|
wpalczynski
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
May 05, 2016, 08:48:30 PM |
|
The thread likely got deleted because of your repeated insults leveled against other posters there
I do not remember making any such insult. Please quote them and don't allege something you can't demonstrate, for that is a very slimy tactic. You know damn well that thread got deleted, you are one slimy tactic. dumbass
|
|
|
|
TPTB_need_war
|
|
May 06, 2016, 01:27:28 AM Last edit: May 06, 2016, 01:49:40 AM by TPTB_need_war |
|
I was sleeping. Now the REKTing will ensue. I am an innocent Noob, and not a sock puppet. I believe you are a liar. Prove it by revealing your identity. My identity is known to everyone. I have revealed my full name, where I live, my history, my LinkedIn account, my public non-anonymous writings published over the internet, etc.. If you believe that, you are dumber than I thought.
Yes, I do believe I explained it. If you feed the script a plain ASCII text file, you'll just claim he might have used UTF16. Or a PDF file, which can altered in infinitely many ways without affecting the text content. Or a JPEG of a photograph of a printout of the document. Or something else entirely.
Perhaps you're illiterate? Yes of course there is a combinatorial explosion of possibilities which was my point that you all can't conclude with 100% certainty that Craig can't produce a preimage of the hash, unless you can be sure he can't second preimage SHA-256 or otherwise find a collision. And I had stated that double hashing with SHA-256 might possibility have a cryptoanalysis hole that isn't known to exist in the cryptoanalysis of a single hashing. Again this was just a theory I wanted to discuss. Perhaps you don't like theories. Perhaps you would have preferred that Einstein didn't ponder riding in elevators. Well small, closed minds aren't very creative and thus don't achieve greatness. More on that with follow in a subsequent post. However, in spite of the fact that you can't disprove any possible means of representation or permutation of the Sartre text, I wrote several times upthread that at the bare minimum, those protagonists who were claiming 100% certainty that Craig could not do something (btw a very strong claim), it would behove them to at least show that using typical representations of the Sartre text (e.g. ASCII text and perhaps UTF8/UTF16), that no contiguous portion of the text could hash to the signed hash. Moreover and more saliently, I pointed out that the protagonists were disingenuous or derelict by not pointing out the possibility that Craig might still be able to match the hash with some revealed content, Iff (if and only if) Craig had found a way to second preimage or otherwise find the necessary collision on the SHA256 hash. That the protagonists were too lazy to do this and were also too lazy to even verify if the website drcraigwright.com is Craig Wright's official communication vehicle (which apparently it is not and is now for sale here on bitcointalk.org according to a screen capture I quoted upthread), points to the lack of diligence and/or disingenuity in this tribe of Bitcoin maximalists including apparently yourself, who think they are holier than thou. Do not disingenously quote my above two paragraphs out-of-context again. Don't cherry pick my context to make inane non-rebuttals which side-step my holistic set of points. Note when I am done REKTing you on the technical points (again more is to follow below after this post), I never again want to waste my precious time with a useless and disingenuous turd. So this will be your last interaction with me. We do have fairly convincing evidence that the signature Wright posted is not a signature of any subset of the Sartre document.
Specifically, it matches an early public signature from Satoshi lifted from a Bitcoin transaction. The chance against any portion of the Sartre document generating an identical signature are astronomical. Hence, it's pretty clearly an attempt at fraud or at the very least intentional misdirection.
You are apparently mathematically illiterate. If Craig can't find the second preimage or necessary collision, then he can't find a text that matches. Period. If he can find the second preimage or necessary collision, then he can find a text that matches. Period. When we analyze the probability, we don't start only with the Sartre text document. He could have chosen from any document on earth. Thus his ability to use only contiguous portions of the Sartre document is mathematical plausible (again assuming he has the necessary cryptographic breakage), and thus it behoves the protagonists to explain this and even to write a quick script to prove that the contiguous portions possibilities in the common encoding formats does not hash to the signature he provided. The derelicts didn't do this. My necessary mathematical assumption in this paragraph (not impacting the prior paragraph) is that the hash function would be subject to a multi-collision attack. Thus if the breakage is not multi-collision, then Craig could not have reasonably limited himself to contiguous portions because the search for document matches in itself would probably be an intractable computational problem. My point remains that we see none of this sophisticated explanation from the protagonists. Instead they do a little bit of half-ass analysis and then everyone proclaims Craig is a fraud. This is Craig's point! I simply wanted to have a theoretical discussion in the Bitcoin Technical Discussion subforum and instead had my legitimate inquiry vaporized by the Bitcoin maximalist "forum-Hitler" moderator who uses the moniker Gmaxwell or in real life Gregory Maxwell. And we have all his underlings here who promulgate his shitty attitude and actions.
|
|
|
|
TPTB_need_war
|
|
May 06, 2016, 03:28:06 AM Last edit: May 06, 2016, 04:55:49 AM by TPTB_need_war |
|
I will proceed to explain once you confirm that do not understand why Merkle–Damgård construction is relevant? Either explain or admit you don't know. So I can proceed to teach you something. You are wasting my scarce time with your stalling/deception tactics and trolling.
