1. 5

  2. 3

    I love the idea of giving out bounties to anyone who can speed up the miners.

    If you’ve found a speed-up it makes far more sense to claim the bounty now than to hope nobody else notices before a public chain launches and becomes valuable.

    1. 2

      I read the whitepaper last night, it’s worrying that SipHash is being used in this way. A second-preimage attack against SipHash could help speed up the low-memory algorithm and SipHash wasn’t explicitly designed to be secure against those when the secret key is known.

      Zooko says it better than I can:

      One detail that bothers me is that SipHash is being used in Cuckoo PoW in a way that the attacker gets to control all the inputs to SipHash, and that is not what SipHash was designed to resist. SipHash was designed to resist an attacker who doesn’t control — and actually doesn’t even know — the key. There’s a possibility (although it seems unlikely to me) that an attacker could exploit something about the way Cuckoo uses SipHash to find Cuckoo solutions faster than by treating SipHash as a random oracle.