pengcqu (OP)
Newbie
 Offline
Activity: 56
Merit: 0
|
 |
October 22, 2013, 01:20:22 PM |
|
If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Make sure you back up your wallet regularly! Unlike a bank account, nobody can help you if you lose access to your BTC.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
pengcqu (OP)
Newbie
Offline
Activity: 56
Merit: 0
|
|
October 22, 2013, 01:21:19 PM |
|
It would happen in feature.
|
|
|
|
|
gmaxwell
Moderator
Legendary
Offline
Activity: 4158
Merit: 8382
|
|
October 22, 2013, 01:34:31 PM |
|
I'm sure your english is much better than my ability to speak whatever language that you're native in, but I still can't understand your question.
Perhaps you could also try google translate?
|
|
|
|
|
piotr_n
Legendary
Offline
Activity: 2053
Merit: 1354
aka tonikt
|
|
October 22, 2013, 01:43:49 PM
Last edit: October 22, 2013, 02:32:41 PM by piotr_n |
|
There have been uncertainties concerning the security of ECDSA.
We still don't know how they chose the curve params and it doesn't seem that they are going to tell us.
It would be useful to at least add support for RSA/DSA signed transaction, in parallel to the ECDSA.
Then people could at least diversify their savings - e.g. split it 50:50 between ECDSA and RSA protected addresses.
This kind of change needs a hard fork and so the sooner you put it in, the better.
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
|
Rannasha
|
|
October 22, 2013, 02:30:34 PM |
|
If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?
Bitcoin addresses can't be "cracked" by simply using a more powerful computer. Not now, not in 10 year, not in 1000 year. The amount of bruteforce computation power required would use up all the energy in the universe. Of course, if a flaw is found in the algorithm that is used to generate bitcoin addresses from private keys, it's a different story alltogether. |
|
|
|
|
piotr_n
Legendary
Offline
Activity: 2053
Merit: 1354
aka tonikt
|
|
October 22, 2013, 02:48:10 PM
Last edit: October 22, 2013, 03:02:24 PM by piotr_n |
|
Bitcoin addresses can't be "cracked" by simply using a more powerful computer. Not now, not in 10 year, not in 1000 year. The amount of bruteforce computation power required would use up all the energy in the universe. We are not talking about bruteforcing, per se. The whole security of ECDSA is based on the assumption that the sign function (which takes the hash, random R and private key D, calculating S that corresponds to the public key) cannot be reversed with far fewer resources, using some not yet publicly known algorithm. The math behind it is quite complex and the mathematicians are not entirely certain whether it is in fact impossible to reverse the function. In other words: it has not been mathematically proven that it is impossible to calculate D, having the public key, the hash, R and S. Moreover: we know for sure that if you reuse the same R with a different hash, the way to calc D is pretty straight forward. Now, using a different R the only thing that makes calculating D not straight forward is a magic behind a shape of the curve... And the curve has been shaped by people who don't tell us how they did it  |
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3388
Merit: 4615
|
|
October 22, 2013, 03:02:37 PM |
|
The whole security of ECDSA is based on the assumption that the sign function (which takes the hash, random R and private key D, calculating S that corresponds to the public key) cannot be reversed with far fewer resources, using some not yet publicly known algorithm.
The math behind it is quite complex and the mathematicians are not entirely certain whether it is in fact impossible to reverse the function.
Use a new address for every transaction (as suggested in the white paper). Problem solved. Now, the only way to steal coins is to reverse the RIPEMD-160 hash function to find a valid SHA-256 hash ANDthen reverse the SHA-256 hash function to find a valid public key ANDthen reverse the public key generation to find a valid private key All without having a signature to work from. If any one or two of these functions become weak due to some newly discovered exploit, the bitcoins will continue to be protected by the remaining functions, allowing time for the bitcoin community to replace the weakened cryptographic functions. |
|
|
|
|
piotr_n
Legendary
Offline
Activity: 2053
Merit: 1354
aka tonikt
|
|
October 22, 2013, 03:04:21 PM |
|
The whole security of ECDSA is based on the assumption that the sign function (which takes the hash, random R and private key D, calculating S that corresponds to the public key) cannot be reversed with far fewer resources, using some not yet publicly known algorithm.
The math behind it is quite complex and the mathematicians are not entirely certain whether it is in fact impossible to reverse the function.
Use a new address for every transaction (as suggested in the white paper). Problem solved. Not quite. Because before your transaction gets mined, the public key and R is still exposed to the world and if someone can calc the D from it fast enough, he can spend your money before you. |
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
drawingthesun
Legendary
Offline
Activity: 1176
Merit: 1015
|
|
October 22, 2013, 03:06:28 PM |
|
To put this into perspective, if we cloned the fastest supercomputer in the world right now and made one for every atom in not one, but 100,000 people, we would have the capability to crack Bitcoin addresses through brute force. Math: (speed of current top super in flops, times amount of atoms in a human times 100,000, this gives 1 order of magnitude larger than needed to assume 10 flop operation equilviant is required for creating a Bitcoin addresses and testing balance) http://www.wolframalpha.com/input/?i=38+x+10%5E15+x+7+x+10%5E27+x+10%5E5Top super: http://en.wikipedia.org/wiki/Tianhe-2 |
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3388
Merit: 4615
|
|
October 22, 2013, 03:14:43 PM |
|
The whole security of ECDSA is based on the assumption that the sign function (which takes the hash, random R and private key D, calculating S that corresponds to the public key) cannot be reversed with far fewer resources, using some not yet publicly known algorithm.
The math behind it is quite complex and the mathematicians are not entirely certain whether it is in fact impossible to reverse the function. Use a new address for every transaction (as suggested in the white paper). Problem solved. Not quite. Because before your transaction gets mined, the public key and R is still exposed to the world and if someone can calc the D from it fast enough, he can spend your money before you. True, if ECDSA was so broken that the private key could be calculated in minutes (or faster) instead of days. Your bitcoins would be safe so long as you don't try to spend them. If (after ECSDA is so broken) you were going to try to spend bitcoins that were received at a legacy address (one requiring an ECDSA signature), then it would require that there be some trusted mining operations. You could then submit the transaction directly to the trusted mining operations, bypassing all other peers. The mining operations would need to be trusted not to re-broadcast the transaction, and not to take advantage of the ECDSA weakness. When you spend the bitcoins, you would want the receiving address to use the new unbroken signature and/or hash functions. |
|
|
|
|
|
waltermot321
|
|
October 22, 2013, 03:17:54 PM |
|
If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?
Bitcoin addresses can't be "cracked" by simply using a more powerful computer. Not now, not in 10 year, not in 1000 year. The amount of bruteforce computation power required would use up all the energy in the universe. Of course, if a flaw is found in the algorithm that is used to generate bitcoin addresses from private keys, it's a different story alltogether. Anything is possible, I remember people saying Litecoin is anti FPGA.. |
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
October 22, 2013, 04:00:27 PM |
|
Now, the only way to steal coins is to reverse the RIPEMD-160 hash function to find a valid SHA-256 hash
AND
then reverse the SHA-256 hash function to find a valid public key
AND
then reverse the public key generation to find a valid private key
Why does someone need to reverse an algo to get exact match? Probabilistic approach combined with brute force gives results much faster. Read more - http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.215.1617&rep=rep1&type=pdf |
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3388
Merit: 4615
|
|
October 22, 2013, 04:13:45 PM |
|
Why does someone need to reverse an algo to get exact match?
Poor choice of words on my part. When I said "reverse the . . . hash function", I meant to do the opposite of what the hash function is intended to do, regardless of the method chosen. In other words, a hash function is designed to provide a digest when given a message. When I say "reverse the . . . hash function", I mean to provide a message when given its digest. The conditions on the message being that it is exactly 256 bits long and has the given digest as the result of performing the intended hash on it. |
|
|
|
|
|
hayek
|
|
October 22, 2013, 04:29:20 PM |
|
but potato?
|
|
|
|
|
oleganza
Full Member
Offline
Activity: 200
Merit: 104
Software design and user experience.
|
|
October 22, 2013, 06:41:11 PM |
|
If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?
If one day something about Bitcoin is cracked, it will be fixed, bogus transactions reverted by miners, some people will lose some money and then life will go on. Abandoning Bitcoin is equivalent to everyone losing all their wealth. That's not going to happen without a fight. |
Bitcoin analytics: blog.oleganza.com / 1TipsuQ7CSqfQsjA9KU5jarSB1AnrVLLo
|
|
|
pengcqu (OP)
Newbie
Offline
Activity: 56
Merit: 0
|
|
October 25, 2013, 09:20:18 AM |
|
If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?
Bitcoin addresses can't be "cracked" by simply using a more powerful computer. Not now, not in 10 year, not in 1000 year. The amount of bruteforce computation power required would use up all the energy in the universe. Of course, if a flaw is found in the algorithm that is used to generate bitcoin addresses from private keys, it's a different story alltogether. Anything is possible, I remember people saying Litecoin is anti FPGA.. I agree this point. Maybe after few years, current trade methods are not safe. |
|
|
|
|
inform
Newbie
Offline
Activity: 42
Merit: 0
|
|
October 25, 2013, 12:54:50 PM |
|
i think litecoin must be future
|
|
|
|
|
|
