From: Cameron Garnham <da2ce7@gmail.com>
To: Eric Voskuil <eric@voskuil.org>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Emergency Deployment of SegWit as a partial mitigation of CVE-2017-9230
Date: Fri, 26 May 2017 22:20:42 +0300 [thread overview]
Message-ID: <7235D229-AB07-4CBE-AB69-1E6EBE0E2FDC@gmail.com> (raw)
In-Reply-To: <c771e922-1121-e323-f4b8-ad99e0d930b8@voskuil.org>
Hello Eric,
Thank you for your question and your time off-list clarifying your position. I’m posting to the list so that a wider audience may benefit.
Original Question: ‘Presumably the "very serious security vulnerability" posed is one of increased centralization of hash power. Would this danger exist without the patent risk?’
I would postulate that if ASICBOOST was originally released without the patent risk, then much of the risk would have been avoided; all of the mining manufactures would have implemented ASICBOOST and had a similar advantage. However, now time has passed and the damage of the patent monopoly exploiting CVE-2017-9230 has been already done. If the ASICBOOST patent was released to the public for free today, while a good thing, it wouldn’t soften the severity of the vulnerability we face today.
The ASICBOOST PATENT provides a miner with a constant-factor advantage. This is a huge problem with zero-sum games, such as mining. In game-theory, a constant factor advantage gives an exponential advantage over the time period maintained.
This explains why the Bitcoin Community initially took very little notice to ASICBOOST: The effects of ASICBOOST stated at virtually nothing, and it took a while for the advantage to been seen over the normal variance of mining. However, it’s influence has been exponentially growing since then: creating an emergency problem that we now face.
The result of ASICBOOST going unchecked is that very quickly from now, surprisingly quickly, the only profitable miners will be the miners who make use of ASICBOOST. This is a grave concern.
I will again reiterate that the virtue-signalling over perceived political motivations is ridiculous in the light what I consider a looming catastrophe, we should be judging by what is real not just perceived.
The catastrophe that I fear is one company (or a single politically connected group) gaining a virtual complete monopoly of Bitcoin Mining. This is more important to me than avoiding chain-splits. Without a well-distributed set of miners Bitcoin isn’t Bitcoin.
Cameron.
PS.
This attack is part of a larger set of licensing attacks, where patens are just one form of licensing attack. These attacks are particularly damaging in competitive markets such as mining. We should be vigilant for other attempts to create state-enforced licensing around mathematical algorithms. ASICBOOST is an illustrative example of what the Bitcoin Community needs to defend against.
> On 26 May 2017, at 11:15 , Eric Voskuil <eric@voskuil.org> wrote:
>
> Signed PGP part
> Hi Cameron,
>
> Presumably the "very serious security vulnerability" posed is one of
> increased centralization of hash power. Would this danger exist
> without the patent risk?
>
> e
>
next prev parent reply other threads:[~2017-05-26 19:20 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-26 6:30 [bitcoin-dev] Emergency Deployment of SegWit as a partial mitigation of CVE-2017-9230 Cameron Garnham
2017-05-26 6:52 ` Andreas M. Antonopoulos
2017-05-26 8:02 ` Cameron Garnham
2017-05-26 8:15 ` Eric Voskuil
2017-05-26 19:20 ` Cameron Garnham [this message]
2017-05-26 9:21 ` Tom Zander
2017-05-26 14:39 ` Erik Aronesty
2017-05-26 14:54 ` Tom Zander
2017-05-27 6:37 ` Anthony Towns
2017-05-27 20:07 ` Eric Voskuil
2017-05-29 11:19 ` Anthony Towns
2017-05-31 6:17 ` Eric Voskuil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7235D229-AB07-4CBE-AB69-1E6EBE0E2FDC@gmail.com \
--to=da2ce7@gmail.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=eric@voskuil.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox