SHA-256 has no backdoors =/= Bitcoin has no backdoors

[Come-from-Beyond]

There has been a lot of threads about Snowden, NSA and broken crypto started recently. Some guys asked what if NSA could break SHA-256, others answered that SHA-256 was analyzed by a lot of cryptomaniacs and noone has found a weakness yet... Ok, but Bitcoin uses double SHA-256. It's not that SHA-256, it's a completely different algo. What if Sha256() function applied to itself gives an outcome that correlates to the input? Like if we took f(x)=1/x and calculated f(f(5)) which is 5.

Of course, we can only speculate about this. I just want to point that it's not correctly to discuss security of Bitcoin mining algo applying well-studied features of conventional SHA-256.

[phillipsjk]

Why don't you read up on Tripple-DES and then restate your question?

Hint: Running SHA-256 twice does not in any way make it less secure.

[shep80]

Double SHA-256 still relies on the underlying properties of SHA-256...

With 3DES and the like, it is more than just DES three times. With bitcoin, it is just SHA-256 twice. It's quite good but the argument could be made having an alternate middle hash function would be "more" secure.

Regardless, if SHA-256 has serious issues bitcoin is the least of the problems 

[AndrewWilliams]

Read the latest, whether they can crack it or not, it doesn't matter since they had backdoors planted in it.

[Come-from-Beyond]

Hint: Running SHA-256 twice does not in any way make it less secure.

Care to prove?

With bitcoin, it is just SHA-256 twice.

Care to prove?

Double SHA-2, therefore, cannot be weaker than single SHA-2.

Doubtful, sorry.

[polarhei]

Each arithmetic has its weakness. Even these people has to leave a small paper (never be written in direct term, just relative) about it before announces, the cracking takes long time to deal with. Even Bank-level encryption.

So, two-step just take longer before broken. This is the nature of encryption. Do you know the case of the U submarine story? Better to read again.

[phillipsjk]

Care to prove?

fpgaminer proved it; you are just bad at math (basing this partially on your previous thread). If you are of Middle-school age, the math may be just a little advanced for you.

I mentioned 3DES because it is an example of a weak algorithm being strengthened by repeated application.

Running SHA-256 twice buys us some time if 'single' SHA-256 is found to be broken.

If you want to confirm that Bitcoin simply runs the standard SHA-256 twice, you have only to check the source-code.

[Jace]

If double SHA-2 were weaker than single SHA-2, one could simply use that construct to weaken single SHA-2.  In other words, let's suppose someone discovered that double SHA-2 can be broken with 2^80 operations (instead of the usual 2^256 for a pre-image attack).  Given that, anyone trying to attack SHA-2 could just, ya know, run SHA-2 on the hash they're trying to break and then perform 2^80 operations to break it and recover the original input.

Not true. Given a hash value h, if you 'recover' the original some input x such that Sha2(Sha2(x))=Sha2(h), this does not imply Sha2(x)=h.

[Come-from-Beyond]

fpgaminer proved it; you are just bad at math (basing this partially on your previous thread). If you are of Middle-school age, the math may be just a little advanced for you.

Hehe. U r close to compare me with Hitler.

I mentioned 3DES because it is an example of a weak algorithm being strengthened by repeated application.

Running SHA-256 twice buys us some time if 'single' SHA-256 is found to be broken.

If u r not a schoolboy u should use mathematical notation instead of vague words. Try again.

If you want to confirm that Bitcoin simply runs the standard SHA-256 twice, you have only to check the source-code.

Ta, I know that.

[kokjo]

double sha2 is weaker then sha2 in some aspects.

im not sure that anyone have ever proven that sha2 hits its whole 'probability' space(2^256), if doesn't do that it will be loosing entropy by repeated applications.

more data in(a big fat block of data), means more random out. less data in(a single 256-bit sha2 hash), means less random out.

[AndrewWilliams]

Many of you seem to be lost in translation.


SHA-256 HAS BACKDOORS.

LIKE WINDOWS OS HAS BACKDOORS. That means NSA works with Windows to plant backdoors to access any system. NSA purposely weakens software and plants backdoors in it, SHA-256 is no exception.

[Wilikon]

If proven, I believe this will be the end of a lot of industries based on 100% trust, like bitcoin. If bitcoin falls, the next domino will follow: Wall Streets, military top secrets all over the world, etc.

This may even fork the internet. The whole internet.

[phillipsjk]

Hehe. U r close to compare me with Hitler.

Uh, no.

If u r not a schoolboy u should use mathematical notation instead of vague words. Try again.

The wikipedia page gives a little more detail about 3DES. Encrypting 3 times does not triple the strength of the cipher. However, it also does not weaken it.

double sha2 is weaker then sha2 in some aspects.

im not sure that anyone have ever proven that sha2 hits its whole 'probability' space(2^256), if doesn't do that it will be loosing entropy by repeated applications.

more data in(a big fat block of data), means more random out. less data in(a single 256-bit sha2 hash), means less random out.

So kokjo is pointing out that nobody has proven that SHA-256 has a completely uniform probability distribution.

That does not imply that a second iteration makes the combined hash weaker for the reason fpgaminer pointed out. The example he used was to assume double-SHA-256 has about the same cryptographic strength as MD5. I will make a weaker assumption: assume the second hash has reduced variability because of the limited input size.

Once the attacker determines the intermediate hash in 2⁸⁰ time, they have a problem: they must now break the remaining 'single' hash. I suppose I should prove that later rounds don't undo the work of earlier rounds: but frankly, I don't have the time right now.

[Kazimir]

SHA-256 HAS BACKDOORS.

PROOF OR STFU.

(oh and by the way...)

[AndrewWilliams]

SHA-256 HAS BACKDOORS.

PROOF OR STFU.

(oh and by the way...)

Shhh.... if people hear you talk, they'll know you're dumb. 

[solex]

SHA-256 HAS BACKDOORS.

References?
Papers?
Links?
Actor_Tom_Truong say-so?

Anything?

[Galahad]

Some pretty childish bickering going on here but anyway.

There have been many discussions about this subject already, I would dig them out as they have already dealt with these concerns. The best thing I've heard out of it is that the Bitcoin algorithm has been testing for 20years and not even a theoretical weakness has been found by the best experts in the world. I don't think any power of resources could overcome that fact. It would be like 1000 monkeys trying to write Shakespear. The latest theory I've read is that they can decrypt RC4 only which is very old and has known weaknesses (used in WEP wifi and SSL). Despite these weaknesses it is still used very heavily across the web (god know's why).

You can get an addon for Firefox called Calomel if you want to see how regularly RC4 and other is used.

EDITED
https://bitcointalk.org/index.php?topic=288545.0
https://bitcointalk.org/index.php?topic=291217.0

In particular:
https://bitcointalk.org/index.php?topic=288545.msg3091137#msg3091137

[Come-from-Beyond]

Don't worry guys, we always can move to Litecoin...

[hashman]

Many of you seem to be lost in translation.


SHA-256 HAS BACKDOORS.

LIKE WINDOWS OS HAS BACKDOORS. That means NSA works with Windows to plant backdoors to access any system. NSA purposely weakens software and plants backdoors in it, SHA-256 is no exception.

It's worse than you think.  All they need is 8 BITS of a SHA-256 message digest and they can backdoor their way to reconstructing your arbitrary length message.  Incidentally this is the same tech they use to store a full year of global telecoms traffic on a thumb drive.     

[deepceleron]

Many of you seem to be lost in translation.


SHA-256 HAS BACKDOORS.

LIKE WINDOWS OS HAS BACKDOORS. That means NSA works with Windows to plant backdoors to access any system. NSA purposely weakens software and plants backdoors in it, SHA-256 is no exception.

It's worse than you think.  All they need is 8 BITS of a SHA-256 message digest and they can backdoor their way to reconstructing your arbitrary length message.  Incidentally this is the same tech they use to store a full year of global telecoms traffic on a thumb drive.

Now you've gone full retard. How about I give you the first 32 bits of every Bitcoin block hash and you reconstruct the message (hint: they are all 0x00000000h).

If I have a SHA256 hash, it will likely correspond to collision with two 257 bit messages, four 258 bit messages, etc. The "arbitrary length message" of Bitcoin is a never-before-seen merkle tree of 256 bit hashes; the information in the hash cannot possibly be used to derive the ~250KB of data per block.