Bitcoin Forum
March 19, 2024, 11:30:21 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Bitcoin and the NSA  (Read 5224 times)
samablog (OP)
Newbie
*
Offline Offline

Activity: 30
Merit: 0



View Profile WWW
April 25, 2011, 04:02:24 PM
 #1

I posted the following on my blog, but I figured that people here would be able to point me to the answers more easily.  I apologize in advance if this has been discusses ad nauseam already.


Bitcoin utilizes something called elliptical curve encryption in its processes. I remember back in the day, attending Bob Hettinga’s “Digital Commerce Society of Boston” meetings, and hearing this discussed then That was about 15 years ago now. I’m not a cryptographer, but from what I remember, elliptical curve encryption offered extraordinarily strong encryption without requiring an extraordinary amount of processing power. It was envisioned at the time that this method of encryption would be extremely useful in mobile devices.

My question is simple: Has the NSA broken elliptical curve encryption yet? And if they have, would they have it within their power to destroy Bitcoin?

If the NSA has broken elliptical curve encryption, they surely wouldn’t announce such a capability. But it does mean that if the US Federal Government wanted to, they could crush Bitcoin in seconds flat, inflating it beyond measure. By doing so, they would announce to the world that they can break elliptical curve encryption, but maybe that would be worth doing in certain circumstances.

But put aside the NSA for a moment. Theoretically, there is also what I would call the MC Frontalot problem as well. In his song, Secrets From The Future, he writes:

Quote
You can’t hide secrets from the future with math.
You can try, but I bet that in the future they laugh
at the half-assed schemes and algorithms amassed
to enforce cryptographs in the past.

The point being, that even the best cryptography today is likely to be broken, even by brute force, at some point in the future. So my question is, how is the Bitcoin development community planning to work around the MC Frontalot problem? IPhysical currency gets recalled and re-issued with new anti-counterfeiting measures added periodically, but what's the equivalent for Bitcoin?  I assume somebody has already asked this question, but I thought I’d ask it here in any event.
1710847821
Hero Member
*
Offline Offline

Posts: 1710847821

View Profile Personal Message (Offline)

Ignore
1710847821
Reply with quote  #2

1710847821
Report to moderator
1710847821
Hero Member
*
Offline Offline

Posts: 1710847821

View Profile Personal Message (Offline)

Ignore
1710847821
Reply with quote  #2

1710847821
Report to moderator
1710847821
Hero Member
*
Offline Offline

Posts: 1710847821

View Profile Personal Message (Offline)

Ignore
1710847821
Reply with quote  #2

1710847821
Report to moderator
In order to get the maximum amount of activity points possible, you just need to post once per day on average. Skipping days is OK as long as you maintain the average.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1710847821
Hero Member
*
Offline Offline

Posts: 1710847821

View Profile Personal Message (Offline)

Ignore
1710847821
Reply with quote  #2

1710847821
Report to moderator
1710847821
Hero Member
*
Offline Offline

Posts: 1710847821

View Profile Personal Message (Offline)

Ignore
1710847821
Reply with quote  #2

1710847821
Report to moderator
gusti
Legendary
*
Offline Offline

Activity: 1099
Merit: 1000


View Profile
April 25, 2011, 04:36:02 PM
 #2

I'm not a cryptography expert  at all, but I understand that is easy to change btc in the protocol, from sha256 to whatever other technology, if the old one happens to be cracked.

If you don't own the private keys, you don't own the coins.
kgo
Hero Member
*****
Offline Offline

Activity: 548
Merit: 500


View Profile
April 25, 2011, 06:45:52 PM
 #3

No the NSA hasn't broken it.  In fact, ECC is the only public key algorithm that they've cleared for use by the government itself to secure top secret documents.

http://www.nsa.gov/ia/programs/suiteb_cryptography/
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
April 25, 2011, 08:31:51 PM
 #4

Related discussion here:
  http://bitcointalk.org/index.php?topic=2699.0

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


samablog (OP)
Newbie
*
Offline Offline

Activity: 30
Merit: 0



View Profile WWW
April 25, 2011, 09:59:55 PM
 #5

Thanks guys
MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1007



View Profile
April 25, 2011, 10:14:47 PM
 #6

My question is simple: Has the NSA broken elliptical curve encryption yet?
Unknowable.
Quote
And if they have, would they have it within their power to destroy Bitcoin?

