Bitcoin Forum
November 04, 2024, 10:13:25 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Hard-forking Bitcoin to SHA-3 from SHA-2
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Hard-forking Bitcoin to SHA-3 from SHA-2  (Read 2977 times)
The Fool (OP)
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
February 20, 2013, 11:41:10 AM
 #1
http://en.wikipedia.org/wiki/SHA-3

Is it worth doing since SHA-256 was directly designed by a centralized, secretive government agency who may have included a nuanced and hidden flaw?

There are also pre-image attacks against SHA-256:

Quote
There are two meet-in-the-middle preimage attacks against SHA-2 with a reduced number of rounds. The first one attacks 41-round SHA-256 out of 64 rounds with time complexity of 2253.5 and space complexity of 216, and 46-round SHA-512 out of 80 rounds with time 2511.5 and space 23.[1] The second one attacks 42-round SHA-256 with time complexity of 2251.7 and space complexity of 212, and 42-round SHA-512 with time 2502 and space 222.

Would it be hard to switch Bitcoin over to SHA-3? How would it be done?
Mike Hearn
Legendary
*
expert
Offline Offline

Activity: 1526
Merit: 1134


View Profile
February 20, 2013, 11:51:02 AM
 #2
Probably not. The NSA has a dual mission - to attack foreign codes and build strong ones for the USA. SHA-256 came out of the latter effort and it's been extensively studied. Hash functions aren't so complicated you can hide backdoors in them and remain undetected.

SHA-3 is interesting but currently, I'm not aware of any real evidence it's stronger than SHA-2, just less studied.

If it were to be done, it'd have to be done at the same time as other hard-forking changes.
The Fool (OP)
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
February 20, 2013, 12:01:22 PM
 #3
Quote from: Mike Hearn on February 20, 2013, 11:51:02 AM
...build strong ones for the USA. SHA-256 came out of the latter effort...
Federal government agencies, with their granted sovereignty and secrecy, tend to work against each other. It would not be out of the question for the NSA to purposefully have a hold on the crytography used by all federal agencies and beyond. The President is likely not even on a need-to-know basis or security clearance with the higher echelons of the NSA. It requires trust and faith to believe the NSA is working in unison with the entire federal government and the American people. Their budget is classified. Their offices overload electrical grids. They employee thousands. People granted enormous power have an endless incentive to grow it. To have access to all government data and be able to spy on it is very valuable and is right in the NSA's jurisdiction.

Okay, SHA-256 has been well-studied. There are vulnerabilities. It is not unreasonable to believe these don't go further. Take from this what you wish but SHA-256 makes me uneasy. It makes me want to sell all my bitcoins.  

I do not trust the cryptography bitcoin is using and that is all the trust bitcoin has. Without that, bitcoin is nothing. SHA-256 will make or break bitcoin.

I put this warning on the record for the future look back at.
Mike Hearn
Legendary
*
expert
Offline Offline

Activity: 1526
Merit: 1134


View Profile
February 20, 2013, 12:23:30 PM
 #4
It only requires trust and faith if you don't understand how hash functions are constructed. The attacks on SHA-256 are all against reduced round versions, that is, they know how to beat it .... if they change it so it's not SHA-256 anymore. Well, surprise, that's why the algorithm uses lots of rounds. And Bitcoin actually doubles it up as well.

Nobody has ever suggested that SHA-256 has some kind of magic NSA back door, and if it did, it's unclear what would be done with it. For the US Government to interfere with Bitcoin by trying to back-door the crypto it uses would be a waste of time ... they could cause chaos for a bit, a new version that uses SHA-3 would be released, people would carry on as before.

If a government (any government) wants to kill Bitcoin, it will be done by passing a regulation (or re-interpreting an existing one) that essentially forbids its usage, or makes it too expensive to be worthwhile. See how some cash-strapped European governments are trying to ban the usage of cash for anything other than tiny transactions. There's a real risk those governments will simply see Bitcoin as "electronic cash" and try to ban it on the pretext of fighting tax evasion.

It's far from impossible to tax Bitcoin using businesses. But so far nobody is talking about that.
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1026



View Profile
February 21, 2013, 09:38:05 AM
 #5
Quote from: The Fool on February 20, 2013, 11:41:10 AM
http://en.wikipedia.org/wiki/SHA-3

Is it worth doing since SHA-256 was directly designed by a centralized, secretive government agency who may have included a nuanced and hidden flaw?

There are also pre-image attacks against SHA-256:

Quote
There are two meet-in-the-middle preimage attacks against SHA-2 with a reduced number of rounds. The first one attacks 41-round SHA-256 out of 64 rounds with time complexity of 2253.5 and space complexity of 216, and 46-round SHA-512 out of 80 rounds with time 2511.5 and space 23.[1] The second one attacks 42-round SHA-256 with time complexity of 2251.7 and space complexity of 212, and 42-round SHA-512 with time 2502 and space 222.

Would it be hard to switch Bitcoin over to SHA-3? How would it be done?

I fixed your quote for you to make it more obvious that we are dealing with different grades of impossible.

Note that 2256, 2253.5 and 2251.7 all mean exactly the same thing:  NEVER.
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
hardcore-fs
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile WWW
February 21, 2013, 09:50:53 AM
 #6
Seriously....
To ban bit-coin would be a world wide effort, Every government would need to make it illegal.
I do actually hope that the USA does this.. it would force the current mining operations being setup. to be moved off shore to more secure locations, at the very least it would prevent much of the current bit-coin backbone traffic from being monitored.

As regards 'security' or 'backdoors' being built into SHA256... one would have to ask WHY build a backdoor into a hashing algorithm?
It's not encryption, there are no 'secret' messages to uncover.
BTC:1PCTzvkZUFuUF7DA6aMEVjBUUp35wN5JtF
iddo
Sr. Member
****
Offline Offline

Activity: 360
Merit: 251


View Profile
February 21, 2013, 10:23:44 AM
 #7
Quote from: The Fool on February 20, 2013, 11:41:10 AM
Would it be hard to switch Bitcoin over to SHA-3? How would it be done?

If it turns out that there's collision attack (see here?) or some peculiar partial preimage attack on SHA-256 then we'd need a new protocol rule (hardfork) that says that starting from block #X in the future the protocol uses SHA-3 everywhere that SHA-256 was used.
If there's a full second preimage attack on SHA-256 then we also need to add an extra field to all the old blocks with their SHA-3 hash, otherwise an attacker could replace an old block with his malicious block, see this.


Quote from: Mike Hearn on February 20, 2013, 11:51:02 AM
SHA-256 came out of the latter effort and it's been extensively studied.

From what I've heard that's an overstatement: cryptographers focused their efforts mostly on practical collision attacks on SHA-1, and on the SHA-3 competition, so in a relative sense SHA-2 was left neglected.
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Hard-forking Bitcoin to SHA-3 from SHA-2
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!