Change Bitcoin SHA-256 to SCRYPT

[stdset]

It is srypt altcoins, who should worry, that somebody privately develops a scrypt asic and shuts them all down.

[1714622240]

1714622240

[1714622240]

1714622240

[1714622240]

1714622240

[hashman]

Quick question:

Why is taking hashing power away from botnet operators and putting it in the hands of hardware owners a bad thing? 

[jl2012]

A security researcher has predicted SHA 256 will be cracked this year.  When that happens the algorithm may change.

Cite?  There are not even any "academic attacks" against SHA-2 at this time.  An academic attacking being a method which is faster than brute force but still computationally infeasible to exploit in the real world.

Just nonsense. The blockchain is still safe even it uses MD5(MD5()). The difficulty will adjust.

Actually, a weakened SHA256 gives advantage to GPU mining because ASICs are not programmable.

[Zangelbert Bingledack]

Before the Internet, experts were experts. You usually only ever heard a security expert talk about security, an economist talk about economics, or a physicist talk about physics.

Now experts still get audience, same as before, but they can talk about anything. Yet we still have the impression that experts are always reliable, since back when they only spoke about things in their field they generally were. The result is they make a lot more mistakes, and sometimes people get misguided because they trusted the expert.

This is most apparent when non-economists who have no understanding of economics speak on a subject that, unbeknownst to them, actually requires a solid understanding of economics.

[arnuschky]

I don't see the point of all the people that complain about Bitcoin mining on SHA-256 is overspecialized etc. I think it's actually a necessary requirement for stability.

Just imagine that we would change to hash function X (be it SCRYPT or whatever). Immediately, the arms race would start again from the beginning, just as we see it with Litecoin now. People would develop GPU miners, then FPGA, then ASICs. It does not make sense to re-start this arms race every time, because it bring a lot of insecurity and instability to the currency.

In the end, a currency that does not has reached the ASIC-stage yet always runs the risk of someone developing an ASIC and using it to get control over the network. With Bitcoin, we're close to the end of development. There are ASICs, but they are spread out among many entities, vendors and miners. There is progression, but we're getting close to the end of playing catch-up with the rest of the technological development of chips: we're close to the end, and the advancement of mining speeds will slow down. It's a really good thing that we've got to ASICs already. No surprises.

[frankenmint]

What would it take to get the algo changed from SHA-256 to Scrypt?

Jazkal= pissed off from the fact that he's 3 years late.  I think myself and everyone else who bought into asics hardware would be up in arms  if that happens.  Likely BTC falls out of prominence and PPC becomes the Reining Champ - thus keeping the sha256 dominance maintained.  If you can't read into that there was bits of sarcasm peppered into the statement above.

[happygeorge]

I think Let's Talk Bitcoin covered the issue pretty well in Episodes 21 and 22. I've had the same beliefs for some time, and with the way the ASIC world is going, it is playing out. If the community doesn't step up and make the change, or at least have an open discussion on the issue, I see Bitcoin dead in less than a year.

I am following not only these threads, but also this bet:

http://betsofbitco.in/item?id=1432

I'm betting you are right... in the sense that there will be a change sometime before the end of the year.

[happygeorge]

What would it take to get the algo changed from SHA-256 to Scrypt?

Jazkal= pissed off from the fact that he's 3 years late.  I think myself and everyone else who bought into asics hardware would be up in arms  if that happens.  Likely BTC falls out of prominence and PPC becomes the Reining Champ - thus keeping the sha256 dominance maintained.  If you can't read into that there was bits of sarcasm peppered into the statement above.

I think people's investment into GPU mining is still an order of magnitude higher... although, as far as I know Scrypt is GPU unfriendly, so who the heck knows!

Maybe some new G-scrypt will be invented

[jimbobway]

A security researcher has predicted SHA 256 will be cracked this year.  When that happens the algorithm may change.

