Also I would point out this "news" is from 2010.
So they are up to 42 now then  Something like that. Everyone panic, IIRC in some limited applications the highest attack is on a 45 or 46 rounds. Attacks like those (with complexity of 2^120 or higher) can be considered impossible to implement. The attack with practical complexity (in theory could be built in our lifetime at insane cost) is 24 rounds. I am away from my home computer which has a folder of research articles so I am going off memory on those two records. |
|
|
|
|
I would also point out this "news" is from 2010.
Still even if this attack worked on the full SHA-2 algorithm the OP conclusion that one could create blocks infinitely fast isn't even close to accurate.
Still lets assume this attack worked on the full version of SHA-2 (64 rounds). It doesn't so none of this is possible at any amount of time or energy but to illustrate how silly the OP "conclusions" are lets assume this attack does work on the full SHA-2.
Today mining has a difficulty of ~900 million. That means it takes 3.86547E+12 (900 million * 2^32) hashes on average to solve a block. To put it into cryptographic terms that is a complexity of 2^72.
Attempting a preimage attack of an existing SHA-256 hash by brute force has a complexity of 2^256. So if you wanted to replace a block in the middle of the blockchain by brute force would require 2^256 attempts. That is why we consider blocks deep in the blockchain "safe" because it is infeasible to replace a block by preimage. Now an attacker can always build a longer chain to replace a block but that the deeper the block is the less probable that becomes (without 51% of hashrate).
So as a theoretical concept you can already replace a block in the blockchain it just requires an amount of energy and time that is beyond the life of our star. So how much does this attack improve that equation?
This attack has a complexity of 2^253.5. That's right 2 raised to the 253 1/2 instead of 256. So it is a staggering 5.6 times easier than a (for all practical purposes impossible) brute force attack [ 2^(256 - 253.5) ]. It is still 4.33455E+54 (that is 4 followed by 53 zeros) times harder than solo mining a block at difficulty 900 million [ 2^(253.5 - 72) ]. If the entire blockchain from the genesis block till today was all difficulty 900 million then the complexity of replacing the entire blockchain with a new one would be 2^90. So for any amount of computing power in the time it takes to preimage a single block or transaction (2^253.5) one could mine 16,535,003,495,550,700,000,000,000,000,000,000,000,000,000,000,000 complete unique alternate copies of the Bitcoin blockchain.
In mining terms for someone to preimage a block in 600 seconds would require 34,115,571,461,443,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 PH/s of computing power.
Summary:
This attack doesn't have any effect on the full (64 round) SHA-2 hash function. Researchers work on reduced round versions of algorithms because they are easier to break and it allows learning and progress which in theory someday over the course of years and decades could lead to an attack on the full algorithm. This isn't anything new or novel. There are at least 8 papers outlining similar theoretical attacks on reduced round versions of SHA-2. Also the OP is an idiot if he think "heat death of the universe" = "instantly mine blocks".
|
|
|
|
Has there been any mention of when batch 2 is "projected" to be shipped?
They "really" haven't even said when Batch 1 will ship. They have said they will ship Batch 2 right after Batch 1. There will be no artificial gap or delay. Yet another way that Batch 1 customers got screwed essentially they are Batch 2 customers who paid double the price for nothing. |
|
|
|
Not to embarrass anyone, but I will have to say that you can't measure the passive resistance of a device that is on with a multimeter. It makes a lot of sense that the multimeter is measuring a slowly decreasing resistance when that happens. (Exceptions apply, but this is probably not the case here) Not sure but I don't think he means measured while operating (as in resistance is declining in real time). More likely rig is off resistance is measured. Rig operates for some times (weeks? months?) user notices hashrate is higher, turns off rig and measures resistance which is now higher. |
|
|
|
The point that I'm trying to get a cross here is that over-engineering something is a good thing when you can do it without an unreasonable increase in cost.
This is one thing I don't know why more companies don't do. Simple way to overengineer .... include a second power connector. It is like a $0.20 part (probably less in high volume) and it adds maybe $0.02 to asembly cost. Just attach both connector to the same power plane. When running close to the limit it is an easy way to add "insurance". Given that consumers may be using unknown power supplies from unknown companies it is a way to spread out the load and if the pins in a connector are slightly loose (increased resistance) it may be enough to prevent a fire. This is one reason why the PCIe standard is so conservative. Yeah a 6 pin connector "can" handle 300W assuming a tight fit (hot often will a consumer push the connector in but it doesn't seat fully and results in increased resistance), the power supply company didn't cut corners, some knock off OEM didn't cheap out and use 20 AWG wiring instead of 18 AWG or use some chinese knock off just slightly out of spec crimp pins instead of ones by Molex or other major part supplies. In the real world lots of things can happen which are unpredictable. A graphics card which pulls 150W from the PCIe connectors will normally use two 6 pin instead of 1 pin pin. It is pulling 75W per connector for one which optimally should be able to handle 300W. That overengineering is cheap insurance. Say it adds $0.12 in cost to a $120 card ($199 retail). If it reduces the warranty failure rate by 0.006% you broke even. |
|
|
|
Ciara is based in Canada. I wonder how long it will take to pass customs.
