I love the idea of giving out bounties to anyone who can speed up the miners.
If you’ve found a speed-up it makes far more sense to claim the bounty now than to hope nobody else notices before a public chain launches and becomes valuable.
I read the whitepaper last night, it’s worrying that SipHash is being used in this way. A second-preimage attack against SipHash could help speed up the low-memory algorithm and SipHash wasn’t explicitly designed to be secure against those when the secret key is known.
One detail that bothers me is that SipHash is being used in Cuckoo PoW
in a way that the attacker gets to control all the inputs to SipHash,
and that is not what SipHash was designed to resist. SipHash was
designed to resist an attacker who doesn’t control — and actually
doesn’t even know — the key. There’s a possibility (although it
seems unlikely to me) that an attacker could exploit something about
the way Cuckoo uses SipHash to find Cuckoo solutions faster than by
treating SipHash as a random oracle.
I love the idea of giving out bounties to anyone who can speed up the miners.
If you’ve found a speed-up it makes far more sense to claim the bounty now than to hope nobody else notices before a public chain launches and becomes valuable.
I read the whitepaper last night, it’s worrying that SipHash is being used in this way. A second-preimage attack against SipHash could help speed up the low-memory algorithm and SipHash wasn’t explicitly designed to be secure against those when the secret key is known.
Zooko says it better than I can: