From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 9F7355A7 for ; Wed, 5 Apr 2017 23:41:31 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pg0-f41.google.com (mail-pg0-f41.google.com [74.125.83.41]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 172B418B for ; Wed, 5 Apr 2017 23:41:30 +0000 (UTC) Received: by mail-pg0-f41.google.com with SMTP id g2so18354528pge.3 for ; Wed, 05 Apr 2017 16:41:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lightning.network; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=dUHbvfszkV22WtZcNp2MayVuE4vSB2t4x8SI4/R6ATw=; b=TiO7KCb2MCrVFZxbDGivFftDwR6/2AQekU627lwf1BKHj4Ji3XHq3mIUj3xjWSE8wg ox1aqmGCgDYtmCOpoLzdCtprd5Xh5Go9ch5Jurz+j9J7Fi90pwACEEb9V5qv6h9iMC8y OzZW+sM/6rBBJWjUbwaOrEaHON+VL1E/wuzv0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=dUHbvfszkV22WtZcNp2MayVuE4vSB2t4x8SI4/R6ATw=; b=gO48UI8IBuQu3umVR6mFbGibgeqlrj9aAwHk6yq3g/x3EZt70Ko7GBx+98kmqMmJt+ 66kO6dEuwYJ6UBtOwyfVphWp7S+N6Pmzs2OnxfUYV/7o1DZN6MVh3eltddiq8jZ9GFI5 vbp5zUbIJazZOGMEjNPdGiZD+HZ91DyVd1jo0S0v1mUSPIJQohZH03p6YCxESwg8g6aZ UimD40InY+f40nGeQoo4KphZgTKZUEoYbrf/M+az5MQdOjVRhqbU0a4XHzeRieoIJkO8 YTLzHePI/C8ERb9TCvaDkQ2rx/arQZCyHtk3GPvgHpR7gSh8If+AwNqmllOmL3/YJDpl lyZw== X-Gm-Message-State: AFeK/H3UXInmPp5JMv3mEAt21D1oS45H71q7x1XfONLw/wUtQGp5jtWYS+yq/KjniWbl9w== X-Received: by 10.99.23.102 with SMTP id 38mr31955174pgx.188.1491435690509; Wed, 05 Apr 2017 16:41:30 -0700 (PDT) Received: from localhost ([205.185.122.187]) by smtp.gmail.com with ESMTPSA id s65sm30409481pgb.34.2017.04.05.16.41.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 05 Apr 2017 16:41:30 -0700 (PDT) Date: Wed, 5 Apr 2017 16:42:41 -0700 From: Joseph Poon To: Gregory Maxwell , Bitcoin Protocol Discussion Message-ID: <20170405234241.GA8379@lightning.network> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] BIP proposal: Inhibiting a covert attack on the Bitcoin POW function X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Apr 2017 23:41:31 -0000 Hi Greg, On Wed, Apr 05, 2017 at 09:37:45PM +0000, Gregory Maxwell via bitcoin-dev wrote: > Reverse engineering of a particular mining chip has demonstrated > conclusively that ASICBOOST has been implemented > in hardware. > > On that basis, I offer the following BIP draft for discussion. > This proposal does not prevent the attack in general, but only > inhibits covert forms of it which are incompatible with > improvements to the Bitcoin protocol. > > I hope that even those of us who would strongly prefer that > ASICBOOST be blocked completely can come together to support > a protective measure that separates concerns by inhibiting > the covert use of it that potentially blocks protocol improvements. > > [...] > > ==New consensus rule== > > Beginning block X and until block Y the coinbase transaction of > each block MUST either contain a BIP-141 segwit commitment or a > correct WTXID commitment with ID 0xaa21a9ef. > > (See BIP-141 "Commitment structure" for details) > > Existing segwit using miners are automatically compatible with > this proposal. Non-segwit miners can become compatible by simply > including an additional output matching a default commitment > value returned as part of getblocktemplate. > > Miners SHOULD NOT automatically discontinue the commitment > at the expiration height. Decentralized systems without patent encumbrance is an important topic for me. We'd be very interested in adding this into extension blocks. Claims like these merit serious attention. If you can provide any kind of proof or documentation of this (doesn't need to be conclusive, just something), I will provide my word and promise publicly here and now that I will personally see to it that a commitment which solves this (albeit possibly using a slightly different format to make it compatible) is added into the Extension Blocks spec. If there is evidence, my support and authorship of the Extension Block specification is contingent upon resolving this issue. We have added an issue here: https://github.com/tothemoon-org/extension-blocks/issues/6 I'm interested in a more detailed explanation on how the Merle tree structure works so we can add it to the spec, I didn't follow exactly the new consensus rule and its mechanism in those several lines. We will begin making a pull request adding it into our specification, but more clarity on how to do it on its own would be helpful. We will also consider the code exposure change to adding in SegWit on the Canonical/1MB chain if it is more elegant to implement. Packaging this into our proposal would not only be important, but helpful to the end goals of this proposal as it becomes a standard soft-fork consensus rule which has greater guarantees around enforcibility than user-actication. Further, can you provide clarity and confirmation into why this commitment wasn't required as part of SegWit? -- Joseph Poon