Cite?  There are not even any "academic attacks" against SHA-2 at this time.  An academic attacking being a method which is faster than brute force but still computationally infeasible to exploit in the real world.

https://mobile.twitter.com/jgarzik/status/336218499938668544

[Jazkal]

Jazkal= pissed off from the fact that he's 3 years late.  I think myself and everyone else who bought into asics hardware would be up in arms  if that happens.

I'm sorry you didn't take the time to read.

As I stated above, I've been in the game since 2011, don't see how that is "3 years late". And if you had read, you would see I have invested into ASICs, so I am not just a GPU farmer, I have the greater good of Bitcoin in mind for these discussions, not just some stick in the mud that is upset the tech has gotten ahead of him.

[defaced]

I personally think that ASIC minning was innevitble and only hurts those that dont have them. But once everyone has them, well, something better will come out. It just further secures the chain.

Changing to scrypt.. Well mine FRK's 

[oleganza]

If Bitcoin was using scrypt from the start, you won't escape from ASICs. Just accept that people will optimize mining and there is nothing you can do about it. Like in every social organisation there are leaders, runner-ups and outsiders. Bitcoin is no exception. Communism never works. I, for instance, couldn't care less about mining BTC myself and don't see a problem with some bunch of guys having 70% of hashing power. Those who are interested in preserving the value of their coins would strive to process transactions "fairly" and distribute mining hardware as wide as possible.

[molecular]

A security researcher has predicted SHA 256 will be cracked this year.  When that happens the algorithm may change.

In that case the algorithm will get changed... pretty much overnight. You can bet all your coins on that.

[DeathAndTaxes]

A security researcher has predicted SHA 256 will be cracked this year.  When that happens the algorithm may change.

Cite?  There are not even any "academic attacks" against SHA-2 at this time.  An academic attacking being a method which is faster than brute force but still computationally infeasible to exploit in the real world.

https://mobile.twitter.com/jgarzik/status/336218499938668544

Not sure if you can't read or you think this says something it doesn't.  Nothing in there about SHA-2 being compromised this year.

[DeathAndTaxes]

A security researcher has predicted SHA 256 will be cracked this year.  When that happens the algorithm may change.

Cite?  There are not even any "academic attacks" against SHA-2 at this time.  An academic attacking being a method which is faster than brute force but still computationally infeasible to exploit in the real world.

https://mobile.twitter.com/jgarzik/status/336218499938668544

Not sure if you can't read or you think this says something it doesn't.  Nothing in there about SHA-2 being compromised this year.

I am tired of doing research for other people.  I dont have to prove anything too anyone.  Esp on my mobile phone.

Then stop being tired.  Nobody asked you to do any research.  You made an unsubstantiated claim.  When asked for a cite you linked to something completely unsupporting.

I will take your claim of SHA-2 being broken this year (as if such a thing is even predictable) as utter nonsense.  See your done.

[jimbobway]

A security researcher has predicted SHA 256 will be cracked this year.  When that happens the algorithm may change.

Cite?  There are not even any "academic attacks" against SHA-2 at this time.  An academic attacking being a method which is faster than brute force but still computationally infeasible to exploit in the real world.

https://mobile.twitter.com/jgarzik/status/336218499938668544

Not sure if you can't read or you think this says something it doesn't.  Nothing in there about SHA-2 being compromised this year.

I am tired of doing research for other people.  I dont have to prove anything too anyone.  Esp on my mobile phone.

Then stop being tired.  Nobody asked you to do any research.  You made an unsubstantiated claim.  When asked for a cite you linked to something completely unsupporting.

I will take your claim of SHA-2 being broken this year (as if such a thing is even predictable) as utter nonsense.  See your done.

No problem.  Thanks for making my decision easier.

[stdset]

Outcompeted GPU miners are engaging in wishful thinking. Face the reality and invest into development of the next generation of Bitcoin chips if you want to keep competing in this marketplace. Nobody in his right mind will agree to decrease security of Bitcoin network just to satisfy your greed dear GPU dinosaurs. Wake up and move on.

