From: Matt Corallo <lf-lists@mattcorallo.com>
To: Tier Nolan <tier.nolan@gmail.com>,
Bitcoin Protocol Discussion
<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Making AsicBoost irrelevant
Date: Tue, 10 May 2016 21:35:39 +0000 [thread overview]
Message-ID: <5732542B.20000@mattcorallo.com> (raw)
In-Reply-To: <CAE-z3OWvLqONwaN+608jBn9=q1yUvU4ggGrMpA8rE6qmjDQHtg@mail.gmail.com>
Yea, I think in any hardfork that we should be talking about, a part of
it should include 1) fix the version field so its a static constant, 2)
the merkle root becomes hash of the real block header 3) swap first 2
bytes of the merkle root with the timestamp's two high-order bits, 4)
swap the next 4 bytes of the merkle root with the difficulty field.
I believe this should be compatible with all existing ASICs, with the
exception, possibly, of some 21 Inc hardware. I believe this fixes
AsicBoost (without thinking about it tooo much, so please critique).
While this is somewhat nasty, the risks of AsicBoost and the precedent
that should be set necessitates a response, and it should be included in
any hardfork.
Matt
On 05/10/16 20:27, Tier Nolan via bitcoin-dev wrote:
> The various chunks in the double SHA256 are
>
> Chunk 1: 64 bytes
> version
> previous_block_digest
> merkle_root[31:4]
>
> Chunk 2: 64 bytes
> merkle_root[3:0]
> nonce
> timestamp
> target
>
> Chunk 3: 64 bytes
> digest from first sha pass
>
> Their improvement requires that all data in Chunk 2 is identical except
> for the nonce. With 4 bytes, the birthday paradox means collisions can
> be found reasonable easily.
>
> If hard forks are allowed, then moving more of the merkle root into the
> 2nd chunk would make things harder. The timestamp and target could be
> moved into chunk 1. This increases the merkle root to 12 bytes in the
> 2nd chunk. Finding collisions would be made much more difficult.
>
> If ASIC limitations mean that the nonce must stay where it is, this
> would mean that the merkle root would be split into two pieces.
>
> On Tue, May 10, 2016 at 7:57 PM, Peter Todd via bitcoin-dev
> <bitcoin-dev@lists.linuxfoundation.org
> <mailto:bitcoin-dev@lists.linuxfoundation.org>> wrote:
>
> As part of the hard-fork proposed in the HK agreement(1) we'd like
> to make the
> patented AsicBoost optimisation useless, and hopefully make further
> similar
> optimizations useless as well.
>
> What's the best way to do this? Ideally this would be SPV
> compatible, but if it
> requires changes from SPV clients that's ok too. Also the fix this
> should be
> compatible with existing mining hardware.
>
>
> 1)
> https://medium.com/@bitcoinroundtable/bitcoin-roundtable-consensus-266d475a61ff
>
> 2)
> http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-April/012596.html
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org <http://petertodd.org>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> <mailto:bitcoin-dev@lists.linuxfoundation.org>
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
next prev parent reply other threads:[~2016-05-10 21:35 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-10 18:57 [bitcoin-dev] Making AsicBoost irrelevant Peter Todd
2016-05-10 20:27 ` Tier Nolan
2016-05-10 21:35 ` Matt Corallo [this message]
2016-05-10 21:43 ` Sergio Demian Lerner
2016-05-10 22:59 ` Matt Corallo
2016-05-11 12:20 ` Sergio Demian Lerner
2016-05-11 13:08 ` Marek Palatinus
2016-05-11 21:01 ` Matt Corallo
2016-05-11 22:16 ` Simon Liu
2016-05-11 22:50 ` Peter Todd
2016-05-11 14:28 ` Luke Dashjr
2016-05-11 16:24 ` Timo Hanke
2016-05-11 18:28 ` Timo Hanke
2016-05-11 22:49 ` Timo Hanke
2016-05-12 2:27 ` Tom Harding
2016-05-12 2:31 ` Allen Piscitello
2016-05-12 2:33 ` Peter Todd
2016-05-12 4:01 ` Tom Harding
2016-05-10 21:49 ` Marco Pontello
2016-05-10 22:17 ` Sergio Demian Lerner
2016-05-10 22:27 ` Chris Riley
2016-05-11 3:14 ` Timo Hanke
2016-05-11 9:21 ` Jannes Faber
2016-05-11 10:36 ` Henning Kopp
2016-05-11 10:47 ` Jannes Faber
2016-05-11 22:42 ` Timo Hanke
2016-05-11 22:58 ` Gregory Maxwell
2016-05-12 7:29 ` Tom
2016-05-12 11:05 ` Jorge Timón
2016-05-11 14:07 ` Jorge Timón
2016-05-11 14:18 ` Sergio Demian Lerner
2016-05-11 14:30 ` Jannes Faber
2016-05-11 20:50 ` Matt Corallo
2016-05-11 22:00 ` James Hilliard
2016-05-11 23:01 ` Peter Todd
2016-05-12 0:02 ` Gregory Maxwell
2016-05-12 1:23 ` Russell O'Connor
2016-05-12 1:58 ` Peter Todd
2016-05-12 1:58 ` Matt Corallo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5732542B.20000@mattcorallo.com \
--to=lf-lists@mattcorallo.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=tier.nolan@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox