Suggestion: Replace SHA-256 with SHA-512 from block 200.000 ?

[ShadowOfHarbringer]

Lately there have been major technological breakthroughs, such as memristors, graphene-based transistors and so which will probably greatly increase processing power of computers yet to come.

So i propose a (relatively simple ?) change which would make bitcoin prepared for a 10-fold or more increase in computers' speed in the close future. Change hashing algorithm from SHA-256 to SHA-512 from block 200.000 or 250.000. This would raise the bar of difficulty of attacking the network.

Bitcoin is gaining popularity fast, so we should be prepared for the worst. IMHO it's better to be safe than sorry. Also, the more serious we get about network security, the more seriously will companies & other "serious" entities look at bitcoin resulting in wider adoption.

[1715017708]

1715017708

[1715017708]

1715017708

[1715017708]

1715017708

[1715017708]

1715017708

[1715017708]

1715017708

[grondilu]

Lately there have been major technological breakthroughs, such as memristors, graphene-based transistors and so which will probably greatly increase processing power of computers yet to come.

So i propose a (relatively simple ?) change which would make bitcoin prepared for a 10-fold or more increase in computers' speed in the close future. Change hashing algorithm from SHA-256 to SHA-512 from block 200.000 or 250.000. This would raise the bar of difficulty of attacking the network.

Bitcoin is gaining popularity fast, so we should be prepared for the worst. IMHO it's better to be safe than sorry. Also, the more serious we get about network security, the more seriously will companies & other "serious" entities look at bitcoin resulting in wider adoption.

Is it only possible ?  I mean, sha512 requires twice as many bits of space than sha256.  Therefore I wonder if it would fit the current block structure.

[mimarob]

Can one really change the algorithm on-the-fly like that?

Doesn't it require a majority of the nodes agreeing to run the new software?

[ShadowOfHarbringer]

Can one really change the algorithm on-the-fly like that?

Doesn't it require a majority of the nodes agreeing to run the new software?

From what i understand about the algorithms used, after the SHA256->512 update, it would no longer be possible for old (unupdated) clients to connect to the network, as their block chain would be rejected by all the new nodes.

Because bitcoin works on semi-fixed timeframes, it is possible to "schedule" a certain update to happen after some time (after block number XXXX), and this is exactly what i am suggesting. The change could happen even YEARS after the update (in this case, block 200.000 = about 12 months from now). All clients will be probably updated to the new version by then.

[grondilu]

Can one really change the algorithm on-the-fly like that?

Doesn't it require a majority of the nodes agreeing to run the new software?

From what i understand about the algorithms used, after the SHA256->512 update, it would no longer be possible for old (unupdated) clients to connect to the network, as their block chain would be rejected by all the new nodes.

Because bitcoin works on semi-fixed timeframes, it is possible to "schedule" a certain update to happen after some time (after block number XXXX), and this is exactly what i am suggesting. The change could happen even YEARS after the update (in this case, block 200.000 = about 12 months from now). All clients will be probably updated to the new version by then.

This seems very hazardous.  If you really want to do that, I suggest you fork bitcoin.

As far as I'm concerned, I very much doubt sha256 will be broken any time soon.

[ShadowOfHarbringer]

This seems very hazardous.  If you really want to do that, I suggest you fork bitcoin.

Fork bitcoin ? What for if we can easily schedule things to happen X years in future ?

As far as I'm concerned, I very much doubt sha256 will be broken any time soon.

Let's assume there will be a technological breakthrough, and the computing power will go up 10-fold, or 100-fold in a matter of year. Is Bitcoin still safe ? I think not. It will be much easier for somebody to redo a part of the chain and perhaps fake some transactions.
Technological breakthroughs do happen, it is not something unrealistic at all.

(I'm trying to be paranoic, because that's good when it comes to security)

[grondilu]

Let's assume there will be a technological breakthrough, and the computing power will go up 10-fold, or 100-fold in a matter of year. Is Bitcoin still safe ? I think not. It will be much easier for somebody to redo a part of the chain and perhaps fake some transactions.
Technological breakthroughs do happen, it is not something unrealistic at all.

That's a huge hypothesis.  We'll talk about it if it happens, ok ?  But meanwhile, there is no need to mess with the protocol.  Especially about a change of the hash function.  Again, if you really want a sha512 cryptocurrency, then fork bitcoin.

That's the good thing about free software, if someone is not happy with the direction of the code, he can fork it.  We don't have to argue endlessly about those stuffs.

Changing the hash function would imply the coexistence of two hash formats inside the block chain.  This is not good for the coherence of the protocole.

[Gavin Andresen]

Computers could get 1 billion times faster and Bitcoin's hashing and elliptic curve digital signatures will still be "safe."

2^256 is a really, really big number.

2^226 is also a really, really big number.  It is a billion times smaller than 2^256, but still far and away big enough.

Even 2^160 (the size of the bitcoin address hash) is big enough.

Back-of-the-envelope:
Lets say computers in a few years can do a quadrillion hashes per second-- that's about 2^50 hashes/second.  How many seconds to find a SHA-256 hash collision?  2^205 seconds.  That is much longer than the age of the universe.

How long to find a bitcoin address hash collision?  2^130 seconds, which is 43,161,132,283,224,056,755,882,116,619,960 years.  Also much, much longer than the age of the universe.

(actually, those numbers are the MAXIMUM time.  Divide by two for the average time.  Insanely big divided by two is still insanely big.)

You should be worried that some weakness in SHA-256 is found that allows hashes to be cracked other than by brute-force.  And if you're worried about that, then it is dumb to switch to SHA-512 now-- perhaps a flaw will be found in the entire SHA* family of hashing algorithms.

[caveden]

Excuse me for my ignorance, but isn't the difficulty there exactly to prevent what the topic author fears?

If computers get a billion time faster, difficulty gets a billion time harder...

What's the issue? There's a maximum possible difficulty for SHA-256 ?

[grondilu]

Excuse me for my ignorance, but isn't the difficulty there exactly to prevent what the topic author fears?

Yes, it is.  I should have explained that earlier.   There is indeed a maximum difficulty for SHA-256, but it means being able to invert the hash function.  And as pointed upper in this thread, it is just impossible using brute force.

[ShadowOfHarbringer]

@gavinandresen, @grondilu

OK, I am satisfied with Your answers.
Bitcoin wins again in my eyes. Thx.

[jgarzik]

We currently do double-sha256, not just sha256.

[jimbobway]

This reminds me of the movie Swordfish with John Travolta where he hacked 256-bit encryption with ease.  At the end of the movie he hacked 1024-bit encryption, I think.  LOL!

[ShadowOfHarbringer]

This reminds me of the movie Swordfish with John Travolta where he hacked 256-bit encryption with ease.  At the end of the movie he hacked 1024-bit encryption, I think.  LOL!

Correct me if I'm wrong, but I think it was Hugh Jackman doing the hacking on that awesome set up of screens

Wait, are you telling me you didn't know that each screen increases the total processing power of your setup by 10 orders of magnitude ?

[ShadowOfHarbringer]

Since there is nothing more to say here, i'm locking the topic.