Bitcoin Forum
November 09, 2024, 03:02:18 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Bitcoin cryptography.  (Read 1227 times)
Cryptowatch.com (OP)
Full Member
***
Offline Offline

Activity: 196
Merit: 103


View Profile WWW
April 10, 2015, 05:10:33 PM
 #1

I've meant to look deep into this for a long time, but haven't gotten around to it. I'm a big bitcoin supporter, but anyway there's a small voice in the back of my head that have some concerns. I don't expect anyone to do all the research for me, but if there's some valid work done by crypto experts, I'm interested in learning about it.

Is the crypto that bitcoin uses 100% safe? In the sense that there's no backdoors and no ability for any entity to seize funds?

There's some background info here:
http://blog.ezyang.com/2011/06/the-cryptography-of-bitcoin/

SHA-256, RIPEMD-160 and Elliptic Curve DSA is mentioned here.

Now, obviously, I don't have the knowhow to judge whether everything's "safe", as I'm no crypto-expert. But I assume there's many crypto experts that have already looked deeply into the crypto used in bitcoin and have reached some conclusions that tech-heads with less crypto knowledge can use as a guide.

So my questions would be:

- Can all crypto used in bitcoin be 100% trusted? If so, what are the arguments for this?
- Who made the crypto- algorithms that is used in bitcoin? If these are made by govt. entities is it not reasonable to expect that there's backdoors? If not, why?
- Forgive me my limited understanding, but given you assemble the brightest minds in maths and crypto, as the government funded agencies do, would they not be able to come up with sneaky solutions that would not be detected by independent crypto researchers? Ie. could a crypto-method be declared safe, and yet contain some kind of backdoor?
- Would govt. agencies create unbreakable crypto? And if so why, as it could also be used against themselves. But this is a two edged sword as safety (protection from prying eyes) could only be ensured if the crypto is unbreakable, because if entity A can break a crypto algorithm, so can entity B.


Let's assume that Satoshi's invention is genuine and we have nothing to fear, that's fine - however if the opposite is the case, and we know how important it is to control the money of a state, could it happen that the one who controlled bitcoin would also control its users? Comply, or else you will lose your coins.. It would not only be a monetary loss if coins could be controlled remotely, but also a severe confidence blow to the entire network.

So in short, what guarantees does any business or private entity have that his coins are indeed secured by math and untouchable by man?

Hazir
Legendary
*
Offline Offline

Activity: 1596
Merit: 1005


★Nitrogensports.eu★


View Profile
April 10, 2015, 05:18:16 PM
 #2

I am not a techy guy but from what I could see isn't Bitcoin's source code open? Everyone can look into it and see if there is any weird triggers or algorithms are rigged or something. So I imagine that multiple very knowledgeable tech brains looked already into it and confirmed that indeed bitcoin's code is pure and won't backfire in the future.


           █████████████████     ████████
          █████████████████     ████████
         █████████████████     ████████
        █████████████████     ████████
       ████████              ████████
      ████████              ████████
     ████████     ███████  ████████     ████████
    ████████     █████████████████     ████████
   ████████     █████████████████     ████████
  ████████     █████████████████     ████████
 ████████     █████████████████     ████████
████████     ████████  ███████     ████████
            ████████              ████████
           ████████              ████████
          ████████     █████████████████
         ████████     █████████████████
        ████████     █████████████████
       ████████     █████████████████
▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
▬▬ THE LARGEST & MOST TRUSTED ▬▬
      BITCOIN SPORTSBOOK     
   ▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
             ▄▄▄▄▀▀▀▀▄
     ▄▄▄▄▀▀▀▀        ▀▄▄▄▄          
▄▀▀▀▀                 █   ▀▀▀▀▀▀▀▄▄
█                    ▀▄          █
 █   ▀▌     ██▄        █          █              
 ▀▄        ▐████▄       █        █
  █        ███████▄     ▀▄       █
   █      ▐████▄█████████████████████▄
   ▀▄     ███████▀                  ▀██
    █      ▀█████    ▄▄        ▄▄    ██
     █       ▀███   ████      ████   ██
     ▀▄        ██    ▀▀        ▀▀    ██
      █        ██        ▄██▄        ██
       █       ██        ▀██▀        ██
       ▀▄      ██    ▄▄        ▄▄    ██
        █      ██   ████      ████   ██
         █▄▄▄▄▀██    ▀▀        ▀▀    ██
               ██▄                  ▄██
                ▀████████████████████▀




