kcirazy (OP)
Newbie
 Offline
Activity: 53
Merit: 0
|
 |
December 22, 2013, 01:11:07 AM |
|
Can somebody lay down the scenario step-by-step (preferably numbered) what needs to happen for the Bitcoin community to recover from this?
I'm thinking about choice in new algorithm(s), politics, duration, which software needs changes, securing the network from the start, convincing the current miners, etc.
|
|
|
|
|
MA5H3D
Member
Offline
Activity: 99
Merit: 10
|
|
December 22, 2013, 01:26:38 AM |
|
Compromised how?
|
|
|
|
|
|
t1000
|
|
December 22, 2013, 01:34:27 AM |
|
1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
2) Attacker zip through blocks, providing instant confirmation for his malicious activities.
3) Attacker tries to sell all the coins.
4) Exchanges freeze.
5) No one needs convincing that the hashing algorithm is really broken.
6) Bitcoin algorithm switched
7) Everyone agrees to rewind to a block before the attack
8 ) bitcoin continues.
Assuming the discoverer is malicious and smart:
2) Attacker zip through blocks at 5 minutes interval to avoid detection.
3) When this has happened for a while, more and more people will become suspicious
4) 5 - 8 will happen.
Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.
I have left out the other serious implications of the complete breakdown of SHA-256.
|
Did you find my posts helpful? Did I say say something nice? Your generosity is much appreciate.
BTC: 1G7chBLoYqGfdyfkrox53yDn6sS65PgFYk
LTC: LiYeFdbv5oxin9S3Wmn4v84LuGZ9nsE4XZ
|
|
|
titulng
Sr. Member
Offline
Activity: 484
Merit: 250
HubrisOne
|
|
December 22, 2013, 02:42:09 AM |
|
Not so well, I'm afraid.
|
|
|
|
|
empoweoqwj
|
|
December 22, 2013, 03:41:06 AM |
|
Replace SHA-256 with something newer
|
|
|
|
|
GreenWins
Member
Offline
Activity: 98
Merit: 10
|
|
December 22, 2013, 07:06:52 AM |
|
1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
2) Attacker zip through blocks, providing instant confirmation for his malicious activities.
3) Attacker tries to sell all the coins.
4) Exchanges freeze.
5) No one needs convincing that the hashing algorithm is really broken.
6) Bitcoin algorithm switched
7) Everyone agrees to rewind to a block before the attack
8 ) bitcoin continues.
Assuming the discoverer is malicious and smart:
2) Attacker zip through blocks at 5 minutes interval to avoid detection.
3) When this has happened for a while, more and more people will become suspicious
4) 5 - 8 will happen.
Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.
I have left out the other serious implications of the complete breakdown of SHA-256.
4-5 would be too hard for it to happen. Another coin would replace it that uses different security. A coin with more security like Quark Coin would most likely replace it or another alt coin that uses another security. The general public would not be able to trust Bitcoin again even if 4-8 happens. |
|
|
|
|
prezbo
|
|
December 22, 2013, 07:57:03 AM |
|
Compromised how?
This is an important question. Cryptography tends to get "cracked" step by step, it never goes from being secure to utterly and completely broken over night. If there's an indication of it having a weakness there is a lot of time to prepare. |
|
|
|
|
Kazimir
Legendary
Offline
Activity: 1176
Merit: 1003
|
|
December 22, 2013, 08:45:38 AM |
|
Bitcoin uses double-SHA256, which is not broken if SHA256 is compromised. But other financial and banking protocols (credit cards, wire transfers, etc) all use algorithms way, WAY weaker than SHA256, so they're in big trouble.
So, when SHA-256 is compromised, everybody will flee from fiat to Bitcoin.
And then, it will take several more years before before double-SHA256 is broken in any way, so we'll have plenty of time to switch to SHA3.
Bitcoin wins.
|
|
|
|
|
niothor
|
|
December 22, 2013, 08:57:37 AM |
|
1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
2) Attacker zip through blocks, providing instant confirmation for his malicious activities.
3) Attacker tries to sell all the coins.
4) Exchanges freeze.
5) No one needs convincing that the hashing algorithm is really broken.
6) Bitcoin algorithm switched
7) Everyone agrees to rewind to a block before the attack
8 ) bitcoin continues.
Assuming the discoverer is malicious and smart:
2) Attacker zip through blocks at 5 minutes interval to avoid detection.
3) When this has happened for a while, more and more people will become suspicious
4) 5 - 8 will happen.
Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.
I have left out the other serious implications of the complete breakdown of SHA-256.
