Bitcoin Forum
October 15, 2018, 02:25:05 PM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 »  All
  Print  
Author Topic: Has the NSA already broken bitcoin?  (Read 50188 times)
wormbog
Hero Member
*****
Offline Offline

Activity: 561
Merit: 500



View Profile
September 05, 2013, 09:15:36 PM
 #1


Just read this disturbing article, based on recent leaks from Snowden:

http://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption

The article talks about the NSA responding to the rise in popularity of internet encryption by, among other things, deliberately weakening the algorithms in use to give themselves a back door to decrypt data. Bitcoin relies on SHA-256, originally created by the NSA. Perhaps there is a weakness that an organization with the resources of the NSA is able to exploit.

If so, that would explain why the major governments around the world seem to tolerate bitcoin. They know they can break it whenever they want. Preferable after the cartels and terrorists get comfortable and start relying on it.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1539613505
Hero Member
*
Offline Offline

Posts: 1539613505

View Profile Personal Message (Offline)

Ignore
1539613505
Reply with quote  #2

1539613505
Report to moderator
1539613505
Hero Member
*
Offline Offline

Posts: 1539613505

View Profile Personal Message (Offline)

Ignore
1539613505
Reply with quote  #2

1539613505
Report to moderator
1539613505
Hero Member
*
Offline Offline

Posts: 1539613505

View Profile Personal Message (Offline)

Ignore
1539613505
Reply with quote  #2

1539613505
Report to moderator
joecascio
Full Member
***
Offline Offline

Activity: 137
Merit: 100

Semi-retired software developer, tech consultant


View Profile WWW
September 05, 2013, 09:23:30 PM
 #2

This would be pretty easy to test. Just get a bunch of friends to start exchanging encrypted messages about bombing an embassy or govt office. If these douche-bags can break it, they'd be on you like white on rice.

Joe Cascio
Python/Django & Android developer
Twitter: @joecascio
Taras
Legendary
*
Offline Offline

Activity: 1330
Merit: 1011


Please do not PM me loan requests!


View Profile WWW
September 05, 2013, 09:24:49 PM
 #3

I don't believe it... I could never think of any sci-fi-ass machine capable of cracking SHA256. Of course with Snowden's verification, how could it be false? I'm horrified. Are our savings subject to overnight destruction?

2014 edit - No, they aren't. Go home.
davidpbrown
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250


Vires in Numeris


View Profile WWW
September 05, 2013, 09:25:35 PM
 #4

meh.. Snowden himself suggested encryption used properly does work. That article is alluding to obvious hacking and the illusion of security.. https and pwning of Skype; M$; VPNs and third parties etc - requiring providers to allow a backdoor to information they hold.

฿://1CBxm54Ah5hiYxiUtD7JGYRXykT5Z6ZuMc
qxzn
Hero Member
*****
Offline Offline

Activity: 604
Merit: 500



View Profile
September 05, 2013, 09:26:14 PM
 #5

This would be pretty easy to test. Just get a bunch of friends to start exchanging encrypted messages about bombing an embassy or govt office. If these douche-bags can break it, they'd be on you like white on rice.

can anyone think of a lower risk way to test...?
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1005


Gerald Davis


View Profile
September 05, 2013, 09:27:22 PM
 #6

This would be pretty easy to test. Just get a bunch of friends to start exchanging encrypted messages about bombing an embassy or govt office. If these douche-bags can break it, they'd be on you like white on rice.

SHA is not an encryption protocol.  You can't encrypt messages with SHA.
dree12
Legendary
*
Offline Offline

Activity: 1246
Merit: 1031



View Profile
September 05, 2013, 09:27:37 PM
 #7

No, there is no backdoor.

Quote
The SHA-2 functions use the square roots and cube roots of small primes.

See: http://en.wikipedia.org/wiki/Nothing_up_my_sleeve_number
davidpbrown
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250


Vires in Numeris


View Profile WWW
September 05, 2013, 09:28:33 PM
 #8

Better article here.. http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?pagewanted=all&_r=0

and then the Guardian.. http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

฿://1CBxm54Ah5hiYxiUtD7JGYRXykT5Z6ZuMc
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1005


Gerald Davis


View Profile
September 05, 2013, 09:36:39 PM
 #9

SHA-2 is an open algorithm and it uses as its constants the sequential prime cube roots as a form of "nothing up my sleeve numbers".  For someone to find a weakness or backdoor in SHA would be the equivalent of the nobel prize in cryptography.   Everyone who is anyone in the cryptography community has looked at SHA-2.  Not just everyone with a higher degree in mathematics, computer science, or cryptography in the last 20 years but foreign intelligence agencies and major financial institutions.    Nobody has found a flaw, not even an theoretical one (a faster than brute force solution which requires so much energy/time as to be have no real world value).

