Can the U.S. government meddle with BitCoin code?

[TheFootMan]

Since anyone can download and read the code how would they do this?

They could've modified the downloadable binary and force a dev to sign the compiled binary so that it looks legit. Not sure how fast a slight modification would've been noticed this way.

Checking the code and diffing it with previous releases would show nothing nefarious, and compiling from source and comparing it to the released binary might as well not work very well, as I guess different environments have different build environments and builds will be slightly different unless environments are duplicated exactly?

So the change in the binary might for instance allow siphoning of private keys to an adversary. And if the adversary was careful, stealing of coins could go on slowly as not to raise too much suspicion, or it could be used to just control bitcoin addresses, and then freeze them once it's necessary. Ie. 'freezing' it by transferring coins using the stolen private keys.

I don't know if there currently is any process whereby the binaries released are checked by several parties before they're ok'ed. The Sha256 checksums and pgp signature only proves that the holder of that signature has vouched for those checksums.

There should ideally be some 'paranoid bitcoin' project, or better yet several of them serving as watchdogs alerting the larger community once something nefarious happens.

Ideally to stay safe, one should always diff a new release against a previous release by checking what code is added, then understand this code and ensure nothing nefarious has been added, and then compile it yourself.

But how could one be sure that eventually sometime some distributor of a linux system doesn't distribute it with a compiler that will insert some nefarious code once it discovers that a bitcoin binary is being made.

There's a lot of trust we need to place in other people - and if you become too paranoid, you could worry about details all day long.

[madmadmax]

Where are you getting the data from for the blackmarkets? And CP is most certainly being bought and sold with BTC, just like it is with dollars and Paypal too, but of course the government will signal its illicit uses out to make their point.

There is no proof of a widespread market for CP in BTC though. There is certainly proof for black markets that deal in CP for UDS.

[franky1]

they already have.
SHA-256 is NSA child

if the NSA could use heartbleed for anything useful, then why did they need to contact google to get DPR's emails. why did they then contact the UK's GCHQ to brute force password break DPR's files??

Because the NSA are not as great as they claim. so chill out.

NSA dont have a backdoor into sha256

[justusranvier]

There is no proof of a widespread market for CP in BTC though.

There's no proof that such a market really exists in any currency.

For all we know, 99.9% of the child porn market is just sting operations selling to other sting operations, serving no purpose other than to keep a convenient digital bogeyman around to demolish inconvenient civil rights.

[jonald_fyookball]

they already have.
SHA-256 is NSA child

if the NSA could use heartbleed for anything useful, then why did they need to contact google to get DPR's emails. why did they then contact the UK's GCHQ to brute force password break DPR's files??

Because the NSA are not as great as they claim. so chill out.

NSA dont have a backdoor into sha256

Is there even a single example of a hashing algorithm with a backdoor?

[bountygiver]

Although you can say people can choose not to update to their fork.
But how much willpower an average citizen has?

Government can always manipulate average joe's mind with media, if lots of normal people are using bitcoin qt, the government can easily convince them to use their fork.
So next time when you are convincing others to use bitcoins, take a moment and remind yourself why we need bitcoins. The currency is meant to wake the people up, not to make quick money.

[skooter]

Can the developers of BitCoin be forced by law to change the code according to desires of the U.S. government?

No but they are working by other means such as either buying off or infiltrating software companies in order to introduce vulnerabilities that favor them. (aka the OpenSSL bug which was introduced to Bitcoin despite the fact of having a huge additional attack vector)

The Bitcoin Foundation have also voiced their intentions of helping the CIA fight Bitcoin funded pedophilia (by which means?) which is huge anti-Bitcoin propaganda. If you run a simple calculation the Bitcoin black market is currently worth 2% of its economy (and all of it is drugs, we have no proof to believe otherwise) versus the nearly 30% black market of USD which includes organ sale, children, pedophilia, human trafficking, weapons of mass destruction etc etc.

Unless you got a source for those #s, you just pulled them out of your ass.

[marcus_of_augustus]

X.509 for the de-anonymising win.

[jonald_fyookball]

they already have.
SHA-256 is NSA child

if the NSA could use heartbleed for anything useful, then why did they need to contact google to get DPR's emails. why did they then contact the UK's GCHQ to brute force password break DPR's files??

