|
|
|
The forum strives to allow free discussion of any ideas. All policies are built around this principle. This doesn't mean you can post garbage, though: posts should actually contain ideas, and these ideas should be argued reasonably.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
grue
Legendary
Offline
Activity: 2058
Merit: 1431
|
|
December 17, 2013, 02:08:44 AM |
|
Title: Japanese researchers break 41 out of 64 steps of SHA256 with preimage attack. Abstract: In this paper, we propose preimage attacks [...]
sensationalist 6/10
|
|
|
|
betyourbits
Newbie
Offline
Activity: 28
Merit: 0
|
|
December 17, 2013, 02:10:32 AM |
|
Kind of interesting even if it is sensationalist. Something like this might happen at some point and ruin bitcoin in the future. Maybe we should update to sha512 or 1024 bits or something.
|
|
|
|
TheoryOfBitcoin (OP)
Newbie
Offline
Activity: 38
Merit: 0
|
|
December 17, 2013, 02:11:47 AM |
|
Title: Japanese researchers break 41 out of 64 steps of SHA256 with preimage attack. Abstract: In this paper, we propose preimage attacks [...]
sensationalist 6/10
Do you not understand all scientific papers use propose? Propose as in "You can do it this way that we discovered" Not propose as in "We think"
|
|
|
|
|
LAMarcellus
|
|
December 17, 2013, 02:23:38 AM |
|
I can use Vanity Gen to match 8 out of 32 letters in under 12 hours. 9 letters takes 2 days. 10 letters takes 4 months. 11 letters takes 2 years. 12 letters takes 10 years. 13 letters takes..... Steps 1-41 is not 2/3rds. Steps 1-41 are the easiest. They can't get past 42. And 43 will be doubly difficult as 42 was. Step 42-64 take orders of magnitude longer to crack than 1-41 did. They got the first 10 years worth done. Now the nheed to get the next 2 billion worth done, in steps 42-64.
|
The only way to deal with an unfree world is to become so absolutely free that your very existence is an act of rebellion. – Albert Camus
|
|
|
Piper67
Legendary
Offline
Activity: 1106
Merit: 1001
|
|
December 17, 2013, 02:28:33 AM |
|
I can use Vanity Gen to match 8 out of 32 letters in under 12 hours. 9 letters takes 2 days. 10 letters takes 4 months. 11 letters takes 2 years. 12 letters takes 10 years. 13 letters takes..... Steps 1-41 is not 2/3rds. Steps 1-41 are the easiest. They can't get past 42. And 43 will be doubly difficult as 42 was. Step 42-64 take orders of magnitude longer to crack than 1-41 did. They got the first 10 years worth done. Now the nheed to get the next 2 billion worth done, in steps 42-64.
The exponential function is a bitch,misn't it?
|
|
|
|
r3wt
|
|
December 17, 2013, 02:32:39 AM |
|
I can use Vanity Gen to match 8 out of 32 letters in under 12 hours. 9 letters takes 2 days. 10 letters takes 4 months. 11 letters takes 2 years. 12 letters takes 10 years. 13 letters takes..... Steps 1-41 is not 2/3rds. Steps 1-41 are the easiest. They can't get past 42. And 43 will be doubly difficult as 42 was. Step 42-64 take orders of magnitude longer to crack than 1-41 did. They got the first 10 years worth done. Now the nheed to get the next 2 billion worth done, in steps 42-64.
The exponential function is a bitch,misn't it? exactly why its there.
|
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
pand70
|
|
December 17, 2013, 02:43:55 AM |
|
Title: Japanese researchers break 41 out of 64 steps of SHA256 with preimage attack. Abstract: In this paper, we propose preimage attacks [...]
sensationalist 6/10
Do you not understand all scientific papers use propose? Propose as in "You can do it this way that we discovered" Not propose as in "We think" I think he means that you should evaluate the actual preimage attack that they propose before saying that they broke it. I mean i can propose an attack: Search for all the possible keys one by one... This is a nice theoretical attack but has no value in the real world...
|
|
|
|
Nancarrow
|
|
December 17, 2013, 06:22:30 AM |
|
Yawn. I've had the pdf of that paper on my laptop for a couple of years now. Keep rereading, trying to figure out what it's actually saying, every so often. Fascinating stuff but it's hardly 'breaking' SHA256, or even 41 out of 64 rounds of it.
If I understand correctly, they show how collisions can be found on their 'reduced' form of SHA256, in an amount of time that's only a fraction of brute-force time - they shave off a few powers of two, but still a huuuuuuge amount of time. There's an extension of this technique by Jian Guo and Krystian Matusiewicz, which must be downloadable from somewhere as I've got that on my HD too.
|
If I've said anything amusing and/or informative and you're feeling generous: 1GNJq39NYtf7cn2QFZZuP5vmC1mTs63rEW
|
|
|
empoweoqwj
|
|
December 17, 2013, 09:57:02 AM |
|
When the title reads "break 64 out of 64 steps" we need to be upgrade. 41 just isn't relevant.
|
|
|
|
prezbo
|
|
December 17, 2013, 10:05:32 AM |
|
they will be able to double spend transactions
No, they won't. If I understand correctly, they show how collisions can be found on their 'reduced' form of SHA256, in an amount of time that's only a fraction of brute-force time - they shave off a few powers of two, but still a huuuuuuge amount of time. There's an extension of this technique by Jian Guo and Krystian Matusiewicz, which must be downloadable from somewhere as I've got that on my HD too.