To believe the the NSA has broken SHA-2 would be to believe that the NSA found something the entire rest of the world combined hasn't found for twenty years.  Also NIST still considers SHA-2 secure and prohibits the use of any other hashing algorithm (to include SHA-3 so far) in classified networks.  So that would mean the NSA is keeping a flaw/exploit from NIST compromising US national security. 

Anything is possible but occam's razor and all that.
joecascio
Full Member
***
Offline Offline

Activity: 137
Merit: 100

Semi-retired software developer, tech consultant


View Profile WWW
September 05, 2013, 09:43:24 PM
 #10

SHA-2 is an open algorithm and it uses as it is constants sequential prime cube roots as a form of "nothing up my sleeve numbers".  For someone to find a weakness or backdoor in SHA would be the equivalent of the nobel prize in cryptography.   Everyone who is anyone in the cryptography community has looked at SHA.  Not just everyone with a higher degree in mathematics, computer science, or cryptography in the last 20 years but foreign intelligence agencies and major financial institutions.    Nobody has found a flaw.  Not even an academical one.

To believe the the NSA has broken SHA-2 would be to believe that the NSA found something the entire rest of the world combined hasn't found for twenty years.  For the record SHA-3 is not yet approved for classified networks in the US, only SHA-2 is.  So that would mean the NSA is endangering national security by not declaring SHA-2 degraded.  

Anything is possible but occam's razor and all that.

Well said. There are many more cryptographic experts in the world than at the NSA. It's not a secret algorithm that's controlled by the NSA. It's in the public domain. Anyone can examine it. If you still think the NSA has a secret back door, then there's a good possibility you're a delusional paranoid shit head.

Joe Cascio
Python/Django & Android developer
Twitter: @joecascio
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1040


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
September 05, 2013, 09:43:38 PM
 #11

I believe bitcoin is vulnerable to a well-funded 51% attack, for no other reason than the awareness that the productivity of ASICs scales more exponentially than linearly as funding increases.

I believe bitcoin would quickly recover from a successful 51% attack as "proof of stake tiebreaker" is introduced as a remedy.  For example, a remedy that would bring instant results might be a new rule that allows known entities as well as past miners (via their coinbase keys) to publish endorsement signatures on blocks they see/create.  These blocks are given a much greater weight than ones without such a signature.  Entities doing a good job of endorsing blocks would have their signatures weighted more, and any entities creating disruptive signatures (or at least their public keys) would quickly be banished by the community.  The disruption would be days, and at the most, weeks.  After the disrtuption, Bitcoin will be permanently stronger.

As an end unto itself, engaging in a 51% attack would be so futile as to not be worth it.  As always, a 51% attack constitutes nothing more than the ability to prevent transactions from confirming as well as reversing them... not stealing or creating bitcoins (other than via mining).

But being able to cause the days/weeks disruption at a time of one's choosing may be a very valuable tool for a state's (or banking industry) arsenal.  There's value in temporarily disrupting the network to somebody, and that value is in the eye of the beholder.

To that end, that's where I'd think of what the NSA (or any other state actor) may have put effort.

The question is, does someone, somewhere, have a lot of dormant mining power sitting there just in case?  I say it's safe to assume yes, and it's just a matter of when will it be worth it for them to use that to cause a temporary disruption to Bitcoin.  If you have only got one chance to rock the world of Bitcoin, it's reaosnable to assume you're going to want to time it for maximum value.

Even if so, I don't think anyone's bitcoins sitting in safe wallets (consisting of properly-generated properly-stored offline addresses that have never been used for sending payments) are at risk... only thing at risk is the temporary loss in confidence and in turn the USD/BTC value if/when such an entity decides to pull off such an attack.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Alpaca Bob
Full Member
***
Offline Offline

Activity: 153
Merit: 100


View Profile
September 05, 2013, 09:45:34 PM
 #12

"Dual_EC_DRBG or Dual Elliptic Curve Deterministic Random Bit Generator[1] is a controversial pseudorandom number generator (PRNG) designed and published by the National Security Agency. It is based on the elliptic curve discrete logarithm problem (ECDLP) and is one of the four PRNGs standardized in the NIST Special Publication 800-90. Shortly after the NIST publication, it was suggested that the RNG could be a kleptographic NSA backdoor."

(...)

"In 2013, the New York Times published that "'classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency.'"