Because the NSA are not as great as they claim. so chill out.

NSA dont have a backdoor into sha256

So they have people like you thinking they don't have the original backdoors and use them.
They can be evil and corrupt but not dumb.

Do you have any evidence of this?  indeed,can anyone provide any example of a backdoor to an opensource cryptographic hash function?  Does such a thing exist?

[BurtW]

they already have.
SHA-256 is NSA child

if the NSA could use heartbleed for anything useful, then why did they need to contact google to get DPR's emails. why did they then contact the UK's GCHQ to brute force password break DPR's files??

Because the NSA are not as great as they claim. so chill out.

NSA dont have a backdoor into sha256

So they have people like you thinking they don't have the original backdoors and use them.
They can be evil and corrupt but not dumb.

Since it is mathematically impossible to recover the input text from the hash of that input text what exactly do you mean by a "back door" to a hashing function?  Exactly what information could a back door give you once the hash is calculated?

[jonald_fyookball]

they already have.
SHA-256 is NSA child

if the NSA could use heartbleed for anything useful, then why did they need to contact google to get DPR's emails. why did they then contact the UK's GCHQ to brute force password break DPR's files??

Because the NSA are not as great as they claim. so chill out.

NSA dont have a backdoor into sha256

So they have people like you thinking they don't have the original backdoors and use them.
They can be evil and corrupt but not dumb.

Since it is mathematically impossible to recover the input text from the hash of that input text what exactly do you mean by a "back door" to a hashing function?  Exactly what information could a back door give you once the hash is calculated?

That's what I'm asking as well... No one is giving any answers.... Cryptography experts jump in please.  Any documented backdoors in any cryptographic hashes, ever? 

[jonald_fyookball]

they already have.
SHA-256 is NSA child

if the NSA could use heartbleed for anything useful, then why did they need to contact google to get DPR's emails. why did they then contact the UK's GCHQ to brute force password break DPR's files??

Because the NSA are not as great as they claim. so chill out.

NSA dont have a backdoor into sha256

So they have people like you thinking they don't have the original backdoors and use them.
They can be evil and corrupt but not dumb.

Since it is mathematically impossible to recover the input text from the hash of that input text what exactly do you mean by a "back door" to a hashing function?  Exactly what information could a back door give you once the hash is calculated?

That's what I'm asking as well... No one is giving any answers.... Cryptography experts jump in please.  Any documented backdoors in any cryptographic hashes, ever? 

lol
its not like that: //backdoor code here
it could be a vulnerability that got fix or a code that was designed to appear as a bug.

Any examples though?

[jonald_fyookball]

they already have.
SHA-256 is NSA child

if the NSA could use heartbleed for anything useful, then why did they need to contact google to get DPR's emails. why did they then contact the UK's GCHQ to brute force password break DPR's files??

Because the NSA are not as great as they claim. so chill out.

NSA dont have a backdoor into sha256

So they have people like you thinking they don't have the original backdoors and use them.
They can be evil and corrupt but not dumb.

Since it is mathematically impossible to recover the input text from the hash of that input text what exactly do you mean by a "back door" to a hashing function?  Exactly what information could a back door give you once the hash is calculated?

That's what I'm asking as well... No one is giving any answers.... Cryptography experts jump in please.  Any documented backdoors in any cryptographic hashes, ever? 

lol
its not like that: //backdoor code here
it could be a vulnerability that got fix or a code that was designed to appear as a bug.

Any examples though?

backdoors in OpenBSD's IPSec stack inserted by a FBI contractor.

Googled this... Thanks for the example.  But this doesn't even appear to be in the same ballpark. 
OpenBSD is apparently a "unix like operating system", and then you have an entire stack involving
The IPSec layer.  We're taking a pretty complex library of code here..... VERY different from cryptographic
Hash function such as SHA-256 that can be implemented in a few dozen lines of code....

Not even really the same animal at all when you think about it...  A backdoor to the hash function
Itself, if possible, would have to be accomplished at the mathematical/theoretical level...which
Is really my question to the mathematicians and cryptographers out there.  Is THAT possible?

[BitchicksHusband]

There is suspicion in secp256r1 that the NSA recommends a seemingly random values to use as your pseudorandom seed.  Satoshi chose different values instead.