Exactly.
|
|
|
|
BitThink
Legendary
Offline
Activity: 882
Merit: 1000
|
|
December 17, 2013, 10:23:45 AM |
|
First, the distance between 41 steps to 64 steps are huge enough to say its useless to break the first 41 steps. Second, mining is not to find an arbitrary input value to satisfy a specific hash value. In mining, some parts of the input value are determined and the hash value is not determined (it just needs to be smaller than a certain value). The probability for the value you found happens to include the correct block header is almost zero. Therefore, I don't think preimage attack will affect mining speed that much.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
December 17, 2013, 10:26:47 AM |
|
they will be able to double spend transactions
No, they won't. Yes, they will.
|
|
|
|
Honeypot
|
|
December 17, 2013, 10:54:10 AM |
|
Who wants to bet NSA already holds this card close and is waiting to spring it once crypto gets out of control?
|
|
|
|
darlings
|
|
December 17, 2013, 11:06:36 AM |
|
so mean they can cheat with bitcoin ?
|
|
|
|
Kazimir
Legendary
Offline
Activity: 1176
Merit: 1003
|
|
December 17, 2013, 02:06:41 PM |
|
they will be able to double spend transactions
No, they won't. Yes, they will. No, they won't. If you think otherwise, please elaborate (because it's false).
|
|
|
|
Kazimir
Legendary
Offline
Activity: 1176
Merit: 1003
|
|
December 17, 2013, 02:08:40 PM |
|
1. This does NOT imply SHA256 is broken or less secure in any way. 2. Luckily, Bitcoin uses Double SHA256. No problem whatsoever.
If somebody would break all 64 rounds of SHA256 (which is still lightyears away) we'll still have plenty of time to switch Bitcoin to SHA3.
Oh, and 3. If SHA256 would be broken, unlike Bitcoin most security protocols for other financial ecosystems will be in serious trouble. So this purely theoretical scenario would actually be reason to heavily switch towards Bitcoin, rather than away.
|
|
|
|
Gabi
Legendary
Offline
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
|
|
December 17, 2013, 02:26:46 PM |
|
SHA3 Do you guys trust it?
|
|
|
|
jarhed
|
|
December 17, 2013, 02:34:01 PM |
|
Guys, way off topic here....... So far an interesting read....the thread that is. That vanity-gen post was an eye opener. Edit: I can use Vanity Gen to match 8 out of 32 letters in under 12 hours. 9 letters takes 2 days. 10 letters takes 4 months. 11 letters takes 2 years. 12 letters takes 10 years. 13 letters takes..... Steps 1-41 is not 2/3rds. Steps 1-41 are the easiest. They can't get past 42. And 43 will be doubly difficult as 42 was. Step 42-64 take orders of magnitude longer to crack than 1-41 did. They got the first 10 years worth done. Now the nheed to get the next 2 billion worth done, in steps 42-64.
|
|
|
|
fghj
Member
Offline
Activity: 65
Merit: 10
|
|
December 17, 2013, 02:54:55 PM |
|
Yawn. I've had the pdf of that paper on my laptop for a couple of years now. Keep rereading, trying to figure out what it's actually saying, every so often. Fascinating stuff but it's hardly 'breaking' SHA256, or even 41 out of 64 rounds of it.
If I understand correctly, they show how collisions can be found on their 'reduced' form of SHA256, in an amount of time that's only a fraction of brute-force time - they shave off a few powers of two, but still a huuuuuuge amount of time. There's an extension of this technique by Jian Guo and Krystian Matusiewicz, which must be downloadable from somewhere as I've got that on my HD too.
No u didn't this 24 rounds paper they reference is from 2012. This attack requires 2249 SHA-256 computation and 216 · 10 words of memory
That's like 128 times better than brute force. Still billions of times longer than till heat death of universe. Note that if they refine attack to something usable for type 0 Kardashev civilization we will have to change hash used in building Merkle tree, not POW so ASICs can stay as they are (at least until hashes get reaaaly low). Also I think that all altcoins use SHA256 for transactions.
|
|
|
|
spooderman
Legendary
Offline
Activity: 1638
Merit: 1022
|
|
December 17, 2013, 03:43:20 PM |
|
pmg!!1 sell att teh bticoines
|
Society doesn't scale.
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
December 17, 2013, 03:46:51 PM |
|
When the title reads "break 64 out of 64 steps" we need to be upgrade. 41 just isn't relevant.
This = the simple version. If SHA-256 used 41 rounds then it would technically be broken. I say technically because the attack requires an asinine amount of computing power and energy. Granted it is less than brute force but it is kinda like saying you are 35 and I have 85 then I am closer to living to be a thousand years old. The amount of computing power and time required for this attack means that it would have essentially no useful value although better attacks could be built off this in the future which reduce the time and computing requirements. Still SHA-256 doesn't use 41 rounds it uses 64 rounds so there is no vulnerability at this time.There have been similar "breaks" on reduced round versions of SHA-256 in the past although this one involves the largest number of rounds.
|
|
|
|
empoweoqwj
|
|
December 17, 2013, 04:24:11 PM |
|
Who wants to bet NSA already holds this card close and is waiting to spring it once crypto gets out of control?
You probably. Anyone else. I'm not sure.
|
|
|
|
Lauda
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
December 17, 2013, 04:30:59 PM |
|
Yet another thread to spread FUD. The exponential function is there for a reason. Good luck with steps 50 and above.
|
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion)
|
|
|
Buffer Overflow
Legendary
Offline
Activity: 1652
Merit: 1015
|
|
December 17, 2013, 05:08:06 PM |
|
Quark promoting FUD thread. Nothing to see here.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
December 17, 2013, 05:26:54 PM Last edit: December 17, 2013, 07:49:00 PM by DeathAndTaxes |
|
I would also point out this "news" is from 2010.
Still even if this attack worked on the full SHA-2 algorithm the OP conclusion that one could create blocks infinitely fast isn't even close to accurate.
Still lets assume this attack worked on the full version of SHA-2 (64 rounds). It doesn't so none of this is possible at any amount of time or energy but to illustrate how silly the OP "conclusions" are lets assume this attack does work on the full SHA-2.
