Vulnerability found that affects privacy of OLD miners, including Satoshi

[Sergio_Demian_Lerner]

Check the thread https://bitcointalk.org/index.php?topic=178629.0 or my blog http://bitslog.wordpress.com/2013/04/17/the-well-deserved-fortune-of-satoshi-nakamoto/.

The loss of anonymity can give Bitcoin economists and historians a great opportunity to compute interesting metrics about mining in general and the role of Satoshi in the project inception years.

The vulnerability relies on the use of the extraNonce field. The extraNonce fields increments every time the nonce fields (which is 32 bits) overflows, so it's a slow realtime clock, until the application is restarted, in which case it goes back to 1.

I haven't checked all versions of the Satoshi client, but I believe  all are affected by the vulnerability.
 
GMaxwell have carefully analyzed each version and found that only the oldest ones were vulnerable, but not after October 2010 (e.g. v0.3.14) .

Best regards, Sergio.

[Rampion]

Sergio: you are brilliant.

Thanks for your work!

[gmaxwell]

I haven't checked all versions of the Satoshi client, but I believe  all are affected by the vulnerability.

When you say you haven't checked 'all versions' you mean to say 'any versions except one really old one'?

Currently it's reset on every block:

Code:

    if (hashPrevBlock != pblock->hashPrevBlock)
    {
        nExtraNonce = 0;
        hashPrevBlock = pblock->hashPrevBlock;
    }

I don't mind correcting you because that took all of two seconds ... but ... really?  "vulnerability"?

What is your motivation in not spending two seconds to actually look before claiming that "all are affected by the vulnerability"?

Even back in October 2010 (e.g. v0.3.14):

Code:

            if (nNewTime != pblock->nTime && bnExtraNonce > 10)
                bnExtraNonce = 0;

It also spent some time with the wrap at 0x7f.

[Sergio_Demian_Lerner]

Great GMaxwell!

Now we see your work with mine work can be complemented.

It didn't understood the "if (hashPrevBlock != pblock->hashPrevBlock)" line of code, so I thought the counter only reset on orphan blocks..

[gmaxwell]

so I thought the counter only reset on orphan blocks..

Why did you claim it was only reset on restart?

[🏰 TradeFortress 🏰]

Nice find Sergio. Quite old vulnerability through

[Sergio_Demian_Lerner]

so I thought the counter only reset on orphan blocks..

Why did you claim it was only reset on restart?

Because I know nothing about Bitcoin.

If you paid me a salary I would spend time checking every word I said. Because I'm not being paid, I use vague words so people that work on Bitcoin AS A JOB can go and check all the infinite ramifications of my words, and they should, because their money is at stake and I'm a human being that can be mistaken.
 

[gmaxwell]

I hereby grant you exactly the salary I receive for working on Bitcoin.