Hello Bitcoin-Dev, A quick update that CVE-2017-9230 has been assigned for the security vulnerability commonly called ‘ASICBOOST’:
"The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent.” I would like to especially thank the CVE team at Mitre for their suggested description that was more appropriate than my proposed text. https://cve.mitre.org/cgi-bin/cvename.cgi?name=+CVE-2017-9230 Cameron. > Begin forwarded message: > > From: <cve-requ...@mitre.org> > Subject: Re: [scr-xxxxx] Bitcoin - All > Date: 24 May 2017 at 18:52:22 GMT+3 > To: <da2...@gmail.com> > Cc: <cve-requ...@mitre.org> > > Signed PGP part > > [Suggested description] > > The Bitcoin Proof-of-Work algorithm does not consider a certain attack > > methodology related to 80-byte block headers with a variety of initial > > 64-byte chunks followed by the same 16-byte chunk, multiple candidate > > root values ending with the same 4 bytes, and calculations involving > > sqrt numbers. This violates the security assumptions of (1) the choice > > of input, outside of the dedicated nonce area, fed into the > > Proof-of-Work function should not change its difficulty to evaluate > > and (2) every Proof-of-Work function execution should be independent. > > > > ------------------------------------------ > > > > [Additional Information] > > ASICBOOST, originality promoted as a patented mining optimisation(1). > > Has under detailed study (2), become regarded as an actively exploited > > (3), security vulnerability (4), of Bitcoin. > > > > The Bitcoin Proof-of-Work Algorithm is dependent on the following two > > security assumptions that are both broken by 'ASICBOOST': > > 1. The choice of input, outside of the dedicated nonce area, fed into > > the Proof-of-Work function should not change it's difficulty to > > evaluate. > > 2. Every Proof-of-Work function execution should be independent. > > > > 'ASICBOOST' creates a layer-violation where the structure of the input > > outside of the dedicated nonce area will change the performance of the > > mining calculations (5). 'ASICBOOST' exploits a vulnerability where > > the Proof-of-Work function execution is not independent (6). > > > > References: > > (1) Original Whitepaper by Dr. Timo Hanke: > > https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf > > (2) Academic Write-up by Jeremy Rubin: > > http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf > > (3) Evidence of Active Exploit by Gregory Maxwell: > > > > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html > > (4) Discussion to assign a CVE Number, by Cameron Garnham: > > > > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html > > (5) Discussion of the perverse incentives created by 'ASICBOOST' by Ryan > > Grant: > > > > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html > > (6) Discussion of ASICBOOST's non-independent PoW calculation by Tier Nolan: > > > > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html > > > > The patent holder of this particular security vulnerability has a dedicated > > website: https://www.asicboost.com/ > > > > ------------------------------------------ > > > > [VulnerabilityType Other] > > Cryptocurrency Mining Algorithm Weakness > > > > ------------------------------------------ > > > > [Vendor of Product] > > Bitcoin > > > > ------------------------------------------ > > > > [Affected Product Code Base] > > Bitcoin - All > > > > ------------------------------------------ > > > > [Affected Component] > > Bitcoin > > > > ------------------------------------------ > > > > [Attack Type Other] > > Cryptocurrency Proof-of-Work Algorithm Weakness > > > > ------------------------------------------ > > > > [CVE Impact Other] > > Creation of Perverse Incentives in a Cryptocurrency > > > > ------------------------------------------ > > > > [Attack Vectors] > > Bitcoin Mining Unfair Advantage > > Bitcoin Layer-Violations Creating Perverse System Incentives > > > > ------------------------------------------ > > > > [Reference] > > https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf > > http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf > > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html > > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html > > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html > > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html > > > > ------------------------------------------ > > > > [Has vendor confirmed or acknowledged the vulnerability?] > > true > > > > ------------------------------------------ > > > > [Discoverer] > > Original Discovery: Dr. Timo Hanke and Sergio Lerner. Proof of Active > > Exploit: Gregory Maxwell. CVE Reporter: Cameron Garnham > > Use CVE-2017-9230. > > > -- > CVE Assignment Team > M/S M300, 202 Burlington Road, Bedford, MA 01730 USA > [ A PGP key is available for encrypted communications at > http://cve.mitre.org/cve/request_id.html ] > _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
