Bitcoin Forum

Bitcoin => Development & Technical Discussion => Topic started by: pengcqu on October 22, 2013, 01:20:22 PM



Title: If one day, people find Bitcoin is no longer safe. How about the feature of btc?
Post by: pengcqu on October 22, 2013, 01:20:22 PM
If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?


Title: Re: If one day, people find Bitcoin is no longer safe. How about the feature of btc?
Post by: pengcqu on October 22, 2013, 01:21:19 PM
It would happen in feature.


Title: Re: If one day, people find Bitcoin is no longer safe. How about the feature of btc?
Post by: gmaxwell on October 22, 2013, 01:34:31 PM
I'm sure your english is much better than my ability to speak whatever language that you're native in, but I still can't understand your question.

Perhaps you could also try google translate?


Title: Re: If one day, people find Bitcoin is no longer safe. How about the feature of btc?
Post by: piotr_n on October 22, 2013, 01:43:49 PM
There have been uncertainties concerning the security of ECDSA.
We still don't know how they chose the curve params and it doesn't seem that they are going to tell us.

It would be useful to at least add support for RSA/DSA signed transaction, in parallel to the ECDSA.
Then people could at least diversify their savings - e.g. split it 50:50 between ECDSA and RSA protected addresses.

This kind of change needs a hard fork and so the sooner you put it in, the better.


Title: Re: If one day, people find Bitcoin is no longer safe. How about the feature of btc?
Post by: Rannasha on October 22, 2013, 02:30:34 PM
If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?

Bitcoin addresses can't be "cracked" by simply using a more powerful computer. Not now, not in 10 year, not in 1000 year. The amount of bruteforce computation power required would use up all the energy in the universe.

Of course, if a flaw is found in the algorithm that is used to generate bitcoin addresses from private keys, it's a different story alltogether.


Title: Re: If one day, people find Bitcoin is no longer safe. How about the feature of btc?
Post by: piotr_n on October 22, 2013, 02:48:10 PM
Bitcoin addresses can't be "cracked" by simply using a more powerful computer. Not now, not in 10 year, not in 1000 year. The amount of bruteforce computation power required would use up all the energy in the universe.
We are not talking about bruteforcing, per se.

The whole security of ECDSA is based on the assumption that the sign function (which takes the hash, random R and private key D, calculating S that corresponds to the public key) cannot be reversed with far fewer resources, using some not yet publicly known algorithm.

The math behind it is quite complex and the mathematicians are not entirely certain whether it is in fact impossible to reverse the function.
In other words: it has not been mathematically proven that it is impossible to calculate D, having the public key, the hash, R and S.

Moreover: we know for sure that if you reuse the same R with a different hash, the way to calc D is pretty straight forward.
Now, using a different R the only thing that makes calculating D not straight forward is a magic behind a shape of the curve...
And the curve has been shaped by people who don't tell us how they did it :)


Title: Re: If one day, people find Bitcoin is no longer safe. How about the feature of btc?
Post by: drawingthesun on October 22, 2013, 02:51:18 PM
The amount of bruteforce computation power required would use up all the energy in the universe.

I am not sure about this.

http://www.wolframalpha.com/input/?i=10%5E21+x+60+x+60+x+24+x+365+x+9+x+10%5E9+x+4.5+x+10%5E9 (http://www.wolframalpha.com/input/?i=10%5E21+x+60+x+60+x+24+x+365+x+9+x+10%5E9+x+4.5+x+10%5E9)

http://en.wikipedia.org/wiki/Orders_of_magnitude_(numbers)#1021 (http://en.wikipedia.org/wiki/Orders_of_magnitude_(numbers)#1021)

WolframAlpha says if 9 billion computers hash at one sextillion hashes per second for 4.5 billion years (age of Earth) then you will exhaust the entire supply of addresses.

Obviously this is a huge number, but I doubt all the energy of the universe would be required to do this operation.


Title: Re: If one day, people find Bitcoin is no longer safe. How about the feature of btc?
Post by: DannyHamilton on October 22, 2013, 03:02:37 PM
The whole security of ECDSA is based on the assumption that the sign function (which takes the hash, random R and private key D, calculating S that corresponds to the public key) cannot be reversed with far fewer resources, using some not yet publicly known algorithm.

The math behind it is quite complex and the mathematicians are not entirely certain whether it is in fact impossible to reverse the function.

Use a new address for every transaction (as suggested in the white paper).

Problem solved.

Now, the only way to steal coins is to reverse the RIPEMD-160 hash function to find a valid SHA-256 hash
AND
then reverse the SHA-256 hash function to find a valid public key
AND
then reverse the public key generation to find a valid private key

All without having a signature to work from.

If any one or two of these functions become weak due to some newly discovered exploit, the bitcoins will continue to be protected by the remaining functions, allowing time for the bitcoin community to replace the weakened cryptographic functions.


Title: Re: If one day, people find Bitcoin is no longer safe. How about the feature of btc?
Post by: piotr_n on October 22, 2013, 03:04:21 PM
The whole security of ECDSA is based on the assumption that the sign function (which takes the hash, random R and private key D, calculating S that corresponds to the public key) cannot be reversed with far fewer resources, using some not yet publicly known algorithm.

The math behind it is quite complex and the mathematicians are not entirely certain whether it is in fact impossible to reverse the function.

