From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <eric@voskuil.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id DCEF894F
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Fri, 26 May 2017 08:15:59 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-pf0-f171.google.com (mail-pf0-f171.google.com
	[209.85.192.171])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 4320212A
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Fri, 26 May 2017 08:15:59 +0000 (UTC)
Received: by mail-pf0-f171.google.com with SMTP id m17so4952887pfg.3
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Fri, 26 May 2017 01:15:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=voskuil-org.20150623.gappssmtp.com; s=20150623;
	h=subject:to:references:cc:from:message-id:date:user-agent
	:mime-version:in-reply-to:content-transfer-encoding;
	bh=adymTD5ZU2lJrRnz1C/o+LKI9Ppekh6epoc1jPgqZ9g=;
	b=FH7oA3xQfhIeifiRVKYevkri/4qgOf3pEyhbxcXZSnhDhIS4VjTbyBX/DY0jkFbtu9
	JXpGIOCj4kgl5RnycsRQkvjxpnUForKz3wI1IT25bwZUsX9hb4hgNnAZopBDMt7vwerg
	7VyGJc9HjxFvtdUYzJP4defngNh4FAH8LfXpewMRy6qMsumb5vkRo76WXXJY7oRMlEct
	ohw3GWMqb/xAb0yswZVN75EAUn4v99vMHcKxLGqyOmp88cgAvICBooPWQVcSf6xzuRyq
	JQMgOThy3R2G9Q2JY8Fic1FA+/4gh+3bu0adV05QLZ0MYPK+UjlvJsM7jsd+QAgxhrJj
	+zXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:subject:to:references:cc:from:message-id:date
	:user-agent:mime-version:in-reply-to:content-transfer-encoding;
	bh=adymTD5ZU2lJrRnz1C/o+LKI9Ppekh6epoc1jPgqZ9g=;
	b=c7tRyGU+ZccFjFY0yOT4+OB5qQqy09a/bA8BKcHTuGc9vR+nm2wkCdGgS50pVgnD9B
	XFFk3OS4QsxTz7F95tPmbnZK17iOYCSKB8u4mOLKMtAuhG2dYcTEL13WYvAwPBgxaoeL
	L/dJZhO5FxV5q88B4BSUXZ7mA9QUvmU4tZ9oNq/fwD1E0Bkp00xAFVDEMnbnCohwwo5l
	0p+hpaX68jU30HK7COO0CZwua/AlSc3PZMleVJo7N7+6jOYG9mpidVlc3EO7KCE8V0XU
	8eswR/bHS/0vHR1OmtSzBsxG2xPmOlykblTIQ3Jv9k60cVlTllkQjsuacrUhlpfKhERp
	h6nQ==
X-Gm-Message-State: AODbwcDMrfNcYaQKS59YrDrV+FHFDAEl0SGKEKWrEz9JYJVl2veMJEM3
	iQdWCzS6kfE5C/YV
X-Received: by 10.84.216.10 with SMTP id m10mr55554989pli.4.1495786558232;
	Fri, 26 May 2017 01:15:58 -0700 (PDT)
Received: from ?IPv6:2601:600:a080:16bb:7d26:ac61:e7ed:4ce?
	([2601:600:a080:16bb:7d26:ac61:e7ed:4ce])
	by smtp.gmail.com with ESMTPSA id o29sm303887pgc.27.2017.05.26.01.15.57
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 26 May 2017 01:15:57 -0700 (PDT)
To: Cameron Garnham <da2ce7@gmail.com>,
	"Andreas M. Antonopoulos" <andreas@antonopoulos.com>
References: <D0299438-E848-4696-B323-8D0E810AE491@gmail.com>
	<CAFmyj8zNkPj3my3CLzkXdpJ1xkD0GQk8ODg09qYnnj_ONGUtsQ@mail.gmail.com>
	<2E6BB6FA-65FF-497F-8AEA-4CC8655BAE69@gmail.com>
From: Eric Voskuil <eric@voskuil.org>
X-Enigmail-Draft-Status: N1110
Message-ID: <c771e922-1121-e323-f4b8-ad99e0d930b8@voskuil.org>
Date: Fri, 26 May 2017 01:15:56 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
	Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <2E6BB6FA-65FF-497F-8AEA-4CC8655BAE69@gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, RCVD_IN_DNSWL_NONE,
	RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Fri, 26 May 2017 13:59:31 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Emergency Deployment of SegWit as a partial
 mitigation of CVE-2017-9230
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 26 May 2017 08:16:00 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Cameron,

Presumably the "very serious security vulnerability" posed is one of
increased centralization of hash power. Would this danger exist
without the patent risk?

