On Thu, May 18, 2017 at 9:44 AM, Cameron Garnham via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: > 3. We should assign a CVE to the vulnerability exploited by ‘ASICBOOST’. > > ‘ASICBOOST’ is an attack on this Bitcoin’s security assumptions and > should be considered an exploit of the Bitcoin Proof-of-Work > Function.
On Thu, May 18, 2017 at 10:59 AM, Tier Nolan via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: > Arguably as long as the effort to find a block is proportional to the block > difficulty parameter, then it isn't an exploit. It is just an optimisation. One principled way to proceed would be to fault not the exploit, but the protocol design. Bits in the block header have been discovered which could be used for dual meanings, and at least one meaning does not preserve the incentive balances intended and assumed by others. This unexpectedly creates an incentive to block protocol improvements. The protocol must be repaired. In this view, which focuses on covert-ASICBOOST, how work is done is up to the implementation. But if the hashing work specified possibly could gain from blocking development work, then we have a vulnerability. I believe this is clear grounds for taking action without any delay. _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