No, you're the one wasting my time. I don't have to explain anything. You do. And you're not. I can only assume by your lack of explanation that you can't produce one. Next time you will realize not to fuck with me, because I know a lot more than you assume.
I assume you know nothing, so knowing more than that isn't much of an accomplishment. But please go ahead and demonstrate your accomplishment. We're all waiting. I'll interpret your reply as an ostensibly intentional veiled admission that you could not answer the question. So I will proceed to explain the sort of theoretical analysis that I was interested in discussing in the thread that the "forum-Hitler" Gmaxwell nuked. Tangentially note the disclaimer that I wrote in the OP of the thread which was nuked:Does anyone know what black hole Bitcoin core (Blockstream) developer Gmaxwell moved the quoted thread to? [...]
I urge immediately peer review of my statements by other experts. I have not really thought deeply about this. This is just written very quickly off the top of my head. I am busy working on other things and can't put much time into this.
I had written in that nuked and vaporized thread a post (my last or nearly last post in that nuked thread) which explained that at the moment I wrote that quoted OP, I had been mislead by sloppy writing on the news sites (and also the linked sites of the protagonists) into thinking that the hash of the Sartre text was already confirmed. For example, I provided this quote:Craig Wright’s chosen source material (an article in which Jean-Paul Sartre explains his refusal of the Nobel Prize), surprisingly, generates the exact same signature as can be found in a bitcoin transaction associated with Satoshi Nakamoto.
Being at is was by that time late in the evening for my timezone and I had been awake roughly 18 hours already, and I was skimming in an attempt to make some quick feedback on this potentially important event, so I could return to my work asap. In the nuked thread, I quickly realized that the Sartre text hadn't been verified to match the hash, so I actually stopped posting in the nuked thread for a few hours. Then when I came back to thread, it didn't exist so I could no longer follow up or read what had been elucidated. Thus note my original focus was on how the hell could Craig have achieved that match, so he must have broken the hash. I had recalled that I had theoretically doubts about the double hashing which I had never bothered to discuss with anyone. It had been 2+ years since I did that research on cryptographic hash functions, so I had to decide if I was going to go dig back into that research or not. I figured I'd sleep on it and then be able to think with a clearer, rested mind about the implications of the revelation (to me) that the hash had not been verified to match the text because the portion of the text had not been sufficiently specified (again the "undisclosed" term didn't make sense to me in quick skimming because I had read on the blog that the Sartre text was referred to).
But instead of being able to sleep on it and then decide whether to let it go or dig back into my past research, my thread was nuked and I was under attack. Remember I don't back down from anyone when I think I am justified. When I think I am wrong, I mea culpa.
So now back to the subject matter of whether double hashing could theoretically lead to any weakening of the second preimage and/or collision security of the SHA-256 cryptographic hash function. Afaik, there is no research on this question. If anyone is aware of any, please kindly inform me. First I will note the Merkle–Damgård construction (which SHA-256 employs) is subject to numerous generic attacks and even though afaik none of these are currently known to be a practical threat against a single hash of SHA-256, we can perhaps look to those generic attacks for potential clues as to what a double-hashing might enable which a single-hash application perhaps might not. Note in the pseudo-code for SHA-256 that what distinguishes a double-hashing from doubling rounds (i.e. " Compression function main loop:") or repeating the input text in double the block chunks (i.e. " Process the message in successive 512-bit chunks:"), is that the h0 - h8 compression function state which is normally orthogonal to the input block chunks instead gets transmitted as input to a block chunk in the second hash application (i.e. " Produce the final hash value (big-endian):") after being added to the output of the compression function (i.e. "Add the compressed chunk to the current hash value:"). And the h0 - h8 compression function state is reset to a constant (i.e. " Initialize hash values:"). The reason I think this might be theoretically significant is because we should note that the way cryptographic hash functions are typically broken is by applying differential cryptanalysis. Differential cryptanalysis is attempting to find some occurrence of (even higher order) differences between inputs that occurs with more frequent probability than a perfectly uniform distribution. In essence, differential cryptanalysis is leveraging some recurrent structure of the confusion and diffusion and avalanche effect of the algorithm. Not only does the double-hashing introduce a constant h0 - h8 midstream thus introducing a known recurrent structure into the middle of the unified algorithm of a double-hashing, but it shifts the normally orthogonal compression function state to the input that it is designed supposed to be orthogonal to. On top of that, the additions of the h0 - h8 state at the midpoint, can possibly mean the starting state of the midpoint is known to have a higher probability of zeros in the least significant bits (LSBs). This last sentence observation comes from some research I did when I created a much higher bandwidth design variant of Berstein's ChaCha by fully exploiting AVX2 SIMD, that was for a specific purpose of creating a faster memory hard proof-of-work function. In that research, I had noted the following quote of an excerpt in my unfinished, rough draft, unpublished white paper written in late 2013 or early 2014 (and kindly note that the following might have errors because it was not reviewed for publishing and was merely notes for myself on my research understanding at that time 2+ years ago): Security
Addition and multiplication modulo (2^n - 1) diffuse through high bits but set low bits to 0. Without shuffles or rotation permutation to diffuse changes from high to low bits, addition and multiplication modulo (2^n - 1) can be broken with low complexity working from the low to the high bits [5].