Source: http://en.wikipedia.org/wiki/Dual_EC_DRBG

I unfortunately have little technical/under the hood-ish know-how of bitcoin, but is this Dual Elliptic Curve stuff not exactly what bitcoin relies on in some way or another?..

The Times 03/Jan/2009 Chancellor on brink of second bailout for banks
dree12
Legendary
*
Offline Offline

Activity: 1246
Merit: 1031



View Profile
September 05, 2013, 09:48:05 PM
 #13

"Dual_EC_DRBG or Dual Elliptic Curve Deterministic Random Bit Generator[1] is a controversial pseudorandom number generator (PRNG) designed and published by the National Security Agency. It is based on the elliptic curve discrete logarithm problem (ECDLP) and is one of the four PRNGs standardized in the NIST Special Publication 800-90. Shortly after the NIST publication, it was suggested that the RNG could be a kleptographic NSA backdoor."

(...)

"In 2013, the New York Times published that "'classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency.'"

Source: http://en.wikipedia.org/wiki/Dual_EC_DRBG

I unfortunately have little technical/under the hood-ish know-how of bitcoin, but is this Dual Elliptic Curve stuff not exactly what bitcoin relies on in some way or another?..

Random numbers are only used for key generation, and the DEC algorithm is not used for that in most clients.
anti-scam
Sr. Member
****
Offline Offline

Activity: 476
Merit: 251


COINECT


View Profile
September 05, 2013, 09:48:25 PM
 #14

Crazy conspiracy theory:

The NSA created Bitcoin and used ECDSA in it because they already had it broken. When Bitcoin reaches a certain market cap they will reveal this exploit, making everyone's coins irrevocably worthless and irreparably harming the public's perception of cryptocurrency.

Potentially reasonable action:

Maybe it's time to implement some post-quantum crypto in Bitcoin? It would be a propaganda victory at worst. Can the academic complex really be relied on as a canary in the coalmine for crypto breaks? What if the NSA is stealing the best young mathematicians and forcing them into NDAs? Things don't always stay the same. The only problem is that I think most post-quantum algorithms are patented.

.
                ▄▄▓▓▄▄   ▄▓▓▓▄
            ▄▄▓▓▀    ▀▓▓▓▀   ▀▓▓▓▄
         ▄▓▓▀▀        ▐▓         ▀▓▓▓
         ▓▓   ░▓▓▒    ▐▓     ▓▓░   ▐▓
         ▓▓    ░▀▓▓   ▐▓   ░▓▀▀    ▐▓
      ▄▓▓▓▓▓▓▓░  ▓▓   ▐▓   ░▓   ▒▓▓▓▓▓▓▄
    ▓▓▀     ▀▀   ▓▓   ▐▓   ░▓▄   ▀▀    ▀▓▓░
    ▓▓        ▓▓▓░    ▐▓     ▀▓▓▄        ▓░
    ▓▓▄▄▄    ▐▓░   ▄▓▄▓▓▒▄▓▄   ▓▓░   ▄▄▄▄▓░
    ▓▓▀▀▀    ▐▓░   ▀▀▀▓▓▒▀▀    ▓▓░   ▀▀▀▒▓░
    ▓▓        ▀▓▓▓▄   ▐▓    ▄▓▓▓▀       ░▓░
    ▀▓▓▄▄  ▄▓▄   ▓▓   ▐▓   ▐▓▒   ▓▄   ▄▓▓▓░
        ▀▓▓▓▀▀   ▓▓   ▐▓   ▐▓░   ▀▀▓▓▓▀░
         ▓▓    ▄▓▓▓   ▐▓    ▓▓▄░   ▐▓░░
         ▀▓▄   ▀▓     ▐▓     ▀▀   ▄▓▓░
           ▀▓▓▓▄      ▓▓░      ▄▓▓▀░
               ▀▓▓▓▓▓▓▀░▓▓▓▄▓▓▓░
.
COINECT
██
██
██
██
██
██
██
AI-based decentralized
arbitrage trading system
██
██
██
██
██
██
██
.

 
                              ▄████▄
                        ▄▄█████▀▀███
                    ▄▄████▀▀     ███
              ▄▄▄████▀▀    ▄▄   ▐██
          ▄▄█████▀       ▄█▀    ██▌
     ▄▄████▀▀▀       ▄███▀      ██▌
    ████▀        ▄▄████▀       ▐██
     ██████▄▄  ▄█████▀         ██▌
          ▀████████           ▐██
            ▀████▌            ███
             ▀███  ▄██▄▄     ▐██▀
              ███▄███▀███▄   ███
              ▀███▀▀   ▀▀███▄██▌
                          ▀▀█▀▀
.

