Erik anderson bitcoin
Erik leads data visualization research and development efforts at Bloomberg. Before joining Bloomberg, Erik owned Internet Erik anderson bitcoin, Inc.
Asymmetric Encryption, Embedded Linux Systems, and the Linux Kernel. Landsat projects that included remote sensing and satellite imagery processing. Today’s post is a cautionary tale on why running a lottery on a blockchain is so incredibly hard to get right . Here’s the setting: Eric Lombrozo, a Bitcoin Core developer, was in the Christmas spirit yesterday and decided to give away 1 BTC, split into 10 chunks of 0. 1 BTC each, to people who re-tweeted him.
He wanted to make the giveaway provably fair, so he devised the algorithm described in his tweet thread. I won’t go into the gory technical details at all, except to note that, in essence, he wants to pick a random number, say 17, and give out 10 awards to every 17th person. Now, the scheme is quite ornate and complicated. But the key operation that’s happening underneath is simple: he is deriving a random number from two block hashes. This is a pattern I’ve seen in use in at least a dozen buggy Ethereum Dapps, and many of you are going to stop reading at this point thinking you understand the problem. Do read on, because there are multiple problems, and the actual bugs are not the usual, obvious ones, even though it’ll seem that way at first.
Concerned About Miner Attacks This scheme is ostensibly quite worried about miner manipulation of the lottery. Everyone deriving random numbers from block hashes should worry about attacks by miners. Recall that a miner wishing to tilt the lottery can do so by computing a block and seeing if its hash yields a good outcome for the miner. If not, the miner tosses out the block without making it public. But Miner Attacks Are Not A Problem But in this case, this worry about the miners is completely overblown. Failed Defenses Against Mythical Attacking Miners Regardless, some people are overly paranoid about things that will not happen.
And Core developers keep reminding us how cautious they are as a group. But is extra paranoia really harmless? Or as Ross Anderson has argued relentlessly for a few decades, should one make security decisions based on costs? Things get philosophical at this point, so I’ll abandon this line of thought and assume that the miners are evil. There is a subreddit full of messages and memes to this effect. Does This Distrust of the Miners Actually Work? So how good is this approach at keeping the evil miners at bay?