Use a new address for every transaction (as suggested in the white paper).

Problem solved.
Not quite.
Because before your transaction gets mined, the public key and R is still exposed to the world and if someone can calc the D from it fast enough, he can spend your money before you.


Title: Re: If one day, people find Bitcoin is no longer safe. How about the feature of btc?
Post by: drawingthesun on October 22, 2013, 03:06:28 PM
To put this into perspective, if we cloned the fastest supercomputer in the world right now and made one for every atom in not one, but 100,000 people, we would have the capability to crack Bitcoin addresses through brute force.

Math: (speed of current top super in flops, times amount of atoms in a human times 100,000, this gives 1 order of magnitude larger than needed to assume 10 flop operation equilviant is required for creating a Bitcoin addresses and testing balance)
http://www.wolframalpha.com/input/?i=38+x+10%5E15+x+7+x+10%5E27+x+10%5E5

Top super: http://en.wikipedia.org/wiki/Tianhe-2


Title: Re: If one day, people find Bitcoin is no longer safe. How about the feature of btc?
Post by: DannyHamilton on October 22, 2013, 03:14:43 PM
The whole security of ECDSA is based on the assumption that the sign function (which takes the hash, random R and private key D, calculating S that corresponds to the public key) cannot be reversed with far fewer resources, using some not yet publicly known algorithm.

The math behind it is quite complex and the mathematicians are not entirely certain whether it is in fact impossible to reverse the function.
Use a new address for every transaction (as suggested in the white paper).

Problem solved.
Not quite.
Because before your transaction gets mined, the public key and R is still exposed to the world and if someone can calc the D from it fast enough, he can spend your money before you.

True, if ECDSA was so broken that the private key could be calculated in minutes (or faster) instead of days.

Your bitcoins would be safe so long as you don't try to spend them.  If (after ECSDA is so broken) you were going to try to spend bitcoins that were received at a legacy address (one requiring an ECDSA signature), then it would require that there be some trusted mining operations.

You could then submit the transaction directly to the trusted mining operations, bypassing all other peers.  The mining operations would need to be trusted not to re-broadcast the transaction, and not to take advantage of the ECDSA weakness. When you spend the bitcoins, you would want the receiving address to use the new unbroken signature and/or hash functions.


Title: Re: If one day, people find Bitcoin is no longer safe. How about the feature of btc?
Post by: waltermot321 on October 22, 2013, 03:17:54 PM
If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?

Bitcoin addresses can't be "cracked" by simply using a more powerful computer. Not now, not in 10 year, not in 1000 year. The amount of bruteforce computation power required would use up all the energy in the universe.

Of course, if a flaw is found in the algorithm that is used to generate bitcoin addresses from private keys, it's a different story alltogether.

Anything is possible, I remember people saying Litecoin is anti FPGA..


Title: Re: If one day, people find Bitcoin is no longer safe. How about the feature of btc?
Post by: Come-from-Beyond on October 22, 2013, 04:00:27 PM
Now, the only way to steal coins is to reverse the RIPEMD-160 hash function to find a valid SHA-256 hash
AND
then reverse the SHA-256 hash function to find a valid public key
AND
then reverse the public key generation to find a valid private key

Why does someone need to reverse an algo to get exact match? Probabilistic approach combined with brute force gives results much faster. Read more - http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.215.1617&rep=rep1&type=pdf


Title: Re: If one day, people find Bitcoin is no longer safe. How about the feature of btc?
Post by: DannyHamilton on October 22, 2013, 04:13:45 PM
Why does someone need to reverse an algo to get exact match?

Poor choice of words on my part.

When I said "reverse the . . . hash function", I meant to do the opposite of what the hash function is intended to do, regardless of the method chosen.

In other words, a hash function is designed to provide a digest when given a message.

When I say "reverse the . . . hash function", I mean to provide a message when given its digest. The conditions on the message being that it is exactly 256 bits long and has the given digest as the result of performing the intended hash on it.


Title: Re: If one day, people find Bitcoin is no longer safe. How about the feature of btc?
Post by: hayek on October 22, 2013, 04:29:20 PM
but potato?


Title: Re: If one day, people find Bitcoin is no longer safe. How about the feature of btc?
Post by: oleganza on October 22, 2013, 06:41:11 PM
If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?

If one day something about Bitcoin is cracked, it will be fixed, bogus transactions reverted by miners, some people will lose some money and then life will go on. Abandoning Bitcoin is equivalent to everyone losing all their wealth. That's not going to happen without a fight.


Title: Re: If one day, people find Bitcoin is no longer safe. How about the feature of btc?
Post by: pengcqu on October 25, 2013, 09:20:18 AM
If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?

Bitcoin addresses can't be "cracked" by simply using a more powerful computer. Not now, not in 10 year, not in 1000 year. The amount of bruteforce computation power required would use up all the energy in the universe.

Of course, if a flaw is found in the algorithm that is used to generate bitcoin addresses from private keys, it's a different story alltogether.

Anything is possible, I remember people saying Litecoin is anti FPGA..

I agree this point. Maybe after few years, current trade methods are not safe.


Title: Re: If one day, people find Bitcoin is no longer safe. How about the feature of btc?
Post by: inform on October 25, 2013, 12:54:50 PM
i think litecoin must be future