  CASINO  ●  DICE  ●  POKER  
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
   24 hour Customer Support   

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
Ibelievetruly
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
April 10, 2015, 05:19:56 PM
 #3

SHA256 was originally made by the government, nsa specifically.

SHA256 was chosen because it was the lesser popular algo at the time, and the other one had suspected backdoors

SHA256 cannot be broken at this time

SHA256 has no backdoors, it's opensource, feel free to check for yourself
Cryptowatch.com (OP)
Full Member
***
Offline Offline

Activity: 196
Merit: 103


View Profile WWW
April 10, 2015, 05:37:58 PM
 #4

SHA256 cannot be broken at this time

Got it. What are the arguments for this? I guess more research is warranted on my part.

SHA256 has no backdoors, it's opensource, feel free to check for yourself

It would be stupid of me to assume I would be able to see something in the source code, as I do not have the required skills, and would need to trust other crypto experts and their statements.


redsn0w
Legendary
*
Offline Offline

Activity: 1778
Merit: 1043


#Free market


View Profile
April 10, 2015, 05:40:39 PM
 #5

I am not a techy guy but from what I could see isn't Bitcoin's source code open? Everyone can look into it and see if there is any weird triggers or algorithms are rigged or something. So I imagine that multiple very knowledgeable tech brains looked already into it and confirmed that indeed bitcoin's code is pure and won't backfire in the future.

Yes of course, the code is obviously open source and this is one of the numerous reason of why bitcoin is very successful, in 5-6 years of "life" no one found a backdoor or a shitty code, so it is not a "software" written by any government. The sha of 256 bits is based on math, if you don't trust math it is obvious that you should not trust bitcoin (but it doesn't seem this is the case Wink).
OROBTC
Legendary
*
Offline Offline

Activity: 2940
Merit: 1864



View Profile
April 10, 2015, 05:52:43 PM
 #6

...

This is a a great topic.  I am not qualified either to look at the open-source code to make a judgement as to whether or not there are any hidden back-doors and related.

Has anyone really good at coding and cryptography here at bitcointalk (or anyone else who presumably could be trusted) taken a good hard look at this?

I have seen various comments about how robust the three encryption techniques are, but I have not run into a definitive study as to how robust BITCOIN is to snooping, back-doors, etc.
umair01
Hero Member
*****
Offline Offline

Activity: 602
Merit: 500



View Profile
April 10, 2015, 05:53:13 PM
 #7

Bitcoin is as secured as it comes, many people are obviously trying to crack it but none have found any success so far and it will not happen in the near future as per my knowledge. The entire source code is open source and has been reviewed by so many people and it is obvious that there is no backdoor in it.
NyeFe
Hero Member
*****
Offline Offline

Activity: 699
Merit: 501


View Profile
April 10, 2015, 06:04:57 PM
 #8

SHA256 cannot be broken at this time

Got it. What are the arguments for this? I guess more research is warranted on my part.

SHA256 has no backdoors, it's opensource, feel free to check for yourself

It would be stupid of me to assume I would be able to see something in the source code, as I do not have the required skills, and would need to trust other crypto experts and their statements.




Here you go https://bitcointalk.org/index.php?topic=1008489.msg10943694#msg10943694

MicroDApp.com—Smart Contract developers. Lets build a decentralized future!
ensurance982
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


Trust me!


