How "Open Source" is Bitcoin?

[OROBTC]

...

Newb OROBTC today continues his questions on BTC topics of interest to me.

I have read that Bitcoin is "open source", which I presume to mean that anyone who is well trained (in what: computer science and cryptography?) can examine the code for possible flaws.

Yet I have heard rumors that NSA has found weaknesses in one or more of the cryptographic techniques (and seen twice mentioned one of the versions of Elliptic Curve Cryptography -- forgive my jargon errors).

So, what´s the word on this?  I understand that Satoshi is/was a genius, so even if "open source" is as I defined above, what do you experts who have carefully examined the code have to say?  Could NSA have "slipped in a mickey" here?  Almost all of us non-experts would likely be interested in getting this one cleared up by knowledgeable folks here.

***

In a similar vein, are there any math short-cuts in attacking, say, SHA-256 or the other hashing technique RIPEMD160?

Would making a hashing technique like, say, "SHA-1024" cure that, or is that type of hashing vulnerable to the same processes that could attack SHA-256? 

Also, if I read correctly, changing any of the encryption techniques would totally change Bitcoin, so making the current ones (like my +/- 2.0 BTC) worthless...  Comments?

***

Again I pass along my appreciation & thanks for the warm welcome for this newb into Bitcoinistan™.  It´s my pleasure learning and dialoging here.

[franky1]

NSA don't know anything.

take the silkroad situation last year. NSA had to employ the UK's GCHQ to bruteforce DPR's password

[corebob]

Until a more knowledgeable person arrives...
 

I have read that Bitcoin is "open source", which I presume to mean that anyone who is well trained (in what: computer science and cryptography?) can examine the code for possible flaws.

Decide for yourself
http://opensource.org/licenses/mit-license.php
In my opinion this license lacks the character and vision that GPL has, but I guess its open, if you can find the source.

Would making a hashing technique like, say, "SHA-1024" cure that, or is that type of hashing vulnerable to the same processes that could attack SHA-256?  

I don't think SHA-1024 would be considered stronger as long as both is strong enough. SHA-256 has a speed and space advantage though.
Never heard of any known weaknesses in SHA-256 myself.

Also, if I read correctly, changing any of the encryption techniques would totally change Bitcoin, so making the current ones (like my +/- 2.0 BTC) worthless...  Comments?

I believe this would change the size and output of hashes, rendering existing hashes invalid. A so called hard-fork.

Again I pass along my appreciation & thanks for the warm welcome for this newb into Bitcoinistan™.  It´s my pleasure learning and dialoging here.

ditto

[kik1977]

NSA don't know anything.

take the silkroad situation last year. NSA had to employ the UK's GCHQ to bruteforce DPR's password

Do you have a source for that? Thanks Franky1, excuse me OP!

[cr1776]

You can go to github.com, search for bitcoin and take a look at the code yourself.  If you know even a little computer science you can follow along with much of it.  Some areas wouldn't be clear without lots of study, but it is right there.  It is interesting to look at the code as a learning exercise and just to see how bitcoin performs various functions.

If your don't know the code in and out, it would be easy to miss edge and corner cases, but getting the general overview is useful.

So it is quite open source, lots of people who are experts in both CS and crypto have looked at it. 

[xdigital]

Bitcoin is a open-source protocol, https://en.bitcoin.it/wiki/Protocol_specification.
It's consider a very simple protocol.

if you want to learn about its weaknesses: go here https://en.bitcoin.it/wiki/Weaknesses

[Bit_Happy]

Much of what the NSA did was simply pressuring vendors to install backdoors in products.

[justusranvier]

In a similar vein, are there any math short-cuts in attacking, say, SHA-256

You do understand that Bitcoin mining consists of attacking SHA256, right? ASIC design is basically about attacking SHA256 as efficiently as possible so if anyone has an incentive to find a shortcut it's them. Any they find will just get incorporated into their products and the difficulty will adjust upwards accordingly.

[theonewhowaskazu]

If there was a problem with sha256, miners would be exploiting it.

Bitcoin is open source and the source can be viewed on github: https://github.com/bitcoin/bitcoin

Even if you don't understand the nitty-gritty of the source code, if you have a general (I mean REALLY GENERAL) understanding of cryptography its fairly easy to convince yourself that Bitcoin works.

And, even if Sha256 suddenly got "too easy" somehow (due to some kind of attack), Bitcoin would remain largely unaffected unless it became totally reversible. This is because of Bitcoins difficulty mechanism.

[CoinsOrDie]

A good idea for a bitcoin blog could be someone explainings parts of the source code regularly.

Edit: trying to look into the code myself, it seems difficult to find where some real magic happens. Where does it sign new transactions, verify the blockchain, mine and so on?

[jaybny]

A good idea for a bitcoin blog could be someone explainings parts of the source code regularly.

Edit: trying to look into the code myself, it seems difficult to find where some real magic happens. Where does it sign new transactions, verify the blockchain, mine and so on?

A good idea for a bitcoin blog could be someone explainings parts of the source code regularly.

Edit: trying to look into the code myself, it seems difficult to find where some real magic happens. Where does it sign new transactions, verify the blockchain, mine and so on?

download the C++ code, get it to compile, then trow it in a debugger, and see for yourself. should take anywhere from 1 week to 1 year depending on your skills.

there is also a version in GO, not sure about Java or Python, or PHP for that matter

[corebob]

...
Yet I have heard rumors that NSA has found weaknesses in one or more of the cryptographic techniques (and seen twice mentioned one of the versions of Elliptic Curve Cryptography -- forgive my jargon errors).
...

The only case I have heard about is that NSA related developers managed to push through a random number generator (used to generate private keys) that had exploitable weaknesses. This particular generator has been replaced by now though, so it shouldn't be a problem. At least not on open source operating systems.

[ScripterRon]

there is also a version in GO, not sure about Java or Python, or PHP for that matter

You can take a look at my node server written in Java at https://github.com/ScripterRon/JavaBitcoin.  It has been running for several months now and supports everything except mining.  The wallet is a separate application (ScripterRon/BitcoinWallet) and uses SPV to communicate with the network (similar to MultiBit and Android Wallet).

So there are several open-source implementations around that should help keep everybody honest.  Even though my node doesn't support mining, it will reject blocks that it receives if they don't conform to the rules.

[corebob]

There is also a modern C++ implementation here
https://github.com/spesmilo/libbitcoin

And the Go implementation (btcd is the daemon)
https://github.com/conformal

another Go implementation
https://github.com/piotrnar/gocoin

all are full bitcoin nodes

[pr9me]

The fact that there are a bajillion alt coins out there now should definitely tell you how open source Bitcoin is.