Reused R values again

[johoe]

two questions:

1. Is it a problem is the same R value is used for two different addresses?

There is a problem, if the addresses were generated with a hierarchically deterministic wallet, e.g. BIP32, without strengthening.  This is only a problem if an attacker can also obtain the master public key.  The master public key is usually not very well protected to enable simple watch-only access.  E.g., electrum doesn't encrypt it, Trezor tells it without requiring the PIN.

2. How do you find reused R values?

I simply walk through the 30 GB block database and search for duplicates (with a self-written program).

I am using bitcoinj-0.11 for creating tx. Is this vulnerable?
Currently, I have not reused any address till now. However, I need to be sure I won't be affected by this.

Newer bitcoinj uses RFC6979.  I think bitcoinj-0.11 used SecureRandom from the Java library to generate k. Although the name suggests that it is safe, this library function was unfortunately broken on some platforms, especially Android.

You can check if one of your addresses exhibited a duplicated R value here:
http://johoe.mooo.com/bitcoin/endangered.txt

[1715612376]

1715612376

[1715612376]

1715612376

[1715612376]

1715612376

[gmaxwell]

I just need one important question answered: why did Satoshi or whoever decide to use this highly vulnerable signature scheme?

LOL. What would you expect to be used instead?

There is nothing "highly vulnerable" here.  The software getting hit are _extremely incompetent_.  Incompetent implementations of cryptosystems are almost universally insecure.

That DSA requires state/randomness is an extra thing to get right and it would be preferable if that weren't so... but there isn't a reasonable alternative than some kind of DSA signature even now-- and certainly not when Bitcoin was created.... nor is one needed, when coupled with competent software; and without competent software you are already doomed.

[gmannnnn]

I am using bitcoinj-0.11 for creating tx. Is this vulnerable?
Currently, I have not reused any address till now. However, I need to be sure I won't be affected by this.

no, bitcoinj's implementation is sound.

[SpanishSoldier]

...When bitcoin accumulates few decades...

Bitcoin will die in three months maximum. May be sooner.

Four months over. Bitcoin is still alive. What about U ?

[amaclin]

...When bitcoin accumulates few decades...

Bitcoin will die in three months maximum. May be sooner.

Four months over. Bitcoin is still alive. What about U ?

I was wrong expecting death in this period. Sorry.
But the main problem is still here: bitcoin network spends too much energy for transaction securing & processing.
The game will be over soon.

[cor]

...When bitcoin accumulates few decades...

Bitcoin will die in three months maximum. May be sooner.

Four months over. Bitcoin is still alive. What about U ?

I was wrong expecting death in this period. Sorry.
But the main problem is still here: bitcoin network spends too much energy for transaction securing & processing.
The game will be over soon.

Sure but Bitcoin is in the phase when it needs a solid infrastructure in order to sustain more development and more users...
Processing fiat money transactions surely cost no less energy and resources. Maybe there are ways to incentive the network operation. 

Just like the internet in 90s needed a bigger network, good tools and information available for wider audience.
 You may remember or know this vid:
https://www.youtube.com/watch?v=UlJku_CSyNg&spfreload=10&ab_channel=JasonMiklacic

[amaclin]

Processing fiat money transactions surely cost no less energy and resources. Maybe there are ways to incentive the network operation. 

Today Bitcoin network runs at 346,145,605 GH/s ( according to https://bitcoinwisdom.com/bitcoin/difficulty )
and processes ~100k transactions dayly https://blockchain.info/charts/n-transactions
The question is: are you able to calculate how much energy takes processing & securing one transaction?

First time I wrote about the end of bitcoin (and all other decentralized cryptos) ~half year ago when the price was ~$400
In the early January when I gave three months the price was ~$300
Today the price is ~$230
Every day we are closer to the "stable state" when there are no value/no transactions/no markets
Sad but true.

[SpanishSoldier]

Processing fiat money transactions surely cost no less energy and resources. Maybe there are ways to incentive the network operation. 

Today Bitcoin network runs at 346,145,605 GH/s ( according to https://bitcoinwisdom.com/bitcoin/difficulty )
and processes ~100k transactions dayly https://blockchain.info/charts/n-transactions
The question is: are you able to calculate how much energy takes processing & securing one transaction?

First time I wrote about the end of bitcoin (and all other decentralized cryptos) ~half year ago when the price was ~$400
In the early January when I gave three months the price was ~$300
Today the price is ~$230
Every day we are closer to the "stable state" when there are no value/no transactions/no markets
Sad but true.

Price went down to 180 in these four months and has gone above 300 after that. So your theory of price going steadily downward is wrong as well