From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 0394540A for ; Sun, 9 Apr 2017 11:48:30 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-vk0-f45.google.com (mail-vk0-f45.google.com [209.85.213.45]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 487B7F5 for ; Sun, 9 Apr 2017 11:48:29 +0000 (UTC) Received: by mail-vk0-f45.google.com with SMTP id s68so97376757vke.3 for ; Sun, 09 Apr 2017 04:48:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jtimon-cc.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=d1uhrxukvfSHCcu2ctedsZkGSNKe8Y8IhmxkzU16l+w=; b=dUD8mPQpmhiUS4hZcFavwkFyiaK4AxyANcoXRQa3uN9cWaVN/0WR5l+PA/1j+IidZq gSS8KpMW/o1cdBDG8Y5hdHlwRJ0pIungrYu84BoOxEms1RE6vyMqe+2cpXVRBi2ar6uW eJ7gc3vkVIQt2Wrwh36e1HFi/n37jHC9GpTNNQJ/QpZDyIaXs0mIFhkMT0YHroUGJson qQ1nq0bewKQib3ZdGnjyTjwmSiOQgoP+aqGNGZOoYpZR65uV2JT7LTVLf5MWqVZklCIg lcccacSvFxnh6FdR8uiqyPd5txFYtm+E+Gvqp3XFCEdl6atvYW3C//8TwUgttnkOr4lM zuEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=d1uhrxukvfSHCcu2ctedsZkGSNKe8Y8IhmxkzU16l+w=; b=MncBSxAaUgUaVBDRy/0Bat/XHrAsE0sXrkRpjRdS8PkoOSPRK+mAO56etQZGovzVdJ y45xcY6wxk6htxVSoY1exsCdqBUBced1sFhb6Z1IMGEo0V8L1UK2gkd2W+/0V45dJ3BX MPvnzk+++fqf7Pl7G8G0d+TyB/Mnc3tJ2b0195A7CNDXcMf/4x6W3fhkJ5WEX02bb++x 7Dopcrv9yU5LZM1SPh6IEkJyjAgDrNJ3Idlg/3CdJ4ziJ632Gd38lCYfuhwXQ1Y75N0i BAJEHOZ/XDTw17NEv/h26T20dbrlkDXt2iqqZkLp+kCQW37QcCrEWZJhqgd6l+JgC0g1 tzwA== X-Gm-Message-State: AFeK/H29GpHe/iyBdgZEVIMbIli+LPK0eLQAZE/GSyI+IP2pzpwgJM3z+AVwWLtNg+d2ltlcfPxZebUpNE36Jg== X-Received: by 10.31.110.138 with SMTP id j132mr18094903vkc.103.1491738508360; Sun, 09 Apr 2017 04:48:28 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.151.136 with HTTP; Sun, 9 Apr 2017 04:48:27 -0700 (PDT) Received: by 10.31.151.136 with HTTP; Sun, 9 Apr 2017 04:48:27 -0700 (PDT) In-Reply-To: References: From: =?UTF-8?B?Sm9yZ2UgVGltw7Nu?= Date: Sun, 9 Apr 2017 13:48:27 +0200 Message-ID: To: Jimmy Song Content-Type: multipart/alternative; boundary=94eb2c14a23ae392d4054cba6f21 X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] A Small Modification to Segwit X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Apr 2017 11:48:30 -0000 --94eb2c14a23ae392d4054cba6f21 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Why won't the attacker use asicboost too? (Please don't say because of patents) On 9 Apr 2017 12:26 am, "Jimmy Song" wrote: > Jorge, > > Suppose someone figures out an ASIC optimization that's completely > unrelated that gives X% speed boost over your non-ASICBoosted > implementation. If you ban ASICBoost, someone with this optimization can > get 51% of the network by adding N machines with their new optimization. = If > you allow ASICBoost and assuming this gets a 20% speed boost over > non-ASICBoosted hardware, someone with this optimization would need 1.2N > machines to get 51%. The network in that sense is 20% stronger against th= is > attack in terms of cost. > > Jimmy > > On Sat, Apr 8, 2017 at 12:22 PM, Jorge Tim=C3=B3n wrot= e: > >> To be more specific, why "being higher will secure the Bitcoin network >> better against newer optimizations"? >> Or, to be more clear, let's forget about future "optimizations", let's >> just think of an attacker. Does asicboost being used by all miners >> make the system more secure against an attacker? No, for the attacker >> can use asicboost too. >> What about the case when not all the miners are using asicboost? Then >> the attacker can actually get an advantage by suing asicboost. >> >> Sometimes people compare asicboost with the use of asics in general as >> both providing more security for the network and users. But I don't >> think this is accurate. The existence of sha256d asics makes an attack >> with general purpose computing hardware (or even more specialized >> architectures like gpgpu) much more expensive and unlikely. As an >> alternative the attacker can spend additional resources investing in >> asics himself (again, making many attacks more expensive and >> unlikely). >> >> But as far as I know, asicboost can be implemented with software >> running on general purpose hardware that integrates with regular >> sha256d asics. There is probably an advantage on having the asicboost >> implementation "in the same box" as the sha256d, yet again the >> attacker can invest in hardware with the competitive advantage from >> having asicboost more intergrated with the sha256d asics too. >> >> To reiterate, whether all miners use asicboost or only a subset of >> them, I remain unconvinced that provides any additional security to >> the network (to be more precise whether that makes "tx history harder >> to rewrite"), even if it results on the hashrate charts looking "more >> secure". >> >> >> On Sat, Apr 8, 2017 at 6:27 PM, Jorge Tim=C3=B3n wrot= e: >> > >> > >> > On 8 Apr 2017 5:06 am, "Jimmy Song via bitcoin-dev" >> > wrote: >> > >> > Praxeology Guy, >> > >> >> Why would the actual end users of Bitcoin (the long term and short te= rm >> >> owners of bitcoins) who run fully verifying nodes want to change >> Bitcoin >> >> policy in order to make their money more vulnerable to 51% attack? >> > >> > >> > Certainly, if only one company made use of the extra nonce space, they >> would >> > have an advantage. But think of it this way, if some newer ASIC >> optimization >> > comes up, would you rather have a non-ASICBoosted hash rate to defend >> with >> > or an ASICBoosted hash rate? Certainly, the latter, being higher will >> secure >> > the Bitcoin network better against newer optimizations. >> > >> > >> > Why? >> > > --94eb2c14a23ae392d4054cba6f21 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Why won't the attacker use asicboost too? (Please don= 't say because of patents)