No.  At best, they would have the power to steal bitcoins from individual accounts.  Both the merkle tree inside of the blocks, and the blockchain itself, uses secure hashing, not public/private keypair encryption.  So if SHA256 (the hash that Bitcoin presently uses) were broken in the future, this would not expose the individual account balances of all users, but only those of the most recent blocks in the blockchain.  Likewise, if the public/private keypair encryption that Bitcoin presently uses was broken, this would expose the accounts of individual users that the attacker was willing to commit resources to break open; but would not expose the blockchain itself to attack, nor the whole of the Bitcoin user base.  If both are broken at the same time, we would be in trouble.  However, if either is broken (or even appears to be subject to breaking in the near future) then each is modular and can be replaced with another method within the same class of encryption.  Bitcoin is not 'married' to elliptical curve encryption, per se.

Also, the hashing methods used for the blockchain can be different than those used for the merkle tree, or even two different secure hashing methods used for each block; because the blockchain is currently secured using a SHA256 hash of a SHA256 hash of the block's header.  Which would further seperate sections of Bitcoin from the risk of any one part of the system being broken.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
Gavin Andresen
Legendary
*
Offline Offline

Activity: 1652
Merit: 2164


Chief Scientist


View Profile WWW
April 25, 2011, 11:04:45 PM
Last edit: April 25, 2011, 11:37:47 PM by gavinandresen
 #7

To steal your bitcoins by breaking crypto (as opposed to getting your private key), somebody would have to:

1. Break RIPEMD160.  Because your bitcoin address is a RIPEMD160 hash...  AND
2. Break SHA256.  Because your bitcoin address is a RIPEMD160 hash of the SHA256 hash... AND
3. Break the ECDSA elliptic curve encryption signature algorithm, to figure out the private key that corresponds to the public key that they got from breaking (1) and (2).

That's assuming that you don't re-use bitcoin receiving addresses (your public key is revealed the first time you spend coins that were sent to that address).  If you do re-use the same receiving address, then they just need (3).

I don't spend any time worrying about whether or not the NSA (or anybody else) can break ECDSA.

How often do you get the chance to work on a potentially world-changing project?
MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1007



View Profile
April 25, 2011, 11:23:02 PM
 #8

To steal your bitcoins by breaking crypto (as opposed to getting your private key), somebody would have to:

1. Break RIPEMD160.  Because your bitcoin address is a RIPEMD160 hash...  AND
2. Break SHA256.  Because your bitcoin address is a RIPEMD160 hash of the SHA256 hash... AND
3. Break the ECDSA elliptic curve encryption algorithm, to figure out the private key that corresponds to the public key that they got from breaking (1) and (2).

Thank you for clearing this up.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
ByteCoin
Sr. Member
****
Offline Offline

Activity: 416
Merit: 277


View Profile
April 25, 2011, 11:31:55 PM
Last edit: April 26, 2011, 12:58:59 AM by ByteCoin
 #9

They wouldn't have to break RIPEMD160. If they broke SHA256 suitably they could create blocks of arbitrarily high difficulty with very little effort which would enable them to take control of the block chain.
When you send your transaction to spend the coins, you reveal your public key for which they would then solve the discrete logarithm problem to find your secret key. They would ensure that your transaction was never included in a block but their transaction spending your money could confirm very quickly.
I suppose that if you never try to spend the money, they can't steal it directly but they could inflate the value away.

ByteCoin
MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1007



View Profile
April 26, 2011, 12:13:29 AM
 #10

They wouldn't have to break RIPEMD160. If they broke SHA256 suitably they could create blocks of arbitrarily high difficulty with very little effort which would enable them to take control of the block chain.

