Bitcoin Forum
November 06, 2024, 05:03:45 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: When SHA-256 is compromised  (Read 2784 times)
kcirazy (OP)
Newbie
*
Offline Offline

Activity: 53
Merit: 0



View Profile
December 22, 2013, 01:11:07 AM
 #1

Can somebody lay down the scenario step-by-step (preferably numbered) what needs to happen for the Bitcoin community to recover from this?
I'm thinking about choice in new algorithm(s), politics, duration, which software needs changes, securing the network from the start, convincing the current miners, etc.
MA5H3D
Member
**
Offline Offline

Activity: 99
Merit: 10


View Profile
December 22, 2013, 01:26:38 AM
 #2

Compromised how?
t1000
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
December 22, 2013, 01:34:27 AM
 #3

1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
2) Attacker zip through blocks, providing instant confirmation for his malicious activities.
3) Attacker tries to sell all the coins.
4) Exchanges freeze.
5) No one needs convincing that the hashing algorithm is really broken.
6) Bitcoin algorithm switched
7) Everyone agrees to rewind to a block before the attack
8 ) bitcoin continues.

Assuming the discoverer is malicious and smart:
2) Attacker zip through blocks at 5 minutes interval to avoid detection.
3) When this has happened for a while, more and more people will become suspicious
4) 5 - 8 will happen.


Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.

I have left out the other serious implications of the complete breakdown of SHA-256. 

 

Did you find my posts helpful? Did I say say something nice? Your generosity is much appreciate.
BTC: 1G7chBLoYqGfdyfkrox53yDn6sS65PgFYk
LTC: LiYeFdbv5oxin9S3Wmn4v84LuGZ9nsE4XZ
titulng
Sr. Member
****
Offline Offline

Activity: 484
Merit: 250


HubrisOne


View Profile
December 22, 2013, 02:42:09 AM
 #4

Not so well, I'm afraid.

.
  ◆

 
.
.
.


 
.



▄▄       ▄▄      ▄▄       ▄▄      ▄▄▄▄▄▄▄▄         ▄▄▄▄▄▄▄▄        ▄▄        ▄▄▄▄▄▄▄▄           ▄▄▄            ▄▄       ▄▄      ▄▄▄▄▄▄▄▄▄▄
██       ██      ██       ██      ▀▀▀▀▀▀▀██▄       ▀▀▀▀▀▀▀██▄      ██      ▐██▀▀▀▀▀▀▀       ▄▄██▀▀▀██▄▄        ▀██▄     ██      ▀▀▀▀▀▀▀▀▀▀
▀▀       ██      ██       ██              ██               ██      ██      ██              ██▀       ▀██         ██▄    ██      ▄▄
▄▄▄▄▄▄▄▄▄██      ██       ██      ▄▄▄▄▄▄▄██▀       ▄▄▄▄▄▄▄██▀      ██      ▐██▄▄▄▄        ▐█           █▌      █▄ ▀██   ██      ██▄▄▄▄
██▀▀▀▀▀▀▀██      ██       ██      ██▀▀▀▀▀██        ██▀▀▀▀▀▀        ██        ▀▀▀▀██▄      ▐█           █▌      ██   ██▄ ██      ██▀▀▀▀
██       ██      ██       ██      ██      ██       ██   ▄▄         ██             ▐█▌     ▐█▄         ▄█▌      ██    ▀█▄██      ██
██       ██       ██▄   ▄██       ██     ▄█▀       ██    ▀█▄       ██            ▄██       ▀██▄▄   ▄▄██▀       ██     ▀███      ██
██       ██        ▀▀███▀▀        ████████▀        ██      ▀█      ██      ███████▀           ▀▀███▀▀          ██       ██      ██████████
.

██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

██████████████████████████████████████████████
.


.
.




▄███████████▄     
██▀       ▐█▀█▄   
██        ▐█  ▀█▄ 
██        ▐█    ▀█▄
██        ▝▀▀▀▀▀▀██
██               ██
██  ███████████  ██
██               ██
██  ██████       ██
██               ██
██▄             ▄██
▀█████████████████▀
WP
.


.
.


.


