Breaking Down Bitcoin’s “AsicBoost Scandal”: The Solutions

As first revealed by Bitcoin Core developer and Blockstream Co-Founder and CTO Gregory Maxwell, and subsequently confirmed by Bitmain through a press release,
As first revealed by Bitcoin Core developer and Blockstream Co-Founder and CTO Gregory Maxwell, and subsequently confirmed by Bitmain through a press release,
Mining - Breaking Down Bitcoin’s “AsicBoost Scandal”: The Solutions

As first revealed by Bitcoin Core developer and Blockstream Co-Founder and CTO Gregory Maxwell, and subsequently confirmed by Bitmain through a press release, the major Chinese mining hardware manufacturer has included the AsicBoost technology in its specialized ASIC chips.

This is controversial, in large part because AsicBoost is patented and therefore potentially skews Bitcoin’s mining ecosystem by government regulation. Furthermore, covert use of AsicBoost, as it turns out, is largely incompatible with a Segregated Witness soft fork (SegWit), the protocol upgrade proposed by the Bitcoin Core development team.

While it is not clear that Bitmain has actually used AsicBoost, and the company denies this is the reason it blocks SegWit, many do believe a response is required.

Having broken down the “AsicBoost scandal” in a previous article, what follows here are some options moving forward.

AsicBoost

First, a quick recap on Bitcoin mining and AsicBoost. (Skip if you already know the details.)

Bitcoin miners construct blocks of data. These blocks include transactions, some random data (a “nonce”) and more. Once constructed, a miner hashes his block, which is a mathematical trick that scrambles and compresses all the data into a short and random string of numbers: a hash. If this hash happens to start with enough zeroes, the block is valid and it can be submitted to the network. If it’s not valid, the miner will have to try again, for example by changing the nonce.

To construct and hash a block, miners have to invest a tiny bit of computing power, hence, energy. In effect, this means that any time a miner finds a valid block, he must have statistically invested much more energy for all of the invalid blocks he also constructed.

A valid hash is therefore quite literally proof that a miner did a specific amount of work, which is why this process is called “proof of work.” This proof of work is what makes Bitcoin relatively immutable. The only way an attacker can rewrite history is to have access to specialized hardware and invest real energy to redo all the work.

AsicBoost allows miners to take a “shortcut.” Instead of blindly hashing as many variations of a block as possible, AsicBoost lets miners reuse a certain calculation in the hash process across several tries. This saves some 15 to 30 percent of energy.

AsicBoost can be used in two ways: overtly and covertly. Overt use would be obvious to anyone; it’s easily detected by looking at the blocks a miner produces. Covert use, however, is much harder, if not impossible, to detect. Only covert use is largely incompatible with SegWit.

Bitmain’s chips allow for both overt and covert use, but the company has certainly not used AsicBoost overtly. There are several indications that Bitmain has used AsicBoost covertly, but the company denies that it has, and it is so far unproven.

Option One: Do Nothing

The first option in light of the AsicBoost revelations is, of course, to do nothing at all.

Assuming Bitmain uses AsicBoost, or will use it in the future, miners (or, more accurately, mining hardware manufacturers) will then have to gain access to the patent as well, or compete on other grounds. Depending on how much added profit AsicBoost actually provides (this is somewhat disputed), this could be viable at least in the short term. Whether it’s viable in the long term, however, is much less certain.

Alternatively, the patent could be made free to the public.

One of the patent holders, Sergio Demian Lerner, suggested this as an option, though he doesn’t appear very keen on doing so without any reward.

And in their press release Bitmain alluded to freeing the patent too, writing:

“If all mining equipment could use AsicBoost, it will lower the J/GH cost and the total network hash rate will increase, making the Bitcoin network even stronger. So, the AsicBoost method is not a ‘covert attack’ on the Bitcoin PoW function. It is an engineering optimization.”

And:

“We suggest working with the patent owners so that the patent could be used by the public.”

While this could be a good option, it should be noted that (contrary to Bitmain’s press release) freeing the patent would not really increase Bitcoin’s security in a meaningful way.

This is because in a competitive mining landscape, any energy saved by miners would really have to be re-invested to increase the hash rate. But the purpose of proof of work is not, in itself, finding valid hashes. Hashes are just random numbers and don’t provide security in and of themselves.

