply-To: <CAJowKg+LAcVCsH7gbuZhKnnv8p5=WXqNCs5oqub3bacRpQ7n9w@mail.gmail.com>
References: <4BA0FA5D-7B29-4A7F-BC5B-361ED00D5CB2@gmail.com>
<CAMnpzfoe1jNu6Uj8uXTJeGNLHG1O9DGtvy=aMJd=6OBS+_weSw@mail.gmail.com>
<CAJowKgLurok+bTKrt8EAAF0Q7u=cEDwfxOuQJkYNKieFpCPErQ@mail.gmail.com>
<CAJowKg+r3XKaoN3ys3o3FWhpJ3w8An1q0oYMmu_KzDfNdzF8Vg@mail.gmail.com>
<CAJowKgKf22b2jjRbmG+k53g4bOzXrk7AHVcR02xqXPU8ZLJhaQ@mail.gmail.com>
<CAJowKg+LAcVCsH7gbuZhKnnv8p5=WXqNCs5oqub3bacRpQ7n9w@mail.gmail.com>
From: Erik Aronesty <earonesty@gmail.com>
Date: Fri, 19 May 2017 03:16:20 -0400
Message-ID: <CAJowKg+MZfdfSkZQQutKsFY=rcQSAhLtpRT7dAEH=qyYPNN67A@mail.gmail.com>
To: Ryan Grant <bitcoin-dev@rgrant.org>
Content-Type: multipart/alternative; boundary="001a113d7eb4547c82054fdb4c46"
X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_LOW,
RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Fri, 19 May 2017 12:00:59 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev]
=?utf-8?b?VHJlYXRpbmcg4oCYQVNJQ0JPT1NU4oCZIGFzIGEg?=
=?utf-8?q?Security_Vulnerability?=
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2017 07:16:21 -0000
--001a113d7eb4547c82054fdb4c46
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
ASIC boost is definitely a protocol vulnerability.
It makes Bitcoin resistant to current and future modifications which are
necessary to preserve decentralization.
That alone should be enough to prioritize a swift preventative measure.
On May 18, 2017 3:29 PM, "Ryan Grant via bitcoin-dev" <
bitcoin-dev@lists.linuxfoundation.org> wrote:
On Thu, May 18, 2017 at 9:44 AM, Cameron Garnham via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
> 3. We should assign a CVE to the vulnerability exploited by
=E2=80=98ASICBOOST=E2=80=99.
>
> =E2=80=98ASICBOOST=E2=80=99 is an attack on this Bitcoin=E2=80=99s securi=
ty assumptions and
> should be considered an exploit of the Bitcoin Proof-of-Work
> Function.
On Thu, May 18, 2017 at 10:59 AM, Tier Nolan via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
> Arguably as long as the effort to find a block is proportional to the
block
> difficulty parameter, then it isn't an exploit. It is just an
optimisation.
One principled way to proceed would be to fault not the exploit, but
the protocol design.
Bits in the block header have been discovered which could be used for
dual meanings, and at least one meaning does not preserve the
incentive balances intended and assumed by others. This unexpectedly
creates an incentive to block protocol improvements. The protocol
must be repaired.
In this view, which focuses on covert-ASICBOOST, how work is done is
up to the implementation. But if the hashing work specified possibly
could gain from blocking development work, then we have a
vulnerability.
I believe this is clear grounds for taking action without any delay.
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
--001a113d7eb4547c82054fdb4c46
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"auto">ASIC boost is definitely a protocol vulnerability. =C2=A0=
<div dir=3D"auto"><br></div><div dir=3D"auto">It makes Bitcoin resistant to=
current and future modifications which are necessary to preserve decentral=
ization.<div dir=3D"auto"><br></div><div dir=3D"auto">That alone should be =
enough to prioritize a swift preventative measure.</div></div></div><div cl=
ass=3D"gmail_extra"><br><div class=3D"gmail_quote">On May 18, 2017 3:29 PM,=
"Ryan Grant via bitcoin-dev" <<a href=3D"mailto:bitcoin-dev@l=
ists.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a>> wro=
te:<br type=3D"attribution"><blockquote class=3D"quote" style=3D"margin:0 0=
0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=3D"quoted-t=
ext">On Thu, May 18, 2017 at 9:44 AM, Cameron Garnham via bitcoin-dev<br>
<<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@li=
sts.<wbr>linuxfoundation.org</a>> wrote:<br>
> 3.=C2=A0 =C2=A0 =C2=A0We should assign a CVE to the vulnerability expl=
oited by =E2=80=98ASICBOOST=E2=80=99.<br>
><br>
> =E2=80=98ASICBOOST=E2=80=99 is an attack on this Bitcoin=E2=80=99s sec=
urity assumptions and<br>
> should be considered an exploit of the Bitcoin Proof-of-Work<br>
> Function.<br>
<br>
</div><div class=3D"quoted-text">On Thu, May 18, 2017 at 10:59 AM, Tier Nol=
an via bitcoin-dev<br>
<<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@li=
sts.<wbr>linuxfoundation.org</a>> wrote:<br>
> Arguably as long as the effort to find a block is proportional to the =
block<br>
> difficulty parameter, then it isn't an exploit.=C2=A0 It is just a=
n optimisation.<br>
<br>
</div>One principled way to proceed would be to fault not the exploit, but<=
br>
the protocol design.<br>
<br>
Bits in the block header have been discovered which could be used for<br>
dual meanings, and at least one meaning does not preserve the<br>
incentive balances intended and assumed by others.=C2=A0 This unexpectedly<=
br>
creates an incentive to block protocol improvements.=C2=A0 The protocol<br>
must be repaired.<br>
<br>
In this view, which focuses on covert-ASICBOOST, how work is done is<br>
up to the implementation.=C2=A0 But if the hashing work specified possibly<=
br>
could gain from blocking development work, then we have a<br>
vulnerability.<br>
<br>
I believe this is clear grounds for taking action without any delay.<br>
<div class=3D"elided-text">______________________________<wbr>_____________=
____<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
<wbr>linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-<wbr>dev</a><br>
</div></blockquote></div><br></div>
--001a113d7eb4547c82054fdb4c46--
|
