Newsletters: add 315 (2024-08-09)

Author: harding

_includes/references.md

@@ -110,6 +110,8 @@ for details --> {% endcomment %}
 [BIP90]: https://github.com/bitcoin/bips/blob/master/bip-0090.mediawiki
 [BIP91]: https://github.com/bitcoin/bips/blob/master/bip-0091.mediawiki
 [BIP93]: https://github.com/bitcoin/bips/blob/master/bip-0093.mediawiki
+[BIP94]: https://github.com/bitcoin/bips/blob/master/bip-0094.mediawiki
+[BIP103]: https://github.com/bitcoin/bips/blob/master/bip-0103.mediawiki
 [BIP111]: https://github.com/bitcoin/bips/blob/master/bip-0111.mediawiki
 [BIP112]: https://github.com/bitcoin/bips/blob/master/bip-0112.mediawiki
 [BIP113]: https://github.com/bitcoin/bips/blob/master/bip-0113.mediawiki

_posts/en/newsletters/2024-08-09-newsletter.md

@@ -49,6 +49,9 @@ optech_mentions:
   - title: "BitVMX: an alternative to BitVM for verification of program execution"
     url: /en/newsletters/2024/05/17/#alternative-to-bitvm
 
+  - title: "Optimistic verification of zero-knowledge proofs using CAT, MATT, and Elftrace"
+    url: /en/newsletters/2024/08/09/#optimistic-verification-of-zero-knowledge-proofs-using-cat-matt-and-elftrace
+
 ## Optional.  Same format as "primary_sources" above
 see_also:
   - title: "Merklize All The Things (MATT)"

_topics/en/acc.md

@@ -0,0 +1,89 @@
+---
+title: Block withholding
+
+## Optional.  Shorter name to use for reference style links e.g., "foo"
+## will allow using the link [topic foo][].  Not case sensitive
+# shortname: foo
+
+## Optional.  An entry will be added to the topics index for each alias
+title-aliases:
+  - Oblivious shares
+
+## Required.  At least one category to which this topic belongs.  See
+## schema for options
+topic-categories:
+  - Mining
+
+## Optional.  Produces a Markdown link with either "[title][]" or
+## "[title](link)"
+primary_sources:
+    - title: "Analysis of Bitcoin Pooled Mining Reward Systems (section 6.2: block withholding)"
+      link: https://bitcoil.co.il/pool_analysis.pdf
+
+## Optional.  Each entry requires "title" and "url".  May also use "feature:
+## true" to bold entry and "date"
+optech_mentions:
+  - title: Block withholding attacks and potential solutions
+    url: /en/newsletters/2024/08/09/#block-withholding-attacks-and-potential-solutions
+
+## Optional.  Same format as "primary_sources" above
+see_also:
+  - title: Pooled mining
+    link: topic pooled mining
+
+## Optional.  Force the display (true) or non-display (false) of stub
+## topic notice.  Default is to display if the page.content is below a
+## threshold word count
+#stub: false
+
+## Required.  Use Markdown formatting.  Only one paragraph.  No links allowed.
+## Should be less than 500 characters
+excerpt: >
+  **Block withholding** is an attack against pooled mining where a miner
+  submits and receives payment for shares that are not eligible to
+  become full blocks but doesn't not submit shares that are eligible to
+  become full blocks.  This allows the miner to earn 99.9% of their
+  expected revenue without the pool earning anything from the miner's
+  work.  **Oblivious shares** is a proposed solution to block
+  withholding.
+
+---
+In [pooled mining][topic pooled mining], there are two types of shares:
+those that have
+enough work to be a valid block and those that don't.  In a pure
+pay-per-share (PPS) scheme, the pool pays the same amount for both types
+but the pool only earns rewards from the Bitcoin system for producing
+valid blocks.  This can allow a pool member to forfeit a small amount of
+income in order to deny the pool a large amount of income.
+
+For example, imagine the ratio between the network proof-of-work (PoW)
+target and the pool share target is 1,000, so for every 1,000 shares
+submitted by pool members,
+the pool would be expected to find one block on average.  Malicious
+pool member Mallory submits each share she finds except those that have
+enough proof of work to be valid blocks.  On average, Mallory gets
+paid for 999 shares out of every 1,000 she generates, reducing her
+income by 0.1% but costing the pool 100% of a block reward for every
+1,000 shares generated by Mallory.
+
+If Mallory operates a pool, she might be motivated to use block
+withholding attacks against other pools, significantly reducing their
+profitability and potentially driving them out of business to Mallory's
+advantage.
+
+We are unaware of any deployed method that fully addresses this problem.
+A common mitigation is for pools to pay more for shares that have enough
+work to be a valid block (which implies paying less for other shares).
+Some pools also restrict who can join their pools and use techniques
+from statistical analysis to attempt to detect block withholders.
+
+A proposed solution is _oblivious shares_, which prevents the miner
+creating the share from determining whether it meets the network PoW
+target.  Only the pool can make that determination, preventing the miner
+from being able to selectively withhold shares that would benefit the
+pool.  Adding support for oblivious shares to Bitcoin requires a hard
+fork and may create [other problems][news315 oblivious].
+
+{% include references.md %}
+{% include linkers/issues.md issues="" %}
+[news315 oblivious]: /en/newsletters/2024/08/09/#block-withholding-attacks-and-potential-solutions