 
.
.
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
December 22, 2013, 03:41:06 AM
 #5

Replace SHA-256 with something newer
GreenWins
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
December 22, 2013, 07:06:52 AM
 #6

1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
2) Attacker zip through blocks, providing instant confirmation for his malicious activities.
3) Attacker tries to sell all the coins.
4) Exchanges freeze.
5) No one needs convincing that the hashing algorithm is really broken.
6) Bitcoin algorithm switched
7) Everyone agrees to rewind to a block before the attack
8 ) bitcoin continues.

Assuming the discoverer is malicious and smart:
2) Attacker zip through blocks at 5 minutes interval to avoid detection.
3) When this has happened for a while, more and more people will become suspicious
4) 5 - 8 will happen.


Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.

I have left out the other serious implications of the complete breakdown of SHA-256.  

 


4-5 would be too hard for it to happen.
Another coin would replace it that uses different security.
A coin with more security like Quark Coin would most likely replace it or another alt coin that uses another security.
The general public would not be able to trust Bitcoin again even if 4-8 happens.


prezbo
Sr. Member
****
Offline Offline

Activity: 430
Merit: 250


View Profile
December 22, 2013, 07:57:03 AM
 #7

Compromised how?
This is an important question. Cryptography tends to get "cracked" step by step, it never goes from being secure to utterly and completely broken over night. If there's an indication of it having a weakness there is a lot of time to prepare.
Kazimir
Legendary
*
Offline Offline

Activity: 1176
Merit: 1011



View Profile
December 22, 2013, 08:45:38 AM
 #8

Bitcoin uses double-SHA256, which is not broken if SHA256 is compromised. But other financial and banking protocols (credit cards, wire transfers, etc) all use algorithms way, WAY weaker than SHA256, so they're in big trouble.

So, when SHA-256 is compromised, everybody will flee from fiat to Bitcoin.

And then, it will take several more years before before double-SHA256 is broken in any way, so we'll have plenty of time to switch to SHA3.

Bitcoin wins.

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
niothor
Hero Member
*****
Offline Offline

Activity: 826
Merit: 501


in defi we trust


View Profile
December 22, 2013, 08:57:37 AM
 #9

1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
2) Attacker zip through blocks, providing instant confirmation for his malicious activities.
3) Attacker tries to sell all the coins.
4) Exchanges freeze.
5) No one needs convincing that the hashing algorithm is really broken.
6) Bitcoin algorithm switched
7) Everyone agrees to rewind to a block before the attack
8 ) bitcoin continues.

Assuming the discoverer is malicious and smart:
2) Attacker zip through blocks at 5 minutes interval to avoid detection.
3) When this has happened for a while, more and more people will become suspicious
4) 5 - 8 will happen.


Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.

I have left out the other serious implications of the complete breakdown of SHA-256.  

 


4-5 would be too hard for it to happen.
Another coin would replace it that uses different security.
A coin with more security like Quark Coin would most likely replace it or another alt coin that uses another security.
The general public would not be able to trust Bitcoin again even if 4-8 happens.



Kermitcoin? The mother of all scamcoins ? Are you serious?


             ▄          ▄▄▄▄    ▄
            ███      ▄██████▀  ▀█▀
            ███     ▄██▀
            ███     ███        ▄█▄   ▄█▄ ▄█████▄▄         ▄▄██████▄      ▄█▄ ▄█████▄▄         ▄▄█████▄▄        ▄▄█████▄▄
    ▄▄▄▄▄▄  ███     ███        ███   ██████▀▀▀▀███▄     ▄███▀▀▀▀▀███▄    ██████▀▀▀▀███▄     ▄███▀▀▀▀▀███▄    ▄███▀▀▀▀▀███▄
  ▄████████▄███  ▄█████████▄   ███   ████▀      ▀███   ▄██▀       ▀██▄   ████▀      ▀███   ▄██▀       ▀█▀   ▄██▀       ▀██▄
▄███▀    ▀█████   ▀▀███▀▀▀▀    ███   ███         ███   ███         ███   ███         ███   ███              ███████████████
███   ▄▄   ▀███     ███        ███   ███         ███   ███         ███   ███         ███   ███              ███▀▀▀▀▀▀▀▀▀▀▀
███   ▀▀   ▄███     ███        ███   ███         ███   ███         ███   ███         ███   ███         ▄    ███         ▄
▀███▄    ▄█████     ███        ███   ███         ███    ███▄▄   ▄▄████   ███         ███    ███▄▄    ▄███    ███▄▄   ▄▄███
  ▀████████▀███     ███        ███   ███         ███     ▀████████▀███   ███         ███     ▀█████████▀      ▀█████████▀
    ▀▀▀▀▀▀   ▀       ▀          ▀     ▀           ▀         ▀▀▀▀▀   ▀     ▀           ▀         ▀▀▀▀▀            ▀▀▀▀▀

