7 comments

[ 5.9 ms ] story [ 22.0 ms ] thread
(comment deleted)
(comment deleted)
This seems to not solve the problem for a variety of reasons, probably most trivially if Bitcoin is compromised you can't use Bitcoin to check if Bitcoin is compromised, so you need other software to validate the chain.
The assumption is there are nodes already running from previous releases.
Regarding this particular attack, isn't it addressed by reproducible builds?

If the bitcoin software binaries are being replaced by nefarious actors, the hashes would conflict by those generated by source compilation. Is there a reason this doesn't work?

No, that works fine, and Bitcoin Core uses reproducible builds signed by many different people. The post seems to be attempting to address the chain of trust of the PGP keys instead, but whether it succeeds at doing so is questionable. Certainly if a "blockstack id" can only be owned by one person, it's worse.