The overflow carry bit, i.e. addition modulo ∞ minus addition modulo (2^n - 1), obtains the value 0 or 1 with equal probability, thus addition modulo (2^n - 1) is discontinuous i.e. defeats linearity over the ring Z/(2^n) [6] because the carry is 1 in half of the instances [7] and defeats linearity over the ring Z/2 [8] because the low bit of both operands is 1 in one-fourth of the instances.
The number of overflow high bits in multiplication modulo ∞ minus multiplication modulo (2^n - 1) depends on the highest set bits of the operands, thus multiplication modulo (2^n - 1) defeats linearity over the range of rings Z/2 to Z/(2^n).
Logical exclusive-or defeats linearity over the ring Z/(2^n) always [8] because it is not a linear function operator.
Each multiplication modulo ∞ amplifies the amount diffusion and confusion provided by each addition. For example, multiplying any number by 23 is equivalent to the number multiplied by 16 added to the number multiplied by 4 added to the number multiplied by 2 added to the number. This is recursive since multiplying the number by 4 is equivalent to the number multiplied by 2 added to the number multiplied by 2. Addition of a number with itself is equivalent to a 1 bit left shift or multiplication by 2. Multiplying any variable number by another variable number creates additional confusion.
Multiplication defeats rotational cryptoanalysis [9] because unlike for addition, rotation of the multiplication of two operands never distributes over the operands i.e. is not equal to the multiplication of the rotated operands. A proof is that rotation is equivalent to the exclusive-or of left and right shifts. Left and right shifts are equivalent to multiplication and division by a factor of 2, which don't distribute over multiplication e.g. (8 × 8 ) × 2 ≠ (8 × 2) × (8 × 2) and (8 × 8 ) ÷ 2 ≠ (8 ÷ 2) × (8 ÷ 2). Addition modulo ∞ is always distributive over rotation [9] because addition distributes over multiplication and division e.g. (8 + 8 ) ÷ 2 = (8 ÷ 2) + (8 ÷ 2). Due to the aforementioned non-linearity over Z/(2^n) due to carry, addition modulo (2^n - 1) is only distributive over rotation with a probability 1/4 up to 3/8 depending on the relative number of bits of rotation [9][10].
However, multiplication modulo (2^n - 1) sets all low bits to 0 orders-of-magnitude more frequently than addition modulo (2^n - 1)—a degenerate result that squashes diffusion and confusion.
[5] Khovratovich, Nikolic. Rotational Cryptanalysis of ARX. 2 Related Work. [6] Daum. Cryptanalysis of Hash Functions of the MD4-Family. 4.1 Links between Different Kinds of Operations. [7] Khovratovich, Nikolic. Rotational Cryptanalysis of ARX. 6 Cryptanalysis of generic AR systems. [8] Berstein. Salsa20 design. 2 Operations. [9] Khovratovich, Nikolic. Rotational Cryptanalysis of ARX. 3 Review of Rotational Cryptanalysis. [10] Daum. Cryptanalysis of Hash Functions of the MD4-Family. 4.1.3 Modular Additions and Bit Rotations. Corollary 4.12.
So now put those aforementioned insights about potential recurrent structure at the midpoint of the double-hashing, together with the reality that a Boomerang attack is a differential cryptoanalysis that employs a midpoint in a cipher to form new attacks that weren't plausible on the full cipher. Bingo! I'll refrain from providing my further insights on specifics beyond this initial sharing. Why? Because I've been treated like shit by Gmaxwell and you all here grant him too much Hitler-esque control over the Bitcoin Technical Discussion subforum where these sort of discussions are supposed to occur, so I will take my toys else where. Enjoy your echo chamber. Do I have an attack against Bitcoin's double-hashing? I leave that for you to ponder.
|
|
|
|
TPTB_need_war
|
|
May 06, 2016, 03:48:04 AM |
|
TPTB_need_war, you cannot prove nor disprove that the Sartre text Craig Wright supposedly hashed is a collision for SHA256.