       ▄▄▄▄▄▄▄
   ▄▄▀▀       ▀▀▄▄
  █               █ ▄
 █   █▀▄ ▀█▀ ▀█▀   █ ▀▄
 █   █▀▄  █   █    █  ▀▄
  █  ▀▀   ▀   ▀   █    █
▄▀ ▄▄           ▄▀    ▄▀
 ▀▀  ▀▀▄▄▄▄▄▄▄▀▀      ▀▄
        ▀▄▄      ▄▄▀▀▄▄▀
           ▀▀▀▀▀▀

                      ▄▄▄
  ▄█▄              ▄███████▄
  ▀████▄▄         ██████▀██████▀
    ▀▀▀████▄▄     ███████████▀
    ▀██▄███████▄▄███████████
     ▄▄▄▀██████████████████
      ▀████████████████████
▀█▄▄     ▀████████████████
  ▀████████████████▀█████
    ▀████████████▀▄▄███▀
       ▀▀██████████▀▀
           ▀▀▀▀▀

               ▄▄   ▄▄
              ▄▀ ▀▀█  █
             ▄▀     ▀▀
         ▄▄▄▄█▄
     ▄█▀▀▀▀▀▀▀▀▀▀█▄
 ▄▀▄▀              ▀▄▀▄
█  █   ▄█▄    ▄█▄   █  █
 ▀█    ▀█▀    ▀█▀    █▀
  █                  █
   █   ▀▄      ▄▀   █
    ▀▄   ▀▀▀▀▀▀   ▄▀
      ▀▀▄▄▄▄▄▄▄▄▀▀
New Age of DEFI
A Non-Code Platform for
Decentralized Trading Instruments

   ▄▄███████████████▄▄
 ▄█████████████████████▄
▄██████████████▀▀███████▄
████████████▀▀    ███████
█████████▀▀   ▄   ███████
██████▀▀     █    ███████
████▀       █     ███████
█████▄▄   ▄█      ███████
████████ ██▄      ███████
▀████████ ▀▄███▄▄███████▀
 ▀█████████████████████▀
   ▀▀███████████████▀▀

     ▄              ▄
   ▄███▄          ▄███▄
   █████▄  ▄▄▄▄  ▄█████
  ▄████████████████████▄
 ▄██████████████████████▄
 ████████████████████████
██████▀▀          ▀▀██████
█████▀   ▄      ▄   ▀█████
 ████   ███    ███   ████
  ████   ▀      ▀   ████
   ▀████▄▄▄▄▄▄▄▄▄▄████▀
     ▀▀████████████▀▀

   ▄▄████████████████▄▄
 ▄█████▀▀▀██████▀▀▀█████▄
▄████▀  ▀▀▀    ▀▀▀  ▀████▄
████▀                ▀████
███▀                  ▀███
███       ▄    ▄       ███
██▀      ███  ███      ▀██
██       ▀█▀  ▀█▀       ██
██▄     ▄        ▄     ▄██
▀██▄     ▀▀▄▄▄▄▀▀     ███▀
 ▀███▄▄▄▄▄▄████▄▄▄▄▄▄███▀
   ▀▀████████████████▀▀
kcirazy (OP)
Newbie
*
Offline Offline

Activity: 53
Merit: 0



View Profile
December 22, 2013, 11:10:29 AM
 #10

Replace SHA-256 with something newer

This would make all the ASIC mining equipment worthless... wouldn't miners need to sell all their coins to recover their losses? With the network ending up less secure. That could completely crash the market and people spreading over to different altcoins to hedge their bets.
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
December 22, 2013, 11:26:03 AM
 #11

Replace SHA-256 with something newer

This would make all the ASIC mining equipment worthless... wouldn't miners need to sell all their coins to recover their losses? With the network ending up less secure. That could completely crash the market and people spreading over to different altcoins to hedge their bets.

