Bitcoin Forum
December 18, 2017, 07:28:19 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Alt Coin CRC32/MD5/RSA  (Read 1071 times)
bitprick12345
Newbie
*
Offline Offline

Activity: 14


View Profile
February 08, 2014, 08:21:57 AM
 #1

How hard would it be to create an alt coin using obsolete proof of work (CRC32) and RSA for signatures. I think this would be an interesting project considering that the design of bit coin would still hold up even in a ridiculous context. It would also be interesting to have a block chain where some one could brute force your private keys in a few days. Self refund if you will, The chaos would be pretty fun.
1513582099
Hero Member
*
Offline Offline

Posts: 1513582099

View Profile Personal Message (Offline)

Ignore
1513582099
Reply with quote  #2

1513582099
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Foxpup
Legendary
*
Offline Offline

Activity: 2044



View Profile
February 08, 2014, 08:42:03 AM
 #2

CRC32 is useless for proof of work since it is easily reversible (finding a nonce which produces a particular CRC result takes little more effort than verifying it). It is not a hash function and was never designed to be. RSA is currently safe as long as reasonable key sizes are used. I have no idea where you got the idea that RSA private keys can be brute forced "in a few days", but they can't.

Will pretend to do unverifiable things (while actually eating an enchilada-style burrito) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
deepceleron
Legendary
*
Offline Offline

Activity: 1512



View Profile WWW
February 08, 2014, 08:43:25 AM
 #3

CRC32 has 32 bits. Even if there was only one difficulty target of "0" it would be significantly lower in difficulty than bitcoin difficulty 1.

An insecure hashing algorithm such as MD4, as long as it has enough bits for a realistic difficulty, would still provide the same protection against attack as SHA256, there is no specific aspect of the "insecurity" that makes it practically less secure as a block hash. They still have as much practical avalanche and unpredictability. The demonstrated attacks that lead us to call them insecure are, for example, the creation of two datas with a hash collision by researchers, which should instead be computationally infeasible; they do not demonstrate ease of making a 0000f hash of non-user data + nonce in blockchain time scale.

If there was a significant breakthrough in finding target hashes, it could be disruptive if known by only one party to mount 51% attack. If known by all, it would simply create a higher difficulty as long as there are difficulty bits to burn.

For address hash-masking CRC32 would mean only 4 billion addresses could exist, finding keys to spend every address would be easy. MD5 gives 128 bits of addresses (compared to 160 bits of addresses for RIPEMD160) and is more practical and still outside the limits of imaginable attack or collision.
bitprick12345
Newbie
*
Offline Offline

Activity: 14


View Profile
February 08, 2014, 08:54:28 AM
 #4

Ok so you guys are saying. Technically an AltCoin based off of RSA and MD4 would be secure.

I also thought that RSA is weaker than ECDSA and why it was not selected for Bitcoin.

I did not understand CRC32 was any different from SHA. I figured they are both checksums.
12648430
Full Member
***
Offline Offline

Activity: 144


View Profile
February 08, 2014, 09:18:21 AM
 #5

Ok so you guys are saying. Technically an AltCoin based off of RSA and MD4 would be secure.

I also thought that RSA is weaker than ECDSA and why it was not selected for Bitcoin.
RSA isn't broken; it just requires longer keys to achieve the same level of security of ECDSA (as far as we know).

I did not understand CRC32 was any different from SHA. I figured they are both checksums.
Checksums are more complicated than you might think. CRC32s are easy to calculate to check for data corruption, but they weren't designed for cryptographic purposes and are unsuitable for this kind of thing.
chiguireitor
Legendary
*
Offline Offline

Activity: 899


Coins, Games & Miners


View Profile WWW
March 14, 2014, 03:49:01 PM
 #6

One could even use XOR8 Cheesy for a lot more crappyness... also, mining only allowed from a DOSbox

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
March 14, 2014, 04:05:00 PM
 #7

I also thought that RSA is weaker than ECDSA and why it was not selected for Bitcoin.

RSA requires a larger key size than ECC for the same bit strength thus it would be a less optional choice where bandwidth and storage are constrained (like cryptocurrencies).

All of the following offer 128 bit security
Hashing Function: RIPEMD-128* 128 bit
Symmetric Encryption: AES 128 bit
Asymmetric (elliptic curve): ECC 256 bit
Asymmetric (prime integer): RSA 3,072 bit

* technically RIPEMD-128 is cryptographically weak against collisions and thus no longer offers full 128 bit security.  Newer hash functions have gotten larger so I couldn't find any 128 bit hash functions which are still unweakened by cryptanalysis.

It gets worse for RSA if we ever need 160/256 bit security.

All of the following offer 160 bit security (or better)
Hashing Function: RIPEMD-160
Symmetric Encryption: AES 192 bit (actually is 192 bit security but it is the smallest key size which is >= 160 bit)
Asymmetric (elliptic curve): ECC 320 bit
Asymmetric (prime integer): 7,864 bit

All of the following offer 256 bit security (or better)
Hashing Function: RIPEMD-256
Symmetric Encryption: AES 256 bit
Asymmetric (elliptic curve): ECC 512 bit
Asymmetric (prime integer):15,360 bit

Even 128 bit key strength is beyond what can be brute force using classical computing.  The higher key strengths are intended to be protection against cryptanalysis. For example a break which reduces the key strength of AES 256 by 28 bits has no practical application but the same 28 bit reduction on AES 128 starts to get it dangerously close to what "could" be brute forced.
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1260


Core dev leaves me neg feedback #abuse #political


View Profile
March 14, 2014, 05:56:52 PM
 #8

how many bits would represent the probability of a monkey accidentally typing the complete works of Shakespeare?

Boris-The-Blade
Full Member
***
Offline Offline

Activity: 156


View Profile
March 14, 2014, 06:06:02 PM
 #9

Nah Ya Boring
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!