Bitcoin Forum
November 18, 2024, 11:22:32 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Should bitcoin move to SHA-3 ?  (Read 4422 times)
Monster Tent (OP)
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
February 23, 2013, 05:47:18 AM
 #1

http://en.wikipedia.org/wiki/SHA-3

Now that the standard for SHA-3 is known why not upgrade for the 1.0 release of bitcoin ?

Nesetalis
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250



View Profile
February 23, 2013, 06:21:23 AM
 #2

Sha3 does not provide anything particularly new or useful, and sha2 is still quite secure.
not to mention, utilizing sha3 would require specific libraries installed on every computer that uses it.. or at least compile time libraries.. which wouldn't be particularly fun. Sha2 is already so well distributed, most systems are already going to have it (though perhaps not windows Tongue)

give it a few years, then maybe.

(it also gives sha3 a chance to be cracked if there is some inherent flaw in it that no one has found yet.)

ZOMG Moo!
notme
Legendary
*
Offline Offline

Activity: 1904
Merit: 1002


View Profile
February 23, 2013, 06:49:15 AM
 #3

Sha3 does not provide anything particularly new or useful, and sha2 is still quite secure.
not to mention, utilizing sha3 would require specific libraries installed on every computer that uses it.. or at least compile time libraries.. which wouldn't be particularly fun. Sha2 is already so well distributed, most systems are already going to have it (though perhaps not windows Tongue)

give it a few years, then maybe.

(it also gives sha3 a chance to be cracked if there is some inherent flaw in it that no one has found yet.)

This.  Let's give it time to be vetted.  What we have is fine and will be for some time: http://blog.oleganza.com/post/42523601710/how-to-steal-all-coins

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
Killdozer
Full Member
***
Offline Offline

Activity: 203
Merit: 100



View Profile
February 23, 2013, 11:05:39 AM
 #4

Have you completely missed the fact that hard fork is a bad thing? Once we just started talking about raising the block size limit the forum filled with angry discussions, and that change actually has a practical importance. Here you want to make a change which does not really affect anything and make a hard fork, just like that, for the sake of it?

Monster Tent (OP)
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
February 23, 2013, 11:27:15 AM
 #5

Have you completely missed the fact that hard fork is a bad thing? Once we just started talking about raising the block size limit the forum filled with angry discussions, and that change actually has a practical importance. Here you want to make a change which does not really affect anything and make a hard fork, just like that, for the sake of it?

If you are going to hard fork the chain doesnt it make sense to add more features that also require a fork ie 1 hard fork is better than 100 individual ones.

Scrat Acorns
Sr. Member
****
Offline Offline

Activity: 293
Merit: 250



View Profile
February 23, 2013, 11:52:24 AM
 #6

If you are going to hard fork the chain doesnt it make sense to add more features that also require a fork ie 1 hard fork is better than 100 individual ones.

Yes, but this is not how cryptography works. Keccak has just been announced so it will take a few years of people trying to break it (apart from the NIST competition) before enough confidence is gained in its favor. It is however a great candidate in the event that Merkle-Damgard constructions are weakened.

You're also forgetting that ditching SHA256 will make all mining software and current ASIC designs useless. It will also require completely new addresses if you use it for address generation.
Gabi
Legendary
*
Offline Offline

Activity: 1148
Merit: 1008


If you want to walk on water, get out of the boat


View Profile
February 23, 2013, 01:15:04 PM
 #7

SHA-2 is older and yet, it has not been cracked, despite everyone in the world trying do to that because it is used by everyone.

This SHA-3 is new, much less tested and with much less people trying to break it (any bank that use it yet? Nah)

Right now SHA-2 is safer.

JordanL
Donator
Sr. Member
*
Offline Offline

Activity: 294
Merit: 250



View Profile
February 23, 2013, 01:42:52 PM
 #8

You're also forgetting that ditching SHA256 will make all mining software and current ASIC designs useless.

In other words... impossible. Miners would never vote themselves into obsolescence.
Anonymailer
aka BitBacco
Hero Member
*****
Offline Offline

Activity: 662
Merit: 500



View Profile WWW
February 24, 2013, 08:39:35 PM
 #9

You're also forgetting that ditching SHA256 will make all mining software and current ASIC designs useless.

In other words... impossible. Miners would never vote themselves into obsolescence.

Interesting. In that case, surely a way to support two standards simultaneously will have to be devised, at some point? Otherwise the security of the network and the difficulty would drop near zero overnight…

MacMiner - The first, best and easiest to use native Mac coin mining app: https://bitcointalk.org/index.php?topic=197110.0

BTC: 12vZf8mjaXvHorXWVWfv7nZspHa8L8kfoG LTC: LLRqwo3YcLqoRyfZRVmUevtd2Y35Vvnt4w
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4284
Merit: 8808



View Profile WWW
February 25, 2013, 04:12:53 AM
 #10

You're also forgetting that ditching SHA256 will make all mining software and current ASIC designs useless.
In other words... impossible. Miners would never vote themselves into obsolescence.
uhhhh... That is not how Bitcoin works. Miners exist at the pleasure of the users, not the other way around. Miners vote on the ordering of transactions, _thats it_. The rest of the rules are baked in... bit as a whole Bitcoin's users moved to something incompatible with existing miners— well, they just wouldn't be miners anymore. Otherwise— you could presume they'd still be paying themselves 50 BTC/block now. Smiley

Though this is all a silly tangent: the use of SHA256 for the POW is totally distinct from the hash used elsewhere. It's quite possible to change other things to use something else but keep the POW SHA256.  Not even unlikely, since problems in SHA256 which would be fatal elsewhere would be harmless for the POW.
ripper234
Legendary
*
Offline Offline

Activity: 1358
Merit: 1003


Ron Gross


View Profile WWW
February 25, 2013, 05:52:18 AM
 #11

Miners vote on the ordering of transactions, _thats it_. The rest of the rules are baked in... bit as a whole Bitcoin's users moved to something incompatible with existing miners— well, they just wouldn't be miners anymore. Otherwise— you could presume they'd still be paying themselves 50 BTC/block now. Smiley

Untrue.
Miners voted on BIP 16 vs BIP 17 in the past. No reason to think they won't on hardforks in the future.

Miners aren't the only ones that count, but they certainly play a role in determining whether to adopt a hardfork or not.

Please do not pm me, use ron@bitcoin.org.il instead
Mastercoin Executive Director
Co-founder of the Israeli Bitcoin Association
iddo
Sr. Member
****
Offline Offline

Activity: 360
Merit: 251


View Profile
February 25, 2013, 04:53:44 PM
 #12

Miners vote on the ordering of transactions, _thats it_. The rest of the rules are baked in... bit as a whole Bitcoin's users moved to something incompatible with existing miners— well, they just wouldn't be miners anymore. Otherwise— you could presume they'd still be paying themselves 50 BTC/block now. Smiley

Untrue.

Maybe it's better to say "unclear" than "untrue". I think that the interesting observation is that the more decentralized the SHA256 (ASIC) hashpower is, the more users who'd prefer to stay with the SHA256 PoW network. One reason for that is simply that there'd be more users who are also SHA256 ASIC miners, and those users have a financial interest to stay with SHA256. Another reason for that is that when the hashpower becomes more centralized, it also becomes more worthless, so the users who aren't miners wouldn't have an incentive to stick to SHA256.


Though this is all a silly tangent: the use of SHA256 for the POW is totally distinct from the hash used elsewhere. It's quite possible to change other things to use something else but keep the POW SHA256.  Not even unlikely, since problems in SHA256 which would be fatal elsewhere would be harmless for the POW.

For example the collision attack that Gavin described here could be fixed by switching to SHA3, while still using SHA256 for the PoW, right? So I guess that the SHA256 PoW would become unusable only if there's (full) preimage attack, or worse if there's second preimage attack since we'd need to add SHA3 hashes to all the old blocks. In other words, collision attacks on SHA256 are irrelevant for the PoW.
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4284
Merit: 8808



View Profile WWW
May 31, 2013, 10:47:34 PM
 #13

Untrue.
Miners voted on BIP 16 vs BIP 17 in the past. No reason to think they won't on hardforks in the future.
Miners aren't the only ones that count, but they certainly play a role in determining whether to adopt a hardfork or not.
BIP16 wasn't a hardfork.
Luckybit
Hero Member
*****
Offline Offline

Activity: 714
Merit: 510



View Profile
June 01, 2013, 05:29:18 AM
 #14

http://en.wikipedia.org/wiki/SHA-3

Now that the standard for SHA-3 is known why not upgrade for the 1.0 release of bitcoin ?

This might be a good idea for Netcoin.
oakpacific
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


View Profile
June 01, 2013, 05:35:19 AM
 #15

SHA3 offers absolutely no advantage. Even if collisions for SHA2 can be found, it still won't affect mining, and address hashing can be improved with quick fixes, rather than implementing a new hashing algorithm. If QC is invented, its influence on SHA2 and SHA3 will be the same.

https://tlsnotary.org/ Fraud proofing decentralized fiat-Bitcoin trading.
jaywaka2713
Sr. Member
****
Offline Offline

Activity: 266
Merit: 250


aka 7Strykes


View Profile
June 01, 2013, 05:41:02 AM
 #16

You're also forgetting that ditching SHA256 will make all mining software and current ASIC designs useless.

In other words... impossible. Miners would never vote themselves into obsolescence.

Interesting. In that case, surely a way to support two standards simultaneously will have to be devised, at some point? Otherwise the security of the network and the difficulty would drop near zero overnight…

Difficulty would drop to 0 along with the hashrate because you need libraries that are SHA-3 capable, along with new miner software. Simply, forget the idea.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!