Today mining has a difficulty of ~900 million. That means it takes 3.86547E+12 (900 million * 2^32) hashes on average to solve a block. To put it into cryptographic terms that is a complexity of 2^72. Attempting a preimage attack of an existing SHA-256 hash by brute force has a complexity of 2^256. So if you wanted to replace a block in the middle of the blockchain by brute force would require 2^256 attempts. That is why we consider blocks deep in the blockchain "safe" because it is infeasible to replace a block by preimage. Now an attacker can always build a longer chain to replace a block but that the deeper the block is the less probable that becomes (without 51% of hashrate).
So as a theoretical concept you can already replace a block in the blockchain it just requires an amount of energy and time that is beyond the life of our star. So how much does this attack improve that equation? This attack has a complexity of 2^253.5. That's right 2 raised to the 253 1/2 instead of 256. So it is a staggering 5.6 times easier than a (for all practical purposes impossible) brute force attack [ 2^(256 - 253.5) ]. It is still 4.33455E+54 (that is 4 followed by 53 zeros) times harder than solo mining a block at difficulty 900 million [ 2^(253.5 - 72) ]. If the entire blockchain from the genesis block till today was all difficulty 900 million then the complexity of replacing the entire blockchain with a new one would be 2^90. So for any amount of computing power in the time it takes to preimage a single block or transaction (2^253.5) one could mine 16,535,003,495,550,700,000,000,000,000,000,000,000,000,000,000,000 complete unique alternate copies of the Bitcoin blockchain.
In mining terms for someone to preimage a block in 600 seconds would require 34,115,571,461,443,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 PH/s of computing power.
Summary: This attack doesn't have any effect on the full (64 round) SHA-2 hash function. Researchers work on reduced round versions of algorithms because they are easier to break and it allows learning and progress which in theory someday over the course of years and decades could lead to an attack on the full algorithm. This isn't anything new or novel. There are at least 8 papers outlining similar theoretical attacks on reduced round versions of SHA-2. Also the OP is an idiot if he think "heat death of the universe" = "instantly mine blocks".
|
|
|
|
empoweoqwj
|
|
December 17, 2013, 05:30:17 PM |
|
Also I would point out this "news" is from 2010.
So they are up to 42 now then
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
December 17, 2013, 05:50:35 PM |
|
Also I would point out this "news" is from 2010.
So they are up to 42 now then Something like that. Everyone panic, IIRC in some limited applications the highest attack is on a 45 or 46 rounds. Attacks like those (with complexity of 2^120 or higher) can be considered impossible to implement. The attack with practical complexity (in theory could be built in our lifetime at insane cost) is 24 rounds. I am away from my home computer which has a folder of research articles so I am going off memory on those two records.
|
|
|
|
prezbo
|
|
December 17, 2013, 06:21:16 PM |
|
I would also point out this "news" is from 2010.
Still even if this attack worked on the full SHA-2 algorithm the OP conclusion that one could create blocks infinitely fast isn't even close to accurate.
Still lets assume this attack worked on the full version of SHA-2 (64 rounds). It doesn't so none of this is possible at any amount of time or energy but to illustrate how silly the OP "conclusions" are lets assume this attack does work on the full SHA-2.
Today mining has a difficulty of ~900 million. That means it takes 3.86547E+12 (900 million * 2^32) hashes on average to solve a block. To put it into cryptographic that is a complexity of 2^72. Attempting a preimage attack of an existing SHA-256 hash by brute force has a complexity of 2^256. So if you wanted to replace a block in the middle of the blockchain by brute force would require 2^256 attempts. That is why we consider blocks deep in the blockchain "safe" because you can't replace a block by preimage you have to solve an entire chain longer than the good one.
So how much does this attack improve that equation? This attack has a complexity of 2^253.5 vs 2^256 by brute force. So it is a staggering 5.6 times easier than a brute force attack [ 2^(256 - 253.5) ]. However it is still 4.33455E+54 (thats 4 followed by 53 zeros) times harder than solving a block at difficulty 900 million [ 2^(253.5 - 72) ].
If the entire blockchain from the genesis block till today was difficulty 900 million then the complexity of replacing the entire blockchain with a new one would be 2^90.
So for a given amount of computing power in the time it takes to preimage a single block or transaction (2^253.5) one could mine 16,535,003,495,550,700,000,000,000,000,000,000,000,000,000,000,000 unique alternate copies of the entire Bitcoin blockchain.
In mining terms that would be someone with 34,115,571,461,443,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 PH/s on computing power.
Summary: This attack doesn't have any effect on the full (64 round) SHA-2 hash function. Researchers work on reduced round versions of algorithms because they are easier to break and it allows learning and progress. This isn't anything new or novel. There are at least 8 papers outlining similar theoretical attacks on reduced round versions of SHA-2. Also the OP is an idiot if he think "heat death of the universe" = "instantly mine blocks".
If this were on reddit I'd give you gold It's funny how everyone thinks such attacks "break cryptography" but no one ever even checks the new (reduced) time complexities, they just somehow infer it's O(1).
|
|
|
|
Piper67
Legendary
Offline
Activity: 1106
Merit: 1001
|
|
December 17, 2013, 07:12:04 PM |
|
I would also point out this "news" is from 2010.
Still even if this attack worked on the full SHA-2 algorithm the OP conclusion that one could create blocks infinitely fast isn't even close to accurate.
Still lets assume this attack worked on the full version of SHA-2 (64 rounds). It doesn't so none of this is possible at any amount of time or energy but to illustrate how silly the OP "conclusions" are lets assume this attack does work on the full SHA-2.