_topics/en/block-withholding.md

@@ -57,6 +57,9 @@ optech_mentions:
   - title: "Proposal to use weak blocks to improve compact block relay when mempool policies diverge"
     url: /en/newsletters/2024/04/24/#weak-blocks-proof-of-concept-implementation
 
+  - title: "Recent statistics on the success rate of compact block reconstruction"
+    url: /en/newsletters/2024/08/09/#statistics-on-compact-block-reconstruction
+
 ## Optional.  Same format as "primary_sources" above
 # see_also:
 #   - title:

_topics/en/compact-block-relay.md

@@ -6,8 +6,9 @@ title: Ephemeral anchors
 # shortname: foo
 
 ## Optional.  An entry will be added to the topics index for each alias
-#title-aliases:
-#  - Foo
+title-aliases:
+  - "Pay-to-Anchor (P2A)"
+  - Ephemeral dust
 
 ## Required.  At least one category to which this topic belongs.  See
 ## schema for options
@@ -59,6 +60,9 @@ optech_mentions:
   - title: Proposed changes to LN for v3 relay and ephemeral anchors
     url: /en/newsletters/2024/01/24/#proposed-changes-to-ln-for-v3-relay-and-ephemeral-anchors
 
+  - title: Description of a replacement cycling attack against transactions using P2A
+    url: /en/newsletters/2024/08/09/#replacement-cycle-attack-against-pay-to-anchor
+
 ## Optional.  Same format as "primary_sources" above
 see_also:
   - title: V3 Transaction Relay

_topics/en/ephemeral-anchors.md

@@ -1,5 +1,5 @@
 ---
-title: Exfiltration resistant signing
+title: Exfiltration-resistant signing
 
 ## Optional.  Shorter name to use for reference style links e.g., "foo"
 ## will allow using the link [topic foo][].  Not case sensitive
@@ -24,7 +24,7 @@ primary_sources:
 ## Optional.  Each entry requires "title", "url", and "date".  May also use "feature:
 ## true" to bold entry
 optech_mentions:
-  - title: Proposal to standardize an exfiltration resistant nonce protocol
+  - title: Proposal to standardize an exfiltration-resistant nonce protocol
     url: /en/newsletters/2020/03/04/#proposal-to-standardize-an-exfiltration-resistant-nonce-protocol
 
   - title: Overview of anti-covert-channel signing techniques
@@ -33,6 +33,9 @@ optech_mentions:
   - title: Description of anti-exfiltration technique being used in BitBox02 and Jade hardware wallets
     url: /en/newsletters/2021/02/17/#anti-exfiltration
 
+  - title: "Dark Skippy: faster exfiltration of HD wallet seeds"
+    url: /en/newsletters/2024/08/09/#faster-seed-exfiltration-attack
+
 ## Optional.  Same format as "primary_sources" above
 # see_also:
 #   - title:
@@ -41,7 +44,7 @@ optech_mentions:
 ## Required.  Use Markdown formatting.  Only one paragraph.  No links allowed.
 ## Should be less than 500 characters
 excerpt: >
-  **Exfiltration resistant signing** is the process of creating
+  **Exfiltration-resistant signing** is the process of creating
   signatures for Bitcoin transactions using a protocol that can be
   audited to ensure the signature doesn't contain any biased or
   otherwise manipulated elements that could be used to compromise the

