Public Pastes
SHARE
TWEET

Summary of merkle grinding, covert asicboost.

a guest Apr 5th, 2017 1,479 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Summary of merkle grinding, covert asicboost.
  2.  
  3. So the header format is https://en.bitcoin.it/wiki/Block_hashing_algorithm
  4.  
  5. version(4bytes) prevBlock (32bytes) merkleRoot (32bytes) time (4bytes)
  6. bits (4bytes) nonce (4bytes) = 80 bytes.
  7.  
  8. sha256 works on 64 byte chunks so that will be processed in two chunks.
  9.  
  10. the 64-bit message length is appended to the data after 1 or more
  11. 0bytes to pad to 64 bytes so what is actually hashed is:
  12.  
  13. there is an inner hash and an outer hash.  inner first, data hashed is
  14.  
  15. inner hased data =
  16. version(4bytes) prevBlock (32bytes) merkleRoot (32bytes) time (4bytes)
  17. bits (4bytes) nonce (4bytes) <40bytes of 0> loCount (4byte value 80)
  18. hiCount (4bytes)
  19.  
  20. hiCount is always 0.
  21.  
  22. IV is magic constants.
  23.  
  24. stateA = transform call A( IV, version || prevBlock[0-31] || merkleRoot[0-27] )
  25.  
  26. inner digest = transform call B( stateA, merkleRoot[28-31] || time ||
  27. nonce || <40bytes of0> || loCount || <4bytes 0> )
  28.  
  29. outer hashed data = <inner digest> || <28bytes 0> || loCount (4 byte
  30. value 32) || <4bytes 0>
  31.  
  32. outer = transform call C( IV, <inner digest> || <28bytes 0> || loCount
  33. (4 byte value 32) || <4bytes 0> )
  34.  
  35. if target outer bits == 0 found proof of work.
  36.  
  37.  
  38. stateA is precomputed and transform call 1 only done when extraNonce
  39. changes, which changes merkleRoot.
  40.  
  41. so the most work is repeating call B by changing nonce (and maybe some
  42. low order bits of time) and then calling transform call C.
  43.  
  44.  
  45. now transform itself is in two parts.
  46.  
  47. W array = transform_part1( data )
  48. state = transform_part2( state, W )
  49.  
  50. part1 does 13 operations of various things rightrotate, rightshift,
  51. xor, 32bit unsigned add 48 times.  importantly transform_part1 does
  52. not depend on state and so doesnt depend on the first block.
  53.  
  54. part2 does 23 operations of various rightrotate, xor, and, 32-bit
  55. unsigned add 64 times.  it costs more than part1.
  56.  
  57. now if we precompute multiple merkleRoots that have the same last
  58. 4bytes, then transform_part1 in transform call 2 can be reused like
  59. this:
  60.  
  61. expensive precompute eg FPGA
  62. (mrA,mrB,mrC,mrD) = precompute_merkle_collision()
  63. such that mrA[28..31]==mrB[28..31]==mrC[28..31]==mrD[28..31]
  64.  
  65. cheap precompute
  66.  
  67. stateA1= transform call A( IV, prevBlock, mrA[0-27] )
  68. stateB1= transform call A( IV, prevBlock, mrB[0-27] )
  69. stateC1= transform call A( IV, prevBlock, mrC[0-27] )
  70. stateD1= transform call A( IV, prevBlock, mrD[0-27] )
  71.  
  72. then repeat in loop changing 4 byte nonce, and some low bits of time maybe.
  73.  
  74. inner W = transform_part1( mrA[28-31] ||  || time || nonce || <40bytes
  75. of0> || loCount || <4bytes 0> )
  76.  
  77. inner digest A1=transform_part2( stateA1, inner W )
  78. inner digest B1=transform_part2( stateB1, inner W )
  79. inner digest C1=transform_part2( stateC1, inner W )
  80. inner digest D1=transform_part2( stateD1, inner W )
  81.  
  82. outerA = transform call C( IV, <inner digest A1> || <28bytes 0> ||
  83. loCount (4 byte value 32) || <4bytes 0> )
  84. outerB = transform call C( IV, <inner digest B1> || <28bytes 0> ||
  85. loCount (4 byte value 32) || <4bytes 0> )
  86. outerC = transform call C( IV, <inner digest C1> || <28bytes 0> ||
  87. loCount (4 byte value 32) || <4bytes 0> )
  88. outerD = transform call C( IV, <inner digest D1> || <28bytes 0> ||
  89. loCount (4 byte value 32) || <4bytes 0> )
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top