1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
|
Return-Path: <kanzure@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id E96F1B1E
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 6 Apr 2017 12:11:37 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-oi0-f52.google.com (mail-oi0-f52.google.com
[209.85.218.52])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 53636D0
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 6 Apr 2017 12:11:37 +0000 (UTC)
Received: by mail-oi0-f52.google.com with SMTP id r203so48561370oib.3
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 06 Apr 2017 05:11:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
bh=ns7KYZSTsVV1sMiVsWzGgc52Ckr0xc+7G3Pq9ba/dmg=;
b=N48u7x9XF0xDH70Dd/X1na9fN2O+3ZIH1I/Jp9Bm47wcN7OJ9SI8ZWK7co+RDt1axA
FdXhW2rpRKUFZKl2wqqGV05Q+GBF6RM53ZEFKCyLV3pVTlpXtg+r6swZLZey4ri602NJ
Tzds+9RLg9P35TvQI0th2AWOOBNNFJD5Ec9zYSnw3hllQPWjsk1eABF2pAdweNJlIb4M
8SrSRsHduPkhR/l9zKADNSWS0yvddik7I3TQM4nhEhUJLm7en6OsbDMWn3MM5aROb3bR
+filP1flgODBBnFieOxN1Vl/6jekpjXIqXh9GW1f6LUSxZdFRgyiv2EsoR+aVLFcIeO/
sJdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to;
bh=ns7KYZSTsVV1sMiVsWzGgc52Ckr0xc+7G3Pq9ba/dmg=;
b=YTBLX62EhKiwDMt4OW7nqrM1f9cQOizxS+qiB+8d/W1ArH9OBxUcbwKIwh5husFpqi
vBtXSsykO+UWc7+WndJTe26UaL3611E5jKIai1CYYaOL/NeVaqGrEBCqDEa+tR/F/vmY
fOgqgitM2y56wB2q8N28C45a2ZMMSMWPeG0BFa3LdqSDs9aNc1F9aUXqQf7fm7GZvu/z
I1v7NugFGuM5mcyHkCZm6smUbMzgInGCEE8jK3TMoHeR25EauP3ovuhNsXDwHBjim4Mx
norRPQrM5G+lYaEbC0QQJ7wvek+Q5h5o32US4DCBq0ar0UMyzWLHvmfloWgCvU+Tot9r
HQGQ==
X-Gm-Message-State: AN3rC/44stBXB7aBrug2GnqRIa9bw/TUoNNPPMDinLU8tNifTi37LXN3WBRJ/epBNN7GAY4ru/gh1dJt5Szasg==
X-Received: by 10.202.69.195 with SMTP id s186mr928919oia.99.1491480696550;
Thu, 06 Apr 2017 05:11:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.47.220 with HTTP; Thu, 6 Apr 2017 05:11:35 -0700 (PDT)
In-Reply-To: <SINPR04MB19493BB6268FBC75F107C2BAC20D0@SINPR04MB1949.apcprd04.prod.outlook.com>
References: <CAAS2fgR84898xD0nyq7ykJnB7qkdoCJYnFg6z5WZEUu0+-=mMA@mail.gmail.com>
<SINPR04MB19493BB6268FBC75F107C2BAC20D0@SINPR04MB1949.apcprd04.prod.outlook.com>
From: Bryan Bishop <kanzure@gmail.com>
Date: Thu, 6 Apr 2017 07:11:35 -0500
Message-ID: <CABaSBawbufi0p89OqRb57UoH51NxZxnZ7EcsJcQYAA8Tq3Qdfg@mail.gmail.com>
To: Luv Khemani <luvb@hotmail.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary=001a113dd4621b7b03054c7e6940
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] BIP proposal: Inhibiting a covert attack on the
Bitcoin POW function
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Apr 2017 12:11:38 -0000
--001a113dd4621b7b03054c7e6940
Content-Type: text/plain; charset=UTF-8
On Thu, Apr 6, 2017 at 7:02 AM, Luv Khemani via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> Could you elaborate on why you consider ASICBOOST to be an attack? Attack
> here implies ill-intent by the practitioner towards the network as a
> primary motivating factor.
>
>
See
https://www.reddit.com/r/Bitcoin/comments/63otrp/gregory_maxwell_major_asic_manufacturer_is/dfwcki3/
"""
I think that it is an attack is a completely unambiguous technical
description of what it is. If a signature is supposed to resist forgery
against 2^128 operations, but you find a way to do it with 2^80 instead,
this is an attack. It is, perhaps, not a very concerning attack and you may
or may not change your signature scheme to avoid it or may just instead say
the scheme has 2^80 security. But there is no doubt that it would be called
an attack, especially if it was not described in the original proposal.