_topics/en/exfiltration-resistant-signing.md

@@ -78,8 +78,8 @@ see_also:
   - title: Miniscript
     link: topic miniscript
 
-  - title: Exfiltration resistant signing
-    link: topic exfiltration resistant signing
+  - title: Exfiltration-resistant signing
+    link: topic exfiltration-resistant signing
 ---
 Designed primarily by Bitcoin Core developers to allow that software to
 use hardware wallets as external signers, HWI is now being used by

_topics/en/hwi.md

@@ -11,7 +11,6 @@ title-aliases:
   - Braidpool
   - Stratum
   - Stratum v2
-  - Block withholding attack
 
 ## Required.  At least one category to which this topic belongs.  See
 ## schema for options
@@ -74,8 +73,7 @@ excerpt: >
   collaborate on finding proof of work for new blocks, with them fairly
   dividing the rewards of any blocks they find.  **Betterhash**,
   **Braidpool**, **Stratum**, and **Stratum v2** are protocols for
-  coordinating pooled mining.  A **block withholding attack** is a
-  well-known attack against pooled mining.
+  coordinating pooled mining.
 
 ---
 Hashing a block header will produce a value that can be interpreted as a
@@ -128,36 +126,6 @@ Pools may impose additional requirements on their members, either
 explicitly or by using a pool protocol that does not give members the
 flexibility to make certain choices.
 
-## Block withholding attacks
-
-Pooled mining is fundamentally vulnerable to a problem known as a _block
-withholding attack_.  There are two types of shares: those that have
-enough work to be a valid block and those that don't.  In a pure
-pay-per-share (PPS) scheme, the pool pays the same amount for both types
-but the pool only earns rewards from the Bitcoin system for producing
-valid blocks.  This can allow a pool member to forfeit a small amount of
-income in order to deny the pool a large amount of income.
-
-For example, imagine the ratio between the primary target and secondary
-target is 1,000, so for every 1,000 shares submitted by pool members,
-the pool would be expected to find one block on average.  Malicious
-pool member Mallory submits each share she finds except those that have
-enough proof of work to be valid blocks.  On average, Mallory gets
-paid for 999 shares out of every 1,000 she generates, reducing her
-income by 0.1% but costing the pool 100% of a block reward for every
-1,000 shares generated by Mallory.
-
-If Mallory operates a pool, she might be motivated to use block
-witholding attacks against other pools, significantly reducing their
-profitability and potentially driving them out of business to Mallory's
-advantage.
-
-We are unaware of any deployed method that fully addresses this problem.
-A common mitigation is for pools to pay more for shares that have enough
-work to be a valid block (which implies paying less for other shares).
-Some pools also restrict who can join their pools and use techniques
-from statistical analysis to attempt to detect block withholders.
-
 ## Pool protocols
 
 The earliest pool protocol was built around transmitting block header
@@ -248,8 +216,8 @@ descriptions and from other pools.
     1.44 blocks per day and so would need to pay out rewards for about
     1.44 blocks worth of shares every day.  However, that pool might go
     days without actually finding a block, requiring them to maintain a
-    significant amount of capital.  Additionally, even a slight block
-    withholding attack could reduce pool profitability below a
+    significant amount of capital.  Additionally, even a slight [block
+    withholding attack][topic block withholding] could reduce pool profitability below a
     sustainable level.
 
 - **Full pay per share (FPPS)** works like PPS but includes transaction

_topics/en/pooled-mining.md

@@ -192,6 +192,9 @@ optech_mentions:
   - title: "Question: why does RBF rule #3 exist?"
     url: /en/newsletters/2024/07/26/#why-does-rbf-rule-3-exist
 
+  - title: "Nodes with full-RBF successfully reconstructing more compact blocks than nodes with only opt-in RBF"
+    url: /en/newsletters/2024/08/09/#replacement-cycle-attack-against-pay-to-anchor
+
 ## Optional.  Same format as "primary_sources" above
 see_also:
   - title: Transaction pinning