On April 5, security researcher Gregory Maxwell made some explosive claims on the Bitcoin developers mailing list. If what Maxwell says is true, a cyberattack on the Bitcoin blockchain has probably been in place for a few years, and earned the attackers hundreds of millions of dollars.
Maxwell’s email describes a shortcut called ASICBOOST that would give some Bitcoin miners a competitive advantage. Maxwell characterizes this, somewhat controversially, as an “attack” on the Bitcoin network. The technical details of ASICBOOST are described in Maxwell’s email, but in short, it skips a step in hashing, reducing the energy miners need to spend.
Bitcoin is mined by finding hashes – mathematical fingerprints of transaction data. Calculating these hashes is very computationally demanding, requiring investment in energy and mining hardware. The Bitcoin protocol requires hashes to be computed in two steps, and ASICBOOST allows ‘candidate’ hashes to be computed in advance, collapsing one of the step in the hashing process.
This would allow a 30 percent reduction in computation in theory, though in practice probably closer to 20 percent. In the world of Bitcoin mining, where 657,000 bitcoins are paid out per year to miners, a miner with a 20 percent edge would make a lot of money. Maxwell describes this as “a clear and present danger to the Bitcoin system”, and writes, “Exploitation of this vulnerability could result in payoff of as much as $100 million USD per year”. Note that this exploit would be impossible if SegWit were implemented – a point we’ll return to later.
One could take the position that it is legitimate for miners to use any technique that makes their operation more efficient. But what makes this controversial, and arguably unfair, is that ASICBOOST is a patented technology. This could give the patent owners disproportionate control of Bitcoin. Maxwell writes, “This could have a phenomenal centralizing effect by pushing mining out of profitability for all other participants, and the income from secretly using this optimization could be abused to significantly distort the Bitcoin ecosystem in order to preserve the advantage.”
Maxwell writes, “Reverse engineering of a particular mining chip has demonstrated conclusively that ASICBOOST has been implemented in hardware.” He does not explicitly state which “particular mining chip” he is talking about, but it is probably Bitmain’s.
Bitmain manufactures 70 percent of mining equipment, and holds the Chinese patent on ASICBOOST technology. The Chinese patent was submitted in August 2015, and bears the name of Jihan Wu, co-founder and co-CEO of Bitmain.
Bram Cohen, the author of Bittorent protocol, tweeted that Bitmain’s patent gives “no credit to the actual inventors”, referring to Timo Hanke and Sergio Demian Lerne, whose American patent on ASICBOOST clearly predates the Chinese filing. It is unclear whether this makes the Chinese patent invalid under the Patent Cooperation Treaty, to which China and the United States are both signatories.
Two accusations are being levelled at Bitmain. First, that they have used ASICBOOST to gain a competitive edge over other miners, and second, that they have opposed SegWit because it would make ASICBOOST useless. It is easy to connect these two claims, and many people have. Bram Cohen has no doubt that Bitmain opposed SegWit because they are using the ASICBOOST exploit and want to continue doing so. He has tweeted that Bitmain are “blocking segwit for disingenuous selfish reasons”. WhalePanda has also made the same allegation.
On April 7, Bitmain issued a statement denying both of these claims. They claim that, in spite of being in possession of the technology, they have never used ASICBOOST on the main network. This contradicts Cohen’s claim that ASICBOOST is deliberately built into Bitmain’s mining hardware. It is also hard to square Bitmain’s denial with Gregory Maxwell’s claim that, “Reverse engineering of a particular mining chip has demonstrated conclusively that ASICBOOST has been implemented in hardware.” They write, “This, however profitable, is not something we would do for the greater good of Bitcoin.” Whether or not Bitmain’s mining hardware implements ASICBOOST is something that can’t be easily verified without reverse-engineering the hardware.
Before going on to attack Gregory Maxwell as a character assassin, and colorfully describe Bitmain’s critics as “an orchestrated troll army”, Bitmain’s statement denies that they ever opposed SegWit. They say that, “Bitmain had always supported the Hong Kong Agreement, which means Segwit plus a hard fork to 2MB block size”, and that they also supported another scaling proposal called Tothemoon, which “could be” incompatible with ASICBOOST. Their claim to have supported SegWit in the Hong Kong Agreement checks out; in Feb 2016, Jihan Wu was a signatory to the agreement, calling for the development and implementation of SegWit, though it is not clear if it was apparent at that time that SegWit would stymie ASICBOOST.
Image adapted from Pixabay.