elliptic curve discrete logarithm problem (ECDLP)

[Quantus]

'To date, the mathematical problem is believed to be so hard to solve that properly implemented ECC can't be broken without requiring millions or even billions of years. But there's no proof this assumption is correct. If NSA researchers stumbled on a new way to tackle the problem efficiently, it would torpedo the entire suite of crypto schemes banks, government subcontractors, and others have been using at the strong urging of the federal government.'

Question: if ecc falls how fast can we replace it and what would we replace it with and what method would be needed; a hard fork?

I ask this because the NSA is now saying ECC is not safe.

http://arstechnica.com/security/2015/10/nsa-advisory-sparks-concern-of-secret-advance-ushering-in-cryptoapocalypse/

[Gleb Gamow]

NSA: It's broken!
Users: Oh, my!
NSA: Not to worry, we just so happened to develop this to use instead. Enjoy!
Users: How do we truly know there's no ...
NSA: Back doors? We knew you were goin' to ask that.
Users: Well?
NSA: Well what? Feel free to use something else.
Users: But there isn't anything else.
NSA: hehehe

[Quantus]

A conspiracy theorist might opine that the reason involves the current distrust of NSA-specified ECC coefficients. If NSA can't break ECC with well-chosen coefficients, they might well want it out of the picture.

But would the NSA really compromise the US government security by falling back on a much older and weaker standard?


I'm playing devil's advocate, I'm a layman but I agree with you the NSA is just trying to manipulate people but I still don't understand what the NSA is thinking releasing a report like this. How can ECC be weaker then an older standard. They must be idiots to think any one would believe a word they say after this.  

[Gleb Gamow]

A conspiracy theorist might opine that the reason involves the current distrust of NSA-specified ECC coefficients. If NSA can't break ECC with well-chosen coefficients, they might well want it out of the picture.

But would the NSA really compromise the US government security by falling back on a much older and weaker standard?


I'm playing devil's advocate here I agree with you but I still don't understand what the NSA is thinking releasing a report like this. How can ECC be weaker then older standard.

In my post I was alluding to the NSA already have something other in the works to roll out at a moment's notice once the scare-factor takes hold.

[dothebeats]

If not quantum computers, then what would it be that the NSA is afraid of that made them say that ECC is not safe? As I understand it, it would take millions of years for even the most powerful supercomputers of today to break ECC, and a working quantum computer isn't a thing yet.

[7788bitcoin]

Oh no!! Shall we buy more bitcoins or sell all?

[Amph]

it's better to begin to think about it in ahead of time because this hard fork will surely wreck what bitcoin is

but changin the algo is not possible without killing the entire mining scene, there must eb soemthign else that can be done, maybe soemthing with sidechain

[smolen]

Who's going to be the first victims if ECC will be broken? Owners of coins that sit on reused addresses - the attacker will have plenty of time to calculate private keys. Next will be miners who still use pay-to-pubkey coinbase transaction script. Then it'll be senders of big sums in single transaction. For everyone else I think the risk of bitcoin stealing is minimal.