Rather, the purpose of proof of work is … proving work.

If all miners were to use AsicBoost, the hash rate would go up, but miners would not invest more energy. In other words, if all miners take the same “shortcut,” that shortcut just becomes the “main route.”

As such, reversing a transaction would not be any harder. An attacker would still need access to specialized hardware and would have to invest the same amount of energy.

That is not a problem — but it does not benefit anyone either.

Option Two: Blocking Covert AsicBoost

Of course, the main reason Maxwell revealed that Bitmain is implementing AsicBoost in their chips wasn’t so much because of AsicBoost itself; rather, it was because of Segregated Witness. More specifically, since covert use of AsicBoost is largely incompatible with SegWit, it may stop Bitmain from activating the proposed SegWit soft fork.

In his draft Bitcoin Improvement Proposal (BIP) sent to the Bitcoin development mailing list, Maxwell therefore proposed to block only the covert version of AsicBoost (or, really, make it significantly more expensive to use). If covert use of AsicBoost is blocked, it would at least take away that reason to block SegWit.

Bitcoin users can block covert use of AsicBoost with a user-activated soft fork (UASF), which effectively forces miners to pick one of two options: miners would have to either activate Segregated Witness, or they would have to include something in their blocks that doesn’t actually do anything — except block AsicBoost.

This would still leave miners with the choice to either activate Segregated Witness or not. And they could still use the overt version of AsicBoost as well.

As such (and as opposed to what Bitmain suggested in its press release), the BIP will not result in loss for patent owners. If anything, it would help patent owners: it would ensure that no one covertly breaches the patent. Indeed, Lerner supports blocking covert use of AsicBoost, and he even resubmitted Maxwell’s BIP proposal using different terminology.

Bitmain, however, has not commented on the BIP so far, and it is still unclear whether the company will support it. (Of course, if the company is not covertly using AsicBoost, it would have little reason to oppose the proposal.)

Alternatively, AsicBoost can be blocked by adopting the latest iteration of Extension Blocks, an alternative scaling solution proposed by the Bcoin development team.

As another option, Bitcoin developer Jimmy Song suggested that instead of making covert use of AsicBoost impossible, perhaps overt use should be incentivized. This added incentive could be combined with Segregated Witness, which could give miners one more reason to active the soft fork.

Option Three: Blocking All of AsicBoost

For some, however, blocking the covert version of AsicBoost alone is not enough.

Since AsicBoost is patented, and patents are state-enforced, the concern is that this could lead to a situation where mining becomes semi-permissioned: mining profitably would effectively require permission from the patent holders and the state(s) that enforces the patents. This could in turn lead to a more centralized, and perhaps even regulated, mining ecosystem.

Bitcoin Core developers Peter Todd and Matt Corallo, for example, have suggested that the Bitcoin protocol should be changed to make AsicBoost irrelevant altogether.

This can of course be done with a hard fork; the initial idea was to bundle it with a hard fork that was part of the Bitcoin Roundtable Consensus (better known as the “Hong Kong Agreement”). But since the initial hard fork proposals resulting from this agreement have failed to gain consensus so far, this option seems off the table for now. Alternatively, AsicBoost can be soft forked out of the current protocol.

But perhaps unsurprisingly, the patent holders dislike these options, while others are afraid that changing the protocol in response to what they consider to be an optimization would disincentivize future innovation. Blocking all of AsicBoost, therefore, still seems like a long shot for now.

Option Four: Proof of Work Change

Finally, there’s the “nuclear option.”

In an ecosystem where a relatively small group of people has come to control a relatively large chunk of all hash power on the Bitcoin network, and where either AsicBoost-related motives or “political” motives seem to have played a part in blocking Segregated Witness, some — like the pseudonymous “Praxeology Guy” — propose that the best way forward is to change the proof of work algorithm entirely. This would render all existing mining hardware useless and would “reset” the mining landscape back to where more regular users can participate, while disabling AsicBoost at the same time.

Changing Bitcoin’s proof of work algorithm is very controversial, however, in large part because it punishes all current miners. And as for any hard fork, it would require everyone to switch to a new protocol. This is no easy task — especially given its controversial nature.

This article has been updated for accuracy.