Covert attack on Bitcoin ends block size debate stagnation
From Brave New Coin
On Wednesday afternoon, Bitcoin Core developer Greg Maxwell submitted a Bitcoin Improvement Proposal (BIP), inhibiting a “covert attack on the Bitcoin POW function.” Maxwell discovered patent pending technology being used in an ASIC Bitcoin mining chip, which gives certain Bitcoin miners 20 to 30 percent more mining power.https://bravenewcoin.com/news/covert-attack-on-bitcoin-ends-block-size-debate-stagnation/The technology, AsicBoost, was invented by Timo Hanke in collaboration with Sergio Lerner. "Through clever pre-processing and crafting of the work that is sent to the chip, the ASIC is allowed to re-use about one quarter of the information that would otherwise be created and discarded on a continuous basis internally to the hashing cores,” explains Hanke. “A hashing core adopted for AsicBoost can save up to one quarter of the gates by re-using that information over time or by sharing it with other hashing cores."
While the technology is offered for use under license, Maxwell discovered an ASIC chip with the technology in, which the creators “were completely unaware of.” The BIP to counter the problem does not prevent the attack in general, “but only inhibits covert forms of it which are incompatible with improvements to the Bitcoin protocol.”
“A month ago I was explaining the attack on Bitcoin's SHA2 hashcash which is exploited by ASICBOOST and the various steps which could be used to block it in the network if it became a problem,” states Maxwell. “As I explained one of the approaches to inhibit covert ASICBOOST I realized that my words were pretty much also describing the SegWit commitment structure.”
“An incompatibility would go a long way to explaining some of the more inexplicable behavior from some parties in the mining ecosystem so I began looking for supporting evidence.”
- Greg Maxwell
Follow @contentjunkie to stay up to date on more great posts like this one.
A complicated solution that doesn't actually solve it the problem, just deflects it.
ASIC Boost is just one class of problem and while it increases efficiency in an unsafe and unfair manner.
The root of the problem here is that as bitcoin difficulty increases, the space of possible coinbase hashes shrinks, because increased difficulty means that the number represented by this hash is a "smaller number".
At some point it becomes more efficient to begin guessing what the hash of the next block will before that hash is generated. Turning the merkle root into a random number and generating a block from that. If you get lucky you'll guess the correct hash and instamine a block so that as soon as said block is found, you have a new empty block ready to go.
Nothing in this proposal fixes that and as time goes on, difficulty goes up, that search space narrows so it will become more prominent.
Here's a simpler solution. Blocks smaller than 1 MB in size are invalid. The ASIC boost algorithm only works on empty or nearly empty blocks, same with the issue I've outlined above. There is absolutely no reason when the transaction backlog is in the tens of thousands for empty blocks to be allowed at all.
This post has been ranked within the top 50 most undervalued posts in the second half of Apr 06. We estimate that this post is undervalued by $0.39 as compared to a scenario in which every voter had an equal say.
See the full rankings and details in The Daily Tribune: Apr 06 - Part II. You can also read about some of our methodology, data analysis and technical details in our initial post.
If you are the author and would prefer not to receive these comments, simply reply "Stop" to this comment.