View Profile
April 10, 2015, 06:34:41 PM
 #9

Well you can't be sure until proven otherwise, actually. Thing is: those algorithms are perfectly well known and there are a lot of mathematicians who are getting a kick out of proving/disproving the security behind those algorithms (they're being paid, also). Well, that being said: I guess they're pretty safe!

                                                                                                                      We Support Currencies: BTC, LTC, USD, EUR, GBP
DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4832



View Profile
April 10, 2015, 06:57:20 PM
 #10

Is the crypto that bitcoin uses 100% safe? In the sense that there's no backdoors and no ability for any entity to seize funds?

As far as anyone that has spoken publicly has indicated, there are no backdoors.  In reality, it is impossible to know for 100% certainty that the algorithms chosen don't have any intentional weaknesses.  It might help to consider that nobody has ever demonstrated a workable weakness in a properly generated address.  Given the financial incentive that exists, if there were any intentional weaknesses, you'd think someone would have used them by now (and/or that someone would have discovered them by now).  It also might help to know that there are three separate cryptographic functions between your private key and your address (ECDSA, SHA256, and RIPEMD160).  Therefore, even if there's a weakness in one (or two) of those algorithms, it would require that all three algorithms be significantly broken before someone could gain control of bitcoins sent to a properly secured address.

- Can all crypto used in bitcoin be 100% trusted? If so, what are the arguments for this?

100%?

Nah.  There's always a chance that someone will discover some weaknesses in any cryptographic function.  However, the odds against it are so astronomically small, that you're better off worrying about other things in life.

- Who made the crypto- algorithms that is used in bitcoin? If these are made by govt. entities is it not reasonable to expect that there's backdoors? If not, why?

IIRC, the United States NSA designed SHA-256, the concept of ECC was introduced by Neal Koblitz and Victor S. Miller, Certicom came up with the parameters of the Secp256k1 curve, and RIPEMD was developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel at the COSIC research group at the Katholieke Universiteit Leuven.

- Forgive me my limited understanding, but given you assemble the brightest minds in maths and crypto, as the government funded agencies do, would they not be able to come up with sneaky solutions that would not be detected by independent crypto researchers?

You'd have to assume that all of the "brightest minds" in the world would choose to cooperate with world governments in a conspiracy that spans a few decades.  There are a lot of talented mathematicians in the world. It seems likely to me that one of them would eventually figure out what's going on.  It isn't possible to hide the actual math that is happening.

a  Ie. could a crypto-method be declared safe, and yet contain some kind of backdoor?

It could.  Given the financial incentives and the number of "experts" looking at it, it seems highly unlikely.

- Would govt. agencies create unbreakable crypto?

To the best of their abilty?  Yes.

And if so why, as it could also be used against themselves.

Anything that they can break, can be broken by someone else.  If they want something to be secure, then they need it to be "unbreakable".

But this is a two edged sword as safety (protection from prying eyes) could only be ensured if the crypto is unbreakable, because if entity A can break a crypto algorithm, so can entity B.

Exactly.

Let's assume that Satoshi's invention is genuine and we have nothing to fear, that's fine - however if the opposite is the case, and we know how important it is to control the money of a state, could it happen that the one who controlled bitcoin would also control its users? Comply, or else you will lose your coins.

Except it wouldn't be "Comply, or else you will lose your coins" would it?  As soon as it was clear that they could "control" the movement of the value, all bitcoins would essentially lose any value they have.  So, it would be "Comply, or it will become evident to the world that bitcoin isn't secure and EVERYONE that is holding any bitcoins at all will lose ALL value".

It would not only be a monetary loss if coins could be controlled remotely, but also a severe confidence blow to the entire network.

Exactly.  On the other hand, they don't really need it to be insecure at all.  All they need is for you to be insecure.  Then they can gain access to your private keys.  Malware on your computer, surveillance, social engineering, any (or all) of these can be used to trick you into giving up the necessary information much more easily and much more cheaply than trying to "break" all the algorithms used to secure bitcoins.

