From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 5F38CC0001 for ; Tue, 25 May 2021 08:01:26 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 408DB83B4E for ; Tue, 25 May 2021 08:01:26 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: 0.602 X-Spam-Level: X-Spam-Status: No, score=0.602 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp1.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0EnpK56MNm9i for ; Tue, 25 May 2021 08:01:25 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) by smtp1.osuosl.org (Postfix) with ESMTPS id 55F8D83C22 for ; Tue, 25 May 2021 08:01:25 +0000 (UTC) Received: by mail-ed1-x52c.google.com with SMTP id a25so35027221edr.12 for ; Tue, 25 May 2021 01:01:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3YfI14D2BVirtT3SXaaHiT4QQHdsysjeNYGeDvvZvVI=; b=hsYgADvJxvc7cSS57toXN+dfl+4F9Csc11sxE3Qvq+hHzb1jsazZ/ItB9wUZhnY4tp lWyxz2c2A6z2gNZCQGbZ1VzgANHcehegdq4xXkBbGCHaXW/BN1Ed+lYita9C95rfoTXQ mZ8LYyC6Y8OMvcf5/ShGYtVRWJ7yIxs7v45XLc33ptX50Tb91ux8OAe66fYO/UBJ3LuT 33ROanirBmclBGN/POzrmV/y1wZEpoyqQF3N4aE8+txoR0eYn0wExrJ8nAgO0lOnaqgd obOe7z1gfeN5UZED5EECh/18MuQpZ/4WyM/lQhTWCtdRlH+davYd1DKiJ8ooRpSvSuhm 2NbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3YfI14D2BVirtT3SXaaHiT4QQHdsysjeNYGeDvvZvVI=; b=ll7qx9X6RBfSCQEK+ixPkphSd8mMSF/D35igIGTKvIlO/FZhAEV5W3NXxYJzr7Yqc2 YTKK/sE0c+zU/6/XnRuhhJBK++COYJCem8rmk70U8/QuEsZNIgd/jjKK9vDW2jqETl83 WhLdVQEUw2LTE6x0WUAQalYTSIJBQgEpavcz77BftBJdznD0rGRUQxQQdHQmfQiUVkQh bodtumz8y5XQbYXurHx7n/VZ0J9UznWXG358nZNw6e8u9DWGtdFb6zgntSzHtFqFtrgN OEglWf5kjLg9KStyZ8pCo7RbwyzLy6UK/U0Sy5Lw80HJeGh2CI2KcofKf7Bc72Po+p67 6XzA== X-Gm-Message-State: AOAM532wJAlJLcO/Znru3Cz9NLDv7ud1vFTZBeQlVAhSt3JMqEIEPKxB +7sRzhrDRogunQGf4PjgU7d/TTRgGXYU8J95SO8= X-Google-Smtp-Source: ABdhPJzas+U6Ya7m74cuKVKjsfKzLivaHegmrDzNb+67A6/EEbIc0JiV3AQVcN3Y7W+ghznI7o5Lytav1ihFlXsX+Kc= X-Received: by 2002:a05:6402:190e:: with SMTP id e14mr30597041edz.146.1621929683432; Tue, 25 May 2021 01:01:23 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Billy Tetrud Date: Mon, 24 May 2021 22:01:07 -1000 Message-ID: To: Karl Content-Type: multipart/alternative; boundary="000000000000a1b76b05c322ee2d" X-Mailman-Approved-At: Tue, 25 May 2021 08:34:20 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Reducing block reward via soft fork X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 May 2021 08:01:26 -0000 --000000000000a1b76b05c322ee2d Content-Type: text/plain; charset="UTF-8" > It seems to me bitcoin's biggest vulnerabilities are either covert compromise of mining pool operations, or widespread compromise of networked mining systems and client node Stratum v2 will solve the mining pool problem. Widespread compromise of mining systems seems far fetched. That would involve compromising hundreds of thousands or perhaps millions of systems in disparate areas with disparate operating systems and security procedures, run by people who probably understand computer security better than most (given their involvement in bitcoin). I think the biggest vulnerability bitcoin has is a sybil attack draining the resources of public full nodes. We only have like 10,000 public full nodes serving the whole network. It wouldn't take that much money to create a sybil botnet of 100,000 or 1 million nodes that connect to the bitcoin network and simply take up public node resources, denying service to most people's full nodes. > I don't see why it would necessarily be made public if a government compromised their nation's mining farms. Governments have skilled operatives for things like that. Skilled operatives have their limits. It could be kept secret if spies were hired as employees and then systematically infected all the machines in a mining operation's machines. But spies aren't magic, no matter how skilled. One mistake and the jig is up. It would be more likely to be a backroom deal, which would be harder to keep secret, especially in large operations. Propaganda has its limits too, sure you could convince some people things are fine, but sophisticated people like miners? I doubt it. On Mon, May 24, 2021 at 2:55 PM Karl wrote: > If bitcoin were to ever consider changing their PoW algorithm a > little, it seems that would immediately make purchased ASIC mining > equipment partially or wholly unusable to compromise the chain (and > temporarily reduce energy usage without necessarily reducing > security). One possible plan to deter a multibillionaire attack. > > Also regarding the word "security" here, a 51% attack impacts some > parts of chain operations, but not others. > > It seems to me bitcoin's biggest vulnerabilities are either covert > compromise of mining pool operations, or widespread compromise of > networked mining systems and client nodes. Far easier than > outcompeting the mining network with hardware. > > I don't see why it would necessarily be made public if a government > compromised their nation's mining farms. Governments have skilled > operatives for things like that. People would guess it happened, and > the government would cover up the guesses with more powerful stories. > --000000000000a1b76b05c322ee2d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
>=C2=A0 It seems to me bitcoin's biggest vulnerabilities are either covert comp= romise of mining pool operations, or widespread compromise of networked min= ing systems and client node