On 9 Apr 2017 12:26 am, "Jimmy Song" <jaejoon@gmail.com> wrote:
Jorge,
Suppose someone figures out an ASIC optimization that's co= mpletely unrelated that gives X% speed boost over your non-ASICBoosted impl= ementation. If you ban ASICBoost, someone with this optimization can get 51= % of the network by adding N machines with their new optimization. If you a= llow ASICBoost and assuming this gets a 20% speed boost over non-ASICBooste= d hardware, someone with this optimization would need 1.2N machines to get = 51%. The network in that sense is 20% stronger against this attack in terms= of cost.

Jimmy

On Sat, Apr 8, 2017 at 12:22 PM, Jorge T= im=C3=B3n <jtimon@jtimon.cc> wrote:
To be more specific, why "being higher will secure the Bitco= in network
better against newer optimizations"?
Or, to be more clear, let's forget about future "optimizations&quo= t;, let's
just think of an attacker. Does asicboost being used by all miners
make the system more secure against an attacker? No, for the attacker
can use asicboost too.
What about the case when not all the miners are using asicboost? Then
the attacker can actually get an advantage by suing asicboost.

Sometimes people compare asicboost with the use of asics in general as
both providing more security for the network and users. But I don't
think this is accurate. The existence of sha256d asics makes an attack
with general purpose computing hardware (or even more specialized
architectures like gpgpu) much more expensive and unlikely. As an
alternative the attacker can spend additional resources investing in
asics himself (again, making many attacks more expensive and
unlikely).

But as far as I know, asicboost can be implemented with software
running on general purpose hardware that integrates with regular
sha256d asics. There is probably an advantage on having the asicboost
implementation "in the same box" as the sha256d, yet again the attacker can invest in hardware with the competitive advantage from
having asicboost more intergrated with the sha256d asics too.

To reiterate, whether all miners use asicboost or only a subset of
them, I remain unconvinced that provides any additional security to
the network (to be more precise whether that makes "tx history harder<= br> to rewrite"), even if it results on the hashrate charts looking "= more
secure".


On Sat, Apr 8, 2017 at 6:27 PM, Jorge Tim=C3=B3n <jtimon@jtimon.cc> w= rote:
>
>
> On 8 Apr 2017 5:06 am, "Jimmy Song via bitcoin-dev"
> <bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> Praxeology Guy,
>
>> Why would the actual end users of Bitcoin (the long term and short= term
>> owners of bitcoins) who run fully verifying nodes want to change B= itcoin
>> policy in order to make their money more vulnerable to 51% attack?=
>
>
> Certainly, if only one company made use of the extra nonce space, they= would
> have an advantage. But think of it this way, if some newer ASIC optimi= zation
> comes up, would you rather have a non-ASICBoosted hash rate to defend = with
> or an ASICBoosted hash rate? Certainly, the latter, being higher will = secure
> the Bitcoin network better against newer optimizations.
>
>
> Why?

--94eb2c14a23ae392d4054cba6f21--