For example, they could create a service (like blockchain.info) that encourages users to reuse the same address for multiple payments.  Voila, they no longer need to crack SHA-256 or RIPEMD-160.  Suddenly the ECDSA public key is available for them in the blockchain.  This reduces their effort to just having control over the Secp256k1 curve.

Better yet, they could create a service (like Coinbase) that encourages users to turn complete control over the private keys to the service.  Voila, they no longer need to crack any cryptography at all.  You've just handed over complete control of your bitcoins without even realizing it.

So in short, what guarantees does any business or private entity have that his coins are indeed secured by math and untouchable by man?

There are no guarantees in life.  But you have the choice to trust that the government will do a good job of managing the value of the fiat currency that you hold, or trusting that any intentional weaknesses in the cryptographic functions would have been discovered by now.  I know which of those I'm more likely to put my faith in.
smolen
Hero Member
*****
Offline Offline

Activity: 524
Merit: 500


View Profile
April 10, 2015, 10:50:25 PM
 #11

It also might help to know that there are three separate cryptographic functions between your private key and your address (ECDSA, SHA256, and RIPEMD160).
And MD5 between external entropy and private key.

Of course I gave you bad advice. Good one is way out of your price range.
DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4832



View Profile
April 10, 2015, 11:56:53 PM
 #12

It also might help to know that there are three separate cryptographic functions between your private key and your address (ECDSA, SHA256, and RIPEMD160).
And MD5 between external entropy and private key.

This is not true. There is nothing in the Bitcoin protocol that requires the use of MD5 in the generation of a private key. Each wallet creator is welcome to use whatever process they prefer for gathering entropy and generating a private key.
smolen
Hero Member
*****
Offline Offline

Activity: 524
Merit: 500


View Profile
April 11, 2015, 12:24:24 AM
Last edit: April 11, 2015, 12:38:04 AM by smolen
 #13

It also might help to know that there are three separate cryptographic functions between your private key and your address (ECDSA, SHA256, and RIPEMD160).
And MD5 between external entropy and private key.

This is not true. There is nothing in the Bitcoin protocol that requires the use of MD5 in the generation of a private key. Each wallet creator is welcome to use whatever process they prefer for gathering entropy and generating a private key.
Yes, that's not in the protocol.
Correct me, if I'm wrong, but Bitcoin Core generates 100 private keys for newly created wallet.dat, each key consumes 32 bytes of entropy, internal state of default OpenSSL RNG is 1023+16 bytes, keys are created in bulk, so not much additional entropy could be gathered. No way (up to my knowledge) to exploit it, but Bitcoin Core is ~16000 bits of entropy short on the first run (EDIT: and this missing entropy is emulated with MD5) - for the sake of small code simplification.

Of course I gave you bad advice. Good one is way out of your price range.
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1014


In Satoshi I Trust


View Profile WWW
April 11, 2015, 07:14:41 AM
 #14

https://www.youtube.com/watch?v=U2bw_N6kQL8

https://www.youtube.com/watch?v=ZloHVKk7DHk


this can help too.

jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1008


Core dev leaves me neg feedback #abuse #political


View Profile
April 11, 2015, 07:44:35 AM
Last edit: April 11, 2015, 07:55:06 AM by jonald_fyookball
 #15



Has anyone really good at coding and cryptography here at bitcointalk (or anyone else who presumably could be trusted) taken a good hard look at this?

no, no ones ever looked at it. Roll Eyes

ECC is well known and studied.  
http://en.m.wikipedia.org/wiki/Elliptic_curve_cryptography

Quote
The hardest ECC scheme (publicly) broken to date had a 112-bit key for the prime field case and a 109-bit key for the binary field case. For the prime field case this was broken in July 2009 using a cluster of over 200 PlayStation 3 game consoles and could have been finished in 3.5 months using this cluster when running continuously. For the binary field case, it was broken in April 2004 using 2600 computers for 17 months.

