Could code be changed quickly if vulnerability found?

[chaintest]

I am fairly certain that I have found a vulnerability in Bitcoin, just not yet sure yet how serious it is.

For now, though, let's just assume I'm clueless newbie or a crackpot, and I'm wrong.

In theory, though, if someone discovered such a vulnerability -- serious enough that without fairly quick action (and/or detection), the survival of Bitcoin could be potentially be jeopardized -- is there a plan in place to put in a fix?  Let's say, for example, a miner discovered a way to solve blocks in a minute or two at the current difficulty level, on a standard CPU.  By waiting until the difficulty was re-calculated, they could rack up some 50,000BTC before the difficulty changed again.  And that would cause the new difficulty to skyrocket, , and making it nearly impossible for anyone else to mine blocks (perhaps there are safeguards in place for that).  Or the person who discovers it is benevolent and tells the world, and the network hash rate goes berserk.  Or they are more nefarious and use it to double-spend, reverse transactions, whatever.  Or they quietly mine bitcoins at a rate slower than the biggest miners, not drawing attention to themselves.

If a fix could be identified quickly, could it be coded/tested/distributed in a reasonable amount of time?  What about the "chicken and egg" problem: if the details of the vulnerability are disclosed before the fix, someone could abuse it before the fix, but if the details are not disclosed before the fix, changes to Bitcoin could be made that would be unnecessary (and it would open up the door to people making wild claims).

I've read the "Dealing with SHA-256 Collisions" thread; Bitcoin has become much, much bigger since then, and the potential problems much harder to deal with.

FWIW, I'm confident that there is a problem -- I just haven't yet figured out if it is serious enough to be concerned about at this point.  But I thought it couldn't hurt to have a fresh "what if?" discussion.

[cr1776]

Enlighten us on the vulnerability.

[coinrevo]

See BIP50: https://github.com/bitcoin/bips/blob/master/bip-0050.mediawiki

Very interesting questions/speculations. However the scenario you described is not realistic. Why should progress of mining capability be so sudden? Reminds me of all the atttempts at proving P=NP and questions around quantum computing. If somebody discovers such a technique it will likely be discovered by others. Moore's law graph is very smooth.

An attack on bitcoin is very similar to what happened to the fiat system in 2008. I think such an event in the fiat world is quite likely (see N. Taleb's writings). I hope that at the least bitcoin is a backup system, because such events could be quite catastrophic.

There are many scenarios which are unlikely, which does not mean they are not going to happen. I speculated there could be an attack insurance, so that the values would be frozen before the attack and then distributed during the fix. Analogous to bankruptcy proceedings. But if the fix would have been anticipated it would have been there in the first place (as you said chicken egg problem).

Say the exchange value would drop to zero. The "attacker" (in your scenario he is just an honest miner) has lost his money as well. Instead he could mine. If nobody has ever heard of this technique he would accumulate a lot of hashing power. Such an event is possible, and one of the weakness of the algorithm. One would hope by that time there are solutions. In the end nobody says it can't happen. It just seems a lot of people are betting their money that it won't. The exchange rate is the present value over the lifetime of the coin. If every cryptographer on the planet has analysed bitcoin and not found a vulnerability, its unlikely random guy23 will find one.

[empoweoqwj]

I am fairly certain that I have found a vulnerability in Bitcoin, just not yet sure yet how serious it is.

For now, though, let's just assume I'm clueless newbie or a crackpot, and I'm wrong.

In theory, though, if someone discovered such a vulnerability -- serious enough that without fairly quick action (and/or detection), the survival of Bitcoin could be potentially be jeopardized -- is there a plan in place to put in a fix?  Let's say, for example, a miner discovered a way to solve blocks in a minute or two at the current difficulty level, on a standard CPU.  By waiting until the difficulty was re-calculated, they could rack up some 50,000BTC before the difficulty changed again.  And that would cause the new difficulty to skyrocket, , and making it nearly impossible for anyone else to mine blocks (perhaps there are safeguards in place for that).  Or the person who discovers it is benevolent and tells the world, and the network hash rate goes berserk.  Or they are more nefarious and use it to double-spend, reverse transactions, whatever.  Or they quietly mine bitcoins at a rate slower than the biggest miners, not drawing attention to themselves.

If a fix could be identified quickly, could it be coded/tested/distributed in a reasonable amount of time?  What about the "chicken and egg" problem: if the details of the vulnerability are disclosed before the fix, someone could abuse it before the fix, but if the details are not disclosed before the fix, changes to Bitcoin could be made that would be unnecessary (and it would open up the door to people making wild claims).

I've read the "Dealing with SHA-256 Collisions" thread; Bitcoin has become much, much bigger since then, and the potential problems much harder to deal with.

FWIW, I'm confident that there is a problem -- I just haven't yet figured out if it is serious enough to be concerned about at this point.  But I thought it couldn't hurt to have a fresh "what if?" discussion.

Sorry, but if you didn't even know that "code can be changed" (implies you have no idea how open source is structured) I highly doubt you have found a vulnerability in any of the bitcoin mining algorithms.