Today mining has a difficulty of ~900 million. That means it takes 3.86547E+12 (900 million * 2^32) hashes on average to solve a block. To put it into cryptographic that is a complexity of 2^72. Attempting a preimage attack of an existing SHA-256 hash by brute force has a complexity of 2^256. So if you wanted to replace a block in the middle of the blockchain by brute force would require 2^256 attempts. That is why we consider blocks deep in the blockchain "safe" because you can't replace a block by preimage you have to solve an entire chain longer than the good one.
So how much does this attack improve that equation? This attack has a complexity of 2^253.5 vs 2^256 by brute force. So it is a staggering 5.6 times easier than a brute force attack [ 2^(256 - 253.5) ]. However it is still 4.33455E+54 (thats 4 followed by 53 zeros) times harder than solving a block at difficulty 900 million [ 2^(253.5 - 72) ].
If the entire blockchain from the genesis block till today was difficulty 900 million then the complexity of replacing the entire blockchain with a new one would be 2^90.
So for a given amount of computing power in the time it takes to preimage a single block or transaction (2^253.5) one could mine 16,535,003,495,550,700,000,000,000,000,000,000,000,000,000,000,000 unique alternate copies of the entire Bitcoin blockchain.
In mining terms that would be someone with 34,115,571,461,443,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 PH/s on computing power.
Summary: This attack doesn't have any effect on the full (64 round) SHA-2 hash function. Researchers work on reduced round versions of algorithms because they are easier to break and it allows learning and progress. This isn't anything new or novel. There are at least 8 papers outlining similar theoretical attacks on reduced round versions of SHA-2. Also the OP is an idiot if he think "heat death of the universe" = "instantly mine blocks".
If this were on reddit I'd give you gold It's funny how everyone thinks such attacks "break cryptography" but no one ever even checks the new (reduced) time complexities, they just somehow infer it's O(1). Also, if the cryptography was truly broken, the world of pain we'd find ourselves in would make any issues with Bitcoin a far distant memory...
|
|
|
|
seriouscoin
|
|
December 18, 2013, 12:01:40 AM |
|
Only QRK gonna survive the crypto attacks
really? noob?
|
|
|
|
Tirapon
|
|
December 18, 2013, 12:52:02 AM |
|
Title: Japanese researchers break 41 out of 64 steps of SHA256 with preimage attack. Abstract: In this paper, we propose preimage attacks [...]
sensationalist 6/10
Do you not understand all scientific papers use propose? Propose as in "You can do it this way that we discovered" Not propose as in "We think" I think he means that you should evaluate the actual preimage attack that they propose before saying that they broke it. I mean i can propose an attack: Search for all the possible keys one by one... This is a nice theoretical attack but has no value in the real world... You could make a start on this attack by convincing people to pool their resources, perhaps by offering a financial incentive (maybe some bitcoins for contributing computing power)? People could even work on creating some sort of application specific hardware to efficiently search for SHA-256 hash values. You could structure it so that rewards are payed out proportionally to each persons contribution.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
December 18, 2013, 01:57:00 AM |
|
Title: Japanese researchers break 41 out of 64 steps of SHA256 with preimage attack. Abstract: In this paper, we propose preimage attacks [...]
sensationalist 6/10
Do you not understand all scientific papers use propose? Propose as in "You can do it this way that we discovered" Not propose as in "We think" I think he means that you should evaluate the actual preimage attack that they propose before saying that they broke it. I mean i can propose an attack: Search for all the possible keys one by one... This is a nice theoretical attack but has no value in the real world... You could make a start on this attack by convincing people to pool their resources, perhaps by offering a financial incentive (maybe some bitcoins for contributing computing power)? People could even work on creating some sort of application specific hardware to efficiently search for SHA-256 hash values. You could structure it so that rewards are payed out proportionally to each persons contribution. You "could" if you made computers out of something other than matter and they occupied something other than space.
|
|
|
|
empoweoqwj
|
|
December 18, 2013, 02:16:40 AM |
|
Title: Japanese researchers break 41 out of 64 steps of SHA256 with preimage attack. Abstract: In this paper, we propose preimage attacks [...]
sensationalist 6/10
Do you not understand all scientific papers use propose? Propose as in "You can do it this way that we discovered" Not propose as in "We think" I think he means that you should evaluate the actual preimage attack that they propose before saying that they broke it. I mean i can propose an attack: Search for all the possible keys one by one... This is a nice theoretical attack but has no value in the real world... You could make a start on this attack by convincing people to pool their resources, perhaps by offering a financial incentive (maybe some bitcoins for contributing computing power)? People could even work on creating some sort of application specific hardware to efficiently search for SHA-256 hash values. You could structure it so that rewards are payed out proportionally to each persons contribution. You make this stuff up as you type right?
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
December 18, 2013, 02:30:19 AM |
|
You could make a start on this attack by convincing people to pool their resources, perhaps by offering a financial incentive (maybe some bitcoins for contributing computing power)? People could even work on creating some sort of application specific hardware to efficiently search for SHA-256 hash values. You could structure it so that rewards are payed out proportionally to each persons contribution. Hahahahahaahah... mining. Let's pretend it's 3 steps additional per year. 2010 = 41 2011 = 44 2012 = 47 2013 = 50 2014 = 53 2015 = 56 2016 = 59 2017 = 62 2018 = 65 (cracked, broken, whatever.) We have several years to do something about it. But, this isn't going to happen.
|
|
|
|
BittBurger
|
|
December 18, 2013, 02:34:57 AM |
|
I can use Vanity Gen to match 8 out of 32 letters in under 12 hours. 9 letters takes 2 days. 10 letters takes 4 months. 11 letters takes 2 years. 12 letters takes 10 years. 13 letters takes..... Steps 1-41 is not 2/3rds. Steps 1-41 are the easiest. They can't get past 42. And 43 will be doubly difficult as 42 was. Step 42-64 take orders of magnitude longer to crack than 1-41 did. They got the first 10 years worth done. Now the nheed to get the next 2 billion worth done, in steps 42-64.