ASIC mining equipment has a short shelf life anyway. Current-gen equipment will be long dead by the time bitcoin uses anything apart from SHA-256
Rodyland
Hero Member
*****
Offline Offline

Activity: 499
Merit: 500


View Profile
December 22, 2013, 11:29:14 AM
 #12

Compromised how?
This is an important question. Cryptography tends to get "cracked" step by step, it never goes from being secure to utterly and completely broken over night. If there's an indication of it having a weakness there is a lot of time to prepare.

This bears repeating and elaborating.

It's not like you go to bed and SHA256 is fine, and you wake up in the morning and it's broken.  The chances of this happening to SHA256 are zero.  The chances of this happening to anything written by you or I that hasn't been reviewed and examined by thousands of brilliant minds is pretty much guaranteed.  

One day a researcher will publish a paper that shows that they can, say for example, drop the size of the brute-force keyspace for creating a collision by an order of magnitude or three.  So instead of SHA256 being 2^256 strong, it will be "only" 2^252 strong.  

Then someone else discovers another flaw that, say, allows them to partially recover the input based on a given hash, such that repeated hashing of messages that differ by a known amount allow an attacker to recover the original message.

In ways such as these, the strength of the algorithm is weakened over time.  But the key point is that it happens over significant time - years.  As soon as the first real dent is made in the strength of SHA256, we can begin discussing what should replace it, and how we move there.

Yes, mining hardware that utilises double-sha256 will be useless (although as was pointed out above, just because SHA256 is broken doesn't mean double-SHA256 is broken).

Such a move will take years.  The first step would probably be to alter the Bitcoin protocol to allow a different hashing method.  This hashing method would not be valid until the majority of miners and clients had moved to the protocol version that supports the new hash method.  Then we enter the time of dual hashing.  Old-style double-SHA256 hashes would be valid, but new style DERP512 hashes would also be equally valid.  After enough time has passed, and enough blocks are mined using DERP512 instead of double-SHA256 (say, 10 to 1) then the network could cut over to only accept the new hashes, and the old miners would be retired.  At least, that's one way to do it.

Beware the weak hands!
1NcL6Mjm4qeiYYi2rpoCtQopPrH4PyKfUC
GPG ID: E3AA41E3
ZephramC
Sr. Member
****
Offline Offline

Activity: 475
Merit: 255



View Profile
December 22, 2013, 11:44:37 AM
 #13

1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
2) Attacker zip through blocks, providing instant confirmation for his malicious activities.
3) Attacker tries to sell all the coins.
4) Exchanges freeze.
5) No one needs convincing that the hashing algorithm is really broken.
6) Bitcoin algorithm switched
7) Everyone agrees to rewind to a block before the attack
8 ) bitcoin continues.

Assuming the discoverer is malicious and smart:
2) Attacker zip through blocks at 5 minutes interval to avoid detection.
3) When this has happened for a while, more and more people will become suspicious
4) 5 - 8 will happen.


Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.

I have left out the other serious implications of the complete breakdown of SHA-256. 

 

Such unanimous agreement is very doubtful.
btcrich
Sr. Member
****
Offline Offline

Activity: 302
Merit: 250


View Profile
December 22, 2013, 12:48:37 PM
Last edit: December 22, 2013, 12:59:22 PM by btcrich
 #14

Bitcoin uses double-SHA256, which is not broken if SHA256 is compromised. But other financial and banking protocols (credit cards, wire transfers, etc) all use algorithms way, WAY weaker than SHA256, so they're in big trouble.

So, when SHA-256 is compromised, everybody will flee from fiat to Bitcoin.

And then, it will take several more years before before double-SHA256 is broken in any way, so we'll have plenty of time to switch to SHA3.

Bitcoin wins.

This, along with the fact that if SHA-256 is compromised, there are FAR more valuable targets than Bitcoin.  

1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
2) Attacker zip through blocks, providing instant confirmation for his malicious activities.
3) Attacker tries to sell all the coins.
4) Exchanges freeze.
5) No one needs convincing that the hashing algorithm is really broken.
6) Bitcoin algorithm switched
7) Everyone agrees to rewind to a block before the attack
8 ) bitcoin continues.