4-5 would be too hard for it to happen. Another coin would replace it that uses different security. A coin with more security like Quark Coin would most likely replace it or another alt coin that uses another security. The general public would not be able to trust Bitcoin again even if 4-8 happens. Kermitcoin? The mother of all scamcoins ? Are you serious? |
|
|
|
kcirazy (OP)
Newbie
Offline
Activity: 53
Merit: 0
|
|
December 22, 2013, 11:10:29 AM |
|
Replace SHA-256 with something newer
This would make all the ASIC mining equipment worthless... wouldn't miners need to sell all their coins to recover their losses? With the network ending up less secure. That could completely crash the market and people spreading over to different altcoins to hedge their bets. |
|
|
|
|
|
empoweoqwj
|
|
December 22, 2013, 11:26:03 AM |
|
Replace SHA-256 with something newer
This would make all the ASIC mining equipment worthless... wouldn't miners need to sell all their coins to recover their losses? With the network ending up less secure. That could completely crash the market and people spreading over to different altcoins to hedge their bets. ASIC mining equipment has a short shelf life anyway. Current-gen equipment will be long dead by the time bitcoin uses anything apart from SHA-256 |
|
|
|
|
|
Rodyland
|
|
December 22, 2013, 11:29:14 AM |
|
Compromised how?
This is an important question. Cryptography tends to get "cracked" step by step, it never goes from being secure to utterly and completely broken over night. If there's an indication of it having a weakness there is a lot of time to prepare. This bears repeating and elaborating. It's not like you go to bed and SHA256 is fine, and you wake up in the morning and it's broken. The chances of this happening to SHA256 are zero. The chances of this happening to anything written by you or I that hasn't been reviewed and examined by thousands of brilliant minds is pretty much guaranteed. One day a researcher will publish a paper that shows that they can, say for example, drop the size of the brute-force keyspace for creating a collision by an order of magnitude or three. So instead of SHA256 being 2^256 strong, it will be "only" 2^252 strong. Then someone else discovers another flaw that, say, allows them to partially recover the input based on a given hash, such that repeated hashing of messages that differ by a known amount allow an attacker to recover the original message. In ways such as these, the strength of the algorithm is weakened over time. But the key point is that it happens over significant time - years. As soon as the first real dent is made in the strength of SHA256, we can begin discussing what should replace it, and how we move there. Yes, mining hardware that utilises double-sha256 will be useless (although as was pointed out above, just because SHA256 is broken doesn't mean double-SHA256 is broken). Such a move will take years. The first step would probably be to alter the Bitcoin protocol to allow a different hashing method. This hashing method would not be valid until the majority of miners and clients had moved to the protocol version that supports the new hash method. Then we enter the time of dual hashing. Old-style double-SHA256 hashes would be valid, but new style DERP512 hashes would also be equally valid. After enough time has passed, and enough blocks are mined using DERP512 instead of double-SHA256 (say, 10 to 1) then the network could cut over to only accept the new hashes, and the old miners would be retired. At least, that's one way to do it. |
Beware the weak hands!
1NcL6Mjm4qeiYYi2rpoCtQopPrH4PyKfUC
GPG ID: E3AA41E3
|
|
|
|
ZephramC
|
|
December 22, 2013, 11:44:37 AM |
|
1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
2) Attacker zip through blocks, providing instant confirmation for his malicious activities.
3) Attacker tries to sell all the coins.
4) Exchanges freeze.
5) No one needs convincing that the hashing algorithm is really broken.
6) Bitcoin algorithm switched
7) Everyone agrees to rewind to a block before the attack
8 ) bitcoin continues.
Assuming the discoverer is malicious and smart:
2) Attacker zip through blocks at 5 minutes interval to avoid detection.
3) When this has happened for a while, more and more people will become suspicious
4) 5 - 8 will happen.
Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.
I have left out the other serious implications of the complete breakdown of SHA-256.
Such unanimous agreement is very doubtful. |
|
|
|
|
|
btcrich
|
|
December 22, 2013, 12:48:37 PM
Last edit: December 22, 2013, 12:59:22 PM by btcrich |
|
Bitcoin uses double-SHA256, which is not broken if SHA256 is compromised. But other financial and banking protocols (credit cards, wire transfers, etc) all use algorithms way, WAY weaker than SHA256, so they're in big trouble.
So, when SHA-256 is compromised, everybody will flee from fiat to Bitcoin.
And then, it will take several more years before before double-SHA256 is broken in any way, so we'll have plenty of time to switch to SHA3.