Repeating this. Thread can be closed now. This responds to the original post. And newbies need not fret. -Burger-
|
|
|
|
empoweoqwj
|
|
December 18, 2013, 03:03:57 AM |
|
You could make a start on this attack by convincing people to pool their resources, perhaps by offering a financial incentive (maybe some bitcoins for contributing computing power)? People could even work on creating some sort of application specific hardware to efficiently search for SHA-256 hash values. You could structure it so that rewards are payed out proportionally to each persons contribution. Hahahahahaahah... mining. Let's pretend it's 3 steps additional per year. 2010 = 41 2011 = 44 2012 = 47 2013 = 50 2014 = 53 2015 = 56 2016 = 59 2017 = 62 2018 = 65 (cracked, broken, whatever.) We have several years to do something about it. But, this isn't going to happen. That's not how it works .... its an elliptical curve ............ its not incremental steps.
|
|
|
|
Soros Shorts
Donator
Legendary
Offline
Activity: 1617
Merit: 1012
|
|
December 18, 2013, 05:44:16 AM |
|
A lot of other things in the world would be more critically impacted than Bitcoin if SHA-256 were broken. Finding some random preimage of a SHA-256 hash is just one of the many steps needed in order to do a double spend. However, it is probably the only step needed to break into bank accounts if you already had a DB dump of userids and hashed passwords. Guess which one a crook would rather do?
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
December 18, 2013, 07:12:07 AM |
|
That's not how it works .... its an elliptical curve ............ its not incremental steps.
I know, right? So my "forecast" is too good to be true. Reality is worse. Don't worry about your 0.01 bitcoins, no one is going to take them.
|
|
|
|
empoweoqwj
|
|
December 18, 2013, 07:14:19 AM |
|
That's not how it works .... its an elliptical curve ............ its not incremental steps.
I know, right? So my "forecast" is too good to be true. Reality is worse. Don't worry about your 0.01 bitcoins, no one is going to take them. Have you always been so charming?
|
|
|
|
greenlion
|
|
December 18, 2013, 10:10:38 AM |
|
A pre-image attack that does not encompass all 64 steps just results in something indistinguishable from the empirical effect of everyone in the world being able to hash faster. As long as access to those implementations is relatively widely known and not asymmetric, there is no threat to mining whatsoever.
Also its important to note that any implementation of a pre-image attack is going to have memory requirements well-above a normal reference SHA256d mining implementation, and it is not predictable a priori whether that will actually result in better real world performance than the current extremely low-memory brute force techniques.
|
|
|
|
Bitcoinpro
Legendary
Offline
Activity: 1344
Merit: 1000
|
|
December 18, 2013, 10:22:22 AM |
|
41 out of 64 steps and each step getting parabolically more difficult, now i know why i just cleaned up on the Price of coin
|
WWW.FACEBOOK.COM
CRYPTOCURRENCY CENTRAL BANK
LTC: LP7bcFENVL9vdmUVea1M6FMyjSmUfsMVYf
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1009
|
|
December 18, 2013, 04:59:34 PM |
|
A pre-image attack that does not encompass all 64 steps just results in something indistinguishable from the empirical effect of everyone in the world being able to hash faster. I think the second preimage attack is the one that where we should panic because that means an attacker might be able to rewrite the transaction history. A first preimage attack just means mining got easier as you said.
|
|
|
|
BitThink
Legendary
Offline
Activity: 882
Merit: 1000
|
|
December 19, 2013, 04:38:41 AM |
|
A pre-image attack that does not encompass all 64 steps just results in something indistinguishable from the empirical effect of everyone in the world being able to hash faster. I think the second preimage attack is the one that where we should panic because that means an attacker might be able to rewrite the transaction history. A first preimage attack just means mining got easier as you said. No, the attacker cannot rewrite the transaction history because the following reason support the blockchain is ..., A, B, C, ... B includes the hash of A, and C includes the hash of B. The preimage attach you mean is to find a B' having a same hash value included in C. However, remember that B' has in the same time to satisfy a lot of constrains: it has to include hash(A), it has to have correct format, and it has to include some transactions beneficial to the attacker Therefore, to be a successful attack, it is not enough to find a hash(B') == hash(B). You can only modify a small part of B to get a hash(B') == hash(B), that will be much much more difficult than ordinary preimage attack.
|
|
|
|
greenlion
|
|
December 19, 2013, 05:37:02 AM |
|
A pre-image attack that does not encompass all 64 steps just results in something indistinguishable from the empirical effect of everyone in the world being able to hash faster. I think the second preimage attack is the one that where we should panic because that means an attacker might be able to rewrite the transaction history. A first preimage attack just means mining got easier as you said. No, the attacker cannot rewrite the transaction history because the following reason support the blockchain is ..., A, B, C, ... B includes the hash of A, and C includes the hash of B. The preimage attach you mean is to find a B' having a same hash value included in C. However, remember that B' has in the same time to satisfy a lot of constrains: it has to include hash(A), it has to have correct format, and it has to include some transactions beneficial to the attacker Therefore, to be a successful attack, it is not enough to find a hash(B') == hash(B). You can only modify a small part of B to get a hash(B') == hash(B), that will be much much more difficult than ordinary preimage attack. That's not what a preimage attack is. What you're talking about is pre-mining blocks. A preimage attack has nothing to do with the relationship of blocks to each other. A preimage attack is when something about the nature of the hash allows you to systematically reduce the search space of original pre-hashed inputs. I.e. the hash is "weak" because it tells you something about what value produced the hash.
|
|
|
|
BitThink
Legendary
Offline
Activity: 882
Merit: 1000
|
|
December 19, 2013, 06:50:30 AM Last edit: December 20, 2013, 12:59:05 AM by BitThink |
|
As far as I know, preimage attack is just to find a collision (given h(x) and x, find a y !=x and h(y) = h(x) ) more efficiently than brute force. However, to change block history you have to find a way to only alter a part of inputs and still maintain the same hash, that's not something preimage attack does.