Look at this article:

http://bitcoinmagazine.com/7781/satoshis-genius-unexpected-ways-in-which-bitcoin-dodged-some-cryptographic-bullet/

For secp256r1, the standard 256-bit pseudorandom curve, the seed is c49d360886e704936a6678e1139d26b7819f7e90, giving rise to the parameters:

p = 115792089210356248762697446949407573530086143415290314195533631308867097853951
a = 115792089210356248762697446949407573530086143415290314195533631308867097853948
b = 41058363725152142129326129780047268409114441015993725554835256314039467401291

The obvious question is this: where did the seed come from? Why was the seed not chosen to be some more innocent-looking number, like 15? In light of recent revelations regarding the US National Security Agency subverting cryptographic standards, an obvious concern is that the seed was somehow deliberately chosen in order to make the curve weak in some way that only the NSA knows.

If the NSA knows of an elliptic curve vulnerability that affects only one specific curve, the pseudorandom parameter generation process would prevent them from standardizing it. However, if they knew of a weakness in one in every billion curves, then the process offers no protection; for all we know, c49d360886e704936a6678e1139d26b7819f7e90 could have been the billionth seed that the National Institute for Standards in Technology tried.

Fortunately, Bitcoin does not use pseudorandom curves; Bitcoin uses Koblitz curves. In Bitcoin’s secp256k1, the parameters are:

p = 115792089237316195423570985008687907853269984665640564039457584007908834671663
a = 0
b = 7

Read the whole thing, it's really a great read.

[BurtW]

SHA256 is a cryptographic hash function.

Secp256k1 is the elliptical curve used by Bitcoin.

They are not related in any way shape or form.

Two different subjects.

[marcus_of_augustus]

Is really my question to the mathematicians and cryptographers out there.  Is THAT possible?

Theoretically, yes. An 'error' in an arcane statistical method deep into long-winded technical RFC paper could get missed that makes the method weak in just the right amount in a known location.

Other people can say it better https://www.schneier.com/essay-472.html

The third is the deliberate sabotaging of security. The primary example we have of this is the NSA's BULLRUN program, which tries to "insert vulnerabilities into commercial encryption systems, IT systems, networks and endpoint communication devices." This is the worst of the NSA's excesses, because it destroys our trust in the Internet, weakens the security all of us rely on and makes us more vulnerable to attackers worldwide.

[Equate]

Until they are outside US, no chance

[BurtW]

Back to the idea of a weakness in a hash function:  if you have a hash it is impossible to get back to the original text simply because by necessity and design there are always MANY input texts that hash to the same value. 

[btcxyzzz]

i know 99% have simply downloaded the .exe and not even be bothered to check the code, in the hopes that someone smarter will check it and tell people to downgrade back to version 0.8x if something nasty was in the code.

make that 99.999999999% .... what i'm most affraid of is intentional bugs that can be found easily even if many geeks are looking to it...

[TheFootMan]

Since anyone can download and read the code how would they do this?

They could've modified the downloadable binary and force a dev to sign the compiled binary so that it looks legit. Not sure how fast a slight modification would've been noticed this way.

Checking the code and diffing it with previous releases would show nothing nefarious, and compiling from source and comparing it to the released binary might as well not work very well, as I guess different environments have different build environments and builds will be slightly different unless environments are duplicated exactly?

So the change in the binary might for instance allow siphoning of private keys to an adversary. And if the adversary was careful, stealing of coins could go on slowly as not to raise too much suspicion, or it could be used to just control bitcoin addresses, and then freeze them once it's necessary. Ie. 'freezing' it by transferring coins using the stolen private keys.

I don't know if there currently is any process whereby the binaries released are checked by several parties before they're ok'ed. The Sha256 checksums and pgp signature only proves that the holder of that signature has vouched for those checksums.

There should ideally be some 'paranoid bitcoin' project, or better yet several of them serving as watchdogs alerting the larger community once something nefarious happens.

Ideally to stay safe, one should always diff a new release against a previous release by checking what code is added, then understand this code and ensure nothing nefarious has been added, and then compile it yourself.

But how could one be sure that eventually sometime some distributor of a linux system doesn't distribute it with a compiler that will insert some nefarious code once it discovers that a bitcoin binary is being made.

There's a lot of trust we need to place in other people - and if you become too paranoid, you could worry about details all day long.

Any comments to this ? ^^