Bitcoin Forum
November 13, 2024, 05:31:04 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Major Meltdown  (Read 13780 times)
llama (OP)
Member
**
Offline Offline

Activity: 103
Merit: 61


View Profile
June 23, 2010, 07:42:04 AM
 #1

What if a major flaw is discovered in BC's cryptographic soundness?  Is there any way to prevent the complete dissolution of the system and of everybody's wealth?

Perhaps one way to do it would be to create a voluntary registry of non-anonymous addresses, to be shared and verified publicly.  Then, if a major flaw arose (maybe someone solved the factoring problem Wink ), then there would still be a record of everybody's wealth that could be used in a new system (supposing everybody could agree on the latest time that no fraudulent transactions could have taken place).  Of course, people who chose to stay anonymous (and therefore did not include their address in the registry) would see their wealth disappear, but alas that risk would prove the price of anonymity.

dwdollar
Full Member
***
Offline Offline

Activity: 202
Merit: 109


GCC - Global cryptocurrency


View Profile WWW
June 23, 2010, 02:18:59 PM
 #2

What if a major flaw is discovered in BC's cryptographic soundness?  Is there any way to prevent the complete dissolution of the system and of everybody's wealth?

Perhaps one way to do it would be to create a voluntary registry of non-anonymous addresses, to be shared and verified publicly.  Then, if a major flaw arose (maybe someone solved the factoring problem Wink ), then there would still be a record of everybody's wealth that could be used in a new system (supposing everybody could agree on the latest time that no fraudulent transactions could have taken place).  Of course, people who chose to stay anonymous (and therefore did not include their address in the registry) would see their wealth disappear, but alas that risk would prove the price of anonymity.

That is an interesting idea.  But, how would the wealth be transfered to a new system and what would be the exchange rate?  Perhaps this could be combined with an insurance plan that had a predetermined and guaranteed payout written in the policy?

llama (OP)
Member
**
Offline Offline

Activity: 103
Merit: 61


View Profile
June 23, 2010, 03:41:29 PM
 #3

But, how would the wealth be transfered to a new system and what would be the exchange rate?

Wealth would not have to be transferred per say.  Rather, a new, cryptographically sound system would be adopted, and previous owners would be given new currency in proportion to their old balance of BC.  The exchange rate would be determined solely by the market's usage of the new currency. 

Imagine a verified public registry that voluntarily ties BC addresses to email addresses (by signing your email address with your private key for the BC address).  If BC failed, the new system would take a certain historical block from BC at a fraudless time.  Then, supposing again that 21 million units of new currency were being generated, and that 80% of the old BC currency had been registered, then each time a node generates a block for the new currency they would get to keep 20% of some number of new currency while every registered address would receive some tiny share of the other 80% in proportion to their registered BC at their registered email address.  When all new currency generation is done, the owners of the 80% of registered BC money will have 80% of the new money, while the lost 20% is reissued.

I would bet that if BC had seen widespread adoption, and if many people had registered their addresses, then the new currency would be readily accepted because so many people would be getting it for free and in their "fair" amount.

Perhaps this could be combined with an insurance plan that had a predetermined and guaranteed payout written in the policy?

That's another interesting idea.  Basically, some individual could choose to setup their own insurance company for BC where people pay a certain percentage of their protected BC amount.  This company would then keep a registry similar to that above, but only for its clients (It's necessary to verify that clients have the BC amount they claim). Instead of issuing new currency in case of catastrophic failure, they could simply issue USD's.  Again, the biggest challenge would be setting clear terms for when payout would occur and which block would be treated as the truth.  Perhaps they could pay out from the last block issued before a mathematical proof of the system's unsoundness was offered?

Max Stirner
Member
**
Offline Offline

Activity: 92
Merit: 10



View Profile
June 24, 2010, 03:06:07 PM
 #4

It is strange that is has taken such a long time to create a digital fiat currency. And who
says that Bitcoin is the one and only digital currency that will exist in the future?
Right now, if there is a flaw in the bitcoin algorithm the people dealing with it will lose their trust
in the currency and the bitcoins will lose their value. If there are several digital currencies in the future
you will just sell your bitcoins and buy more secure (or more useful)  digital coins instead. I think that there will be a tendency to swap from one digital money system to another, once people see an advantage of a new system. Like an evolutionary process.
I find it funny that some people still cling to the idea that there has to be some kind of "agency" that regulates the economy.  I mean when you don't want your old money anymore you just .. eh .. sell it?
You are not forced by anyone to use bitcoins, right? And nobody can stop you from using another digital
currency.  So the best way to keep your wealth is to invest in different assets - as always in life.
llama (OP)
Member
**
Offline Offline

Activity: 103
Merit: 61


View Profile
June 25, 2010, 12:56:40 AM
 #5

Max,

Your comments make total sense, as long as there is time to switch over to the new currency when a threat looms.  This is pretty reasonable.  For example, people might start to find some small flaws with SHA-256, and so people would have time to buy into the new currency before the whole system unravels.

