Hello Bitcoin-Dev,
A quick update that CVE-2017-9230 has been assigned for the security
vulnerability commonly called ‘ASICBOOST’:
"The Bitcoin Proof-of-Work algorithm does not consider a certain attack
methodology related to 80-byte block headers with a variety of initial 64-byte
chunks
ASIC boost is definitely a protocol vulnerability.
It makes Bitcoin resistant to current and future modifications which are
necessary to preserve decentralization.
That alone should be enough to prioritize a swift preventative measure.
On May 18, 2017 3:29 PM, "Ryan Grant via bitcoin-dev" <
(message was originally sent off-list by mistake).
Hello Tier,
Thank-you for your insightful reply,
Am I correct that this suggest is that you think it is an optimisation to find
some nonces having lower difficulty than other nonces?
I would agree with you if this was limited to a dedicated
On Thu, May 18, 2017 at 9:44 AM, Cameron Garnham via bitcoin-dev
wrote:
> 3. We should assign a CVE to the vulnerability exploited by ‘ASICBOOST’.
>
> ‘ASICBOOST’ is an attack on this Bitcoin’s security assumptions and
> should be considered an exploit
On Thu, May 18, 2017 at 2:44 PM, Cameron Garnham via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> 1. Significant deviations from the Bitcoin Security Model have been
> acknowledged as security vulnerabilities.
>
> The Bitcoin Security Model assumes that every input into the
Locking the lower bits on the timestamp will likely break existing
hardware that relies on being able to roll ntime.
On Thu, May 18, 2017 at 8:44 AM, Cameron Garnham via bitcoin-dev
wrote:
> Hello Bitcoin Development Mailing List,
>
> I wish to explain why
Hello Bitcoin Development Mailing List,
I wish to explain why the current approach to ‘ASICBOOST’ dose not comply with
our established best practices for security vulnerabilities and suggest what I
consider to be an approach closer matching established industry best practices.
1.