I asked you to not do what you just did above: Don't cherry pick my context to make inane non-rebuttals which side-step my holistic set of points.
You also pointed out that he supposedly has access to a supercomputer. Even with access to a supercomputer, he would not be able to find a collision as other researchers have already tried. Simply having a lot of computing power does not mean that he can find a collision.
Alternatively, Craig could have found a vulnerability in sha256, in which case a lot more things than just Bitcoin is screwed. If Craig did not responsibly disclose such a vulnerability and instead exploited it, this would be incredibly sketchy and dishonest behavior.
The point is that with a supercomputer together with a new cryptoanalysis break, the two together might be required to accomplish the attack. I want you to know that if China's pools see nearly all the mining shares, then they are viewing about 2 68 of SHA-256 hashing power per annum which may or may not be fulcrum. Don't presume you know all the theoretical attacks that are possible. The theory that the sha256 double hash is weaker than sha256 is false. It has been proven that performing multiple iterations of a hash is more secure than just one iteration. Specifically, many websites will store users passwords in the form of a multiple iteration hash.
You've made at least two mathematically illiterate errors in that quoted text: 1. Testing that double-hashing fulfills some criteria you have prechosen, says nothing about security against cryptoanalysis which your criteria has not considered. 2. Securing a password by iterated hashing (because it requires the dictionary attacker to perform the iteration cost on each dictionary trial) says nothing about the increased vulnerability of collision cryptanalysis. You are conflating two separate issues of security. I am done speaking to these amateurs. Waste of my time.
|
|
|
|
wpalczynski
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
May 06, 2016, 04:18:42 AM |
|
|
|
|
|
TPTB_need_war
|
|
May 06, 2016, 04:38:27 AM |
|
FYI truce, I will cease & desist: I also don't believe CW is Satoshi. But that isn't my point. I explained the salient point more concisely here which is really about ridicule, censorship, and manipulation of public opinion instead of rational, well elucidated, and amicable/patient/unencumbered reasoned discussion (i.e. acadamics versus corporate fiefdoms): https://bitcointalk.org/index.php?topic=1459846.msg14766475#msg14766475Please also read the subsequent to the above linked post as I broad stroked some of my theoretical concerns about the double-hashing in Bitcoin. Theymos is allowing me to continue so I think it is possible that Theymos is helpless due to not being capable himself of leading technologically. So appears he may be trying to appease Greg while also allowing for the minute possibility that someone else could accomplish in code and in reality something as relevant. I think I respect Theymos if this is the case. But we don't really know what is going on behind the scenes. I am at the point now where I really want to ignore everything on BCT and Reddit. My discussions about programming language theory are going very well at the Rust forum. Did you see I solved the age old computer science problem known as the Expression Problem articulated by Philip Wadler in 1999: https://bitcointalk.org/index.php?topic=1438301.msg14757751#msg14757751(click the sublink in item #6) Did you see how I REKTed Greg's logic on the Ogg streaming index which was hilarious given he is co-inventor of the Ogg orbis codec: https://bitcointalk.org/index.php?topic=1378533.msg14035614#msg14035614(search for the phrase "Also I don't understand how you calculate 20% increase" within that post) I don't claim he isn't smart in his cryptography and math fields of expertise. And generally a very smart guy. But that is not the problem we are apparently agreeing on.
|
|
|
|
eca.sh
Newbie
Offline
Activity: 29
Merit: 0
|
|
May 06, 2016, 07:52:13 AM |
|
Theymos replied when I sent him a copy of the prior message (didn't mention nor quote you) with the following message and he banned me from BCT for 10 days. Your technical claims are nonsensical, but yet you keep spamming them and resorting to ad hominem arguments. For example, there is a known attack on reduced-SHA-256 with 52/64 rounds, but the attack has complexity 2255.5. So the best-known attack on SHA-256 causes it to lose half a bit of security when the number of rounds is reduced. It's nothing. Saying that we're doomed (and spamming about it everywhere) because someone might possible find a way to invert SHA-256 is like freaking out because there might be psychics capable of reading keys from people's minds.
Take a break...
