Has the NSA already broken bitcoin?

[BurtW]

What is your opinion, derived from the thread you link to? Do you believe the thread points to bit coin being secure?

My personal opinion, after researching it quite thoroughly, is that the NSA had zero input into the parameters used to create the specific elliptical curve (secp256k1) used by the Bitcoin protocol. 

This does not address possible weaknesses in the mathematics of elliptical curve cryptography in general. 

This does not address possible entropy issues in the random private key generation, and just as importantly the random nonce generation, of any particular implementation.

This does not address possible weaknesses in the other cryptographic subsystems used in the Bitcoin protocol, specifically the hashing algorithms.  Although I have looked into it and am personally fairly convinced that the hashing algorithms used are safe for our purposes.

[1715078137]

1715078137

[no-rice-peas]

What is your opinion, derived from the thread you link to? Do you believe the thread points to bit coin being secure?

My personal opinion, after researching it quite thoroughly, is that the NSA had zero input into the parameters used to create the specific elliptical curve (secp256k1) used by the Bitcoin protocol. 

This does not address possible weaknesses in the mathematics of elliptical curve cryptography in general. 

This does not address possible entropy issues in the random private key generation, and just as importantly the random nonce generation, of any particular implementation.

This does not address possible weaknesses in the other cryptographic subsystems used in the Bitcoin protocol, specifically the hashing algorithms.  Although I have looked into it and am personally fairly convinced that the hashing algorithms used are safe for our purposes.

I expected that answer.

My opinion is other than that.

[justusranvier]

I expect that Bitcoin will eventually be upgraded to use ed25519 signatures, putting to rest entirely any controversy associated with secp256k1.

[BurtW]

What is your opinion, derived from the thread you link to? Do you believe the thread points to bit coin being secure?

My personal opinion, after researching it quite thoroughly, is that the NSA had zero input into the parameters used to create the specific elliptical curve (secp256k1) used by the Bitcoin protocol. 

This does not address possible weaknesses in the mathematics of elliptical curve cryptography in general. 

This does not address possible entropy issues in the random private key generation, and just as importantly the random nonce generation, of any particular implementation.

This does not address possible weaknesses in the other cryptographic subsystems used in the Bitcoin protocol, specifically the hashing algorithms.  Although I have looked into it and am personally fairly convinced that the hashing algorithms used are safe for our purposes.

I expected that answer.

My opinion is other than that.

With regard to secp256k1 do you have any facts to back up your opinion?

[pereira4]

I expect that Bitcoin will eventually be upgraded to use ed25519 signatures, putting to rest entirely any controversy associated with secp256k1.

Wouldn't that require a fork? or that can be done easily on the fly on a further upgrade of Bitcoin qt? how does that work.

[Beliathon]

Apart from that, what makes you think that Bitcoin is not an NSA project to begin with?

What makes you think that, even if that were the case, it would matter at all?

Bitcoin is open source, and clearly documented, and everybody can verify that it does what it's supposed to do, and cannot be controlled by the maker or anyone else.
Whoever made Bitcoin, or why, is completely irrelevant.

And by the way, I still see a lot of people in this thread talking about the NSA (or China or quantum computers or anyone) decrypting stuff, or 'breaking encryption'. Get a grip, people. THERE IS NO ENCRYPTION IN BITCOIN WHATSOEVER. So there's nothing to decrypt to begin with.

Maybe it is just semantics but when you sign a transaction with your private key some people would call that encrypting.  

The problem is that you think such a concept exists as "private key", as if the privacy in inherent to the key. The phrase seems to imply that a private key is always private and cannot suddenly and inexplicably become known to someone else. This is a mistake, because in reality, there are only keys, which are bits of highly sensitive information, bits of math. The privacy or publicity of these bits of this information is the responsibility of whoever hold(s) keys. Always remember, information seeks to be free just as water seeks to flow down toward sea level.

[justusranvier]

I expect that Bitcoin will eventually be upgraded to use ed25519 signatures, putting to rest entirely any controversy associated with secp256k1.

Wouldn't that require a fork? or that can be done easily on the fly on a further upgrade of Bitcoin qt? how does that work.

I've heard that it can be done with a soft fork by redefining a currently-unused opcode.

[no-rice-peas]

What is your opinion, derived from the thread you link to? Do you believe the thread points to bit coin being secure?

My personal opinion, after researching it quite thoroughly, is that the NSA had zero input into the parameters used to create the specific elliptical curve (secp256k1) used by the Bitcoin protocol. 

