Bitmain has actually discovered and used a vulnerability in SHA256 hash function to their own benefit before. It took months, but people eventually found out.
While the situation is concerning, it’s not like there are no eyes on what bitmain is doing. These days you can reflash the software on their machines, or eve use your own custom control boards if you wish. The guys from Braiins are doing some amazing work in this regard.
Yeah, there’s lots of hypothetical routes. Braiins or similar getting a poisoned repo would be my bet for a real attack, but I was mostly considering how much of an impact it would have to, say, slip a few tens of millions to a handful of TSMC (or buy 15% of NVIDIA…) design engineers to include something on the compute dies. The specific issue with ASICs is that manipulations could be present below firmware, baked in at the physical silicon level, and with modern lithographic densities there’s essentially no mechanism for anyone to check to make sure that hasn’t happened.
Bitmain has actually discovered and used a vulnerability in SHA256 hash function to their own benefit before. It took months, but people eventually found out.
While the situation is concerning, it’s not like there are no eyes on what bitmain is doing. These days you can reflash the software on their machines, or eve use your own custom control boards if you wish. The guys from Braiins are doing some amazing work in this regard.
Yeah, there’s lots of hypothetical routes. Braiins or similar getting a poisoned repo would be my bet for a real attack, but I was mostly considering how much of an impact it would have to, say, slip a few tens of millions to a handful of TSMC (or buy 15% of NVIDIA…) design engineers to include something on the compute dies. The specific issue with ASICs is that manipulations could be present below firmware, baked in at the physical silicon level, and with modern lithographic densities there’s essentially no mechanism for anyone to check to make sure that hasn’t happened.