Clearly he either didn't bother to read my linked post (which I also provided to him in the quote) wherein explained I wanted to explore theoretical security concerns about double-hashing (which btw is not the same as what Merkel trees do), not not single hashing which I am positing may have different security attributes. In that linked post, I also quoted wherein I had always made a disclaimer that readers should wait for expert peer review and that I hadn't expended a lot of time on the issue. Also the ad hominem starts from his tribe attacking me, such as for example Foxup's condescending posts. I responded in kind after it was clear that Foxup wouldn't stop his snide attitude and follow a more fruitful one. Also theymos is disingenuous by cherry picking the preimage attack at 52 rounds which requires 2 255.5 trials and not also mentioning the pseudo-collision attack at 46 rounds with only 2 46 trials: https://en.wikipedia.org/wiki/SHA-2#Cryptanalysis_and_validationThe point of my theoretical inquiry is whether double-hashing might open an opportunity for a new cryptoanalysis breakthrough such as the Boomerang attack given the significant structure at the midpoint the doubling the hash ostensibly introduces. And why are theymos and gmax so worried about allowing information to propagate freely and letting readers make up their own minds. Why do they feel they need to control the minds of readers. So yes it appears you are correct. I hit the root nerve. Theymos and gmax are ostensibly in bed together and can't tolerate any theoretical discussion. None of this is going to help them, because they both have only left thumbs. Over and out. P.S. you may want to quote this message immediately before it is deleted by the mods.Everybody knows that SHA-256 hasn't been broken. It is quite nonsensical to discuss ways it might be broken, when everyone knows that is impossible. No wonder why everyone ignores you.
|
|
|
|
generalizethis
Legendary
Offline
Activity: 1750
Merit: 1036
Facts are more efficient than fud
|
|
May 06, 2016, 04:30:54 PM Last edit: May 06, 2016, 04:53:02 PM by generalizethis |
|
@eca.sh, I'm not sure why you sent me a PM stating that TPTB_need_war is banned for ten days, but if it's true, I'm really unsure why you are attempting to argue with him a few hours after you broke the news to me--hard to reply when you're banned. "Your buddy was banned for 10 days, lol « Sent to: generalizethis on: Today at 03:24:19 AM »" !!! WARNING: This user is a newbie. If you are expecting a message from a more veteran member, then this is an imposter !!! !!! WARNING: This user is a newbie. If you are expecting a message from a more veteran member, then this is an imposter !!!
Theymos replied when I sent him a copy of the prior message (didn't mention nor quote you) with the following message and he banned me from BCT for 10 days. Your technical claims are nonsensical, but yet you keep spamming them and resorting to ad hominem arguments. For example, there is a known attack on reduced-SHA-256 with 52/64 rounds, but the attack has complexity 2255.5. So the best-known attack on SHA-256 causes it to lose half a bit of security when the number of rounds is reduced. It's nothing. Saying that we're doomed (and spamming about it everywhere) because someone might possible find a way to invert SHA-256 is like freaking out because there might be psychics capable of reading keys from people's minds.
Take a break...
Clearly he either didn't bother to read my linked post (which I also provided to him in the quote) wherein explained I wanted to explore theoretical security concerns about double-hashing (which btw is not the same as what Merkel trees do), not not single hashing which I am positing may have different security attributes. In that linked post, I also quoted wherein I had always made a disclaimer that readers should wait for expert peer review and that I hadn't expended a lot of time on the issue. Also the ad hominem starts from his tribe attacking me, such as for example Foxup's condescending posts. I responded in kind after it was clear that Foxup wouldn't stop his snide attitude and follow a more fruitful one. Also theymos is disingenuous by cherry picking the preimage attack at 52 rounds which requires 2 255.5 trials and not also mentioning the pseudo-collision attack at 46 rounds with only 2 46 trials: https://en.wikipedia.org/wiki/SHA-2#Cryptanalysis_and_validationThe point of my theoretical inquiry is whether double-hashing might open an opportunity for a new cryptoanalysis breakthrough such as the Boomerang attack given the significant structure at the midpoint the doubling the hash ostensibly introduces. And why are theymos and gmax so worried about allowing information to propagate freely and letting readers make up their own minds. Why do they feel they need to control the minds of readers. So yes it appears you are correct. I hit the root nerve. Theymos and gmax are ostensibly in bed together and can't tolerate any theoretical discussion. None of this is going to help them, because they both have only left thumbs. Over and out. P.S. you may want to quote this message immediately before it is deleted by the mods.Everybody knows that SHA-256 hasn't been broken. It is quite nonsensical to discuss ways it might be broken, when everyone knows that is impossible. No wonder why everyone ignores you.
|
|
|
|
rdnkjdi
Legendary
Offline
Activity: 1256
Merit: 1009
|
|
May 06, 2016, 04:33:29 PM |
|
TBT really got banned??? How's that work with all the other trolling that goes on in this shitshow
At least he puts effort behind his posts
|
|
|
|
sockpuppet1
Newbie
Offline
Activity: 28
Merit: 0
|
|
May 06, 2016, 04:44:11 PM |
|
@eca.sh, I'm really unsure why you are attempting to argue with him--hard to reply when you're banned.
