public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Cameron Garnham <da2ce7@gmail.com>
To: Tier Nolan <tier.nolan@gmail.com>
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Treating ‘ASICBOOST’ as a Security Vulnerability
Date: Fri, 19 May 2017 10:32:36 +0300	[thread overview]
Message-ID: <B3FCB9B3-3E0F-48A4-82D9-61019B4672B5@gmail.com> (raw)
In-Reply-To: <CAE-z3OX2b4V+ERAYszokAUrSRPqpOCd2TovxBiqfeRTj4yuVpw@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2159 bytes --]

(message was originally sent off-list by mistake).

Hello Tier,

Thank-you for your insightful reply,

Am I correct that this suggest is that you think it is an optimisation to find some nonces having lower difficulty than other nonces?

I would agree with you if this was limited to a dedicated nonce area of the Bitcoin System.

However, in the case of Bitcoin it is a layer violation that the PoW function difficulty could be affected by the choice the transaction ordering, or the content of the Coinbase Transaction, etc.  Possibly giving unnatural and unintended incentives to other parts of the Bitcoin System.

I can see two issues at play here:

1.	The choice of input, outside of the dedicated nonce area, fed the PoW function should not change it’s difficulty to evaluate.
2.	Every PoW function execution should be independent.

I think that both of these are security assumptions of the Bitcoin PoW function.

I consider ASICBOOST as an attack upon both accounts.

Cameron.

> 
> On 18 May 2017, at 17:59 , Tier Nolan via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
> 
> On Thu, May 18, 2017 at 2:44 PM, Cameron Garnham via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
> 1.     Significant deviations from the Bitcoin Security Model have been acknowledged as security vulnerabilities.
> 
> The Bitcoin Security Model assumes that every input into the Proof-of-Work function should have the same difficulty of producing a desired output.
> 
> This isn't really that clear.
> 
> Arguably as long as the effort to find a block is proportional to the block difficulty parameter, then it isn't an exploit.  It is just an optimisation.
> 
> A quantum computer, for example, could find a block with effort proportional to the square root of the difficulty parameter, so that would count as an attack.  Though in that case, the fix would likely be to tweak the difficulty parameter update calculation.
> 
> A better definition would be something like "when performing work, each hash should be independent".  
> 
> ASICBOOST does multiple checks in parallel, so would violate that.


[-- Attachment #2: Type: text/html, Size: 4866 bytes --]

  reply	other threads:[~2017-05-19  7:32 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-05-18 13:44 [bitcoin-dev] Treating ‘ASICBOOST’ as a Security Vulnerability Cameron Garnham
2017-05-18 13:57 ` James Hilliard
2017-05-18 14:59 ` Tier Nolan
2017-05-19  7:32   ` Cameron Garnham [this message]
2017-05-18 19:28 ` Ryan Grant
     [not found]   ` <CAJowKgLurok+bTKrt8EAAF0Q7u=cEDwfxOuQJkYNKieFpCPErQ@mail.gmail.com>
     [not found]     ` <CAJowKg+r3XKaoN3ys3o3FWhpJ3w8An1q0oYMmu_KzDfNdzF8Vg@mail.gmail.com>
     [not found]       ` <CAJowKgKf22b2jjRbmG+k53g4bOzXrk7AHVcR02xqXPU8ZLJhaQ@mail.gmail.com>
     [not found]         ` <CAJowKg+LAcVCsH7gbuZhKnnv8p5=WXqNCs5oqub3bacRpQ7n9w@mail.gmail.com>
2017-05-19  7:16           ` Erik Aronesty
2017-05-24 17:59             ` Cameron Garnham

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=B3FCB9B3-3E0F-48A4-82D9-61019B4672B5@gmail.com \
    --to=da2ce7@gmail.com \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=tier.nolan@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox