URGENT: please peer review a possible back door in Bitcoin?

[TPTB_need_war]

The thread with the above title was deleted to the ether:

https://bitcointalk.org/index.php?topic=1459846.msg14758977#msg14758977

There is something very fishy going on. I'd sell BTC immediately as this is a very dangerous time. Something is happening that "they" don't want us to know.

[1714890335]

1714890335

[1714890335]

1714890335

[1714890335]

1714890335

[1714890335]

1714890335

[Foxpup]

Your thread was deleted because it was utterly moronic, even more so than your usual bullshit. Everyone who had the misfortune to read it is now dumber for having done so. Go ahead and sell your coins, and don't let the door hit you on your way out.

[TPTB_need_war]

Can someone explain how he signed the 'Satre' quote WITHOUT having to break SHA256 (finding a collision) ?

It's pretty important, as if he did do that, Bitcoin is broken.

He never used the hash of any Sartre quote (that was just misdirection) - the double hash that he used was simply that used in Satoshi's tx along with the signature that was used in the tx.

(basically he just copied and pasted from the blockchain then put together an elaborate pretense that he had somehow managed to sign something else using a private key known to belong to Satoshi)

Even the silly BBC report has been corrected once they finally worked out that they had been tricked.

Oh.. I see.. thanks.

How can 'big boys' like Gavin and Matonis have fallen for this.. !? That shows very poor skills..  ( ..too poor if you ask me.. )

No one has presented a script which hashes all portions of the Sartre text to verify whether it does or does not hash to the correct value.

Until someone does that, they can't be sure that Craig won't reveal the Sartre text which does hash to the correct value, thus proving that he broke the cryptography. Since the SHA-256 was already broken to 46 - 52 rounds of the 64 rounds (for a single hash), then doubling the hash as Bitcoin does could potentially break it for all 64 rounds, because ostensibly collision resistance gets worse when doubling a hash (as I had explained in detail upthread). No one knows why Satoshi designed Bitcoin with a double hash. I am positing it might be a back door.

CIYAM is misleading you. Follow an idiot if you want to be one.

I'm sorry for my lack of technical understanding, but if there were a back door in btc.

1. Could this be fixed easily before it could be used in a way to hurt btc? i.e do you need a super computer to utilize this back door?
2. would this same issue be there in all alts that were essentially cloned from btc code or does using a different algo or POS help to nullify this backdoor?

I am not sure if you thread was deleted since you didn't receive a PM about it. Does one receive a personal message when a thread is moved?

No when a thread is moved they don't receive a PM, but there is no "Moved: ....." thread message remaining the Bitcoin Technical Discussion subforum. And I also checked Off-topic and it hasn't been moved there afaics. Also normally the link doesn't stop functioning even when it is moved. Clearly Gmaxwell is trying to hide it.

Gmaxwell might try to claim he banned me from that sub-forum, yet he had mentioned in our last communications that I am not banned from that forum. And also smooth and I recently posted in the thread in that sub-forum on one of the SegWit threads and afaik my post hadn't been deleted the last time I looked. He didn't just delete my posts in the thread but also posts from several other forum members who posted in that thread. The entire thread has been vaporized afaics. I presume Gmaxwell is formulating his plan now how to try to make me look like a fool. We know what happened the last time he tried to do that, I embarrassed him technically.

What I stated in that thread is that this is all presuming that Craig will be able to tell us which portion of the Sartre text hashes the hash output that was signed as proof on his blog. If Craig doesn't ever do that, then he is a fraud. But if he does it, then it means there is some cryptographic breakage in Bitcoin. And I am identifying the double hash as the greatest potential weakness.

1. The more I think about it, the more I realize that if it is true, then it means who ever can do this, could potentially spend other people's coins. So maybe this is how Craig will spend coins from an early block of Bitcoin (although he might have mined then also depending how early the block is he moves coins from). And the only fix I think would be to have everyone respend their coins with a fixed block chain and fixed wallets. And for lost or inactive coins, they would remain vulnerable. You may or may not need a super computer depending on the cryptographic breakage. I am not sure if an ASIC miner would help or if having access to a miner in China with 30% of Bitcoin's hashrate would help or be necessary. I can't really speculate on the exact metrics of any cryptographic breakage since this would have I assume required a lot of research on his part.

2. Yes it would apply to clones which copies the double hashing.

I repeat this is conjecture that hinges on two speculations:

a) That Craig can present the portion of the Sartre text which hashes correctly.

b) That the cryptographic breakage that allowed #a, is a break in the SHA256 presumably due to the double hashing.

[TPTB_need_war]

Okay now we are starting to get some evidence that there might be a coordinated attack to hide the facts I have presented (note the following thread move to Meta is not the thread that Gmaxwell deleted):

Your thread was deleted because it was utterly moronic, even more so than your usual bullshit. Everyone who had the misfortune to read it is now dumber for having done so. Go ahead and sell your coins, and don't let the door hit you on your way out.

The Bitcoin maximalists are having a heart attack because they don't like the facts.

Okay now we are starting to get some evidence that there might be a coordinated attack to hide the facts I have presented (note the following thread move to Meta is not the thread that Gmaxwell deleted)

It's likely not a coordinated attack but a manifestation of collective conscience of bitcoin holders who don't want a sell panic to start.

Well let them be the last one out the door. Much better they can trample each other on the way out. 

[Lauda]

It seems likely that Craig has identified the back door that was placed in Bitcoin as explained above, and used his supercomputer access to find a preimage of SHA256.

You should be thankful that you are not banned (yet) due to the amount of spam that you've posted in the recent days.

[TPTB_need_war]

It seems likely that Craig has identified the back door that was placed in Bitcoin as explained above, and used his supercomputer access to find a preimage of SHA256.

Who are you quoting? I never wrote that text.

Liars and spin masters rephrase the wording to present someone's argument out-of-context (and delete entire threads where the caveats where disclaimed by myself which you are failing to mention).

You should be thankful that you are not banned (yet) due to the amount of spam that you've posted in the recent days.

Dude they know they can't ban me. I have too much political clout here. You should be careful with your words.

If they do ban me, it will only only make me stronger, because so many people will see the forum as a farce.

Besides my posting here on this forum is irrelevant to my work. I donate my time and effort as a public service.

[minifrij]

Who are you quoting? I never wrote that text.

Yes you did. Either that or you decided to take credit for someone else saying it. Maybe you should go to a doctor and ask for an Alzheimer's screening, considering you've already forgotten something you wrote today.

Dude they know they can't ban me. I have too much political clout here. You should be careful with your words.

I don't know about anyone else, but I'm terrified.

[Foxpup]

[Lauda]

Who are you quoting? I never wrote that text.

Yeah, definitely did not say that in your thread:

Dude they know they can't ban me. I have too much political clout here. You should be careful with your words.

[TPTB_need_war]

Who are you quoting? I never wrote that text.

Yes you did. Either that or you decided to take credit for someone else saying it. Maybe you should go to a doctor and ask for an Alzheimer's screening, considering you've already forgotten something you wrote today.

I did not write that text with bolded phrase and without the context of the caveats that I provided at the deleted thread which was quoted out-of-context and missing the link to the context, as explained already dufus:

It seems likely that Craig has identified the back door that was placed in Bitcoin as explained above, and used his supercomputer access to find a preimage of SHA256.

Who are you quoting? I never wrote that text.

Liars and spin masters rephrase the wording to present someone's argument out-of-context (and delete entire threads where the caveats where disclaimed by myself which you are failing to mention).

Is that the best you retards can do?

P.S. the context at the deleted thread which LauraM didn't even link to, contained bolded and red caveats similar to my reexplanation as follows (which I was forced to repeat after your leader gmaxwell vaporized an entire thread):

What I stated in that thread is that this is all presuming that Craig will be able to tell us which portion of the Sartre text hashes the hash output that was signed as proof on his blog. If Craig doesn't ever do that, then he is a fraud. But if he does it, then it means there is some cryptographic breakage in Bitcoin. And I am identifying the double hash as the greatest potential weakness.

1. The more I think about it, the more I realize that if it is true, then it means who ever can do this, could potentially spend other people's coins. So maybe this is how Craig will spend coins from an early block of Bitcoin (although he might have mined then also depending how early the block is he moves coins from). And the only fix I think would be to have everyone respend their coins with a fixed block chain and fixed wallets. And for lost or inactive coins, they would remain vulnerable. You may or may not need a super computer depending on the cryptographic breakage. I am not sure if an ASIC miner would help or if having access to a miner in China with 30% of Bitcoin's hashrate would help or be necessary. I can't really speculate on the exact metrics of any cryptographic breakage since this would have I assume required a lot of research on his part.

2. Yes it would apply to clones which copies the double hashing.

I repeat this is conjecture that hinges on two speculations:

a) That Craig can present the portion of the Sartre text which hashes correctly.

b) That the cryptographic breakage that allowed #a, is a break in the SHA256 presumably due to the double hashing.

You continue following gmaxwell. He will lead you to failure.

[minifrij]

I did not write that text with bolded phrase and without the context of the caveats that I provided at the deleted thread which was quoted out-of-context and missing the link to the context

Regardless of whether the context is provided, trying to deny you wrote the text is a lie. Granted the meaning changes somewhat when context is provided, however it doesn't change the fact.

I don't understand what this thread's point is. Are you complaining that the staff deleted your post, or just trying to spread your 'facts' around the forum further to cause unnecessary panic?

[TPTB_need_war]

Your thread was deleted because it was utterly moronic, even more so than your usual bullshit. Everyone who had the misfortune to read it is now dumber for having done so. Go ahead and sell your coins, and don't let the door hit you on your way out.

The Bitcoin maximalists are having a heart attack because they don't like the facts.

While there are facts I don't like, I can accept them and I've never suffered a heart attack as a result. Though it's irrelevant since you've never said anything that even remotely resembles a fact.

You are free to present a refutation of anything I've written. So far, I've seen no technical argument from you.

Please do try, so I can REKT you.

Edit: let's go on Skype now. I want to talk some sense into you or at least find out in voice and webcam what sort of idiot trolls me. Are you afraid?

[Lauda]

Liars and spin masters rephrase the wording to present someone's argument out-of-context (and delete entire threads where the caveats where disclaimed by myself which you are failing to mention).

Nothing was 'rephrased'. It was a screenshot from something that you wrote, even though you claim that you didn't.

P.S. the context at the deleted thread which LauraM didn't even link to, contained bolded and red caveats similar to my reexplanation as follows (which I was forced to repeat after your leader gmaxwell vaporized an entire thread):

"Laura" can't link to things that have been trashed. Technically, I can, but you are unable to see them directly.
You're producing so much spam in addition to breaking several rules along the way.

[TPTB_need_war]

I did not write that text with bolded phrase and without the context of the caveats that I provided at the deleted thread which was quoted out-of-context and missing the link to the context

Regardless of whether the context is provided, trying to deny you wrote the text is a lie. Granted the meaning changes somewhat when context is provided, however it doesn't change the fact.

I denied writing the text without the context. Where is the lie? Are you pulling my words out of my context again! Disingenuous fuckers you all are.

I don't understand what this thread's point is. Are you complaining that the staff deleted your post, or just trying to spread your 'facts' around the forum further to cause unnecessary panic?

Yeah you don't understand. Probably because you don't want to understand. Enjoy.

[TPTB_need_war]

I understand it is only speculation at this point, and perhaps the other explanation you mentioned is more likely.

Yes it is much more likely he is a fraud. But one has to wonder why he has gone this far, if he can't follow through.

My theory was only to discuss a theory, but the Bitcoin maximalists can't tolerate freedom-of-speech. So this might tell you where Blockstream will lead Bitcoin. Their SegWit is arguably a scam where they will not have soft fork versioning control over Bitcoin after adding SegWit, as has been explained by Professor Stolfi for example.

The soft fork versioning is a Trojan Horse. Smooth and I challenged Gmaxwell on that point some weeks ago in the Bitcoin Technical Dicussion thread, and last time I checked he had never replied.

It is all politics.

Is there any other reason there is double hashing? I mean are there known benefits and thus reasons it was employed? It was simply a mystery addition that nobody could justify its existance?

Afaik, nobody can justify it. Apparently only Satoshi knows why.

I am now offering a theory as to why. And speculation could be perhaps some people already knew this and were covering it up perhaps, but that isn't necessary to make my theory worth discussing.

If there are no high level tech people here that can explain exactly why it is there then it does seem strange? why was it not questioned before and perhaps removed?

Afair it has been questioned and brushed aside as, "only satoshi knows".

So specifically LTC/Doge would be effected too? the algo does not matter ie scrypt is just as vulnerable as sha256 because this same double hashing is present?

Transaction signing is not related to mining hash algorithm.

Are there any other high level programmers here who have looked at the double hashing and have any ideas about it? negative or positive?

As far as I know, I am the first to present the potential for decreased collision resistance. I googled and didn't find anything.

Hopefully this is not the case and even if it were it is fixable before someone and their super computer or large hash farm can cause any issues.

What about ETH is that vulnerable.

I don't know if ETH uses a double hash on signing.

Also there is another detail which I am not sure about, which I was hoping to ask in that other thread that got deleted. I want to know if Bitcoin is signing a double hash of the transaction, or if the double-hash is only on the public key? That makes a big difference. If only the latter, then perhaps my theory is incorrect. As I wrote in the OP of the thread that got deleted, I didn't spend a lot of time checking all the details and hoped to receive peer review from other experts. but the thread was deleted.

I mean hopefully even worst case there would be a rush to other non vulnerable cryptos and not everyone bailing on the entire cryto scene.

This is why it is always good to have a few different currencies. Some which share practically no similaries so if a whole is found it one then capital can flow to another.

The most likely outcomes are:

1. Craig is a fraud and this issue dies.
2. I misunderstood some detail about where the double-hashing is in Bitcoin's transaction system, thus my theory is invalid.

However, there is also a chance my theory is correct. In that case, I don't know if altcoins without the vulnerability would benefit or suffer.

I just wanted to have a discussion. The Bitcoin maximalists turned it into a war. Bastards.

[Foxpup]

Edit: let's go on Skype now. I want to talk some sense into you or at least find out in voice and webcam what sort of idiot trolls me. Are you afraid?

I don't have a webcam.

Disingenuous fuckers you all are.

Hey, I'm man enough to take a few insults, but now you've gone too far. I am not a disingenuous fucker. My sex life has always been genuine. Are you just jealous?

[TPTB_need_war]

http://drcraigwright.net/ 

It appears that the entire fiasco was crafted to destroy Matonis and Andresen.

He has apparently taken the fall in order to hand more power to those who are not Matonis and Andresen.

But the saga may not be fully played out yet...

[TPTB_need_war]

You got your answer, satoshi my ass... lol

http://www.drcraigwright.net/

LOL, back to work

We don't know yet for sure who Craig is working for.

This obviously was not done without a purpose.

You don't take these huge risk (e.g. of being sued, etc) without a sufficient reason.

Is Matonis a large blocker like Gavin?

Not?

https://www.reddit.com/r/Bitcoin/comments/3yupa6/philosophy_jon_matonis_extending_transaction_fee/

But they both are key members (control?) the Bitcoin Foundation?

What were their positions on Blockstream's SegWit?

Matonis is against block chain soft forks that are in SegWit:

https://www.cryptocoinsnews.com/jon-matonis-believes-block-size-debate-precursor-block-reward-debate/

http://bitcoinist.net/bitcoin-industry-leaders-block-size/

I guess there goes your Bitcoin is broken fud theory.

It might still be technically valid even if Craig isn't availing of such a vulnerability. And I am not yet sure if Craig has quit. He would place himself in greater legal burden by not following through.

Asking to have a technical discussion with a question mark and asking readers to please wait for the replies from other experts, hardly constitutes FUD. Please re-read the quote where I specifically stated those caveats from the very start (of course Gmaxwell deleted the thread but we still have my quote of the OP).

Remember Monero (not smooth) ignored for a year or more my points about combinatorial unmasking and IP address correlation. Finally now they admit it.

[Za1n]

Dang, well that ended quickly. I was just starting to take an interest in this whole "some part of the Sartre text might possibly result in same hash" discussion.

[TPTB_need_war]

Your thread was deleted because it was utterly moronic, even more so than your usual bullshit. Everyone who had the misfortune to read it is now dumber for having done so. Go ahead and sell your coins, and don't let the door hit you on your way out.

The Bitcoin maximalists are having a heart attack because they don't like the facts.

While there are facts I don't like, I can accept them and I've never suffered a heart attack as a result. Though it's irrelevant since you've never said anything that even remotely resembles a fact.

You are free to present a refutation of anything I've written. So far, I've seen no technical argument from you.

How can I? One can only make a technical argument against disputed facts, and as I said, nothing you've ever said resembles a fact, disputed or otherwise.

I presented a technical argument. Regardless of the actions of Craig, that technical argument remains.

A technical argument by definition is not a fact. It is a technical position that stands to be debated. So if you are unwilling to respond technically to my technical points, then obviously you have nothing technical to say.

Here are some positions I made which you and no one else has refuted:

1. Craig said he signed a hash of some Sartre document but did not disclose which portion of the text. No one has written a script to prove that no portion or combination of portions of that Sartre text will not hash to the value that was signed. Thus I stated until someone has proven that it is impossible for Craig to later show that some portion of the Sartre text will hash to the sign hash value, then you can't claim with certainty that he can't do that. At the bare minimum, those who were checking Craig's proof, should have at least run a simple script to try every contiguous portion (no permutations) of the Sartre text (which is a tractable computation).

2. I have stated that no one seems to know why Bitcoin employs double hashing, and I have stated a theory that double hashing may weaken the collision resistance of the SHA256. I gave my logic for why that may be the case. I also note that SHA256 is documented to be reasonably close to being broken with 46 - 52 of the 64 rounds already broken. Thus I presented the theory that perhaps the double-hashing might push the vulnerability over the edge of breakage of 64 rounds. I didn't present that as a likely theory. I presented it as a point of discussion. If you have no way to refute this technical possibility because you don't know a damn thing about cryptographic hash function construction then that means you are not expert enough to comment about the quality of my theory. Do you for example even understand why two SHA256 hash function applications in series is not equivalent to 2 x 64 rounds? I ask you a specific question and I expect a specific answer.

I understand you don't like me, but that is your personal problem. Only a technical reply from you is relevant. Of course you can't make one.

Also how do you know that Craig didn't withdraw his plan because I just explained how he may of accomplished the feat he claimed he can do? I mean if someone could even explain the rational justification for the double-hashing, then we wouldn't be wondering as much.