Stratum v2 will solve the mi= ning pool problem. Widespread compromise of mining=C2=A0systems seems far f= etched. That would involve compromising hundreds of thousands or perhaps mi= llions of systems in disparate areas with disparate operating systems and s= ecurity procedures,=C2=A0run=C2=A0by people who probably understand compute= r security better than most (given their involvement in bitcoin).=C2=A0

I think the biggest vulnerability bitcoin has is a sy= bil attack draining the resources of public full nodes. We only have like 1= 0,000 public=C2=A0full nodes serving the whole network. It wouldn't tak= e that much money to create a sybil botnet of 100,000 or 1 million nodes th= at connect to the bitcoin network and simply take up public node resources,= denying service to most people's full nodes.=C2=A0

> I don't see why it would necessarily be made public if a gov= ernment compromised their nation's mining farms. Governments have skill= ed operatives for things like that.=C2=A0=C2=A0

Sk= illed operatives have their limits. It could be kept secret if spies were h= ired as employees and then systematically infected all the machines in a mi= ning operation's=C2=A0machines. But spies aren't magic, no matter h= ow skilled. One mistake and the jig is up. It would be more likely to be a = backroom deal, which would be harder to keep secret, especially in large op= erations. Propaganda has its limits too, sure you could convince some peopl= e things are fine, but sophisticated people like miners? I doubt it.=C2=A0<= /div>



On Mon, May 24, 2021 at 2:55 = PM Karl <gmkarl@gm= ail.com> wrote:
If bitcoin were to ever consider changing their PoW algorithm a
little, it seems that would immediately make purchased ASIC mining
equipment partially or wholly unusable to compromise the chain (and
temporarily reduce energy usage without necessarily reducing
security).=C2=A0 One possible plan to deter a multibillionaire attack.

Also regarding the word "security" here, a 51% attack impacts som= e
parts of chain operations, but not others.

It seems to me bitcoin's biggest vulnerabilities are either covert
compromise of mining pool operations, or widespread compromise of
networked mining systems and client nodes.=C2=A0 Far easier than
outcompeting the mining network with hardware.

I don't see why it would necessarily be made public if a government
compromised their nation's mining farms.=C2=A0 Governments have skilled=
operatives for things like that.=C2=A0 People would guess it happened, and<= br> the government would cover up the guesses with more powerful stories.
--000000000000a1b76b05c322ee2d--