Re: [bitcoin-dev] Treating ‘ASICBOOST’ as a Security Vulnerability

2017-05-24 Thread Cameron Garnham via bitcoin-dev
Hello Bitcoin-Dev, A quick update that CVE-2017-9230 has been assigned for the security vulnerability commonly called ‘ASICBOOST’: "The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks

Re: [bitcoin-dev] Treating ‘ASICBOOST’ as a Security Vulnerability

2017-05-19 Thread Erik Aronesty via bitcoin-dev
ASIC boost is definitely a protocol vulnerability. It makes Bitcoin resistant to current and future modifications which are necessary to preserve decentralization. That alone should be enough to prioritize a swift preventative measure. On May 18, 2017 3:29 PM, "Ryan Grant via bitcoin-dev" <

Re: [bitcoin-dev] Treating ‘ASICBOOST’ as a Security Vulnerability

2017-05-19 Thread Cameron Garnham via bitcoin-dev
(message was originally sent off-list by mistake). Hello Tier, Thank-you for your insightful reply, Am I correct that this suggest is that you think it is an optimisation to find some nonces having lower difficulty than other nonces? I would agree with you if this was limited to a dedicated

Re: [bitcoin-dev] Treating ‘ASICBOOST’ as a Security Vulnerability

2017-05-18 Thread Ryan Grant via bitcoin-dev
On Thu, May 18, 2017 at 9:44 AM, Cameron Garnham via bitcoin-dev wrote: > 3. We should assign a CVE to the vulnerability exploited by ‘ASICBOOST’. > > ‘ASICBOOST’ is an attack on this Bitcoin’s security assumptions and > should be considered an exploit

Re: [bitcoin-dev] Treating ‘ASICBOOST’ as a Security Vulnerability

2017-05-18 Thread Tier Nolan via bitcoin-dev
On Thu, May 18, 2017 at 2:44 PM, Cameron Garnham via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > 1. Significant deviations from the Bitcoin Security Model have been > acknowledged as security vulnerabilities. > > The Bitcoin Security Model assumes that every input into the

Re: [bitcoin-dev] Treating ‘ASICBOOST’ as a Security Vulnerability

2017-05-18 Thread James Hilliard via bitcoin-dev
Locking the lower bits on the timestamp will likely break existing hardware that relies on being able to roll ntime. On Thu, May 18, 2017 at 8:44 AM, Cameron Garnham via bitcoin-dev wrote: > Hello Bitcoin Development Mailing List, > > I wish to explain why

[bitcoin-dev] Treating ‘ASICBOOST’ as a Security Vulnerability

2017-05-18 Thread Cameron Garnham via bitcoin-dev
Hello Bitcoin Development Mailing List, I wish to explain why the current approach to ‘ASICBOOST’ dose not comply with our established best practices for security vulnerabilities and suggest what I consider to be an approach closer matching established industry best practices. 1.