Friday, January 27, 2023

Greg Maxwell: AsicBoost Exploit a ‘Clear and Present Danger’

Greg Maxwell: AsicBoost Exploit a ‘Clear and Present Danger’

Bitcoin Core developer Greg Maxwell has pointed to a proof-of-work (PoW) flaw called “AsicBoost” that miners may be using covertly to block fixes, and save $100m per year on energy overheads.

Also read: Seeds of War: How An Old Message Board Thread Gave Birth to Bitcoin Unlimited

A recent post to the Linux Foundation bitcoin-dev mailing list by Maxwell detailed the discovery of a possible flaw in Satoshi Nakamoto’s PoW that could be worth $100m per year and enable miners to save up to 30% on energy costs, while blocking protocol improvements. Ominously, equipment from a “major manufacturer” allegedly already contains the ability to use this kind of attack.

In the explosive entry, Maxwell said the exploit has been patented by Sergio Damien Lerner and Timo Hanke as “AsicBoost”. The vulnerability works by manipulating part of the 80 byte block header hashes produced in the mining process. As the initial “message expansion” in each step of the SHA-256 function uses 64 bytes with no previous input data, if a block header can be prepared with “multiple distinct first 64 byte chunks” yet identical, smaller 16 byte chunks, then they are effectively reusing the same computational power for “multiple trials”.

Maxwell did not name the “major manufacturer”. However he told Bitsonline:

“… One “major mining operation” known for speaking out against SegWit just loudly endorsed a rather broken extension block proposal that more or less incorporates SegWit — but since it is an extension block it does not break covert use of AsicBoost; basically they oppose SegWit except in a form that preserves covert AsicBoost (they’ve also said they would support “hardfork SegWit”, which would also preserve covert AsicBoost).”

With AsicBoost Miners Could Block Improvements Like SegWit

This vulnerability can be used in two ways: one is detectable and not currently being used against the network, while the other is covert and hard to detect. The covert use has significant interactions and interference with the Bitcoin protocol, while also allowing miners to potentially block improvements, like SegWit, that would repair that advantage. Maxwell mentioned that mining ASICs from the “major manufacturer” have already been reverse engineered and “contain an undocumented, undisclosed ability to make use of this attack.”

Bitcoin mining facilityIn light of the heightened tension within the Bitcoin community regarding Bitcoin Unlimited, the insinuation would seem to be that Jihan Wu’s Bitmain may be the manufacturer in question. Bitmain supports Unlimited and is the major obstacle in the way for activation of SegWit, an upgrade that claims to plug this new vulnerability.

Also speaking to Bitsonline, Wu said more investigation is still needed, and that he and Bitmain “would follow up” the claims. The company would post on its blog with more information soon.

Some noted figures, like BitGo’s Jameson Lopp, believe it may explain the actions of some miners:

“A possible economic explanation for why (certain) miners may hate SegWit.”

Maxwell pointed out that this vulnerability may be used to “distort the Bitcoin ecosystem in order to preserve the advantage”. Theoretically a $100mn p/y saving could lead to a large increase in centralization as others miners are made less profitable by the attackers 30% reduction in costs.

What Is the Miners’ Role?

The episode poses some important questions: if the mining process has been patented but a manufacturer has been shipping products that allow miners to covertly conduct this ‘attack’, are the miners breaking the patent?

That possibility may be answered by an accompanying Bitcoin Improvement Protocol (BIP) suggestion from Maxwell, as economist and commentator Tuur Demeester pointed out:

“Greg Maxwell just posted a BIP which makes the covert (and likely illegal) AsicBoost mining exploit impossible.”

Well-known evangelist Andreas Antonopoulos also tweeted:

If the BIP is successful, the ramifications stemming from the publication of the vulnerability may not be so quickly averted. The question now remains – if a major mining manufacturer has been exploiting the system, what will their next move be?

What’s your opinion? Is AsicBoost a danger to Bitcoin? Let’s hear your thoughts.

Image via Pixabay

Bitsonline Email Newsletter