Bitcoins - Secured by NSA designed Encryption or Backdoored ?

[xb0x]

It's been nearly three months since Edward Snowden started telling the world about the National Security Agency & mass surveillance of global communications.
After the last week report that the National Security Agency has leveraged its cooperative relationships with specific industry partners to insert vulnerabilities into Internet security products.

Bitcoin, a virtual currency, a peer-to-peer electronic cash system, which is generated on a logarithmic scale by dedicated miners who run software that generate the complex hash codes which make up a Bitcoin.
The integrity of Bitcoin depends on a hash function called SHA-256, which was designed by the NSA and published by the National Institute for Standards and Technology (NIST).
Is it hard to believe that could the intelligence community have a secret exploit for Bitcoin? & While there is no evidence yet to support the speculation.
If you assume that the NSA did something to SHA-256, which no outside researcher has detected, what you get is the ability, with credible and detectable action, they would be able to forge transactions. The really scary thing is somebody finds a way to find collisions in SHA-256 really fast without brute-forcing it or using lots of hardware and then they take control of the network. Cryptography researcher Matthew D. Green of Johns Hopkins University said.
Bitcoin has recently added in the watchlist of the New York Department of Financial Services, the California Department of Financial Institutions and U.S Government is asking all intelligence & agencies & for information on how it plans to deal with Bitcoin.
The NSA apparently possesses groundbreaking capabilities against encrypted voice and text communication and has invested billions of dollars since 2000 to make nearly everyone & secrets available for government consumption by & cracking every encryption. But we donknow precisely how much, maybe including Bitcoin too?

Last month, we reported an Android security vulnerability</a> which resulted in the theft of coins, because of Weak random number generators (RNGs) was implicated in Bitcoin.& Is it possible that this vulnerability was known to be weak by the NSA, and that bitcoin thieves simply stumbled upon the security hole first?


( Source ) More? Here :  http://thehackernews.com/2013/09/NSA-backdoor-bitcoin-encryption-sha256-snowden.html



So, what do you think about it?

[Carlton Banks]

I think that,

This is wrong:

Bitcoin, a virtual currency, a peer-to-peer electronic cash system, which is generated on a logarithmic scale by dedicated miners who run software that generate the complex hash codes which make up a Bitcoin.

This is riiiight, but 20 years field use + expert/academic analysis hasn't produced viable exploit etc....

The integrity of Bitcoin depends on a hash function called SHA-256, which was designed by the NSA and published by the National Institute for Standards and Technology (NIST).
Is it hard to believe that could the intelligence community have a secret exploit for Bitcoin? & While there is no evidence yet to support the speculation.
If you assume that the NSA did something to SHA-256, which no outside researcher has detected, what you get is the ability, with credible and detectable action, they would be able to forge transactions. The really scary thing is somebody finds a way to find collisions in SHA-256 really fast without brute-forcing it or using lots of hardware and then they take control of the network.

This is speculation about exploits, only hard facts are institutional policies and intents:  

Bitcoin has recently added in the watchlist of the New York Department of Financial Services, the California Department of Financial Institutions and U.S Government is asking all intelligence & agencies & for information on how it plans to deal with Bitcoin.
The NSA apparently possesses groundbreaking capabilities against encrypted voice and text communication and has invested billions of dollars since 2000 to make nearly everyone & secrets available for government consumption by & cracking every encryption. But we donknow precisely how much, maybe including Bitcoin too?

And that this is the only aspect of the quoted piece that deals with known and fully understood exploits:

Last month, we reported an Android security vulnerability</a> which resulted in the theft of coins, because of Weak random number generators (RNGs) was implicated in Bitcoin.& Is it possible that this vulnerability was known to be weak by the NSA, and that bitcoin thieves simply stumbled upon the security hole first?

[p2pbucks]

there is no backdoor in a open discussed algorithm

[kjlimo]

If a billion isn't enough to entice people to crack it, I don't know what would be enough...

[empoweoqwj]

'After the last week report that the National Security Agency has leveraged its cooperative relationships with specific industry partners to insert vulnerabilities into Internet security products.'

And none of them are open source. which is the point. bitcoin is open source. if it wasn't, it would be dead in the water.

[Kluge]

ETA: Didn't realize this thread remained active. No reason for me to spout off on things I don't know. https://bitcointalk.org/index.php?topic=288545.0

[StarfishPrime]

...
Last month, we reported an Android security vulnerability</a> which resulted in the theft of coins, because of Weak random number generators (RNGs) was implicated in Bitcoin.& Is it possible that this vulnerability was known to be weak by the NSA, and that bitcoin thieves simply stumbled upon the security hole first?

( Source ) More? Here :  http://thehackernews.com/2013/09/NSA-backdoor-bitcoin-encryption-sha256-snowden.html

So, what do you think about it?

The likelihood that the RNG "problem" was at least known to certain agencies should be considered high.

Any bitcoin address, existing or future, created using a compromised or purposely weakened RNG is vulnerable to address collision by brute force (the probability is so close to zero it can be ignored with a good RNG algorithm). "Offline" storage (i.e. paper wallets, USB keys etc) are not exempt if they were created using a compromised RNG.
It's a trivial and virtually undetectable attack that could be conducted entirely offline with nothing more than a copy of the blockchain (except for sweeping the bitcoin of course).

Similar attacks on deterministic wallets are already commonplace: Just try a brain wallet with "Hello World" (or "Goodbye Bitcoin") as a passphrase...

[StarfishPrime]

'After the last week report that the National Security Agency has leveraged its cooperative relationships with specific industry partners to insert vulnerabilities into Internet security products.'

And none of them are open source. which is the point. bitcoin is open source. if it wasn't, it would be dead in the water.

Unfortunately there's no guarantee or requirement that bitcoin clients, online wallets, paper wallet generators etc. use verified, open source random number generation instead of some generic Windows or Android SDK "random()" function.
 

[ArticMine]

Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.

Edward Snowden http://www.theguardian.com/world/2013/jun/17/edward-snowden-nsa-files-whistleblower

I prefer to go directly to the source. So what are the endpoints here? For most people the endpoints are:
1) A Microsoft Windows computer (or even far worse a Windows 8 RT device). Note: Early versions of Microsoft Windows such as Windows 3.1 or Windows NT may be fine.
2) A mobile device running  IOS
3) A mobile device running unrooted Android
4) A MacOS computer. It is possible this is a low risk in a propriety OS; however Apple's strong support for lockdown in IOS means that MacOS should not be trusted also

The backdoors are likely in blobs of propriety code in a propriety OS or in add on propriety applications such as CarrierIQ http://en.wikipedia.org/wiki/Carrier_IQ that require root to remove in Android. One must also keep in mind that modern Windows Operating Systems and IOS are designed  from the ground up to lock out the owner of the device from key parts of the OS in order to implement DRM. So the same DRM components in the OS can be used to create all sorts of backdoors outside the device owner's control.

To understand how DRM is so intimately related to back doors on only needs to look at the recent Android vulnerability that was recently used to steal Bitcoins. The vulnerability in Android was detected and Google issued a patch. So far so good, but what happens if the device manufacturer or the telco does not push the patch to the end users? If the device is not rooted the vulnerability remains. If the owner of the device takes back control and roots the device then the owner can secure the device, by installing the patch, and prevent the Bitcoin theft. This however brakes the DRM in the device and makes the MPAA, RIAA and other copyright holders vulnerable to piracy by the device owner.

The choice to me here is very simple, secure Bitcoins, or full DRM support in the OS but not both. I use GNU / Linux for my Bitcoins for this very simple reason and can sleep well at night knowing that the GPL v3 code deep within GNU / Linux helps keep my Bitcoins safe.

[StarfishPrime]

The choice to me here is very simple, secure Bitcoins, or full DRM support in the OS but not both. I use GNU / Linux for my Bitcoins for this very simple reason and can sleep well at night knowing that the GPL v3 code deep within GNU / Linux helps keep my Bitcoins safe.

+1

[bitsalame]

there is no backdoor in a open discussed algorithm

Well, it is really hard to be categorical in saying that there is NO backdoor in open source AT ALL.
Actually being open can allows an army of programmers posing as contributors attempting to introduce a carefully crafted glitch with plausible deniability in mind that could go undetected for a while.

So it is not really impossible, but way more complicated demanding a lot of planning and effort.
The hard part in an algorithm I guess is to be able to convince people that a bad idea is actually a good one.
So I guess that instead of messing with an open algorithm, it would be easier to be messing up with its implementation.

@ArticMine Very insightful. DRMs could be NSA's secret weapons. It would make a lot of sense actually, I always thought that the RIAA and the MPAA had a ridiculous amount of power for mere creative and commercial rights. Especially considering the shady and aggressive tactics to implement DRMs such as the infamous Sony Rootkit.

[Dabs]

People reverse engineer closed sourced apps and tools all the time. Open source makes it a lot easier to dissect something.

There is no backdoor in SHA-2.

The NSA also contributed to the s-box design of DES a long time ago, and it was discovered that they actually strengthened it against differential cryptanalysis.

[ArticMine]

there is no backdoor in a open discussed algorithm

Well, it is really hard to be categorical in saying that there is NO backdoor in open source AT ALL.
Actually being open can allows an army of programmers posing as contributors attempting to introduce a carefully crafted glitch with plausible deniability in mind that could go undetected for a while.

So it is not really impossible, but way more complicated demanding a lot of planning and effort.
The hard part in an algorithm I guess is to be able to convince people that a bad idea is actually a good one.
So I guess that instead of messing with an open algorithm, it would be easier to be messing up with its implementation.

@ArticMine Very insightful. DRMs could be NSA's secret weapons. It would make a lot of sense actually, I always thought that the RIAA and the MPAA had a ridiculous amount of power for mere creative and commercial rights. Especially considering the shady and aggressive tactics to implement DRMs such as the infamous Sony Rootkit.

There is actually a very good case for DRM as an NSA secret weapon. The following NSA document from the Snowden leaks: http://cryptome.org/2013/09/nsa-sigint-enabling-propublica-13-0905.pdf refers in the first paragraph to

... the consumer and other adversaries ...

with no mention on the other hand of adversaries such as "terrorists" or "foreign governments". This begs the question: In which widespread application of cryptography is the consumer the primary adversary? The answer of course is DRM. The other thing to keep in mind is that between 2001 and 2006 Microsoft spent billions of USD in order to rewrite major parts of Windows. This was ostensibly in order to perform the complete lockdown of the operating system required to support high definition content protection (HDCP) a form of DRM required as part of the Blu-ray specification. Microsoft paid a very high financial price for this so a purely commercial justification is very hard to find here. The move between XP and Vista was a very significant step in the gradual road between the very open nature of Microsoft Windows in the 1990s and the complete lockdown with DRM of Windows 8 RT today.

The Sony rootkit of 2005 http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal was very significant because it illustrated very clearly the very close relationship between malware and DRM. In reality they are both trying to solve the same problem with the same adversary, so it is hardly surprising that they would use very similar techniques or that one can be a vector for the other.