Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id D9A5DD16 for ; Fri, 26 May 2017 19:20:49 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-lf0-f49.google.com (mail-lf0-f49.google.com [209.85.215.49]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A3AF318F for ; Fri, 26 May 2017 19:20:48 +0000 (UTC) Received: by mail-lf0-f49.google.com with SMTP id m18so10793324lfj.0 for ; Fri, 26 May 2017 12:20:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ki+6PKvYvmCXH80uUBhMG5VG+7lbgmmK1lHsXoe06ps=; b=Bws7BEo0y+6RxrL73bn2s5+1jBFa4b0bHugUGmlj99y1dFj9Qo5WQ8EOesDrLXsfC4 p6w2uv+BRercYIMFeQl2eAvn3ReVNT2z0S++SnhAgBDb0AEO68/PljV/bAfCLISOa48T B3TaRUAXbfaD5FFoc20eYLZdOowai0flIPAiD+p2KxDIxL5lGL2aGwvN3/XsPgY21X/v ZBdDfQhnEr7um/dQysJfVdItf0/TyUr+M4SFBnABj7ukgp1BCBAzHJgs948SRENnADrt rT2Qkqbk2xUM+rmu+fYCJq3Ozrqf7cctFpA330pwZQ/8U4d12yRxfy08P2NzfK2bTO+x 6ZPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ki+6PKvYvmCXH80uUBhMG5VG+7lbgmmK1lHsXoe06ps=; b=owq7HpHIzqKKEvsxuaBPnE/t1BRgsMUYDJb9pScIwJ0mWo4TvM278GySjMKP27DhKN Ef4RI26w/nChbWifznaqdQYFFNjIZbICaP2aczzYlR4J5+ZeWJh6TsUu8FeGHeSEFBzu SOAHdRwyszHRgAKMRlQRqaw4GtRKSTTig6kgNiwfL49PlF3dcS4Y9whmG4Z61wpCUDNB oPEVAFiUtPC89rlt9fV7VE8CbJB3nQ9boV3bTn3MUi9ixb3oj/ko8+HNfNx+TFkI8KXj aTML9Rsxba0Mybl23RwsmxQZytIssePvNB81oQ/vHbI3qqMAAhgmxCv0g/UgHEDRveBV t7jQ== X-Gm-Message-State: AODbwcDjt6FcOG5T58dHz2o0s4PcHTOtbxx0TlQxfFNCee2Vtx9+GMvA fMy1qlQNmWzY40uWpfY= X-Received: by 10.46.13.2 with SMTP id 2mr1247390ljn.93.1495826446949; Fri, 26 May 2017 12:20:46 -0700 (PDT) Received: from [192.168.1.64] (37-145-225-221.broadband.corbina.ru. [37.145.225.221]) by smtp.gmail.com with ESMTPSA id v9sm353142ljd.17.2017.05.26.12.20.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 26 May 2017 12:20:46 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) From: Cameron Garnham In-Reply-To: Date: Fri, 26 May 2017 22:20:42 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: <7235D229-AB07-4CBE-AB69-1E6EBE0E2FDC@gmail.com> References: <2E6BB6FA-65FF-497F-8AEA-4CC8655BAE69@gmail.com> To: Eric Voskuil X-Mailer: Apple Mail (2.3273) X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Emergency Deployment of SegWit as a partial mitigation of CVE-2017-9230 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2017 19:20:50 -0000 Hello Eric, Thank you for your question and your time off-list clarifying your = position. I=E2=80=99m posting to the list so that a wider audience may = benefit. Original Question: =E2=80=98Presumably the "very serious security = vulnerability" posed is one of increased centralization of hash power. = Would this danger exist without the patent risk?=E2=80=99 I would postulate that if ASICBOOST was originally released without the = patent risk, then much of the risk would have been avoided; all of the = mining manufactures would have implemented ASICBOOST and had a similar = advantage. However, now time has passed and the damage of the patent = monopoly exploiting CVE-2017-9230 has been already done. If the = ASICBOOST patent was released to the public for free today, while a good = thing, it wouldn=E2=80=99t soften the severity of the vulnerability we = face today. The ASICBOOST PATENT provides a miner with a constant-factor advantage. = This is a huge problem with zero-sum games, such as mining. In = game-theory, a constant factor advantage gives an exponential advantage = over the time period maintained. This explains why the Bitcoin Community initially took very little = notice to ASICBOOST: The effects of ASICBOOST stated at virtually = nothing, and it took a while for the advantage to been seen over the = normal variance of mining. However, it=E2=80=99s influence has been = exponentially growing since then: creating an emergency problem that we = now face. The result of ASICBOOST going unchecked is that very quickly from now, = surprisingly quickly, the only profitable miners will be the miners who = make use of ASICBOOST. This is a grave concern. I will again reiterate that the virtue-signalling over perceived = political motivations is ridiculous in the light what I consider a = looming catastrophe, we should be judging by what is real not just = perceived. The catastrophe that I fear is one company (or a single politically = connected group) gaining a virtual complete monopoly of Bitcoin Mining. = This is more important to me than avoiding chain-splits. Without a = well-distributed set of miners Bitcoin isn=E2=80=99t Bitcoin. Cameron. PS. This attack is part of a larger set of licensing attacks, where patens = are just one form of licensing attack. These attacks are particularly = damaging in competitive markets such as mining. We should be vigilant = for other attempts to create state-enforced licensing around = mathematical algorithms. ASICBOOST is an illustrative example of what = the Bitcoin Community needs to defend against. > On 26 May 2017, at 11:15 , Eric Voskuil wrote: >=20 > Signed PGP part > Hi Cameron, >=20 > Presumably the "very serious security vulnerability" posed is one of > increased centralization of hash power. Would this danger exist > without the patent risk? >=20 > e >=20