▄▀▀▀▀▀▀▀▀▀▀▀▄
█   ▄▄▄▄▄▄   ██▄
█  ▓▓▓▓▓▓▓▌  ████▄
█  ▓▓▓▓▓▓▓▌  ███████▄
█  ▓▓▓▓▓▓▓▌  ▐▓███████▄
█              ▀▀▀▀▀▀▀▀█
█  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  █
█                      █
█  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  █
█  ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄  █
█                      █
█  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  █
█                      █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
██
██
██
██
██
██
██
dree12
Legendary
*
Offline Offline

Activity: 1246
Merit: 1031



View Profile
September 05, 2013, 09:49:38 PM
 #15

Crazy conspiracy theory:

The NSA created Bitcoin and used ECDSA in it because they already had it broken. When Bitcoin reaches a certain market cap they will reveal this exploit, making everyone's coins irrevocably worthless and irreparably harming the public's perception of cryptocurrency.

Potentially reasonable action:

Maybe it's time to implement some post-quantum crypto in Bitcoin? It would be a propaganda victory at worst. Can the academic complex really be relied on as a canary in the coalmine for crypto breaks? What if the NSA is stealing the best young mathematicians and forcing them into NDAs? Things don't always stay the same. The only problem is that I think most post-quantum algorithms are patented.

Quantum crypto, although "perfect", relies on hardware rather than software. Consequently, it's impractical to use it in Bitcoin.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1040


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
September 05, 2013, 09:52:27 PM
 #16

The NSA created Bitcoin and used ECDSA in it because they already had it broken.

This risk is already mitigated for any bitcoin address that has not been used for spending (i.e. its public key is not yet known).

Even if ECDSA is broken wide open, it doesn't really matter with respect to bitcoins that have been received at addresses that have never been used for spending, because the corresponding ECDSA public key is not known and cannot be determined without also breaking both RIPEMD160 and SHA256 simultaneously.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1005


Gerald Davis


View Profile
September 05, 2013, 09:52:50 PM
 #17

"Dual_EC_DRBG or Dual Elliptic Curve Deterministic Random Bit Generator[1] is a controversial pseudorandom number generator (PRNG) designed and published by the National Security Agency. It is based on the elliptic curve discrete logarithm problem (ECDLP) and is one of the four PRNGs standardized in the NIST Special Publication 800-90. Shortly after the NIST publication, it was suggested that the RNG could be a kleptographic NSA backdoor."

(...)

"In 2013, the New York Times published that "'classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency.'"

Source: http://en.wikipedia.org/wiki/Dual_EC_DRBG

I unfortunately have little technical/under the hood-ish know-how of bitcoin, but is this Dual Elliptic Curve stuff not exactly what bitcoin relies on in some way or another?..

Simple answer is no it isn't used by Bitcoin at all.  However it does provide a very good counter example of how difficulty it is to hide backdoors in public algorithms.  The algorithm noted is rather rare, I don't know of a single widespread usage of it and even still a cryptographer found and reported a vulnerability less than a year later.  SHA-2 has been around 20 years and is conservatively millions times more widespread and subject to much more peer review and cryptoanalysis and nobody has found even a theoretical flaw yet.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1005


Gerald Davis


View Profile
September 05, 2013, 09:55:03 PM
 #18

The NSA created Bitcoin and used ECDSA in it because they already had it broken.

This risk is already mitigated for any bitcoin address that has not been used for spending (i.e. its public key is not yet known).

Even if ECDSA is broken wide open, it doesn't really matter with respect to bitcoins that have been received at addresses that have never been used for spending, because the corresponding ECDSA public key is not known and cannot be determined without also breaking both RIPEMD160 and SHA256 simultaneously.


The use of two hashing algorithms created at different times by different entities provides a significant defense in depth.   

The irony is that many alt-coins claim utility because they are an insurance policy if Bitcoin is comproimsed however since they also use ECDSA, RIPEMD-160 and SHA-256 any compromise of Bitcoin (not matter how unlikely) would render those altcoins just as compromised.
anti-scam
Sr. Member
****
Offline Offline

Activity: 476
Merit: 251


COINECT


View Profile
September 05, 2013, 09:55:44 PM
 #19

Crazy conspiracy theory:

The NSA created Bitcoin and used ECDSA in it because they already had it broken. When Bitcoin reaches a certain market cap they will reveal this exploit, making everyone's coins irrevocably worthless and irreparably harming the public's perception of cryptocurrency.

Potentially reasonable action:

Maybe it's time to implement some post-quantum crypto in Bitcoin? It would be a propaganda victory at worst. Can the academic complex really be relied on as a canary in the coalmine for crypto breaks? What if the NSA is stealing the best young mathematicians and forcing them into NDAs? Things don't always stay the same. The only problem is that I think most post-quantum algorithms are patented.