I like short posts like this one, hitting the nail on the head.

[cp1]

What would be the point?  No one would use it.

[razorfishsl]

A security researcher has predicted SHA 256 will be cracked this year.  When that happens the algorithm may change.

Cite?  There are not even any "academic attacks" against SHA-2 at this time.  An academic attacking being a method which is faster than brute force but still computationally infeasible to exploit in the real world.

Er,
Let's all be clear that bitcoin  utilizes DOUBLE SHA-2 before making bold statements.

Actually there are partial attacks that are very well documented against SHA 2 upto about 25 bits , but not so much against double SHA 2....

The other issue is that the research into SHA 2* attack vectors has a weakness.....(which you can figure out yourself if you think about it....)

Plus there is some VERY interesting shit if you can program up your own FPGA farm..... The big issue is getting the shit out fast enough...

[DeathAndTaxes]

A security researcher has predicted SHA 256 will be cracked this year.  When that happens the algorithm may change.

Cite?  There are not even any "academic attacks" against SHA-2 at this time.  An academic attacking being a method which is faster than brute force but still computationally infeasible to exploit in the real world.

Er,
Let's all be clear that bitcoin  utilizes DOUBLE SHA-2 before making bold statements.

Actually there are partial attacks that are very well documented against SHA 2 upto about 25 bits , but not so much against double SHA 2....

The other issue is that the research into SHA 2* attack vectors has a weakness.....(which you can figure out yourself if you think about it....)

Plus there is some VERY interesting shit if you can program up your own FPGA farm..... The big issue is getting the shit out fast enough...

It isn't a bold statement, it is merely a statement of fact.  Lets ignore the potential added security of double SHA hash and just focus on single SHA-2 hashes.

SHA-2 uses 64 or 80 rounds.  There are no known attacks against 64 or 80 round SHA-2.  None.  No first preimage attacks, no second preimage attacks, no random collisions.  

This isn't for a lack of trying.  SHA-2 is one of the most analyzed algorithms in the world.  It is used for just about everything from banking to PGP to SSL.  A lot of different entities in a lot of different places all around the world have a very vested interest in knowing if SHA-2 is secure.  Cryptography can never be mathematically proven secure, the best we can do is (collectively) look for flaws and if enough people look hard enough for long enough the probability that an unknown flaw will appear suddenly and without warning is reduced, never eliminated but reduced.

An academic attack on a theoretical variant of SHA-2 which uses 41 instead of 64 rounds isn't an attack vector unless Bitcoin happens to use this modified variant with 41 instead of 64 rounds.  For the record it doesn't, nobody does, anywhere, for anything.  Publishing a reduced round version of an attack is essentially saying "we looked for a flaw but couldn't find one however if this algorithm only used x rounds instead of y rounds here is a flaw".  It is a way for other researchers to potentially expand upon but often many of these reduced round attacks are simply dead ends.  What works for 41 rounds may NEVER work for 64 rounds.  It is possible that these known reduced round attacks are dead ends.  That is to say that eventually SHA-2 is broken but it is broken in a completely unrelated manner and researchers who will try to expand on these known attack vectors will spend countless hours it what will ultimately prove to be "barking up the wrong tree".

I never predicted that SHA-2 won't eventually be broken but to claim it will be broken this year requires some significant supporting evidence and none was provided.  When asked for a cite, link to tweets unrelated to the claim were provided.  When confronted the person left saying he "doesn't need to prove anything to anyone".  That isn't what I would call "significant supporting evidence".  

Maybe SHA-2 will be broken this year, or maybe next year, or maybe it is never broken because over time most applications migrate to SHA-3 (after significant cryptoanalysis) because it has less theoretical flaws.  If that happens a exploitable flaw in SHA-2 may never be found because the focus of global analysis will shift to SHA-3 as it will be the bigger target.  To make a long story long regardless of if/when SHA-2 is broken the statement that "it will be broken by the end of the year" is rubbish.  Nobody credible said that, and nobody credible would.