Author: Cameron Garnham 2017-05-18 13:44:47
Published on: 2017-05-18T13:44:47+00:00
The writer of a post on the Bitcoin Development Mailing List has suggested that current approaches to 'ASICBOOST' do not comply with established best practices for security vulnerabilities and should be changed to more closely align with industry standards. The writer suggests that deviations from the Bitcoin Security Model have been acknowledged as security vulnerabilities, and that every input into the Proof-of-Work function should have the same difficulty of producing a desired output. General ASIC optimisation cannot be considered a security vulnerability, but being able to craft inputs that are significantly easier to check than alternative inputs is a vulnerability. The writer recommends assigning a CVE to the vulnerability exploited by 'ASICBOOST', which is an attack on this Bitcoin's security assumptions and should be considered an exploit of the Bitcoin Proof-of-Work Function. They suggest that the Bitcoin community should be able to track the progress of restoring the quality of the Bitcoin Proof-of-Work function to its original assumptions, and work should be taken to prudently and swiftly restore Bitcoins Security Properties. The writer also presents their working list of things to do, including extra data in the Coinbase Transaction, locking the Version, locking the lower-bits on the Timestamp, and making a deterministic ordering of transaction chains within a block. They suggest that if there is a hard-fork, the Proof-of-Work internal merkle structure should be directly considered. The writer concludes by recommending that the Bitcoin Community fix this vulnerability with expediency.
Updated on: 2023-06-12T00:51:48.657068+00:00