This does not address possible weaknesses in the mathematics of elliptical curve cryptography in general. 

This does not address possible entropy issues in the random private key generation, and just as importantly the random nonce generation, of any particular implementation.

This does not address possible weaknesses in the other cryptographic subsystems used in the Bitcoin protocol, specifically the hashing algorithms.  Although I have looked into it and am personally fairly convinced that the hashing algorithms used are safe for our purposes.

I expected that answer.

My opinion is other than that.

With regard to secp256k1 do you have any facts to back up your opinion?

What concerns me is that every single vocal defender of the security of bitcoin's algorithm viz the NSA uses fallacious arguments, in my opinion, including you.

The suggestion as per your comment here is that a lack of evidence against secp256k1 would imply strength or security in bit coin, but that is not true. It's like saying "Oh, you do not live in Antarctica therefore you do not know snow". Further, the fact that such weak arguments are so pervasive concerns me.

Most bitcoiners believe it would take billions of years to crack bitcoin. But the truth is that nobody is going to crack it by brute force.

I am not a cryptographer, but I recognize bullshit and a lot of the defense of bit coin against possible NSA meddling is frankly bullshit.

1) There is a lot of material online about the NSA supposedly introducing deliberately flawed algorithms. The most serious of that material has been held back, even by Snowden.

2) Bitcoin relies on sha2 which is basically an NSA algorithm. In fact sha1 was tweaked by the NSA for reasons it chooses to keep secret.

3) The founder of bitcoin, Satoshi Nakamota, is an unknown. I understand that there is a cult feeling around him for some people but all of the facts on top of his anonymity should be cause for pause.

4) Another very popular algorithm has been documented to my satisfaction as having originated with the NSA.

[Carlton Banks]

There is a lot of material online about the NSA supposedly introducing deliberately flawed algorithms. The most serious of that material has been held back, even by Snowden.

Speaking of fallacious arguments: it's not possible to know that some material has been witheld, and that simultaneously this is known to be the most serious. By trying to make that statement sound more terrifying, you've revealed that you're making rhetorical arguments, not factual arguments.

FWIW, I'm not speaking from a position where I believe bitcoin is without any kind of dishonest influences, despite no solid facts existing to the contrary (you were asked to present some, to which you instead speculated again). But your position is one big contradiction. If the NSA or whoever are using their resources to develop cryptocurrency, it should be pretty clear from the way bitcoin has played out that they have serious intentions. I doubt anything or anyone could prevent their intended goal (whatever that is), these sorts of organisations have access to the kind of resources that no-one can challenge.

[Carlton Banks]

Again and again and again, I stress I am not a cryptographer but I am concerned by the deception and pressure tactics being used to get people to be confident that the NSA had no hand in bitcoin. Your comment is an example.

No it's not. I don't believe that NSA did not play a role. No evidence exists to suggest that they did, or that they did not. Therefore no-one (except NSA) knows. That includes you.

[MicroGuy]

Just read this disturbing article, based on recent leaks from Snowden:

http://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption

The article talks about the NSA responding to the rise in popularity of internet encryption by, among other things, deliberately weakening the algorithms in use to give themselves a back door to decrypt data. Bitcoin relies on SHA-256, originally created by the NSA. Perhaps there is a weakness that an organization with the resources of the NSA is able to exploit.

If so, that would explain why the major governments around the world seem to tolerate bitcoin. They know they can break it whenever they want. Preferable after the cartels and terrorists get comfortable and start relying on it.

No worries. There are several altcoins working on this problem now.

[imamanandyou]

I expect that Bitcoin will eventually be upgraded to use ed25519 signatures, putting to rest entirely any controversy associated with secp256k1.

Certainly bitcoin will have to be upgraded. There is simply too much uncertainty in the future in terms of processign power/trust that could possibly undermine it entirely. Through what method it is upgraded, whether it be another coin or through itself, remains to be seen.

[BillyBobZorton]

SHA256 is not going to get broken anytime soon. If that happened, it would basically mean every other electronic transaction system would get cracked as well. Bitcoin would be the least of the worries. Practically every credit card encryption is rocking the SHA256.

[becoin]

Practically every credit card encryption is rocking the SHA256.

Security that is good for banks simply isn't good enough for bitcoin. Bitcoin businesses that advertise their services to be of "banking grade" security are very funny. The "very secure" microcontrollers used in the credit cards simply shouldn't be used for bitcoin hardware wallets if they don't qualify for open source hardware!