Bitcoin uses a 256 bit key and the secp256k1 curve.

see https://en.bitcoin.it/wiki/Secp256k1

Quote
unlike the popular NIST curves, secp256k1's constants were selected in a predictable way, which significantly reduces the possibility that the curve's creator inserted any sort of backdoor into the curve.

The SHA-256 hash function is based on a Merkle Damgard construction,
which has been considered solid for decades.

oblivi
Hero Member
*****
Offline Offline

Activity: 700
Merit: 501


View Profile
April 11, 2015, 04:05:44 PM
 #16

It's open source and it's not crackeable unless the gov has quantum machines ready to bruteforce SHA256 based passes (thats just straight Sci-fi). So yeah, you can be safe with your BTCs, the only problem one has is storing them in a place that can't be accessed online, and even if they did they would need to crack the pass, which is impossible given it's a decent one.
So your main mission is not forgetting your pass. If you want to be your own bank that's expected. If not, you always have stuff like Xapo.
Professor James Moriarty
aka TheTortoise
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250



View Profile
April 11, 2015, 09:40:41 PM
 #17

There have been enough computer scientists and researchers that have looked over Bitcoin's theory and cryptography and code in the past 6 years. If it was a problem they would've said something already :-)
cellard
Legendary
*
Offline Offline

Activity: 1372
Merit: 1252


View Profile
April 11, 2015, 10:23:37 PM
 #18

There have been enough computer scientists and researchers that have looked over Bitcoin's theory and cryptography and code in the past 6 years. If it was a problem they would've said something already :-)
There's nothing to "crack" about the BTC code... again, at the end of the day it all comes down to cracking the cryptographic algorithm which is simply ridiculous. If someone cracked SHA256, it would be a global catastrophe, since endless security is based around SHA256.
MikeCorleone
Sr. Member
****
Offline Offline

Activity: 391
Merit: 250



View Profile
April 12, 2015, 12:39:14 PM
 #19

There have been enough computer scientists and researchers that have looked over Bitcoin's theory and cryptography and code in the past 6 years. If it was a problem they would've said something already :-)
There's nothing to "crack" about the BTC code... again, at the end of the day it all comes down to cracking the cryptographic algorithm which is simply ridiculous. If someone cracked SHA256, it would be a global catastrophe, since endless security is based around SHA256.

I don't see him mentioning anything about cracking the BTC code, and your answer is very incorrect. SHA256 can be fine as an algorithm, and secp256k1 can be fine as a curve, but Bitcoin's implementation of both of those could be flawed.

Let's not forget that someone did legitimately create 184 billion Bitcoin in a single block in 2010, and the network had to be patched (resulting in a short-lived fork).

The Bitcoin wiki has a good article covering OP's concerns: https://en.bitcoin.it/wiki/Weaknesses
thejaytiesto
Legendary
*
Offline Offline

Activity: 1358
Merit: 1014


View Profile
April 12, 2015, 03:51:48 PM
 #20

There have been enough computer scientists and researchers that have looked over Bitcoin's theory and cryptography and code in the past 6 years. If it was a problem they would've said something already :-)
There's nothing to "crack" about the BTC code... again, at the end of the day it all comes down to cracking the cryptographic algorithm which is simply ridiculous. If someone cracked SHA256, it would be a global catastrophe, since endless security is based around SHA256.

I don't see him mentioning anything about cracking the BTC code, and your answer is very incorrect. SHA256 can be fine as an algorithm, and secp256k1 can be fine as a curve, but Bitcoin's implementation of both of those could be flawed.

Let's not forget that someone did legitimately create 184 billion Bitcoin in a single block in 2010, and the network had to be patched (resulting in a short-lived fork).

The Bitcoin wiki has a good article covering OP's concerns: https://en.bitcoin.it/wiki/Weaknesses

True, I think everyone knows the 184 billion BTC incident, but those were the super early days. At this point, all those sorts of problems have been patched.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!