|
|
|
|
empoweoqwj
|
|
December 19, 2013, 08:58:22 AM |
|
So many people on a single thread with so little knowledge of what is being talked about. Classic
|
|
|
|
Tirapon
|
|
December 19, 2013, 09:19:47 AM |
|
Title: Japanese researchers break 41 out of 64 steps of SHA256 with preimage attack. Abstract: In this paper, we propose preimage attacks [...]
sensationalist 6/10
Do you not understand all scientific papers use propose? Propose as in "You can do it this way that we discovered" Not propose as in "We think" I think he means that you should evaluate the actual preimage attack that they propose before saying that they broke it. I mean i can propose an attack: Search for all the possible keys one by one... This is a nice theoretical attack but has no value in the real world... You could make a start on this attack by convincing people to pool their resources, perhaps by offering a financial incentive (maybe some bitcoins for contributing computing power)? People could even work on creating some sort of application specific hardware to efficiently search for SHA-256 hash values. You could structure it so that rewards are payed out proportionally to each persons contribution. You make this stuff up as you type right? Pretty much, yeah. In fact this last discussion has just given me an idea for a new type of P2P payment system - One which works without the need for a central authority to keep track of the ledger...
|
|
|
|
empoweoqwj
|
|
December 19, 2013, 09:23:21 AM |
|
Title: Japanese researchers break 41 out of 64 steps of SHA256 with preimage attack. Abstract: In this paper, we propose preimage attacks [...]
sensationalist 6/10
Do you not understand all scientific papers use propose? Propose as in "You can do it this way that we discovered" Not propose as in "We think" I think he means that you should evaluate the actual preimage attack that they propose before saying that they broke it. I mean i can propose an attack: Search for all the possible keys one by one... This is a nice theoretical attack but has no value in the real world... You could make a start on this attack by convincing people to pool their resources, perhaps by offering a financial incentive (maybe some bitcoins for contributing computing power)? People could even work on creating some sort of application specific hardware to efficiently search for SHA-256 hash values. You could structure it so that rewards are payed out proportionally to each persons contribution. You make this stuff up as you type right? Pretty much, yeah. In fact this last discussion has just given me an idea for a new type of P2P payment system - One which works without the need for a central authority to keep track of the ledger... Are you sure its new? Lots of P2P payment systems have been proposed, and then promptly disappeared .................
|
|
|
|
pungopete468
|
|
December 19, 2013, 09:24:27 AM |
|
BitCoin can be hacked... I saw it in the movie Transformers.
|
|
|
|
. ..1xBit.com Super Six.. | ▄█████████████▄ ████████████▀▀▀ █████████████▄ █████████▌▀████ ██████████ ▀██ ██████████▌ ▀ ████████████▄▄ ███████████████ ███████████████ ███████████████ ███████████████ ███████████████ ▀██████████████ | ███████████████ █████████████▀ █████▀▀ ███▀ ▄███ ▄ ██▄▄████▌ ▄█ ████████ ████████▌ █████████ ▐█ ██████████ ▐█ ███████▀▀ ▄██ ███▀ ▄▄▄█████ ███ ▄██████████ ███████████████ | ███████████████ ███████████████ ███████████████ ███████████████ ███████████████ ███████████▀▀▀█ ██████████ ███████████▄▄▄█ ███████████████ ███████████████ ███████████████ ███████████████ ███████████████ | ▄█████ ▄██████ ▄███████ ▄████████ ▄█████████ ▄██████████ ▄███████████ ▄████████████ ▄█████████████ ▄██████████████ ▀▀███████████ ▀▀███████ ▀▀██▀ | ▄▄██▌ ▄▄███████ █████████▀ ▄██▄▄▀▀██▀▀ ▄██████ ▄▄▄ ███████ ▄█▄ ▄ ▀██████ █ ▀█ ▀▀▀ ▄ ▀▄▄█▀ ▄▄█████▄ ▀▀▀ ▀████████ ▀█████▀ ████ ▀▀▀ █████ █████ | ▄ █▄▄ █ ▄ ▀▄██▀▀▀▀▀▀▀▀ ▀ ▄▄█████▄█▄▄ ▄ ▄███▀ ▀▀ ▀▀▄ ▄██▄███▄ ▀▀▀▀▄ ▄▄ ▄████████▄▄▄▄▄█▄▄▄██ ████████████▀▀ █ ▐█ ██████████████▄ ▄▄▀██▄██ ▐██████████████ ▄███ ████▀████████████▄███▀ ▀█▀ ▐█████████████▀ ▐████████████▀ ▀█████▀▀▀ █▀ | . Premier League LaLiga Serie A | . Bundesliga Ligue 1 Primeira Liga | | . ..TAKE PART.. |
|
|
|
empoweoqwj
|
|
December 19, 2013, 09:25:39 AM |
|
BitCoin can be hacked... I saw it in the movie Transformers.
Another random post ..... this thread is increasingly full of them. That's what happens when you talk about something complicated
|
|
|
|
pungopete468
|
|
December 19, 2013, 09:51:15 AM |
|
BitCoin can be hacked... I saw it in the movie Transformers.