e

On 05/26/2017 01:02 AM, Cameron Garnham via bitcoin-dev wrote:
> Thank you for your reply Andreas,
> 
> I can assure you that I have many motivations for activating
> SegWit.
> 
> Before studding ASICBOOST I wanted to activate SegWit as it is a
wonderful upgrade for Bitcoin. It seems to me that virtually the
entire Bitcoin Ecosystem agrees with me.  Except for around 67% of the
mining hash-rate who very conspicuously refuse to signal for it’s
activation.
> 
> So, I started searching for the motivations of such a large amount
of the mining hash-rate holding a position that isn’t at-all
represented in the wider Bitcoin Community. My study of ASICBOOST lead
to a ‘bingo’ moment:  If one assumes that the 67% of the hash rate
that refuse to signal for SegWit are using ASICBOOST. The entire
picture of this political stalemate became much more understandable.
> 
> This only strengthened my resolve to activate SegWit: not only is
SegWit great, it partially mitigates a very serious security
vulnerability.
> 
> This is why I call into question why you would suggest:
> 
> “This proposal is unnecessarily conflating two contentious issues
and will attract criticism of self serving motivation.”
> 
> 1. I am not conflating the issues.  I would argue that very fact
that SegWit has not been activated yet is directly because of
CVE-2017-9230.
> 2. I have no reason to believe that SegWit is contentious, except
for the attackers who it would frustrate.
> 3. I have no negative responses to my endeavours to get ASICBOOST
> as
regarded as a legitimate security vulnerability.  This would suggest
that it is not contentious in the wider technical community.
> 
> If SegWit is NOT contentious within the technical community and it
is NOT contentious to regard CVE-2017-9230 as a credible security
vulnerability. Then using it as partial security fix for a security
vulnerability SHOULD NOT be contentious.
> 
> If you believe that SegWit is contentious within the technical
community.  Or you believe CVE-2017-9230 should not be regarded as a
credible security vulnerability. Then I would logically agree with you
that we should separate the issues so that we may gain consensus.
However, I just don’t see this as the case.
> 
> Cameron.
> 
> 
>> On 26 May 2017, at 09:52 , Andreas M. Antonopoulos
<andreas@antonopoulos.com> wrote:
>> 
>> I rarely post here, out of respect to the mailing list. But
>> since
my name was mentioned...
>> 
>> I much prefer Gregory Maxwell's proposal to defuse covert
>> ASICBOOST
(only) with a segwit-like commitment to the coinbase which does not
obligate miners to signal Segwit or implement Segwit, thus disarming
any suspicion that the issue is being exploited only to activate Segwit.
>> 
>> This proposal is unnecessarily conflating two contentious issues
and will attract criticism of self serving motivation.
>> 
>> Politicising CVE  is damaging to the long term bitcoin
>> development
and to its security. Not claiming that is the intent here, but the
damage is done by the mere appearance of motive.
>> 
>> 
>> 
>> On May 26, 2017 16:30, "Cameron Garnham via bitcoin-dev"
<bitcoin-dev@lists.linuxfoundation.org> wrote:
>> Hello Bitcoin-Dev,
>> 
>> CVE-2017-9230 (1) (2), or commonly known as ‘ASICBOOST’ is a
>> severe
(3) (4) and actively exploited (5) security vulnerability.
>> 
>> To learn more about this vulnerability please read Jeremy
>> Rubin’s
detailed report:
>> http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf
>> 
>> Andreas Antonopoulos has an excellent presentation on why
>> asicboost
is dangerous:
>> https://www.youtube.com/watch?v=t6jJDD2Aj8k
>> 
>> In decisions on the #bitcoin-core-dev IRC channel; It was
>> proposed,
without negative feedback, that SegWit be used as a partial-mitigation
of CVE-2017-9230.
>> 
>> SegWit partially mitigates asicboost with the common reasonable
assumption that any block that doesn’t include a witness commit in
it's coinbase transaction was mined using covert asicboost.  Making
the use of covert asicboost far more conspicuous.
>> 
>> It was also proposed that this partial mitigation should be
>> quickly
strengthened via another soft-fork that makes the inclusion of witness
commits mandatory, without negative feedback.
>> 
>> The security trade-offs of deploying a partial-mitigation to
CVE-2017-9230 quickly vs more slowly but more conservatively is under
intense debate.  The author of this post has a strong preference to
the swiftest viable option.
>> 
>> Cameron.
>> 
>> 
>> (1) CVE Entry: 
>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=+CVE-2017-9230
>> 
>> (2) Announcement of CVE to Mailing List:
>> 
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014416.
html
>> 
>> (3) Discussion of the perverse incentives created by 'ASICBOOST'
>> by
Ryan Grant:
>> 
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.
html
>> 
>> (4) Discussion of ASICBOOST's non-independent PoW calculation by
Tier Nolan:
>> 
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.
html
>> 
>> (5) Evidence of Active Exploit by Gregory Maxwell:
>> 
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/01399
6.html


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBCAAGBQJZJ+Q1AAoJEDzYwH8LXOFOqakH/R1YCifIGjV07vnnsxeC/77x
d6w5tBmtEd5MLzrX/6VtMoI8UzgLEcDM1WfFox3jDVz/HurkTVorliyJrr14BVsc
rL2nTbfychYh1rAdTIsNwFt15Wgjcp/5eAq7Lw5TM5OJ3YbPn2zWJY19QmjEAJ+M
kGz26R+IJL1095yed5RN2JoN8O9x+HVdtIjaHJJRJzLsy+3g22zMWgN1nZN0olhX
mFQJZbvS0gQyiRGJmNku3zP5Qg2cFzWt+VBtFrzNu1QTTkbK2e1owHOmpgfygTD3
g3F4VoDfyA7pBnpMMMjjTaCaG34Am3CvYu8iYnZXy85s2ZjC+XeKgqMkBLj4+q8=
=A3ne
-----END PGP SIGNATURE-----