Customs out of Canada? Probably breeze right through. Ciara makes their $$$ by ensuring their clients get product pushed out around the world. I am sure they have custom reps which will come to the factory floor. Customs benefits, the company benefits, Canada benefits (jobs & taxes). A production and distribution company which can't distribute doesn't have much value in the global economy. The larger issue is your local customs. This is the busy shipping time of the year. If there ever was a time which had a backlog it would be right now. That gets a little better after Christmas but depending on the country there could still be a backlog. So it could be: rapid ship out of Ciara rapid movement through customs rapid ship across the globe stuck "forever" in your local customs office  |
|
|
|
I would say the 120 day is a good long term indicator. Looking at it in log form going out 4 years shows it a little more clearly. http://bitcoincharts.com/charts/mtgoxUSD#rg1460ztgSza1gEMAzm1g120zm2g25zvzlIf the price bounces at the 120 day or "hugs" the 120 day (moves sideways with small dips and pops below and above the line) hen I would agree. The thing to watch for would be a sharp and strong move below the 120 day average. Something like a 20% break below the 120 day would be very bearing. In the short history of Bitocin there is only one instance in which that happened and when that support broke, the exchange rate fell 80% and it took six months to recover back to the trend line. So a big move below the 120 day is probably the closest thing to a long term bear market indicator that Bitcoin has. I know in the spec forum people like to call a 1 hour or 1 day move a "bear market" but late 2011 was the only real bear market Bitcoin has seen. That being said I put the chance of testing the 120 day as low and the chance of breaking through (aka Aug 2011) even lower. |
|
|
|
When the title reads "break 64 out of 64 steps" we need to be upgrade. 41 just isn't relevant.
This = the simple version. If SHA-256 used 41 rounds then it would technically be broken. I say technically because the attack requires an asinine amount of computing power and energy. Granted it is less than brute force but it is kinda like saying you are 35 and I have 85 then I am closer to living to be a thousand years old. The amount of computing power and time required for this attack means that it would have essentially no useful value although better attacks could be built off this in the future which reduce the time and computing requirements. Still SHA-256 doesn't use 41 rounds it uses 64 rounds so there is no vulnerability at this time.There have been similar "breaks" on reduced round versions of SHA-256 in the past although this one involves the largest number of rounds. |
|
|
|
They’ve started assembling Baby Jets (overnight tonight). They aim by night’s end to have the first round of assembly done for 400 Baby Jets.
They took the Baby Jets’ chassis’ out of their boxes and opened them up. Removed their drive bays and other unneeded components. Unboxed the Seasonic power supplies, attached and labeled their cables, and installed the supplies in the Baby Jets. Inserted the cooling unit and radiator. Added an additional chassis fan on the back of the box. Then screwed the chassis back together, put it back in its styrofoam packing material, and stacked each on pallets. So, the bulk of this update is something that they could have done back in October. Exactly what I was thinking. I suspect the "eagerness" of Caria is a euphemism for the fact Hashfast booked production lines at Ciara. And since HF arent ready yet, they just had Ciara do some silly things like unboxing and reboxing cases without PCBs. Not exactly the most efficient way to go about it. Which also points to the fact that HF 100% absolutely knew they were not shipping until Dec. They are using booked production time because it is use it or lose it. They didn't use any booked production time in Oct or Nov. Why? Because there WAS NO BOOKED PRODUCTION TIME. They knew they wouldn't even have raw chips when they promised delivery so who would be stupid enough to book production time. Sure this busy work saves some time but not that much. They didn't suddenly decide on Monday the 16th to start working on a whim. They are working because the client (HF) is paying regardless of if they work or not. HashFast always knew they were shipping Batch one late late late Dec and that wasn't a worst case scenario, it was the probable scenario. Oct & Nov was simply a lie to charge more. There are no Batch 1 customers, everyone is Batch 2 some just paid double for nothing. Now HashFast has run into some real delays (not the "fake" delays which brought the false Oct expectations to the always internally known real Dec timeline) and that might end up causing them to miss even their real deadline. |
|
|
|
|
If the OP is correct then why doesn't gold move 10%+ per day?
If the OP is correct then why does silver (a market which is about 5% that of gold) have daily volatility about 800% of that compared to gold (silver's relative beta is 8.0 compared to gold).
Larger markets are less volatile markets.
How do you think the exchange rates between major currencies pairs have so little volatility? Any guess on how huge the forex market is? Got a guess. I will give you a benchmark. The world GDP is $75 trillion .... got your guess now (you probably aren't even close) scroll down.