I read eca.sh's post carefully and he appears to be arguing against himself. Literally.
|
|
|
|
wpalczynski
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
May 06, 2016, 05:18:11 PM |
|
TBT really got banned??? How's that work with all the other trolling that goes on in this shitshow
At least he puts effort behind his posts
Whoever reported him and got him banned is very childish. He does get on peoples nerves with his pompous writings but he does put effort into it and from time to time comes up with some good and novel ideas although its hard to see because he has trouble being succinct and people get tired of reading the walls of text he puts effort in to post. Grow up, you probably have a macro for the report to mod function, don't be a rat. No one likes a rat.
|
|
|
|
kennyP
|
|
May 07, 2016, 02:48:40 AM |
|
Why did the mods ban TPTB? How does censorship help the crypto movement? Where did these posts go? Does anyone know what black hole Bitcoin core (Blockstream) developer Gmaxwell moved the quoted thread to? I can't find it any more and I have no deleted messages from that thread in my PM box. Wholly shit! I am contemplating the possibility that Craig has revealed that who ever created Bitcoin put a backdoor in it! As I already explained, the signature Craig has provided proves either he has cracked something about the way Bitcoin uses SHA256 or he has Satoshi's private key. Afaics, there are no other mathematical possibilities. But note this small detail: You'll note that Bitcoin, for reasons known only to Satoshi, takes the signature of hash of a hash to generate the scriptSig. Quoting Ryan:
Well that isn't so insignificant of a detail when you think more about it in this context. A cryptographic hash function has a property named collision resistance. Collision resistance is related to preimage resistance in that if we have a way to quickly find collisions, then if the preimage is collision then we also break the preimage resistance for that particular hash value. Collision resistance is normally stated as the number of hash attempts required to find a collision or the number of rounds to break collision resistance with reasonable hardware. Normally this is exponentially less than computing the SHA256 hash function 2 256 times. For SHA256, there are collision resistance attacks up to 46 of the 64 rounds of SHA256 (and 52 of 64 rounds for preimage attack). So what happens to collision (and preimage in this context) resistance when we hash the hash? Well all the collisions from the first application of hash become collisions in the second hash, plus the new collisions in the second application of the hash thus increasing the number of rounds that can be attacked. It seems likely that Craig has identified the back door that was placed in Bitcoin as explained above, and used his supercomputer access to find a preimage of SHA256. If am correct, this is major news and Bitcoin could crash.I urge immediately peer review of my statements by other experts. I have not really thought deeply about this. This is just written very quickly off the top of my head. I am busy working on other things and can't put much time into this.
|
|
|
|
sockpuppet1
Newbie
Offline
Activity: 28
Merit: 0
|
|
May 07, 2016, 04:49:29 AM Last edit: May 07, 2016, 05:00:34 AM by sockpuppet1 |
|
You've made at least two mathematically illiterate errors in that quoted text: 1. Testing that double-hashing fulfills some criteria you have prechosen, says nothing about security against cryptoanalysis which your criteria has not considered. 2. Securing a password by iterated hashing (because it requires the dictionary attacker to perform the iteration cost on each dictionary trial) says nothing about the increased vulnerability of collision cryptanalysis. You are conflating two separate issues of security. Of course double hashes can't be applied to securing passwords as in case #2 above. That requires 1000s of hashes. Double hashes would be a silly joke in that case. So thus you've admitted that double hashing adds no protection against a computationally bounded adversary (i.e. the only kind of adversary that exists in the real world). So why did Satoshi add double hashing to Bitcoin So thus you've admitted that double hashing protects against length attacks, but length attacks can't occur in the Bitcoin. So why did Satoshi add double hashing to Bitcoin Don't tell me you arrogantly claim your grand insight is enabled because Bitcoin does hash(hash(M)) instead of appending part of the input to the output of the first hash(hash(M||M')||M') as is always done for HMAC where the idea for deploying double hashing originates.
As I interpret TPTB_need_war's explanation of the potential vulnerability (and I'm the canonical source of such interpretations, lol) due to a Boomerang differential attack, that Satoshi adopted the incorrect way of doing double hashing is precisely what makes Bitcoin open to the hypothesized vulnerability. So why did Satoshi add the incorrect form of double hashing to Bitcoin If you were correct, then every brother and his uncle should be trying to find a cryptographer help them crack Bitcoin and become $millionaires by spending old coins that were allegedly mined by Satoshi and may otherwise never be spent if Satoshi is truly dead.