Quantum crypto, although "perfect", relies on hardware rather than software. Consequently, it's impractical to use it in Bitcoin.

Post-quantum crypto, not quantum crypto

.
                ▄▄▓▓▄▄   ▄▓▓▓▄
            ▄▄▓▓▀    ▀▓▓▓▀   ▀▓▓▓▄
         ▄▓▓▀▀        ▐▓         ▀▓▓▓
         ▓▓   ░▓▓▒    ▐▓     ▓▓░   ▐▓
         ▓▓    ░▀▓▓   ▐▓   ░▓▀▀    ▐▓
      ▄▓▓▓▓▓▓▓░  ▓▓   ▐▓   ░▓   ▒▓▓▓▓▓▓▄
    ▓▓▀     ▀▀   ▓▓   ▐▓   ░▓▄   ▀▀    ▀▓▓░
    ▓▓        ▓▓▓░    ▐▓     ▀▓▓▄        ▓░
    ▓▓▄▄▄    ▐▓░   ▄▓▄▓▓▒▄▓▄   ▓▓░   ▄▄▄▄▓░
    ▓▓▀▀▀    ▐▓░   ▀▀▀▓▓▒▀▀    ▓▓░   ▀▀▀▒▓░
    ▓▓        ▀▓▓▓▄   ▐▓    ▄▓▓▓▀       ░▓░
    ▀▓▓▄▄  ▄▓▄   ▓▓   ▐▓   ▐▓▒   ▓▄   ▄▓▓▓░
        ▀▓▓▓▀▀   ▓▓   ▐▓   ▐▓░   ▀▀▓▓▓▀░
         ▓▓    ▄▓▓▓   ▐▓    ▓▓▄░   ▐▓░░
         ▀▓▄   ▀▓     ▐▓     ▀▀   ▄▓▓░
           ▀▓▓▓▄      ▓▓░      ▄▓▓▀░
               ▀▓▓▓▓▓▓▀░▓▓▓▄▓▓▓░
.
COINECT
██
██
██
██
██
██
██
AI-based decentralized
arbitrage trading system
██
██
██
██
██
██
██
.

 
                              ▄████▄
                        ▄▄█████▀▀███
                    ▄▄████▀▀     ███
              ▄▄▄████▀▀    ▄▄   ▐██
          ▄▄█████▀       ▄█▀    ██▌
     ▄▄████▀▀▀       ▄███▀      ██▌
    ████▀        ▄▄████▀       ▐██
     ██████▄▄  ▄█████▀         ██▌
          ▀████████           ▐██
            ▀████▌            ███
             ▀███  ▄██▄▄     ▐██▀
              ███▄███▀███▄   ███
              ▀███▀▀   ▀▀███▄██▌
                          ▀▀█▀▀
.

▄▀▀▀▀▀▀▀▀▀▀▀▄
█   ▄▄▄▄▄▄   ██▄
█  ▓▓▓▓▓▓▓▌  ████▄
█  ▓▓▓▓▓▓▓▌  ███████▄
█  ▓▓▓▓▓▓▓▌  ▐▓███████▄
█              ▀▀▀▀▀▀▀▀█
█  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  █
█                      █
█  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  █
█  ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄  █
█                      █
█  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  █
█                      █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
██
██
██
██
██
██
██
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1005


Gerald Davis


View Profile
September 05, 2013, 09:57:46 PM
 #20

Crazy conspiracy theory:

The NSA created Bitcoin and used ECDSA in it because they already had it broken. When Bitcoin reaches a certain market cap they will reveal this exploit, making everyone's coins irrevocably worthless and irreparably harming the public's perception of cryptocurrency.

Potentially reasonable action:

Maybe it's time to implement some post-quantum crypto in Bitcoin? It would be a propaganda victory at worst. Can the academic complex really be relied on as a canary in the coalmine for crypto breaks? What if the NSA is stealing the best young mathematicians and forcing them into NDAs? Things don't always stay the same. The only problem is that I think most post-quantum algorithms are patented.

Quantum crypto, although "perfect", relies on hardware rather than software. Consequently, it's impractical to use it in Bitcoin.

You are confusing quantum encryption (or quantum key sharing) with post-quantum cryptography. 
http://en.wikipedia.org/wiki/Post-quantum_cryptography

PQC are algorithms which are resistant to attack using quantum algorithms.  The major problem with these is they tend to have very large key and signature sizes.  Conservatively it would mean a 10x to 100x increase in bandwidth, and storage for Bitcoin. 
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!