It is ~$1,800 trillion. That's right 1.8 quadrillion dollars annually to stabilize a global economy of $75 trillion. There are no small stable markets ever. Small and stable never go together. Bitcoin even at $10B is tiny compared to even silver ($550B) and silver is considered highly volatile as a "small" market compare to gold which is nearly 16x larger (~$8,000B) or 800x larger than Bitcoin. When Bitcoin is 800x larger it will take tens of billions of dollars to move the market a couple % and as result outside of huge events it won't move more than a couple percent.
|
|
|
|
|
He had 4,999 mBTC in 2048 must have been a rich corpse.
|
|
|
|
|
No not fully. There are some issues to resolve it is on the "to do" list. At the client level the wallet does maintain a pruned copy of the database to speed up transaction verifications but the full copy is still shared with other nodes.
|
|
|
|
So there is no way to compress it? I heard that compressed addresses use less space in the blockchain? What does that mean?
No but there are ways to prune it. The pruned database is currently ~12% of the size of the full historical database that % will drop over time. Compressed keys are public keys where only the x component is listed. The y component can be recreated as needed. There is no reason to use uncompressed keys, likely Satoshi was unaware of the advantage of compressed keys at the time Bitcoin was first created. Today all wallets use compressed keys by default, support for uncompressed keys only remains as "legacy" support for existing active uncompressed keys. |
|
|
|
A system with strong cryptography and high security where people could vote from their homes, that's what should be the ideal, if you ask me. Today there exist a page called norge.no where people can do a lot of stuff online. They have to log in, and they only get access through proving their identity. So there's nothing wrong about voting taking place at the same place. It is actually a non-trivial problem. If you login with your strong identity to vote then the government would know exactly who you voted for. That is kinda a bad thing in secret elections. There are potential solutions but understand that if it was that easy it would be already be done. Electronic voting if done wrong is very easy to manipulate and honestly governments are about the worst entities when it comes to making secure public systems. A good electronic voting system would a) only allow authorized persons to vote and only vote once b) not link the vote to any persons c) allow any person to validate their vote was counted (crowd sourced auditing) d) in the event a persons vote isn't counted provide a method to definitively prove or disprove the claim of voting irregularity. Until governments get it right, there is nothing wrong with good ole paper. |
|
|
|
AML/KYC regulations along with FINCEN guidence = companies doing this kinda stuff to protect themselves from being shutdown.
There is no AML/KYC regulation which requires a 30 day hold. Companies doing this kinda stuff is companies doing this kinda of stuff. |
|
|
|
Have you already purchased btc before? They place a 30 day hold for your first order, campbx used to/still does the same thing. If you don't like it I would suggest writing your congress people and telling them the regulations are too much.
There is no "regulation from Congress" requiring a 30 days hold. |
|
|
|
they don't do that because: - it's going to cause extra server load from thousands of people refreshing every 30 seconds to see whether their 0.0001 BTC no fee transaction went through
- it's extra work that does not benefit their customers (miners)
- it doesn't generate revenue
Offer it as a paid service. People pay for Level 2 quotes I am sure merchants would pay for "pool visibility". |
|
|
|
I can see reasons for them not doing this. One would be that they probably don't know. When the pools are looking for a block, they are, I believe, looking at many differnt combinations of transactions at the same time across their supporting miners. Another, they don't know what they will use next until they see what was used by the successfully found blocks. None of that is correct. These things are done by computers, there isn't some pool operater sitting there deciding which one to use.
Wouldn't that imply it is easier and fully automated for a pool to know and report what tx are in the current working block? |
|
|
|
|
Nice to see Bitcoin on the news in a segment that didn't either involve asinine amount of hype or laughable amounts of FUD. I am actually kinda shocked by what I just watched.
|
|
|
|
Something that scales to millions of transactions per second and has easy/cheap transfers of vending-machine size transactions is gonna win. But whatever it is (and it might even be a redesign of Bitcoin), it won't work exactly like Bitcoin works now.
millions of transactions per second is 100.000x more than Bitcoin can handle with 1 MB block. Bitcoin is store of value instead, like gold Maybe the Core team should improve that to allow many more per block. All what is need is increasing block size, so one line change I guess No, why not make everything more efficient rather than increasing the block size. That would be better than using the lazy way to fix it. But you cant compress the transactions much, it is almost like recompressing the same file again  I dont seem to follow you. They could make it so that after block x the compression is different. tx are mostly hashes which are by their very nature random and thus generally not compressible. If you want to try an experiment yourself take a list of hashes and attempt to compress it with various file compression tools. You will find either the compression savings are tiny or possibly the compressed size is larger than the original. There is no effort being put into compressing the blockchain and that would be ultimately useless. There is effort in pruning the blockchain by removing txs which are no longer needed. |
|
|
|
|
Show Posts
