I'm impressed!!!
Thanks!
1. Miners have to provide a <=32byte long "seed" called the "multiplicator" instead of the direct integer arguments.
2. Then a random number stream is derived from the public key of the sender, the workId and the 32 byte long seed by hashing those values using sha256.
I think that including the workId (this is derived from the block hash wher the work is published iirc?) probably closes at least one other attack on my list. Prior to this change, a job publisher could also precompute PoW certificates for the work to return those funds to himself immediately after publishing...
3. This random number stream is then used to obtain exactly 12 random integers which are then passed to the ElasticPL program.
This does seem to prevent the basic work stealing problem. If you actually fill the entire memory space it would also mitigate (but not entirely prevent) another attack still on my list.
THANKS FOR SHARING!!! I HOPE TO GET MORE HINTS ON HOW TO "DECONSTRUCT" XEL SOON ;-)!!
The laundry list is still growing. I'm finding a few new attacks each day, and with the weekend now here I'll have some time to *really* focus again.