[chaintest]

Enlighten us.

That's the $50 million question.  If I enlighten here, depending on whether or not I am right and how severe the issue is, things could get chaotic.  And, I need a bit more time to try to figure out how severe it really is.

Say the exchange value would drop to zero. The "attacker" (in your scenario he is just an honest miner) has lost his money as well. Instead he could mine. If nobody has ever heard of this technique he would accumulate a lot of hashing power. Such an event is possible, and one of the weakness of the algorithm. ... If every cryptographer on the planet has analysed bitcoin and not found a vulnerability, its unlikely random guy23 will find one.

Ah, I should see if I can change my handle to "random guy23".  :)

For the time being, I am assuming I am just random guy23, and that I'm seeing things that aren't there.  But I want to be prepared, just in case.  The idea of striking it rich certainly is appealing, but doesn't seem ethical.

[chaintest]

Sorry, but if you didn't even know that "code can be changed" (implies you have no idea how open source is structured) I highly doubt you have found a vulnerability in any of the bitcoin mining algorithms.

I am reasonably familiar with how open source is structured.  And I'm not asking if I have found a vulnerability (I know what I have found, and that I need to do more work to determine if there truly is a vulnerability, and if so, how severe it is).

Each open source product is different; I'm asking about this specific one.  Essentially, could a change be made reasonably quickly, and if so, how to deal with the chicken-and-egg problem?

Either Bitcoin has one or more serious vulnerabilities, or it does not.  The problem is that there is no way to know for sure whether or not it does unless/until one is discovered.  So is it best to hide our heads in the sand and hope there is none, or be prepared?

[coinrevo]

The way you phrased certain things I would be prepared against it. Yeah, have your go at the worlds largest supercomputing network. Let me guess: you've programmed an Artificial General Intelligence and asked it how to break SHA256?

[cr1776]

If you look on here you will see many people coming in saying "I have found a flaw, but can't give you details" and it turns out that they didn't understand something, so everyone is very skeptical when someone comes in and won't give out any details.

PM someone with development experience on here with the details - in exacting detail showing where in the code their is a problem, in the math, or in the design.  If it is a vulnerability, you'll hear back quite quickly if you have actually provided enough details and if there is a problem.

The link above shows how quickly the code can be changed if needed, so the answer to the question is, YES.

[chaintest]

The way you phrased certain things I would be prepared against it. Yeah, have your go at the worlds largest supercomputing network. Let me guess: you've programmed an Artificial General Intelligence and asked it how to break SHA256?

As I have said several times, I'm not asking if I have discovered a vulnerability.  I'm asking a what-if question, stating what I have to help give a warning.  In other words, it may not end up being a hypothetical question.  You're welcome to let me know that it is very unlikely that I found something important (like the poor guy who picks up the lottery ticket that has the winning numbers, but doesn't realize that they have to be in the right order).  But since you are evading the questions, it sounds like your vote (and that of empoweoqwj) is that if I did discover a vulnerability, I should take advantage of it and retire, and give no regard as to whether Bitcoin or individuals using it are.  If that's the ultimate answer, I'm OK with that!

[chaintest]

If you look on here you will see many people coming in saying "I have found a flaw, but can't give you details" and it turns out that they didn't understand something, so everyone is very skeptical when someone comes in and won't give out any details.

PM someone with development experience on here with the details - in exacting detail showing where in the code their is a problem, in the math, or in the design.  If it is a vulnerability, you'll hear back quite quickly if you have actually provided enough details and if there is a problem.

The link above shows how quickly the code can be changed if needed, so the answer to the question is, YES.

I am aware that it will take proof to convince people of a flaw, and that I likely have not discovered a flaw worthy of people dealing with.

As for PM'ing -- therein lies the chicken and egg problem.  If there is a serious flaw, what prevents the person from taking advantage of it?  We're not talking about the cash register at the local burger joint being open in an unlocked building at night, we're talking about the safe deposit box at the bank being open in an unlocked building at night -- in a jurisdiction where the penalty for getting caught is that you had to give up what you took.

Let's say that I found that whatever the block header, a nonce of 0x12345678 would generate a hash well exceeding the current difficulty level (of course it isn't really that simple).  Wouldn't it be very tempting for the person I tell to take advantage of that?  Perhaps generate a block an hour for half a day, selling for fiat every hour, and walk off with $250K of cash?

Now perhaps the code could be changed quickly if someone took advantage and started created new blocks once a minute, hoping to raise a quick $40M.  It's decided to go back to the block before they started, and they have no bitcoins (except perhaps the few they were able to sell).  But what if the miner knew that was a possibility, and created a new block say every 4 hours, generating $100K a day.  How would that even be detected?

[toast]

People would notice blocks with "a hash well exceeding the current difficulty level".

Why don't you slowly give more and more information, until you've convinced people you know what you're talking about.
For example, first state the class of bug. Are you saying you found a way to generate hashes far exceeding the current difficulty level?

[chaintest]

People would notice blocks with "a hash well exceeding the current difficulty level".