I tried to be nice to theymouse and Gmaximus and discuss in an open forum about how it might be possible to break Bitcoin so that it could not make one person very wealthy. But they want to play hardball, so... Please kindly quote my post in case it is deleted by the mods.P.S. My personal opinion is I speculate Craig Wright was hired by core to discredit Matonis and Gavin. And I was hired by myself to do the same to "core"; and I speculate "core" appears to be affiliated with the aforementioned individuals. Velvet gloves are off. No more nice guy. Bitcoin is a failed clusterfuck with 70% of the hashrate attributed to China, and one former cattle farmer in China planning to increase that to 98%. The miners and Blockstream are ostensibly colluding to put soft fork versioning into SegWit. There is $1 million per day flowing from n00bs into this raping system that ends up in miner's pockets and other connected parties. Electricity likely charged to the collective via State funded hydroelectric infrastructure. And the ecosystem has no real utility outside of gambling, scams, and other nefarious use cases.
|
|
|
|
sockpuppet1
Newbie
Offline
Activity: 28
Merit: 0
|
|
May 07, 2016, 05:24:30 PM Last edit: May 13, 2016, 08:33:12 AM by sockpuppet1 |
|
I am aware of your past BCT posts about the inadequacies of asymptotic complexity arguments. I don't share your romantic guess of who created BitCON. Btw, Craig says the name Satoshi comes from "the book" about the House of Morgan: https://forum.bitcoin.com/bitcoin-discussion/the-name-satoshi-comes-from-satoshi-david-character-from-the-house-of-morgan-t7619.htmlAnd Nakamoto means "in the book" in Japanese. And Julian Assange knew Craig in 1996: https://www.reddit.com/r/Bitcoin/comments/4hozs5/wikileaks_on_twitter_wed_like_to_thank_satoshi/d2rdg7uDon't forget that (I was told) a House of Rothschild person was sheltering Assange when he was still free in the UK. And note now how the UN is attempting to supercede the UK's authority on the case. There is always a globalist plan for these pawns, including Edward Snowden. I think someone paid off Craig to discredit Matonis and Gavin. Gavin has now lost commit access. The danger is not that BitCON fails, but that it becomes the new totalitarian digital currency. Hope you are aware that ostensibly the Dr. Craig Wright can't be proven to have made the blog posts, which implicate him: http://craigswright.com/Meaning a failure of Bitcoin is not the big problem we face. I hope for the failure of Bitcoin instead of it scaling by becoming centralized. The danger is that many vested interests want Bitcoin to continue even if it is centralized. Centralization doesn't necessarily kill Bitcoin, unless the centralized controllers kill it. Too many tinfoil hats want Bitcoin to succeed and be "the better gold" even if it is centralized and controlled by the combination of China's miners, Larry Summers' 21 Inc., and Blockstream. The annals of the crypto-currency arena is littered with ignonymous players. Similar to the birth history of President Obama, theymous and the Gman are nearly entirely ignonymous. I've seen only one photo of theyman. I can't find any LinkedIn for the Gman, his educational history, which high school he attended, and where he was born, even though most of his colleages at Blockstream have a LinkedIn. Googling "Gregory F. Maxwell" only returns an address and phone in Parker, Colorado and the following Wikipedia Commons page: https://upload.wikimedia.org/wikipedia/commons/d/d2/Gmaxwell-boat.jpgI note the Gman's use of the "rascist" attack against both TPTB_need_war and against Zooko @ Z.cash. And in the above linked Wikipedia Commons, his support for viral "copyleft" licenses that force companies to refuse to use open source because they aren't allowed to keep any portion of their derivative works as proprietary code. In other words, some of sort of totalitarian socialist/Marxist philosophy similar to FSF's Richard Stalman. Dangerous. Readers again you may want to quote this message because we can't be sure if mods won't get "happy finger" and nuke this post.Edit: these 1996 posts by Julian Assange says everything you need to know about whether he is a eugenics globalist: And what am I paying for...to protect the status quo. I believe that there is more than enough help for ppl available. They just need to get off their butts and work.
Do we really need your amatuer political views? The term "defect" is therefore entirely out of line. We have no business placing judgements from our own limited material value sets onto something which has the definite potential of affecting all future generations of Humanity. It's none of our business.
The problem however, is that artificial selection maybe the only way to select beneficial attributes at all. What is presently being selected for in western societies is all the factors that lead to a lack of practice or belief in birth control. I'll let the reader think for a moment on just what those are. Perhaps we can also somehow test for and abolish the "Catholic" gene? And I suppose Julian should decide whose morals are best subjugated by robber barons as a matter of practicality, i.e. Julian is person who is thinking about how to best organize society from the top-down: "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_
but the most probable conclusion is Satoshi was one man and he was simply mistaken
One man can't accomplish what "Satoshi" did with such precision. It was a large group of experts. No doubt about it. You guys who have no experience in doing something like this, love to have your James Bond fantasies. But you are completely out-of-touch with the reality of actually doing what "Satoshi" accomplished.