In Bitcoin's Proof of Work, you are attempting to prove a certain amount of
work has been done. This shortcut significantly reduces the amount of work.
It's an attack. Normally it wouldn't be a serious attack-- it would just
get appended to the defacto definition of what the Bitcoin Proof of work
is-- similar to the signature system just getting restarted as having 2^80
security-- but in it's covert form it cannot just be adopted because it
blocks many further improvements (not just segwit, but the vast majority of
other proposals), and additional the licensing restrictions inhibit
adoption.
The proposal I posted does not prevent the technique, only the covert form:
That is, it doesn't even attempt to solve the patented tech eventually will
centralize the system problem. It is narrowly targeted at the interference
with upgrades.
Taking a step back-- even ignoring my geeking out about the technical
definition of 'attack' in crypographic contexts, we have a set of issues
here that left addressed will seriously harm the system going forward for
the the significant monetary benefit of an exploiting party. I think that
also satisfies a lay definition of the term: Something someone does, that
none one expected, that makes them money at everyone elses expense.
"""
- Bryan
http://heybryan.org/
1 512 203 0507
--001a113dd4621b7b03054c7e6940
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On T=
hu, Apr 6, 2017 at 7:02 AM, Luv Khemani via bitcoin-dev <span dir=3D"ltr">&=
lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blan=
k">bitcoin-dev@lists.linuxfoundation.org</a>></span> wrote:<br><blockquo=
te class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px =
solid rgb(204,204,204);padding-left:1ex"><p><span style=3D"font-family:cali=
bri,arial,helvetica,sans-serif,"apple color emoji","segoe ui=
emoji",notocoloremoji,"segoe ui symbol","android emoji=
",emojisymbols;font-size:16px">Could you elaborate on why you consider=
ASICBOOST to be an attack?
Attack here implies ill-intent by the practitioner=C2=A0towards the networ=
k as a primary motivating factor.</span><br>
</p>
<p></p></blockquote></div><br>See <a href=3D"https://www.reddit.com/r/Bitco=
in/comments/63otrp/gregory_maxwell_major_asic_manufacturer_is/dfwcki3/">htt=
ps://www.reddit.com/r/Bitcoin/comments/63otrp/gregory_maxwell_major_asic_ma=
nufacturer_is/dfwcki3/</a></div><div class=3D"gmail_extra"><br></div><div c=
lass=3D"gmail_extra">"""</div><div class=3D"gmail_extra"><di=
v class=3D"gmail_extra">I think that it is an attack is a completely unambi=
guous technical description of what it is. If a signature is supposed to re=
sist forgery against 2^128 operations, but you find a way to do it with 2^8=
0 instead, this is an attack. It is, perhaps, not a very concerning attack =
and you may or may not change your signature scheme to avoid it or may just=
instead say the scheme has 2^80 security. But there is no doubt that it wo=
uld be called an attack, especially if it was not described in the original=
proposal.</div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_ex=
tra">In Bitcoin's Proof of Work, you are attempting to prove a certain =
amount of work has been done. This shortcut significantly reduces the amoun=
t of work. It's an attack. Normally it wouldn't be a serious attack=
-- it would just get appended to the defacto definition of what the Bitcoin=
Proof of work is-- similar to the signature system just getting restarted =
as having 2^80 security-- but in it's covert form it cannot just be ado=
pted because it blocks many further improvements (not just segwit, but the =
vast majority of other proposals), and additional the licensing restriction=
s inhibit adoption.</div><div class=3D"gmail_extra"><br></div><div class=3D=
"gmail_extra">The proposal I posted does not prevent the technique, only th=
e covert form: That is, it doesn't even attempt to solve the patented t=
ech eventually will centralize the system problem. It is narrowly targeted =
at the interference with upgrades.</div><div class=3D"gmail_extra"><br></di=
v><div class=3D"gmail_extra">Taking a step back-- even ignoring my geeking =
out about the technical definition of 'attack' in crypographic cont=
exts, we have a set of issues here that left addressed will seriously harm =
the system going forward for the the significant monetary benefit of an exp=
loiting party. I think that also satisfies a lay definition of the term: So=
mething someone does, that none one expected, that makes them money at ever=
yone elses expense.</div></div><div class=3D"gmail_extra">"""=
;<br><div><br></div><div class=3D"gmail_signature">- Bryan<br><a href=3D"ht=
tp://heybryan.org/" target=3D"_blank">http://heybryan.org/</a><br>1 512 203=
0507</div>
</div></div>
--001a113dd4621b7b03054c7e6940--
|