Another random post ..... this thread is increasingly full of them. That's what happens when you talk about something complicated It was intended to be comical. It's a quarter to 5 in the morning where I'm at so I really can't help myself... The hackers will all be like "I wonder... It looks like there's some sort of message embedded within the signal..." lol
|
|
|
|
. ..1xBit.com Super Six.. | ▄█████████████▄ ████████████▀▀▀ █████████████▄ █████████▌▀████ ██████████ ▀██ ██████████▌ ▀ ████████████▄▄ ███████████████ ███████████████ ███████████████ ███████████████ ███████████████ ▀██████████████ | ███████████████ █████████████▀ █████▀▀ ███▀ ▄███ ▄ ██▄▄████▌ ▄█ ████████ ████████▌ █████████ ▐█ ██████████ ▐█ ███████▀▀ ▄██ ███▀ ▄▄▄█████ ███ ▄██████████ ███████████████ | ███████████████ ███████████████ ███████████████ ███████████████ ███████████████ ███████████▀▀▀█ ██████████ ███████████▄▄▄█ ███████████████ ███████████████ ███████████████ ███████████████ ███████████████ | ▄█████ ▄██████ ▄███████ ▄████████ ▄█████████ ▄██████████ ▄███████████ ▄████████████ ▄█████████████ ▄██████████████ ▀▀███████████ ▀▀███████ ▀▀██▀ | ▄▄██▌ ▄▄███████ █████████▀ ▄██▄▄▀▀██▀▀ ▄██████ ▄▄▄ ███████ ▄█▄ ▄ ▀██████ █ ▀█ ▀▀▀ ▄ ▀▄▄█▀ ▄▄█████▄ ▀▀▀ ▀████████ ▀█████▀ ████ ▀▀▀ █████ █████ | ▄ █▄▄ █ ▄ ▀▄██▀▀▀▀▀▀▀▀ ▀ ▄▄█████▄█▄▄ ▄ ▄███▀ ▀▀ ▀▀▄ ▄██▄███▄ ▀▀▀▀▄ ▄▄ ▄████████▄▄▄▄▄█▄▄▄██ ████████████▀▀ █ ▐█ ██████████████▄ ▄▄▀██▄██ ▐██████████████ ▄███ ████▀████████████▄███▀ ▀█▀ ▐█████████████▀ ▐████████████▀ ▀█████▀▀▀ █▀ | . Premier League LaLiga Serie A | . Bundesliga Ligue 1 Primeira Liga | | . ..TAKE PART.. |
|
|
|
empoweoqwj
|
|
December 19, 2013, 11:58:53 AM |
|
BitCoin can be hacked... I saw it in the movie Transformers.
Another random post ..... this thread is increasingly full of them. That's what happens when you talk about something complicated It was intended to be comical. It's a quarter to 5 in the morning where I'm at so I really can't help myself... The hackers will all be like "I wonder... It looks like there's some sort of message embedded within the signal..." lol Understood. Quarter to 5 in the morning jokes are normally best kept till morning
|
|
|
|
Tirapon
|
|
December 19, 2013, 02:04:26 PM |
|
Title: Japanese researchers break 41 out of 64 steps of SHA256 with preimage attack. Abstract: In this paper, we propose preimage attacks [...]
sensationalist 6/10
Do you not understand all scientific papers use propose? Propose as in "You can do it this way that we discovered" Not propose as in "We think" I think he means that you should evaluate the actual preimage attack that they propose before saying that they broke it. I mean i can propose an attack: Search for all the possible keys one by one... This is a nice theoretical attack but has no value in the real world... You could make a start on this attack by convincing people to pool their resources, perhaps by offering a financial incentive (maybe some bitcoins for contributing computing power)? People could even work on creating some sort of application specific hardware to efficiently search for SHA-256 hash values. You could structure it so that rewards are payed out proportionally to each persons contribution. You make this stuff up as you type right? Pretty much, yeah. In fact this last discussion has just given me an idea for a new type of P2P payment system - One which works without the need for a central authority to keep track of the ledger... Are you sure its new? Lots of P2P payment systems have been proposed, and then promptly disappeared ................. My bad, turns out its been done already. Some guy called Satoshi already invented it back in 2008.
|
|
|
|
prezbo
|
|
December 19, 2013, 02:17:17 PM |
|
My bad, turns out its been done already. Some guy called Satoshi already invented it back in 2008.
That idea-stealing bastard!
|
|
|
|
kuverty
|
|
December 19, 2013, 04:54:09 PM |
|
Title: Japanese researchers break 41 out of 64 steps of SHA256 with preimage attack. Abstract: In this paper, we propose preimage attacks [...]
sensationalist 6/10
Do you not understand all scientific papers use propose? Propose as in "You can do it this way that we discovered" Not propose as in "We think" I think he means that you should evaluate the actual preimage attack that they propose before saying that they broke it. I mean i can propose an attack: Search for all the possible keys one by one... This is a nice theoretical attack but has no value in the real world... First time I hear exhaustive search described as a "nice theoretical attack"
|
|
|
|
pungopete468
|
|
December 19, 2013, 08:16:13 PM |
|
Without quantum computing a 51% attack will never work.
After quantum computing becomes mainstream, then even a 51% attack by means of quantum computing will be unrealistic...
I don't think this type of attack is going to happen... Ever.
