Bitcoin Forum
May 22, 2024, 03:08:28 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Bicliques preimage attack, is it a worry?
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Bicliques preimage attack, is it a worry?  (Read 1044 times)
David Rabahy (OP)
Hero Member
*****
Offline Offline

Activity: 709
Merit: 503



View Profile
October 02, 2014, 03:20:00 PM
 #1
http://eprint.iacr.org/2011/286.pdf
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4186
Merit: 8421



View Profile WWW
October 02, 2014, 05:30:14 PM
 #2
No, more certification weaknesses (around 2^256 work) on reduced round versions.
David Rabahy (OP)
Hero Member
*****
Offline Offline

Activity: 709
Merit: 503



View Profile
October 03, 2014, 01:50:14 PM
 #3
Ah, SHA-256 is 64 rounds, whereas the paper in question talks about of an attack at 45 rounds.  I gather it is not just a matter of working harder the same way to get to 46 or more rounds but rather novel enhancements are required if it is even possible.
David Rabahy (OP)
Hero Member
*****
Offline Offline

Activity: 709
Merit: 503



View Profile
October 03, 2014, 01:54:15 PM
 #4
One wonders if the Bitcoin reference implementation is built upon one of the SHS validated http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm SHA-256 implementations.
David Rabahy (OP)
Hero Member
*****
Offline Offline

Activity: 709
Merit: 503



View Profile
October 03, 2014, 01:57:43 PM
 #5
The referenced paper is obviously a public attack, so to speak.  One wonders what the state of the art is non-publicly.   I suppose the paper might be as good as it gets at this point.
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Bicliques preimage attack, is it a worry?
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!