Bitcoin wins.
This, along with the fact that if SHA-256 is compromised, there are FAR more valuable targets than Bitcoin. 1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
2) Attacker zip through blocks, providing instant confirmation for his malicious activities.
3) Attacker tries to sell all the coins.
4) Exchanges freeze.
5) No one needs convincing that the hashing algorithm is really broken.
6) Bitcoin algorithm switched
7) Everyone agrees to rewind to a block before the attack
8 ) bitcoin continues.
Assuming the discoverer is malicious and smart:
2) Attacker zip through blocks at 5 minutes interval to avoid detection.
3) When this has happened for a while, more and more people will become suspicious
4) 5 - 8 will happen.
Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.
I have left out the other serious implications of the complete breakdown of SHA-256.
If someone malicious or dishonest broke SHA-256, why would they mine blocks when they would have the private key to every wallet? |
|
|
|
|
|
t1000
|
|
December 22, 2013, 01:04:03 PM |
|
Bitcoin uses double-SHA256, which is not broken if SHA256 is compromised. But other financial and banking protocols (credit cards, wire transfers, etc) all use algorithms way, WAY weaker than SHA256, so they're in big trouble.
So, when SHA-256 is compromised, everybody will flee from fiat to Bitcoin.
And then, it will take several more years before before double-SHA256 is broken in any way, so we'll have plenty of time to switch to SHA3.
Bitcoin wins.
This, along with the fact that if SHA-256 is compromised, there are FAR more valuable targets than Bitcoin. 1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
2) Attacker zip through blocks, providing instant confirmation for his malicious activities.
3) Attacker tries to sell all the coins.
4) Exchanges freeze.
5) No one needs convincing that the hashing algorithm is really broken.
6) Bitcoin algorithm switched
7) Everyone agrees to rewind to a block before the attack
8 ) bitcoin continues.
Assuming the discoverer is malicious and smart:
2) Attacker zip through blocks at 5 minutes interval to avoid detection.
3) When this has happened for a while, more and more people will become suspicious
4) 5 - 8 will happen.
Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.
I have left out the other serious implications of the complete breakdown of SHA-256.
If someone malicious or dishonest broke SHA-256, why would they mine blocks when they would have the private key to every wallet? Because they wouldn't have the private key. For that they will need to compromise ECDSA too. We are talking about having SHA-256 compromised only. |
Did you find my posts helpful? Did I say say something nice? Your generosity is much appreciate.
BTC: 1G7chBLoYqGfdyfkrox53yDn6sS65PgFYk
LTC: LiYeFdbv5oxin9S3Wmn4v84LuGZ9nsE4XZ
|
|
|
|
ZephramC
|
|
December 22, 2013, 01:12:55 PM |
|
And RIPEMD-160 would need to be broken too.
|
|
|
|
|
|
t1000
|
|
December 22, 2013, 01:25:05 PM |
|
And RIPEMD-160 would need to be broken too.
Not if someone has spent outputs with that address. Then public key for that address would be known. This is one reason you should not re-use addresses. |
Did you find my posts helpful? Did I say say something nice? Your generosity is much appreciate.
BTC: 1G7chBLoYqGfdyfkrox53yDn6sS65PgFYk
LTC: LiYeFdbv5oxin9S3Wmn4v84LuGZ9nsE4XZ
|
|
|
|
cdog
|
|
December 22, 2013, 02:56:51 PM |
|
Folks, read the Bitcoin whitepaper, use the search engine, and in general just assume whatever flaw with Bitcoin that occurs to your brain, has already occurred along with a dozen others to someone with 160+ IQ http://bitcoin.org/bitcoin.pdf |
|
|
|
|
|
ZephramC
|
|
December 22, 2013, 03:06:49 PM |
|
And RIPEMD-160 would need to be broken too.
Not if someone has spent outputs with that address. Then public key for that address would be known. This is one reason you should not re-use addresses. True. |
|
|
|
|
LiteCoinGuy
Legendary
Offline
Activity: 1148
Merit: 1011
In Satoshi I Trust
|
|
December 22, 2013, 03:28:36 PM |
|
1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
s and smart:
........
Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.
I have left out the other serious implications of the complete breakdown of SHA-256.
4-5 would be too hard for it to happen. Another coin would replace it that uses different security. A coin with more security like Quark Coin would most likely replace it or another alt coin that uses another security. The general public would not be able to trust Bitcoin again even if 4-8 happens. Kermitcoin? The mother of all scamcoins ? Are you serious? i would prefer dogecoin  |
|
|
|
|