|
|
|
|
. ..1xBit.com Super Six.. | ▄█████████████▄ ████████████▀▀▀ █████████████▄ █████████▌▀████ ██████████ ▀██ ██████████▌ ▀ ████████████▄▄ ███████████████ ███████████████ ███████████████ ███████████████ ███████████████ ▀██████████████ | ███████████████ █████████████▀ █████▀▀ ███▀ ▄███ ▄ ██▄▄████▌ ▄█ ████████ ████████▌ █████████ ▐█ ██████████ ▐█ ███████▀▀ ▄██ ███▀ ▄▄▄█████ ███ ▄██████████ ███████████████ | ███████████████ ███████████████ ███████████████ ███████████████ ███████████████ ███████████▀▀▀█ ██████████ ███████████▄▄▄█ ███████████████ ███████████████ ███████████████ ███████████████ ███████████████ | ▄█████ ▄██████ ▄███████ ▄████████ ▄█████████ ▄██████████ ▄███████████ ▄████████████ ▄█████████████ ▄██████████████ ▀▀███████████ ▀▀███████ ▀▀██▀ | ▄▄██▌ ▄▄███████ █████████▀ ▄██▄▄▀▀██▀▀ ▄██████ ▄▄▄ ███████ ▄█▄ ▄ ▀██████ █ ▀█ ▀▀▀ ▄ ▀▄▄█▀ ▄▄█████▄ ▀▀▀ ▀████████ ▀█████▀ ████ ▀▀▀ █████ █████ | ▄ █▄▄ █ ▄ ▀▄██▀▀▀▀▀▀▀▀ ▀ ▄▄█████▄█▄▄ ▄ ▄███▀ ▀▀ ▀▀▄ ▄██▄███▄ ▀▀▀▀▄ ▄▄ ▄████████▄▄▄▄▄█▄▄▄██ ████████████▀▀ █ ▐█ ██████████████▄ ▄▄▀██▄██ ▐██████████████ ▄███ ████▀████████████▄███▀ ▀█▀ ▐█████████████▀ ▐████████████▀ ▀█████▀▀▀ █▀ | . Premier League LaLiga Serie A | . Bundesliga Ligue 1 Primeira Liga | | . ..TAKE PART.. |
|
|
|
Kazimir
Legendary
Offline
Activity: 1176
Merit: 1003
|
|
December 19, 2013, 11:25:37 PM |
|
SHA3 Do you guys trust it? Yep, I sure do. Especially because of the way it was carefully selected from a range of very well thought through alternatives, and investigated by hundreds of independent cryptography experts worldwide (and even many more after it was annoucned the official SHA3 standard).
|
|
|
|
Klestin
|
|
December 20, 2013, 01:46:44 AM |
|
You "could" if you made computers out of something other than matter and they occupied something other than space.
You do realize he was intentionally describing bitcoin mining, right?
|
|
|
|
empoweoqwj
|
|
December 20, 2013, 02:50:50 AM |
|
Without quantum computing a 51% attack will never work.
After quantum computing becomes mainstream, then even a 51% attack by means of quantum computing will be unrealistic...
I don't think this type of attack is going to happen... Ever.
Bitcoin will probably be replaced by something else by the time "quantum computing goes mainstream".
|
|
|
|
pungopete468
|
|
December 20, 2013, 03:19:10 AM |
|
Without quantum computing a 51% attack will never work.
After quantum computing becomes mainstream, then even a 51% attack by means of quantum computing will be unrealistic...
I don't think this type of attack is going to happen... Ever.
Bitcoin will probably be replaced by something else by the time "quantum computing goes mainstream". I don't think BitCoin can be replaced in the common sense of the word. BitCoin may not be the most popular option to trade with at a given time, but unless the internet is wiped out completely it will remain trading on some market somewhere and will always serve some purpose.
|
|
|
|
. ..1xBit.com Super Six.. | ▄█████████████▄ ████████████▀▀▀ █████████████▄ █████████▌▀████ ██████████ ▀██ ██████████▌ ▀ ████████████▄▄ ███████████████ ███████████████ ███████████████ ███████████████ ███████████████ ▀██████████████ | ███████████████ █████████████▀ █████▀▀ ███▀ ▄███ ▄ ██▄▄████▌ ▄█ ████████ ████████▌ █████████ ▐█ ██████████ ▐█ ███████▀▀ ▄██ ███▀ ▄▄▄█████ ███ ▄██████████ ███████████████ | ███████████████ ███████████████ ███████████████ ███████████████ ███████████████ ███████████▀▀▀█ ██████████ ███████████▄▄▄█ ███████████████ ███████████████ ███████████████ ███████████████ ███████████████ | ▄█████ ▄██████ ▄███████ ▄████████ ▄█████████ ▄██████████ ▄███████████ ▄████████████ ▄█████████████ ▄██████████████ ▀▀███████████ ▀▀███████ ▀▀██▀ | ▄▄██▌ ▄▄███████ █████████▀ ▄██▄▄▀▀██▀▀ ▄██████ ▄▄▄ ███████ ▄█▄ ▄ ▀██████ █ ▀█ ▀▀▀ ▄ ▀▄▄█▀ ▄▄█████▄ ▀▀▀ ▀████████ ▀█████▀ ████ ▀▀▀ █████ █████ | ▄ █▄▄ █ ▄ ▀▄██▀▀▀▀▀▀▀▀ ▀ ▄▄█████▄█▄▄ ▄ ▄███▀ ▀▀ ▀▀▄ ▄██▄███▄ ▀▀▀▀▄ ▄▄ ▄████████▄▄▄▄▄█▄▄▄██ ████████████▀▀ █ ▐█ ██████████████▄ ▄▄▀██▄██ ▐██████████████ ▄███ ████▀████████████▄███▀ ▀█▀ ▐█████████████▀ ▐████████████▀ ▀█████▀▀▀ █▀ | . Premier League LaLiga Serie A | . Bundesliga Ligue 1 Primeira Liga | | . ..TAKE PART.. |
|
|
|
empoweoqwj
|
|
December 20, 2013, 03:22:34 AM |
|
Without quantum computing a 51% attack will never work.
After quantum computing becomes mainstream, then even a 51% attack by means of quantum computing will be unrealistic...
I don't think this type of attack is going to happen... Ever.
Bitcoin will probably be replaced by something else by the time "quantum computing goes mainstream". I don't think BitCoin can be replaced in the common sense of the word. BitCoin may not be the most popular option to trade with at a given time, but unless the internet is wiped out completely it will remain trading on some market somewhere and will always serve some purpose. It could be replaced by something better, or just wiped out by concerted government action. Who knows. Not saying it will be, but in the time it takes quantum computing to go mainstream, we will probably have other things to worry about, like the planet dying.
|
|
|
|
|