This would be a good reason to change one of the SHA256 hashings of the block headers to a completely different secure hashing algorithem now, preempting this possibility completely.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1918
Merit: 1570


Bitcoin: An Idea Worth Spending


View Profile WWW
March 19, 2012, 06:29:35 AM
 #11

Bump!
MysteryMiner
Legendary
*
Offline Offline

Activity: 1470
Merit: 1029


Show middle finger to system and then destroy it!


View Profile
March 19, 2012, 11:40:59 AM
 #12

If NSA can break the crypto, the same can both russians and chinese and probably dozens of other countries. All spy agencies are compromised by spies. I mean by double agent spies, who pass NSA secrets to russians and chinese and vice versa. If you or NSA think that they have no moles or people leaking secrets of all magnitudes to foreigners, you are simply naive.

If any agency are capable to do that, that news will surface eventually. As result my conclusion is that the crypto is not broken by anybody.

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
goodlord666
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250


100%


View Profile
March 19, 2012, 12:49:14 PM
 #13

Why would anybody like the NSA want to destroy Bitcoin? They're probably as intrigued by it as us and would rather want it as secure as us.


stevegee58
Legendary
*
Offline Offline

Activity: 916
Merit: 1003



View Profile
March 19, 2012, 01:06:08 PM
 #14

Why would anybody like the NSA want to destroy Bitcoin? They're probably as intrigued by it as us and would rather want it as secure as us.

Read "A Lodging of Wayfaring Men" for your answer.

You are in a maze of twisty little passages, all alike.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
March 19, 2012, 01:57:49 PM
 #15

the fact that the article published a map of the facility makes it highly suspect to me.  perhaps they're playing Ben's game of perception management.
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
March 19, 2012, 01:59:44 PM
 #16

the fact that the article published a map of the facility makes it highly suspect to me.  perhaps they're playing Ben's game of perception management.
+1, or else they figured that it couldn't hurt in these days of satellite imagery.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
goodlord666
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250


100%


View Profile
March 19, 2012, 02:01:55 PM
 #17

Why would anybody like the NSA want to destroy Bitcoin? They're probably as intrigued by it as us and would rather want it as secure as us.

Read "A Lodging of Wayfaring Men" for your answer.

Thanks, but no.


triplehelix
Member
**
Offline Offline

Activity: 84
Merit: 10



View Profile
March 19, 2012, 02:43:38 PM
 #18

i don't understand the line of thinking.  the US government could for all intents and purposes crush bitcoin with less funds, just manipulating the market and such, then with the funds required to build the computer hardware, man hour compensation, and electric consumption required to break encryption and use it in any way with enough breadth to damage bitcoin.
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
March 19, 2012, 02:46:09 PM
 #19

i don't understand the line of thinking.  the US government could for all intents and purposes crush bitcoin with less funds, just manipulating the market and such, then with the funds required to build the computer hardware, man hour compensation, and electric consumption required to break encryption and use it in any way with enough breadth to damage bitcoin.
The line of thinking is that this hardware is targeted at AES, not SHA256, and as far as we know has nothing to do with Bitcoin at all. Not sure why OP thinks it is related.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
triplehelix
Member
**
Offline Offline

Activity: 84
Merit: 10



View Profile
March 19, 2012, 02:48:57 PM
 #20

i don't understand the line of thinking.  the US government could for all intents and purposes crush bitcoin with less funds, just manipulating the market and such, then with the funds required to build the computer hardware, man hour compensation, and electric consumption required to break encryption and use it in any way with enough breadth to damage bitcoin.
The line of thinking is that this hardware is targeted at AES, not SHA256, and as far as we know has nothing to do with Bitcoin at all. Not sure why OP thinks it is related.

i would say its pretty obvious that the government and its agencies are far far more interested in communications than bitcoin.  we might all love bitcoin, but there is a serious case of over inflating its importance to organizations outside our relatively small group.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!