hush
/
hush-v3-whitepaper
8
0
Fork 1
Code Issues 1 Pull Requests Projects Releases Wiki Activity
Browse Source

Yep

master
Jonathan "Duke" Leto 5 years ago
parent
b29062f4fa
commit
08a6d9e799
2 changed files with 98 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. BIN
      hush-v3.pdf
  2. 101
      hush-v3.tex

BIN
hush-v3.pdf
View File

Binary file not shown.

101
hush-v3.tex
View File

@ -624,9 +624,6 @@ ac\_end = 5922239 - (number of blocks in old Hush chain) - (zero block reward tr
ac\_end = 5922239 - 500000 - 128
ac\_end = 5422111
TODO: deal with asset magic epsilon, which could be up to 10? blocks of BR
average case it will be 5 blocks, worst case 10, so 5422101 would enforce just less than 21M
To clarify, Hush will have a consensus rule that block rewards stop at block
5422111 which will enforce a total supply of 21M coins.
@ -662,6 +659,104 @@ our maintenance burden to merge upstream code.
\nsection{Cryptopia Attack}
Delayed-Proof-of-Work had been implemented in Hush in early 2018 but took many
months to finish testing and be pushed to mainnet. During this time, an
enterprising attacker probably saw that their window to attack HUSH was closing.
This attacker performed a series of 51\% and double spend attacks against
Cryptopia, between August 28th and September 21st 2018 It was designed to use
amounts small enough to evade daily limits or fraud detection.
There were dozens of block reorganizations longer than branchLen=2, the largest
being a reorganization of:
\begin{quote}
At Fri, 21 Sep 2018 07:00:50 GMT the subchain
00000009abdccd07615216765b17f99fbfc50e4106efe7bee2e4ca22810b0fa3..
000000028afb1daccbd0ac17d8685deeb0d072fdc5d4609209dd68675f873611 (46 blocks)
was orphaned and replaced by
00000009abdccd07615216765b17f99fbfc50e4106efe7bee2e4ca22810b0fa3..
000000038aadc3d77ae6df320e51168e6215f9abe62b65b51633715f719773bc (45 blocks)
\end{quote}
Note that the above block hashes must be looked up on a legacy HUSH block
explorer such as https://explorer.hush.zelcore.io and additionally, the orphaned
block will not be in the main chain and only will exist as an orphaned block on
nodes which originally saw that invalidated chain.
Via blockchain analysis and detailed transaction logs from Cryptopia, who gave
us details about which addresses the attacker was using, it was determined
that the following addresses are owned by the Cryptopia Double Spend Attacker,
with old HUSH v2 addresses on the left and new HUSH v3 addresses on the right.
\begin{quote}
651000 HUSH t1bEBr1LdBQtHun7B5L82R65FgpWyyWFx8L = RSdmvBomouuGP9RUc5J2NoJYCRnVqT3j5V
29279.8 HUSH t1KttMaacGw17oFitV448TGfwM2yovm4g6Q = RBJURm3kuS26Gd3C1oE8QyuDreFKpkNT2Z
\end{quote}
These two addresses own a total of ~680,000 HUSH which was not dispersed to the
equivalent addresses on the new HUSH v3 mainnet. These funds currently remain in
the HUSH Founders Reward wallet and will be used to reimburse all who were
stolen from at Cryptopia, which will enable HUSH trading to resume. Any remaining
funds will be used for additional exchange listings.
\nsection{Immutability of HUSH v2 + v3}
Please note that the immutability of the legacy Hush mainnet or new Hush v3
mainnet was never compromised. The Bitcoin Protocol was observed strictly and
Hush did not do what other coins have done in similar situations which is to
actually backdoor the Bitcoin Protocol itself, and make it such that certain
pubkeys can make transactions which they shouldn't, to spend funds which were
lost or stolen, etc. This was deemed unacceptable, for obvious moral, security
and financial reasons.
Instead, we have chosen to keep our original intentations, which is that we do
not believe that forcibly turning off peoples nodes is right. So people on the
legacy Hush chain are free to continue using it. They should note, that the
Sprout Inflation bug is still waiting to be exploited there and that DPoW is no
longer active (the last notarization was Block 501080), so 51\% attackers have a
playground.
Every user of Hush gets to decide if they choose to keep using the v2 or v3
chain and no user is forced to use either. This way embraces decentralization
at the very core, since we do not force our choices upon our users. They
get to decide which chain goes forward.
\nsection{Sprout Inflation Bug Playground}
Let it be known that HUSH v2 mainnet is considered a Sprout Inflation bug
playground, and there is a bounty of 500 HUSH for a script which makes it
trivial to exploit the Sprout inflation bug and generate arbitrary amounts
of funds insize of a Sprout zaddr.
Developers and information security researchers are directed here for more
info: https://github.com/MyHush/hush3/issues/7
\nsection{Dispersing Funds To The New Mainnet: Swapping Airdrop}
This process is sometimes called an "airdrop" because the technical process of
sending funds to addresses is the same, but HUSH v3 is technically a "coin
swap", since we do not support our legacy chain.
A total of 3127 transactions with "sendmany" were made to complete sending funds
to ~31,000 unique addresses which contained funds on the Hush v2 blockchain as
of the snapshot block of 500,000. This data was extracted via the "getsnapshot"
RPC which I helped write for Komodo and ported to Hush v2.
Full data is available here:
https://github.com/MyHush/hush3/blob/duke/contrib/snapshot/snapshot\_500000.json
The actual script used to disperse funds can be found here:
https://github.com/MyHush/hush3/blob/duke/contrib/snapshot/airdrop\_hush3.sh
\nsection{Special Thanks}
Special thanks to jl777 and the greater Komodo community for inspiring a new

Write Preview
Loading…
Cancel
Save