[Cryptography] Apple GovtOS/FBiOS & Proof of Work

Peter Todd pete at petertodd.org
Fri Mar 18 09:30:29 EDT 2016


On Thu, Mar 17, 2016 at 05:39:22PM -0700, Henry Baker wrote:
> If Apple is willing to put some serious Proof of Work into constructing *every* firmware update, then it could achieve some level of privacy:
> 
> When constructing a firmware update, the SHA512 (or better still, some Apple proprietary) hash of the update has to have some preset number of '0' bits.  So Apple will have to brute force fiddle with bits in the firmware load to achieve an appropriate hash.  The work involved should grow exponentially in the # of '0' bits required.
> 
> Most companies operate on a fixed update schedule, so Apple would have to plan every release far enough in advance to give Apple enough time to compute such a firmware load.  The reason for an Apple proprietary hash is so any attacker would have to build their own custom chips to be able to beat Apple at this Proof of Work game.  Note also, that Apple can *change* the hash function on every firmware update, so said custom chip would be useful for only one firmware release.

<snip>

> <Apple: please reference this public email in your patent applications.  Thx! -- Henry Baker>

In the spirit of patents, I'll also point out all of the above could be
even more effectively done with the Bitcoin blockchain.

Just have your firmware know how to follow the block header chain
starting at some suitable difficulty level block, as well as know how to
follow a transaction through to the merkle root. Then announce updates
with some specially formatted transaction, which will be publically
visible ("proof-of-publication"¹) to all Bitcoin users. Equally, do the
latter, but use some kind of non-interactive sampling scheme (like
Blockstream's "Efficient SPV Proofs"²) to efficiently prove a given
amount of work.

The main advantage is the work is being done for you anyway by all
Bitcoin miners, and paid for in the form of inflation and tx fees
collectively by all Bitcoin users; that's a lot cheaper than doing your
own PoW.

The main disadvantage is the good fun to be had if Bitcoin ever does a
SPV visible hard fork... and on top of that, miners could in theory
censor your firmware updates!

1) https://petertodd.org/2013/disentangling-crypto-coin-mining

2) https://www.blockstream.com/sidechains.pdf

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160318/021b62a4/attachment.sig>


More information about the cryptography mailing list