|
|
|
|
|
generalizethis
Legendary
Offline
Activity: 1750
Merit: 1036
Facts are more efficient than fud
|
|
May 08, 2016, 11:46:11 AM Last edit: May 08, 2016, 11:11:10 PM by generalizethis |
|
Have you ever read Delueze's Societies of Control? Bitcoin fits great with this agenda, though I think Deleuze would say it's the natural progression of Capitalism and more the TPTB playing themselves than leading anyone--pay specially attention to the discipline society being ousted for control society when reading. While I think some in Bitcoin are trying to make it more private, I don't think it will ever achieve any degree of great privacy as it will never be at the protocol level and require you going through observable way stations that require you to borrow further and further underground--"Neo, what's in your wallet?" http://www.mccoyspace.com/nyu/10_s/ideas/texts/week08-Deleuze.pdf
|
|
|
|
kiklo
Legendary
Offline
Activity: 1092
Merit: 1000
|
|
May 08, 2016, 08:46:30 PM |
|
If we quit looking for a single person and speculate a combination of intelligence agencies as Satoshi Nakamoto, We get the following : SATO= MI6 ( Secret Intelligence Service) http://topdocumentaryfilms.com/satoyama/SHI = CIA (Central Intelligence Agency) http://www.kanjijapanese.com/en/dictionary-japanese-english/shishi-aie- translated is Central Intelligence Agency(Extra sneaky dropped the -aie- ) NAKA = Home ( Homeland Security or MI5 (Domestic intelligence) or both) Moto = Mossad (referred to inhouse as the Institute) (Extra sneaky , removed a T , would have originally been Motto) mot·to 'mädo/noun noun: motto; plural noun: mottoes; plural noun: mottos a short sentence or phrase chosen as encapsulating the beliefs or ideals guiding an individual, family, or institution.
|
|
|
|
The Sceptical Chymist
Legendary
Offline
Activity: 3514
Merit: 6985
Top Crypto Casino
|
|
May 08, 2016, 11:04:20 PM |
|
TBT really got banned??? How's that work with all the other trolling that goes on in this shitshow
At least he puts effort behind his posts
Well gleb gamow and SebastianJu both got temp banned too for similar reasons not too long ago. At least the forum rules are being enforced somewhat fairly.
|
|
|
|
sockpuppet1
Newbie
Offline
Activity: 28
Merit: 0
|
|
May 09, 2016, 02:49:10 AM Last edit: May 09, 2016, 03:06:18 AM by sockpuppet1 |
|
Well gleb gamow and SebastianJu both got temp banned too for similar reasons not too long ago. At least the forum rules are being enforced somewhat fairly.
Which similar reasons? Tisk tisk. Keep your posts in Meta or ...
"Tsk. Tsk" are the words I expect to hear from your grandmother calling you to have your daily scolding. I don't cowtail to theymos' delusions, technical incompetence, and censorship. If I may express some frustration w.r.t. to desire to troll and censor, "Fuck you and theymos too". TPTB_need_war doesn't care. He can always subvert any ban. Any way, TPTB_need_war is too busy programming. He has provided a public service. And yes he was banned for revealing a potential back door in Bitcoin[1]. Just goes to show how theymos and gmaxwell are protecting you. And yourself, how about you grow up and learn to tolerate open dialogue. P.S. permanently banning TPTB_need_war is perfect for his plans. I hope theymos has the balls and the technical knowledge to attempt it. Also I didn't start this thread. I didn't ask for this thread. I wasn't intending to post in this subforum at this time. Blame the person who created this thread. I read so much misunderstanding and slander of TPTB_need_war that required clarification and correction. [1] In the ban message and in theymos's private message which is quoted by TPTP_need_war, theymos indicated the reason for the ban in addition to his incorrect claim of spouting technical nonsense, he also alleged spamming of messages in several threads and the ad hominem attacks against others. Theymos appears to be protecting Foxpop who hurled ad hominemfirst, and CIYAM who also hurled ad hominem first. TPTB_need_war had stated that the reason for posting in numerous threads, is because the mods allowed people to make numerous duplicate threads on the same topic about Craig Wright claiming to be Satoshi Nakamoto. Do take note that at the time he was having the debate with CIYAM, he had thought that Craig's signature had matched the hash of the Sartre text because he was misled by sloppy reporting and sloppy writing of those who did the technical analysis. It was only later that he learned that was not the case. And after all, his alleged back door in Bitcoin remains potentially true. You don't ban people for these incorrect reasons and expect to remain respected and expect others to not want to overcome inappropriate use of influence. There is too much ignonymous influence in Bitcoin.
...absolutely petrifying. You did it to yourselves. Now you will reap what you have sown. I am an American who doesn't share your looney European Marxism. Last time it was a million in the gas chambers. Let's see how it goes this round. Shut up and get back to work on building your copy-leftist clusterfuck. I don't associate with scum like you. I compete and overcome. Bye. Unless that is you want to say those words about my kids to my face. Otherwise we have nothing more to discuss. Enjoy your life.
|
|
|
|
|