"a hash well exceeding the current difficulty level" was used to show that the attack could continue.  If I said "a hash just below the current difficulty level," the response is that after a few adjustments to the difficulty, the attack would no longer work.  So let's assume it is near what other people would get.

Why don't you slowly give more and more information, until you've convinced people you know what you're talking about.
For example, first state the class of bug. Are you saying you found a way to generate hashes far exceeding the current difficulty level?

I first have to do testing of my results, which will likely take a few days.  If I still think I'm on to something, I'll see what seems safe to share.

[coinrevo]

If you were serious, you would've double checked before opening a thread. I really wonder how many would pass on that opportunity to print money.

[chaintest]

If you were serious, you would've double checked before opening a thread.

Remember, this was intended to be a hypothetical question.  Either there is or is not a serious flaw in Bitcoin; if there is, wouldn't it be better to discuss how to deal with it now rather than wait for something to happen?

I really wonder how many would pass on that opportunity to print money.

At first I thought if I were to find such a flaw, I could go ahead and mine what I wanted -- and get rich, with money created out of nothing, so nobody would get hurt.  But then I realized, of course, that doing so would have the effect of taking money away from miners who have spent good money on mining hardware.  And if I were to cash out, knowing that the value of BTCs could go down as a result of what I discovered, I would effectively be stealing from the people buying the bitcoins.

Interestingly, everyone seems to be steering me to quietly take advantage of any secrets I may discover (or to spill the beans, that could allow someone else to take advantage of it -- as you said, "I really wonder how many would pass on that opportunity to print money.").

[TierNolan]

At first I thought if I were to find such a flaw, I could go ahead and mine what I wanted -- and get rich, with money created out of nothing, so nobody would get hurt.  But then I realized, of course, that doing so would have the effect of taking money away from miners who have spent good money on mining hardware.  And if I were to cash out, knowing that the value of BTCs could go down as a result of what I discovered, I would effectively be stealing from the people buying the bitcoins.

I don't agree.  If you did find a way to quickly find a valid hash, then you are just as entitled to mine as any other miner.

ASIC manufacturers take business from GPU miners, but there is nothing unethical about that.

Miners (including those with large investments) have no entitlement to block rewards.

Using your knowledge to double spend, reverse transactions or DDOS the network would not be ethical.

In summary, stealing bitcoins is unethical, but the coinbase bitcoins don't belong to anyone other than the miner who solves the hash.

If you don't know if you scheme will work, you could try it out.  If it does involve transferring bitcoins that you don't own to yourself, you could test it on bitcoins that you actually own.

[BurtW]

Pick someone who may know a bit about what you are talking about.  Someone who has been around a while.  Someone you trust.  Then PM them.

Some of the smartest and well known are gmaxwell, DeathAndTaxes, Mike Hearn, theymos, or Gavin himself.  I suggest you run your idea by one or more of them.

(This list is just off the top of my head - did not mean to leave anyone out )

Pretty much anyone with over 2500 posts or 900 activity can probably tell you if you have found something or not.

But pick someone you trust.

[piotr_n]

For now, though, let's just assume I'm clueless newbie or a crackpot, and I'm wrong.

No offence man, but I'm betting my entire bitcoin stash on you being wrong.
So go ahead and say it loud what vulnerability you think you have discovered - don't be shy

But let's assume...
IMHO, if a really critical vulnerability is found, it would rather be in ECDSA, not in SHA256.
I mean, if someone finds a way to solve SHA256 like 10 times faster - this is already accounted for. The difficulty will adjust and it should go on just fine.
But if the signatures are found to be broken, the value of bitcoin will quite likely go down to zero within a single day.
People are saying that if you don't reuse addresses then it should not matter, but I think they are wrong, since being unable to reuse an address would totally break a core function of the currency.
So in such a case there would be no sense to fix it - we can just as well start a new block chain, a new crypto-currency.
And all the coin holders would loose, though the hashing power should still be reusable, so the new currency shall quickly build up a value.

[BurtW]

If something is found then a hard fork can carry all/most/some the current accounts forward on to the new fork (probably, depending on the flaw found).

I say either PM a "super" hero or spit it out right here and now.

[piotr_n]

Right, unless you mean a critical vulnerability in the software, not in the protocol.

Yeah - we've been there. More than once, I think.
A new software is then being released within hours, all the miners switch to it ASAP and the fixed branch catches up to overtake the broken one -  problem solved.
I mean, some people could have lost some money because of double spending, but it would not be a total disaster, just a disturbance.

[flatfly]

Pick someone who may know a bit about what you are talking about.  Someone who has been around a while.  Someone you trust.  Then PM them.

Some of the smartest and well known are gmaxwell, DeathAndTaxes, Mike Hearn, theymos, or Gavin himself.  I suggest you run your idea by one or more of them.

(This list is just off the top of my head - did not mean to leave anyone out )

Pretty much anyone with an activity of over 2500 can probably tell you if you have found something or not.

But pick someone you trust.

Erm... Not even god has 2500+ activity...   Highest is theymos with 1428.