Supercomputing
|
|
February 05, 2014, 05:24:17 PM |
|
Someone please produce a news article with this sensational title :" The Bitcoin creator's $ 1 billion hidden reward to those who break NSA's super secret algorithm".
Hmmm, a catch-22: If an intelligent person can derive a fast enough algorithm to invert SHA-2 (256-bit), then he can also use it to mine Bitcoins faster than anyone else and gain complete control of the network. And therefore, he has no incentive to share the knowledge. But if an intelligent person can derive a fast enough algorithm to break ECDSA signatures based on secp256k1, then he will have complete control of the crypto economy. His only option will be to keep the algorithm private. He has no incentive to share the knowledge because he can now manipulate transactions at will.
|
|
|
|
RussHarben
Newbie
Offline
Activity: 23
Merit: 0
|
|
February 23, 2017, 01:43:06 PM |
|
|
|
|
|
BornBlazed
|
|
February 23, 2017, 02:00:54 PM |
|
A double spend with 3 confirms?? i never thought i would see the day. Is this not a Zero day and needs too be patched? should we be happy this collision happened??
|
|
|
|
jackjack
Legendary
Offline
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
|
|
February 23, 2017, 02:05:49 PM Last edit: February 23, 2017, 07:54:15 PM by jackjack Merited by o_e_l_e_o (4), ABCbits (3), suchmoon (2) |
|
A double spend with 3 confirms?? i never thought i would see the day. Is this not a Zero day and needs too be patched? should we be happy this collision happened??
Not a problem, the other ones are not confirmed How the guy did it: - The first SHA1 collision ever has been found today: https://shattered.io/ - He took the data from the header to the "collision blocks" (see image at bottom, 320 bytes) - With the data after these blocks (from JPEG data to PDF footer) being the same and the 2 hashes having the same value, we know the hashes of "header -> collision blocks" will be the same due to what SHA1 is Congratulations to 1EohDhHJT9byKsYhxp5zX6PNkuGhxoEu9r, I completely forgot this challenge By the way, it looks like 1aa5cmqmvQq8YQTEqcTmW7dfBNuFwgdCD is trying something: https://blockchain.info/fr/address/37k7toV1Nv4DfmQbmZ8KuZDQCYK9x5KpzPThis guy is known: https://bitcointalk.org/index.php?topic=1572130.0 (amaclin: https://bitcointalk.org/index.php?action=profile;u=197593, Trust: -512: -9 / +0 Warning: Trade with extreme caution!) Obviously he ran a bot checking if the challenge is solved and trying to double-spend using the challenge answer before the real winner is confirmed
|
Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2 Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
February 23, 2017, 05:00:56 PM |
|
Obviously he ran a bot checking if the challenge is solved and trying to double-spend using the challenge answer before the real winner is confirmed In fact the bot is looking for all inputs which do not require signing by private key
|
|
|
|
Slamm-0!
Newbie
Offline
Activity: 7
Merit: 0
|
|
February 23, 2017, 05:14:57 PM |
|
... meanwhile, MD5 is still widely used
|
|
|
|
Infinum
Newbie
Offline
Activity: 43
Merit: 0
|
|
February 23, 2017, 07:40:31 PM |
|
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
|
|
February 24, 2017, 01:15:31 AM |
|
Congratulations! I had completely forgotten about this thread.
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
|
|
|
manselr
Legendary
Offline
Activity: 868
Merit: 1006
|
|
February 24, 2017, 06:51:40 PM |
|
Is it a coincidence that this happened right when bitcoin was shattering throught the ATH?
Anyway, as far as I know we are safe for years with SHA256, or satoshi said so some years ago, he said we wouldnt see a SHA256 collision in our lifetime.
|
|
|
|
jackjack
Legendary
Offline
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
|
|
February 24, 2017, 07:42:10 PM |
|
Is it a coincidence that this happened right when bitcoin was shattering throught the ATH?
Anyway, as far as I know we are safe for years with SHA256, or satoshi said so some years ago, he said we wouldnt see a SHA256 collision in our lifetime.
Yeah that's funny it happened the same day but I don't see how this could be related And hopefully we won't see an SHA256 collision in our lifetime but you never know, it may have a major flaw discovered in the following years Here the team founds an algorithm 100000 times faster than bruteforcing
|
Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2 Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
|
|
|
freemanjackal
|
|
February 25, 2017, 12:49:47 AM |
|
sha256 for now can sleep peacefully, i dont know for how long, every day hardaware processing capabilities increase, and the news about china's quantum computer may affect all this
|
|
|
|
tomtomtom7
Jr. Member
Offline
Activity: 38
Merit: 18
|
|
February 25, 2017, 02:56:58 PM |
|
Stealing someone's coins by breaking ECDSA is not the same as a reward specifically for breaking something.
That is an interesting distinction as this implies that the blockchain should recognize some form of legal or moral ownership defined outside of the blockchain. An alternative view more in line with the decentralized nature of bitcoin, is that "ownership" is simply defined as being able to produce a valid input script for an output script. As such, someone being able to find the private key of an early public key by whatever means, must be considered the "owner". It doesn't matter if the keys are found on an (owned) usb-stick or by trial and error,
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
|
|
February 25, 2017, 04:07:54 PM |
|
You may not recognize or agree with a or any legal distinction between stealing someone's BTC and claiming a BTC reward as was done here in this thread or is being done in the puzzle transaction. But there is a huge moral distinction between the two: stealing someone's BTC is wrong, claiming a BTC reward is not wrong. Just because you can do something does not make it morally right.
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
|
|
|
tomtomtom7
Jr. Member
Offline
Activity: 38
Merit: 18
|
|
February 25, 2017, 05:06:27 PM |
|
You may not recognize or agree with a or any legal distinction between stealing someone's BTC and claiming a BTC reward as was done here in this thread or is being done in the puzzle transaction. But there is a huge moral distinction between the two: stealing someone's BTC is wrong, claiming a BTC reward is not wrong. Just because you can do something does not make it morally right. Not all cases are morally clear cut. What if someone disagrees with how someone else acquired the coins in the first place? A more interesting example of how "stealing" becomes fuzzy is LN payment channels. What if I close a channel with an earlier stage to my advantage, and I succeed because my peer for some reason fails to monitor the blockchain? Am I stealing? Not really. My gains would be the result of an explicit and well known clause of our contract. Would you consider this morally wrong? I think we should value the programmatic rules of contracts and as such not judge these types of theft in the same way as we would do with theft in the "real" world.
|
|
|
|
manselr
Legendary
Offline
Activity: 868
Merit: 1006
|
|
February 25, 2017, 05:24:12 PM |
|
Is it a coincidence that this happened right when bitcoin was shattering throught the ATH?
Anyway, as far as I know we are safe for years with SHA256, or satoshi said so some years ago, he said we wouldnt see a SHA256 collision in our lifetime.
Yeah that's funny it happened the same day but I don't see how this could be related And hopefully we won't see an SHA256 collision in our lifetime but you never know, it may have a major flaw discovered in the following years Here the team founds an algorithm 100000 times faster than bruteforcing If a SHA256 collision happens what is the worst scenario? I think I would have a hearth attack or something. How would the Core team proceed in order to make the switch to a safe algo? Would it be an absolute fuckfest or it is a smooth process? Because I presume we wouldn't have a lot of time to waste being exposed with SHA256 through the transition. Could anti Core trolls or just bitcoin attackers in general try to delay the switch or somehow block it? I hope those things are properly planned in the unfortunate even that happens otherwise im not going to be able to sleep ever again.
|
|
|
|
jackjack
Legendary
Offline
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
|
|
February 25, 2017, 05:36:35 PM |
|
Is it a coincidence that this happened right when bitcoin was shattering throught the ATH?
Anyway, as far as I know we are safe for years with SHA256, or satoshi said so some years ago, he said we wouldnt see a SHA256 collision in our lifetime.
Yeah that's funny it happened the same day but I don't see how this could be related And hopefully we won't see an SHA256 collision in our lifetime but you never know, it may have a major flaw discovered in the following years Here the team founds an algorithm 100000 times faster than bruteforcing If a SHA256 collision happens what is the worst scenario? I think I would have a hearth attack or something. How would the Core team proceed in order to make the switch to a safe algo? Would it be an absolute fuckfest or it is a smooth process? Because I presume we wouldn't have a lot of time to waste being exposed with SHA256 through the transition. Could anti Core trolls or just bitcoin attackers in general try to delay the switch or somehow block it? I hope those things are properly planned in the unfortunate even that happens otherwise im not going to be able to sleep ever again. https://en.bitcoin.it/wiki/Weaknesses#Breaking_the_cryptography
|
Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2 Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
|
|
|
GameunitsSEO
Member
Offline
Activity: 84
Merit: 10
Entrepreneur
|
|
February 25, 2017, 05:47:19 PM |
|
http://www.coindesk.com/who-broke-the-sha1-algorithm-and-what-does-it-mean-for-bitcoin/SHA1 is like MD5 No Panic guys SHA1 has also been deemed quite vulnerable to collision attacks which is why all browsers will be removing support for certificates signed with SHA1 by January 2017. SHA256 however, is currently much more resistant to collision attacks as it is able to generate a longer hash which is harder to break.
|
Gameunits We're enabling the 2 billion unbanked Gamers to shop on any online merchant.
|
|
|
freemanjackal
|
|
February 25, 2017, 09:32:24 PM |
|
thats something we could see it coming, thats why it was developed sha256 and some other algos, like will be created many more algos to replace sha256, it will be interesting to see what would btc core developers do on those coming scenarios
|
|
|
|
Syke
Legendary
Offline
Activity: 3878
Merit: 1193
|
|
February 27, 2017, 10:52:42 PM |
|
4) "When Will We See Collisions for SHA-1?" - Bruce Schneier -https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html
Bruce sure knows his stuff. A collision attack is therefore well within the range of what an organized crime syndicate can practically budget by 2018, and a university research project by 2021.
...the need to transition from SHA-1 for collision resistance functions is probably more urgent than this back-of-the-envelope analysis suggests.
Any increase in the number of cores per CPU, or the number of CPUs per server, also affects these calculations. Also, any improvements in cryptanalysis will further reduce the complexity of this attack.
|
Buy & Hold
|
|
|
realdantreccia
|
|
July 21, 2020, 03:28:12 AM |
|
Not to take away from Peters wonderful challenge to the world but shouldn't this have been better directed at the ECDSA weaknesses implied by Schnier assuming of course this was his motivation for posting this?
I don't believe there is a way to construct such a thing— beyond all the coins which are pay to pubkey (e.g. early unspent blocks) and all the coins which are assigned to addresses which have spent before so the pubkey is known. I'm not sure if anyone has identified any known-lost pay to pubkeys which can be redeemed without stealing from someone. Might be good for someone to do that. Here you go. https://block.d.evco.in/tx/e61339a40aa4e90e983fe0d64cf09eed5fa1e6eac227b6761f06ac7af1929bafNot sure how to redeem myself. But there's the same pubkey as BTC Block 0.
|
From the many one, from one, the source
|
|
|
|