...
As to the nature of your question, there is MONERO ( which claims to be secure ), and there is the z-cash coin family which have z-obfuscated addressses to backup the public address scheme, the thing with MONERO is its choice of ECDSA is known to be weak and have a back-door, while MONERO may be 'secure', its not secure from the ppl you should fear ( NSA wrote the ecdsa curves for monero ), like NSA wrote Secp256k1 for btc, like NSA wrote sha-256 for btc, ...
These are quite blunt statements without any reference to its origin. Also it is posted by a new member in the forum, where it is difficult to understand his level of reputation. Looking at his others post, there is no single reference, rude wording, and "look it up yourself". So credibility is low, very low.
I am wondering why @Danny Hamilton gave it some merits (probably to start a discussion on it, maybe I did not understand his merit policy correctly).
secp256k1I skimmed through some older posts, which talk about security of secp256
k1, and it is not recognizable, that NSA wrote the curves for bitcoin. The NIST recommends usage of secp256
r1 (see the "
r" for random), and NIST provides recommendations to NSA. The randomness is the factor, where people think, it is not "random" enough and includes the backdoor (implemented by the NSA). It looks like the "
k1" curve has been chosen, becuase it was known, that "
r1" is used by NSA. This is quite a complex theme, and these two links might provide more inside view:
https://bitcointalk.org/index.php?topic=937058.0https://bitcointalk.org/index.php?topic=151120.0https://bitcointalk.org/?topic=2699.0From what I can read (or even understand), secp256k1 was used for performance reasons, knowing it will loose a bit of security.
SHA256There is this thread (
https://bitcointalk.org/index.php?topic=2680267.0), which is also full of statements, but without any proof or link. Already the OP choose a name, which make the content doubtful, and the headline doesn't count at all for scientific proofs. It is good to start a discussion, but luckily this post remained unanswered.
This thread (
https://bitcointalk.org/index.php?topic=288545.0) has many links to SHA256 and NSA, but it doesn't become obvious, if there is a backdoor or not. It also looks more like speculation.
And then one can search vor NSA [secp256k1|sha256|ripemd|ECC|ECDSA] in the forum, just to find an overwhelmingly amount of non scientific comments and speculation.
This doesn't withstand scientific proofs. So I can sit more or less comfortably back, happy to know that at current point in time bitcoin is fairly secure, for the following 3 reasons:
1.) to break bitcoin, you need to crack sha256 and ripemed and ECDSA - if NSA had only one of them broken, bitcoin would be the smallest problem
2.) there is only speculation by newbies with low reputation, that NSA has hacked things. Good for bollywood movies and entertainment (and newbies), but doesn't reflect reality.
3.) Maybe there will be no mathematical proof, "only" empirical proof. A bitcoin blockchain with values in the billion dollar range gives me more trust than any centralized system that we are dependant on nowadays. It is based on hashing and signing algos, which are publicly verifiable. And you can't do this with organizations in the FIAT world...