However, supposing somebody found a major flaw while BC was in widespread usage, that person could commit a lot of fraud without people even realizing immediately.  In this case, it might be valuable to have some kind of registry, because people might want to buy into a new currency that does include some distribution in proportion to formerly registered wealth (game theoretically, only the wealthier registered 50% would prefer this currency, but that's the topic of another discussion).

Now, it seems like a pretty good solution would be for everyone to hold a diversity of digital currencies, which are backed by a diversity of cryptographic methods.  However, this solution has many costs of its own, since the marketplace would need to support many currencies.  Among other things, it would be absolutely necessary to have many competing, cheap exchanges.


Anonymous
Guest

June 25, 2010, 05:30:44 AM
 #6

Max,

Your comments make total sense, as long as there is time to switch over to the new currency when a threat looms.  This is pretty reasonable.  For example, people might start to find some small flaws with SHA-256, and so people would have time to buy into the new currency before the whole system unravels.

However, supposing somebody found a major flaw while BC was in widespread usage, that person could commit a lot of fraud without people even realizing immediately.  In this case, it might be valuable to have some kind of registry, because people might want to buy into a new currency that does include some distribution in proportion to formerly registered wealth (game theoretically, only the wealthier registered 50% would prefer this currency, but that's the topic of another discussion).

Now, it seems like a pretty good solution would be for everyone to hold a diversity of digital currencies, which are backed by a diversity of cryptographic methods.  However, this solution has many costs of its own, since the marketplace would need to support many currencies.  Among other things, it would be absolutely necessary to have many competing, cheap exchanges.



Any monetary system with a central registering authority is headed for failure imo.
llama (OP)
Member
**
Offline Offline

Activity: 103
Merit: 61


View Profile
June 25, 2010, 01:17:40 PM
 #7

No not a centralized registry.  There's no "agency" controlling it.  It's just something that users would agree to, just like every other rule of BC.  Deentralized and public, just like BC does transactions.

Max Stirner
Member
**
Offline Offline

Activity: 92
Merit: 10



View Profile
June 27, 2010, 06:22:51 PM
 #8

Amal,  I admit: I got you wrong!
I am just afraid that digital currencies will not stay legal for long because the government has not control over it. (The day they make it illegal, you should open a bottle of champagne, because that's the sign that bitcoin is a success.)
So at that point, they will also shut down your registry. And all the people who gave their address to that agency will get into trouble.

If there is a major flaw discovered in Bitcoin and there is no sufficient time to swap to a different system, I assume there is nothing you can do about a loss of your wealth.

Still, let's suppose YOU have discovered a way to produce an unlimited amount of coins. Your goal would be to profit from that secret AS LONG AS POSSIBLE. So even people that have the power to cheat wouldn't want a collapse of the digital fiat currency. And before the collapse of the old currency they would change their fake money for a better currency. But I am afraid that also goes for the so called "real" money. But.. somebody who has the brains to fool the algorithm of the digital currency at least gets a reward for his genius. In our paper fiat money system in the contrary, people who have access to the "printing press" of the government / central bank get rewarded for being just plain assholes.
satoshi
Founder
Sr. Member
*
Offline Offline

Activity: 364
Merit: 7248


View Profile
June 27, 2010, 07:06:09 PM
 #9

Here's an answer to a similar question about how to recover from a major meltdown.
https://www.bitcoin.org/smf/index.php?topic=191.msg1585#msg1585

If SHA-256 became completely broken, I think we could come to some agreement about what the honest block chain was before the trouble started, lock that in and continue from there with a new hash function.

If the hash breakdown came gradually, we could transition to a new hash in an orderly way.  The software would be programmed to start using a new hash after a certain block number.  Everyone would have to upgrade by that time.  The software could save the new hash of all the old blocks to make sure a different block with the same old hash can't be used.
llama (OP)
Member
**
Offline Offline

Activity: 103
Merit: 61


View Profile
July 01, 2010, 10:21:47 PM
 #10

Satoshi,

That would indeed be a solution if SHA was broken (certainly the more likely meltdown), because we could still recognize valid money owners by their signature (their private key would still be secure).

However, if something happened and the signatures were compromised (perhaps integer factorization is solved, quantum computers?), then even agreeing upon the last valid block would be worthless.

Gavin Andresen
Legendary
*
Offline Offline

Activity: 1652
Merit: 2301


Chief Scientist


View Profile WWW
July 02, 2010, 12:21:53 AM
 #11

If you're worried about elliptic curve cryptography being broken, then don't store any significant wealth in Bitcoin.   Just like if you're worried about your (real, physical) wallet being stolen don't hold more cash than you need to get through a couple of days of purchases.

By the way: I think an economical method for separating gold atoms from seawater will be found before elliptic curve cryptography is broken (and I think both are unlikely in the next 25 years).

