public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: ZmnSCPxj <ZmnSCPxj@protonmail.com>
To: Mike Brooks <m@ib.tc>
Cc: Bitcoin Protocol Discussion
	<bitcoin-dev@lists.linuxfoundation.org>,
	Mike Brooks <f@in.st.capital>
Subject: Re: [bitcoin-dev] Floating-Point Nakamoto Consensus
Date: Thu, 01 Oct 2020 01:36:35 +0000	[thread overview]
Message-ID: <6DNfWVT6VsuQvFamBbqyGZYokENNopo28FZO6P5-4F0uoOMz2xAAQQZxBxsOmue4J3miOoMq_2MJVpiTtUy3bE9-qMOSVXqRhQoyfriTpXU=@protonmail.com> (raw)
In-Reply-To: <CALFqKjSiyjvtkmdSodP8pXdjxw+k0nJn_jTy06CQ6VHe3XTn2g@mail.gmail.com>

Good morning Mike,

> ZmnSCPxj,
>
> The growing tare in growing disagreement continues to divide mining capacity while the network waits for formation of future blocks - you'll never get to complete consensus unless three is a way to avoid ambiguity in disagreement, which you have not addressed.  The topic of my discussion is an exploitable condition, your three block plan does not add up.
>
> I wrote the exploit before I wrote the paper. It is telling that still no one here has refenced the threat model, which is the largest section of the entire 8 page paper.  The security came before the introduction of FPNC because security fundamentals is what drives the necessity for the solution.
>
> The text you are reading right now was delivered using the mailing list manager Majordomo2, which I shelled in 2011 and got a severity metric and an alert in the DHS newsletter. Correct me if I am wrong, but I bet that just of my exploits has probably popped more shells than everyone on this thread combined.   Cryptography?  Sure, I'll brag about the time I hacked Square Inc. This is actually my current favorite crypto exploit — it was the time I used DKIM signature-malleability to conduct a replay-attack that allowed an adversary to replay another user's transactions an unlimited number of times. After receiving a normal payment from another Square user you could empty their account.  This was reported ethically and it was a mutual joy to work with such a great team.  Now it is not just impact, but I am also getting the feeling that I have collected more CVEs, all this is to say that I'm not new to difficult vendors.

Argument screens off authority, thus, even if I have no CVEs under this pseudonym, argument must still be weighted more highly than any authority you may claim.

> To be blunt; some of you on this thread are behaving like a virgin reading a trashy love novel and failing to see the point — Just because you aren't excited, doesn't mean that it isn't hot.
>
> The exploit described in this paper was delivered to the Bitcoin-core security team on August 4 at 9:36 PM PST.  The industry standard of 90 days gives you until November 2nd. Now clearly, we need more time. However, if the consensus is a rejection, then there shouldn't be any concerns with a sensible 90-day disclosure policy. 

I am not a member of this security team, and they may have better information and arguments than I do, in which case, I would defer to them if they are willing to openly discuss it and I find their arguments compelling.

The attack you describe is:

* Not fixable by floating-point Nakamoto consensus, as such a powerful adversary can just as easily prevent propagation of a higher-score block.
* Broken by even a single, manually-created connection between both sides of the chain-split.

Regards,
ZmnSCPxj



  reply	other threads:[~2020-10-01  1:36 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-24 19:40 [bitcoin-dev] Floating-Point Nakamoto Consensus Mike Brooks
2020-09-25 15:18 ` bitcoin ml
2020-09-25 16:04   ` Mike Brooks
2020-09-25 16:33   ` Jeremy
2020-09-25 17:35     ` Mike Brooks
2020-09-26 10:11       ` David A. Harding
2020-09-26 11:09         ` Mike Brooks
2020-09-29  1:51 ` Franck Royer
2020-09-29 16:00   ` Mike Brooks
2020-09-30  6:31     ` ZmnSCPxj
2020-09-30  6:37       ` Mike Brooks
2020-09-30 23:44         ` ZmnSCPxj
2020-09-30 23:53           ` Mike Brooks
2020-10-01  1:36             ` ZmnSCPxj [this message]
     [not found]               ` <CALFqKjT_ZTnqzhvRRpFV4wzVf2pi=_G-qJvSkDmkZkhYwS-3qg@mail.gmail.com>
     [not found]                 ` <LPR_1lQZZGN-sT86purDUy8X_jF0XH35_xxdaqzRXHXPSZDtGVowS-FgIq1RN2mtT1Ds0bBErYvM-1TF7usCSAjojCCfkk5WOnZAvBLFzII=@protonmail.com>
     [not found]                   ` <CALFqKjR+uK2Rr4dUsL+D=ZUba2sroqnkhC1xcGHdjjupvDc7+Q@mail.gmail.com>
2020-10-01  6:47                     ` ZmnSCPxj
2020-10-04 15:58                       ` Mike Brooks
2020-10-01 16:42             ` Larry Ruane
2020-10-01 19:26               ` Mike Brooks
2020-09-29  3:10 ` LORD HIS EXCELLENCY JAMES HRMH
2020-10-10  1:26   ` Mike Brooks
2020-10-15 16:02     ` yanmaani
2020-10-08 18:43 ` Bob McElrath
2020-10-10  0:59   ` Mike Brooks

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='6DNfWVT6VsuQvFamBbqyGZYokENNopo28FZO6P5-4F0uoOMz2xAAQQZxBxsOmue4J3miOoMq_2MJVpiTtUy3bE9-qMOSVXqRhQoyfriTpXU=@protonmail.com' \
    --to=zmnscpxj@protonmail.com \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=f@in.st.capital \
    --cc=m@ib.tc \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox