Bitcoin 2019: Establishing Open Source Firmware for Miners, Jan Čapek.


Good morning everybody. This is gonna be
really hard after Edward Snowden’s speech, Lyn Ulbricht’s keynote, and
Nazomi’s summary, but I will try to follow up on all these principles that
try to cover our privacy freedom issues. With one of the last remaining concerns
that we may have in the Bitcoin ecosystem, which is the lack of open
source and Bitcoin mining. Let me ask you a question. Do you guys know why we need
mining, except for minting the coins? Charlie, yeah.
One person. Okay. Two. Three. Four, okay. So basically the mining is the precondition
to have a secure blockchain, right. It is the thing that makes our Bitcoin free
and permissionless because we don’t have to ask any entity to confirm our
transactions, to roll them back, and so on. So we should realize that it’s really
important to understand what is mining the Bitcoin, and why we should have a
look at it and check if it’s really so transferred and then open source that if
it’s not doing something else that you were expecting. How do we get to this
point? The Bitcoin history started somewhere
like 2009, right. And essentially at that time we used to have all the open source
code available. We had the Bitcoin node, it was actually able to mine bitcoins at
the time because the original idea of Satoshi was that, you know, you have one
CPU, one vote. This started changing very quickly because Bitcoin has an embedded
algorithm that incentivizes people to join the network and mine the coins.
However since the network is controlling the inflation rate, it fights back the
miners by increasing the network difficulty. So it’s invest intentions of
the miners to improve their mining algorithms and make them more efficient
and fast. So originally we had this situation where there was a CPU
and we had a software called CG minor, which was fully transparent,
open-source, auditable, and the minor was essentially this piece of software and
your laptop or your machine or whatever. This started changing in the next phase
when people discovered we could probably try to compile a sha-256 kernel
into GPU and see if it’s performing better. So this was the next generation
of the miners and it was still CG minor. But I’m sure that there were some
grooves that had some more efficient kernels for the GPUs and some of them
had not that efficient ones. But still there was no questionable thing because
nothing obliges you to publish your work. You can use it to your own
advantage, there’s no problem with that. The next stage in mining and you see the
CG minor like slowly disappearing. We have the FPGAs which was the testbed for the final stage when we had dedicated devices. With the FPGAs the
situation was still pretty good because it was a commodity hardware. You can buy
an FPGA board. If you’re skilled enough you can write your FPGA
code and then you can control the FPGA with CG minor. CG minor still has quite
a few beckons for FPGA mining. However all this stuff got obsoleted by this.
These are called ASICs. The ASIC abbreviation means application-specific
integrated circuit. So essentially these devices contain dedicated chips that had
been previously prototype on the FPGAs. And that’s when the minor devices get
professionalized. And there were companies actually entering the industry
and trying to make business of it. This is not a problem. This is a fact. But the
problem is that there is like nothing much left of the CG minor, except for the
mining front. And that talks to the mining servers out there, to
the pools and so on. But the device itself is already quite complex because
it’s usually a fully fledged computer. So it contains many more components
than just the CG minor package. And you may want to ask yourself like what it is
doing in the background, except for mining? Is it like really mining all the
time for me or is it using a little bit of the mining shares to its advantage?
I don’t know. Essentially
where we got today is we don’t have a transparency and auditability in the
mining firmware that’s running out there. And we had a quite a few incidents that
demonstrate the the need for changing this. As one example there was a famous
incident called — where the miners were actually calling home to the
manufacturer and it allowed remote control of the devices. I mean it’s been
advertised that it’s actually a feature not a malicious bug
but if that feature got exploited massively without people knowing, since
the majority of these devices were – actually that was the mass of
the hash rate in the ecosystem – we could have serious problems securing our
blockchain if you can shut down the miners, right. Another example which was
not like malicious in a way that you could like shut down something but there
were devices that had features that allowed some miners to run in a more
energy safety way. So you could save up to 13 percent energy for those who are
from the industry it’s called — and the problem is not with the
technology itself. It’s a feature, but their problem is they didn’t tell you.
They would tell you ‘oh it cannot do a single.’ Bullshit. It was able to do it and
we published a paper last year about this problem, and it
actually made the manufacturer publish a fixed part of their of their firmware –
which is the the part that is running in the control board on the FPGA that’s
controlling the edge boards – that magically had this feature enabled that
was not breaking the mining shares anymore. So that’s the second example, and I
like to say it as an example for real life. Like when you buy a car and the
manufacturer tells you ‘oh you can’t do reverse, you have to push your car by
hand to your garage.’ Is that ok? Would you like the car? Well if you have no other
option you would buy the car, right? But what if they tell you after two years,
‘oh by the way if you press this button I give you a firmware update you can
actually do reverse.’ So all that work is wasted, right? And that wasting 30% of
like word energy on this it could be a serious issue. I don’t know, people don’t
care. And then we have like latest updates that actually try to take away
control from the people. And it’s actually a pretty serious issue because
we have groups of people who are actually forming, yeah like hackers
groups, that they try to jailbreak their firmware so that they can control it
again. They cannot ssh to the miners anymore
these are like the latest manufacturer features. So these are like three
examples that I personally, we personally, find really puzzling that should be
addressed. So what can we do about it? Well
it’s easy right? Cypherpunks write code, so let’s get back to the code and start
an initiative that would be like the central point. If I’m a manufacturer of
an arbitrary device, your toaster, and I want to run a Linux scrilla I go
to windowschrome.org I download it and I write the software for my
toaster and I publish it – usually because I don’t want to maintain the service all
the time and then I keep selling my toasters, right. But the users who don’t
care we don’t like how the toaster behaves they would just they can fix it
they can change it whatever. So let’s start the initiated. We actually took the
step already and it’s called brains OS. We did last year in September shortly
before we were publishing the paper about the ASIC booth problem. And then
the main motivation was actually to show that it is possible to have a central
point that’s providing a consistent and open-source package also not just
the CG minor but everything you need to have to run on your minor. Because you
want to be sure that it’s mining to the full performance. What if it’s not? So
this is my last last message there was somebody out there online saying if you
don’t hear it if you don’t own your keys it’s not your Bitcoin so if you don’t
own your firmware it is not your miner it’s not your hardware. Thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *