Bitcoin Forum
November 03, 2024, 05:39:23 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: If one day, people find Bitcoin is no longer safe. How about the feature of btc?  (Read 1041 times)
pengcqu (OP)
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
October 22, 2013, 01:20:22 PM
 #1

If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?
pengcqu (OP)
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
October 22, 2013, 01:21:19 PM
 #2

It would happen in feature.
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4270
Merit: 8805



View Profile WWW
October 22, 2013, 01:34:31 PM
 #3

I'm sure your english is much better than my ability to speak whatever language that you're native in, but I still can't understand your question.

Perhaps you could also try google translate?
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
October 22, 2013, 01:43:49 PM
Last edit: October 22, 2013, 02:32:41 PM by piotr_n
 #4

There have been uncertainties concerning the security of ECDSA.
We still don't know how they chose the curve params and it doesn't seem that they are going to tell us.

It would be useful to at least add support for RSA/DSA signed transaction, in parallel to the ECDSA.
Then people could at least diversify their savings - e.g. split it 50:50 between ECDSA and RSA protected addresses.

This kind of change needs a hard fork and so the sooner you put it in, the better.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Rannasha
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
October 22, 2013, 02:30:34 PM
 #5

If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?

Bitcoin addresses can't be "cracked" by simply using a more powerful computer. Not now, not in 10 year, not in 1000 year. The amount of bruteforce computation power required would use up all the energy in the universe.

Of course, if a flaw is found in the algorithm that is used to generate bitcoin addresses from private keys, it's a different story alltogether.
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
October 22, 2013, 02:48:10 PM
Last edit: October 22, 2013, 03:02:24 PM by piotr_n
 #6

Bitcoin addresses can't be "cracked" by simply using a more powerful computer. Not now, not in 10 year, not in 1000 year. The amount of bruteforce computation power required would use up all the energy in the universe.
We are not talking about bruteforcing, per se.

The whole security of ECDSA is based on the assumption that the sign function (which takes the hash, random R and private key D, calculating S that corresponds to the public key) cannot be reversed with far fewer resources, using some not yet publicly known algorithm.

The math behind it is quite complex and the mathematicians are not entirely certain whether it is in fact impossible to reverse the function.
In other words: it has not been mathematically proven that it is impossible to calculate D, having the public key, the hash, R and S.

Moreover: we know for sure that if you reuse the same R with a different hash, the way to calc D is pretty straight forward.
Now, using a different R the only thing that makes calculating D not straight forward is a magic behind a shape of the curve...
And the curve has been shaped by people who don't tell us how they did it Smiley

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
drawingthesun
Legendary
*
Offline Offline

Activity: 1176
Merit: 1015


View Profile
October 22, 2013, 02:51:18 PM
 #7

The amount of bruteforce computation power required would use up all the energy in the universe.

I am not sure about this.

http://www.wolframalpha.com/input/?i=10%5E21+x+60+x+60+x+24+x+365+x+9+x+10%5E9+x+4.5+x+10%5E9

http://en.wikipedia.org/wiki/Orders_of_magnitude_(numbers)#1021

WolframAlpha says if 9 billion computers hash at one sextillion hashes per second for 4.5 billion years (age of Earth) then you will exhaust the entire supply of addresses.

Obviously this is a huge number, but I doubt all the energy of the universe would be required to do this operation.
DannyHamilton
Legendary
*
Offline Offline

Activity: 3472
Merit: 4801



View Profile
October 22, 2013, 03:02:37 PM
 #8

The whole security of ECDSA is based on the assumption that the sign function (which takes the hash, random R and private key D, calculating S that corresponds to the public key) cannot be reversed with far fewer resources, using some not yet publicly known algorithm.

The math behind it is quite complex and the mathematicians are not entirely certain whether it is in fact impossible to reverse the function.

Use a new address for every transaction (as suggested in the white paper).

Problem solved.

Now, the only way to steal coins is to reverse the RIPEMD-160 hash function to find a valid SHA-256 hash
AND
then reverse the SHA-256 hash function to find a valid public key
AND
then reverse the public key generation to find a valid private key

All without having a signature to work from.

If any one or two of these functions become weak due to some newly discovered exploit, the bitcoins will continue to be protected by the remaining functions, allowing time for the bitcoin community to replace the weakened cryptographic functions.
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
October 22, 2013, 03:04:21 PM
 #9

The whole security of ECDSA is based on the assumption that the sign function (which takes the hash, random R and private key D, calculating S that corresponds to the public key) cannot be reversed with far fewer resources, using some not yet publicly known algorithm.

The math behind it is quite complex and the mathematicians are not entirely certain whether it is in fact impossible to reverse the function.

Use a new address for every transaction (as suggested in the white paper).

Problem solved.
Not quite.
Because before your transaction gets mined, the public key and R is still exposed to the world and if someone can calc the D from it fast enough, he can spend your money before you.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
drawingthesun
Legendary
*
Offline Offline

Activity: 1176
Merit: 1015


View Profile
October 22, 2013, 03:06:28 PM
 #10

To put this into perspective, if we cloned the fastest supercomputer in the world right now and made one for every atom in not one, but 100,000 people, we would have the capability to crack Bitcoin addresses through brute force.

Math: (speed of current top super in flops, times amount of atoms in a human times 100,000, this gives 1 order of magnitude larger than needed to assume 10 flop operation equilviant is required for creating a Bitcoin addresses and testing balance)
http://www.wolframalpha.com/input/?i=38+x+10%5E15+x+7+x+10%5E27+x+10%5E5

Top super: http://en.wikipedia.org/wiki/Tianhe-2
DannyHamilton
Legendary
*
Offline Offline

Activity: 3472
Merit: 4801



View Profile
October 22, 2013, 03:14:43 PM
 #11

The whole security of ECDSA is based on the assumption that the sign function (which takes the hash, random R and private key D, calculating S that corresponds to the public key) cannot be reversed with far fewer resources, using some not yet publicly known algorithm.

The math behind it is quite complex and the mathematicians are not entirely certain whether it is in fact impossible to reverse the function.
Use a new address for every transaction (as suggested in the white paper).

Problem solved.
Not quite.
Because before your transaction gets mined, the public key and R is still exposed to the world and if someone can calc the D from it fast enough, he can spend your money before you.

True, if ECDSA was so broken that the private key could be calculated in minutes (or faster) instead of days.

Your bitcoins would be safe so long as you don't try to spend them.  If (after ECSDA is so broken) you were going to try to spend bitcoins that were received at a legacy address (one requiring an ECDSA signature), then it would require that there be some trusted mining operations.

You could then submit the transaction directly to the trusted mining operations, bypassing all other peers.  The mining operations would need to be trusted not to re-broadcast the transaction, and not to take advantage of the ECDSA weakness. When you spend the bitcoins, you would want the receiving address to use the new unbroken signature and/or hash functions.
waltermot321
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
October 22, 2013, 03:17:54 PM
 #12

If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?

Bitcoin addresses can't be "cracked" by simply using a more powerful computer. Not now, not in 10 year, not in 1000 year. The amount of bruteforce computation power required would use up all the energy in the universe.

Of course, if a flaw is found in the algorithm that is used to generate bitcoin addresses from private keys, it's a different story alltogether.

Anything is possible, I remember people saying Litecoin is anti FPGA..

Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2142
Merit: 1010

Newbie


View Profile
October 22, 2013, 04:00:27 PM
 #13

Now, the only way to steal coins is to reverse the RIPEMD-160 hash function to find a valid SHA-256 hash
AND
then reverse the SHA-256 hash function to find a valid public key
AND
then reverse the public key generation to find a valid private key

Why does someone need to reverse an algo to get exact match? Probabilistic approach combined with brute force gives results much faster. Read more - http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.215.1617&rep=rep1&type=pdf
DannyHamilton
Legendary
*
Offline Offline

Activity: 3472
Merit: 4801



View Profile
October 22, 2013, 04:13:45 PM
 #14

Why does someone need to reverse an algo to get exact match?

Poor choice of words on my part.

When I said "reverse the . . . hash function", I meant to do the opposite of what the hash function is intended to do, regardless of the method chosen.

In other words, a hash function is designed to provide a digest when given a message.

When I say "reverse the . . . hash function", I mean to provide a message when given its digest. The conditions on the message being that it is exactly 256 bits long and has the given digest as the result of performing the intended hash on it.
hayek
Sr. Member
****
Offline Offline

Activity: 370
Merit: 250


View Profile
October 22, 2013, 04:29:20 PM
 #15

but potato?
oleganza
Full Member
***
Offline Offline

Activity: 200
Merit: 104


Software design and user experience.


View Profile WWW
October 22, 2013, 06:41:11 PM
 #16

If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?

If one day something about Bitcoin is cracked, it will be fixed, bogus transactions reverted by miners, some people will lose some money and then life will go on. Abandoning Bitcoin is equivalent to everyone losing all their wealth. That's not going to happen without a fight.

Bitcoin analytics: blog.oleganza.com / 1TipsuQ7CSqfQsjA9KU5jarSB1AnrVLLo
pengcqu (OP)
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
October 25, 2013, 09:20:18 AM
 #17

If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?

Bitcoin addresses can't be "cracked" by simply using a more powerful computer. Not now, not in 10 year, not in 1000 year. The amount of bruteforce computation power required would use up all the energy in the universe.

Of course, if a flaw is found in the algorithm that is used to generate bitcoin addresses from private keys, it's a different story alltogether.

Anything is possible, I remember people saying Litecoin is anti FPGA..

I agree this point. Maybe after few years, current trade methods are not safe.
inform
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile WWW
October 25, 2013, 12:54:50 PM
 #18

i think litecoin must be future
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!