How often do you get the chance to work on a potentially world-changing project?
satoshi
Founder
Sr. Member
*
Offline Offline

Activity: 364
Merit: 7248


View Profile
July 10, 2010, 01:36:17 PM
 #12

However, if something happened and the signatures were compromised (perhaps integer factorization is solved, quantum computers?), then even agreeing upon the last valid block would be worthless.
True, if it happened suddenly.  If it happens gradually, we can still transition to something stronger.  When you run the upgraded software for the first time, it would re-sign all your money with the new stronger signature algorithm.  (by creating a transaction sending the money to yourself with the stronger sig)
laszlo
Full Member
***
Offline Offline

Activity: 199
Merit: 2384


View Profile
July 10, 2010, 04:26:01 PM
 #13

Pretty much all of the encryption software in use on the internet takes advantage of a trapdoor function - you can multiply 2 numbers together but you can't easily determine what the 2 factors were if all you have is the resulting product.  As it is today the only way most of us know to do it is to try every number.  If someone were to figure out a better way that took less time, it would make it easy for a regular guy like me to use that method in some software to decrypt HTTPS traffic and such.

Hashing is slightly different but the idea is the same - it is not possible to work the hash in reverse to determine what the possible inputs were, you just have to try every plausible input and compare your hash.

None of these things are perfect but bitcoin is only taking advantage of existing methods that are in use by a lot of other software which has been accepted for a long time.  If a basic flaw is found, bitcoin is probably the least of anyone's worries Smiley

BC: 157fRrqAKrDyGHr1Bx3yDxeMv8Rh45aUet
Anonymous
Guest

July 19, 2010, 07:39:29 AM
 #14

No not a centralized registry.  There's no "agency" controlling it.  It's just something that users would agree to, just like every other rule of BC.  Deentralized and public, just like BC does transactions.

I understand. Smiley
eugene2k
Newbie
*
Offline Offline

Activity: 37
Merit: 0


View Profile
July 19, 2010, 06:09:29 PM
 #15

Quote
you will just sell your bitcoins and buy more secure (or more useful)  digital coins instead.
Who will you sell the currency to if everyone wants to sell and no one wants to buy?

P.S. Hope the bitcoin protocol does allow upgrades to mitigate major flaws in the system
vineyard
Hero Member
*****
Offline Offline

Activity: 546
Merit: 500


EOS Auctions


View Profile WWW
February 12, 2014, 06:49:33 PM
 #16

What if a major flaw is discovered in BC's cryptographic soundness?  Is there any way to prevent the complete dissolution of the system and of everybody's wealth?

Perhaps one way to do it would be to create a voluntary registry of non-anonymous addresses, to be shared and verified publicly.  Then, if a major flaw arose (maybe someone solved the factoring problem Wink ), then there would still be a record of everybody's wealth that could be used in a new system (supposing everybody could agree on the latest time that no fraudulent transactions could have taken place).  Of course, people who chose to stay anonymous (and therefore did not include their address in the registry) would see their wealth disappear, but alas that risk would prove the price of anonymity.

I think the idea of a flaw serious enough to compromise the cryptographic soundness of the system would put an end to the system. The premise of Bitcoin (or any crypto-currency) is that the cryptography is not crackable. By the time it is crackable, we had better have found another decentralized currency system and transferred the wealth out of Bitcoin and into the new system.

The idea of a voluntary registry is interesting, but it is kind of like kicking the can down the road. If you can crack the Bitcoin system, who is to say you can't break the voluntary registry too?
Stevets
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
February 12, 2014, 07:09:20 PM
 #17

What if a major flaw is discovered in BC's cryptographic soundness?  Is there any way to prevent the complete dissolution of the system and of everybody's wealth?

Perhaps one way to do it would be to create a voluntary registry of non-anonymous addresses, to be shared and verified publicly.  Then, if a major flaw arose (maybe someone solved the factoring problem Wink ), then there would still be a record of everybody's wealth that could be used in a new system (supposing everybody could agree on the latest time that no fraudulent transactions could have taken place).  Of course, people who chose to stay anonymous (and therefore did not include their address in the registry) would see their wealth disappear, but alas that risk would prove the price of anonymity.

I think the idea of a flaw serious enough to compromise the cryptographic soundness of the system would put an end to the system. The premise of Bitcoin (or any crypto-currency) is that the cryptography is not crackable. By the time it is crackable, we had better have found another decentralized currency system and transferred the wealth out of Bitcoin and into the new system.

The idea of a voluntary registry is interesting, but it is kind of like kicking the can down the road. If you can crack the Bitcoin system, who is to say you can't break the voluntary registry too?

Wow that's an old thread! Interesting discussion though and I'm sad that I missed out on all of this when it was new. If someone figures out how to crack the cryptography used in Bitcoin, not the implementation but the actual algorithms, then Bitcoin will be dead along with everything else. We will have to figure out how they did things not so long ago when there wasn't an Internet.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!