Assuming the discoverer is malicious and smart:
2) Attacker zip through blocks at 5 minutes interval to avoid detection.
3) When this has happened for a while, more and more people will become suspicious
4) 5 - 8 will happen.


Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.

I have left out the other serious implications of the complete breakdown of SHA-256. 

 

If someone malicious or dishonest broke SHA-256, why would they mine blocks when they would have the private key to every wallet?
t1000
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
December 22, 2013, 01:04:03 PM
 #15

Bitcoin uses double-SHA256, which is not broken if SHA256 is compromised. But other financial and banking protocols (credit cards, wire transfers, etc) all use algorithms way, WAY weaker than SHA256, so they're in big trouble.

So, when SHA-256 is compromised, everybody will flee from fiat to Bitcoin.

And then, it will take several more years before before double-SHA256 is broken in any way, so we'll have plenty of time to switch to SHA3.

Bitcoin wins.

This, along with the fact that if SHA-256 is compromised, there are FAR more valuable targets than Bitcoin.  

1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
2) Attacker zip through blocks, providing instant confirmation for his malicious activities.
3) Attacker tries to sell all the coins.
4) Exchanges freeze.
5) No one needs convincing that the hashing algorithm is really broken.
6) Bitcoin algorithm switched
7) Everyone agrees to rewind to a block before the attack
8 ) bitcoin continues.

Assuming the discoverer is malicious and smart:
2) Attacker zip through blocks at 5 minutes interval to avoid detection.
3) When this has happened for a while, more and more people will become suspicious
4) 5 - 8 will happen.


Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.

I have left out the other serious implications of the complete breakdown of SHA-256. 

 

If someone malicious or dishonest broke SHA-256, why would they mine blocks when they would have the private key to every wallet?

Because they wouldn't have the private key. For that they will need to compromise ECDSA too. We are talking about having SHA-256 compromised only.

Did you find my posts helpful? Did I say say something nice? Your generosity is much appreciate.
BTC: 1G7chBLoYqGfdyfkrox53yDn6sS65PgFYk
LTC: LiYeFdbv5oxin9S3Wmn4v84LuGZ9nsE4XZ
ZephramC
Sr. Member
****
Offline Offline

Activity: 475
Merit: 255



View Profile
December 22, 2013, 01:12:55 PM
 #16

And RIPEMD-160 would need to be broken too.
t1000
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
December 22, 2013, 01:25:05 PM
 #17

And RIPEMD-160 would need to be broken too.

Not if someone has spent outputs with that address. Then public key for that address would be known. This is one reason you should not re-use addresses.

Did you find my posts helpful? Did I say say something nice? Your generosity is much appreciate.
BTC: 1G7chBLoYqGfdyfkrox53yDn6sS65PgFYk
LTC: LiYeFdbv5oxin9S3Wmn4v84LuGZ9nsE4XZ
cdog
Hero Member
*****
Offline Offline

Activity: 1036
Merit: 500


View Profile
December 22, 2013, 02:56:51 PM
 #18

Folks, read the Bitcoin whitepaper, use the search engine, and in general just assume whatever flaw with Bitcoin that occurs to your brain, has already occurred along with a dozen others to someone with 160+ IQ

http://bitcoin.org/bitcoin.pdf
ZephramC
Sr. Member
****
Offline Offline

Activity: 475
Merit: 255



View Profile
December 22, 2013, 03:06:49 PM
 #19

And RIPEMD-160 would need to be broken too.

Not if someone has spent outputs with that address. Then public key for that address would be known. This is one reason you should not re-use addresses.

True.
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1014


In Satoshi I Trust


View Profile WWW
December 22, 2013, 03:28:36 PM
 #20

1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
s and smart:


........


Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.

I have left out the other serious implications of the complete breakdown of SHA-256.  

 


4-5 would be too hard for it to happen.
Another coin would replace it that uses different security.
A coin with more security like Quark Coin would most likely replace it or another alt coin that uses another security.
The general public would not be able to trust Bitcoin again even if 4-8 happens.



Kermitcoin? The mother of all scamcoins ? Are you serious?

i would prefer dogecoin  Grin

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!