[Father Ted]

SHA256 is not going to get broken anytime soon. If that happened, it would basically mean every other electronic transaction system would get cracked as well. Bitcoin would be the least of the worries. Practically every credit card encryption is rocking the SHA256.

I think the only people who think bitcoin is broken are the people who don't understand it and are conspiracytards who would rather invent or believe in the exciting myth and mystery of a conspiracy rather than the cold boring truth.

[R2D221]

1) Does the NSA have any interest in breaking bitcoin?
Of course.

2) Do they have the means? Do they have any influence over the cryptography?
Yes. Sha is their creation and they made special adaptations to it for reasons that are secret.

3) Has the NSA ever engaged in a similar type of deception, i.e., promoting weak cryptographics so they could seem to be breaking codes, doing their jobs, expertly?
They have. They are not so much 'code breakers' as 'con men employing code breakers who are willing to work for con men'.

That still doesn't prove that NSA has intentionally made SHA insecure. It gives them a motive, but there's no evidence.

[R2D221]

1) Does the NSA have any interest in breaking bitcoin?
Of course.

2) Do they have the means? Do they have any influence over the cryptography?
Yes. Sha is their creation and they made special adaptations to it for reasons that are secret.

3) Has the NSA ever engaged in a similar type of deception, i.e., promoting weak cryptographics so they could seem to be breaking codes, doing their jobs, expertly?
They have. They are not so much 'code breakers' as 'con men employing code breakers who are willing to work for con men'.

That still doesn't prove that NSA has intentionally made SHA insecure. It gives them a motive, but there's no evidence.

Your fallacy is in where the burden of proof lies.

Is it better to trust the good intentions of the nsa, or to use a clean algorithm so there is no need to trust them?

Do they have such a sparkling history that it is wise to trust them?

OK, if you were in control of the hashing algorithm used by Bitcoin, which one would you use and why?

[R2D221]

OK, if you were in control of the hashing algorithm used by Bitcoin, which one would you use and why?

I would use one that was not the product of the nsa, for reasons already given.

Which one? Give a concrete answer.

[justusranvier]

1) Does the NSA have any interest in breaking bitcoin?
Of course.

2) Do they have the means? Do they have any influence over the cryptography?
Yes. Sha is their creation and they made special adaptations to it for reasons that are secret.

3) Has the NSA ever engaged in a similar type of deception, i.e., promoting weak cryptographics so they could seem to be breaking codes, doing their jobs, expertly?
They have. They are not so much 'code breakers' as 'con men employing code breakers who are willing to work for con men'.

That still doesn't prove that NSA has intentionally made SHA insecure. It gives them a motive, but there's no evidence.

Your fallacy is in where the burden of proof lies.

Is it better to trust the good intentions of the nsa, or to use a clean algorithm so there is no need to trust them?

Do they have such a sparkling history that it is wise to trust them?

What would happen if, just once, the NSA was asleep at the wheel and allowed a major cryptographic tool like SHA-2 get approved without an exploitable back door, and to make things worse some status quo-threatening distributed currency started using it.

How might they recover from this blunder?

One way would be to spread FUD about SHA-2 to convince everyone to switch to a new algorithm their deep cover agents had prepared just for this event.

But on the other hand, if SHA-2 was broken and they wanted to keep the truth from getting out, they'd propose a story just like what I wrote above. Unless that's just what they want you to think.

Maybe this loop of infinite recursion of motives but no proof is not the way to go.

Instead, look at this another way.

There is an enormous financial incentive to being able to break double SHA-256. The the most obvious incentive belongs to the ASIC manufacturers, who are devoting a lot of time to building machines that try to break double SHA-256 as rapidly and efficiently as possible.

None of them have found a substantial shortcut yet, despite years of working on it.

If the NSA did have a secret method, then every single person in the organization who knew about it would have a huge incentive to profit from it personally. Could all of them resist the temptation?

I think the hash rate will tell us if/when SHA-256 is broken, because we'll see a sudden increase that's not explainable any other way. Unless or until that happens, SHA-256 is probably safe.

[no-ice-please]

OK, if you were in control of the hashing algorithm used by Bitcoin, which one would you use and why?

I would use one that was not the product of the nsa, for reasons already given.

Which one? Give a concrete answer.

That is another example of the fallacies being used to defend sha in bitcoin.

Is it not enough that I do not want to use an algorithm that was developed for and promoted by an intelligence gathering agency that for decades has used its data mainly for overseas repression?

I am not a cryptographer.

I am a person who does not want to support cryptography that will be used to target innocent people.

Are there really no options other than using an nsa algorithm?