Assuming this post is true, does Bitcoin have no limit on its value?

[Mike Jones]

OK. I'll explain. SHA-256 is used for hashing. Of coz it's used in a variety of applications. But if someone get a quantum computer and manage to falsify a digitally signed contract then only authentic owner of the contract will be harmed. If someone manage to falsify an SSL certificate then only visitors of the site will be harmed. But if someone manage to find block nonces every second, then everyone who uses bitcoins will be in troubles.

Quantum computers aren't  a magic bullet.  Yes using Shor's algorithm the search speed can be increased exponentially however at what cost?   For example say once ASICs become mainstream the cost to attack/defend the network using ASICs is $20,000 per TH.  Now say a quantum computer which could implement shor's algorithm on 256bit numbers could be built for $50,000 per TH equivelent.  Who cares?  An attacker is going to take the more economical option.

So quantum computer is only a threat if all 5 elements are true
a) it is possible to build a quantum computer which can implement shor's algorithm on 256bit numbers
b) it is possible to build a quantum computer large enough to 51% attack the network
c) it is possible to build a quantum computer that makes such attack more economical than ASIC based brute force
d) quantum technology can be restricted so that a computer meeting requirements a,b, c isn't available to "defenders"
e) Bitcoin protocol isn't changed to implement quantum resistant block hashing algorithm

The idea that a,b,c,d & e will all remain true at the same time is implausible.  a & b are technical limitations and currently impossible although they MAY be possible in the future.  c is likely only true if quantum computers are being mass produced.  If c is true then it is very likely d isn't true.   a,b,c &d aren't going to happen overnight so as implausible as that set on conditions is some years or decades before it becomes true Bitcoin could adopt a quantum reistant hashing algorithm making conditon e false.

This guy makes Bitcoin seem immortal.

[1713873443]

1713873443

[1713873443]

1713873443

[cypherdoc]

D&T is a respected member of the community who falls into the "brilliant" category when it comes down to mathematics and mining.  you have to at least respect his opinion.

[dree12]

OK. I'll explain. SHA-256 is used for hashing. Of coz it's used in a variety of applications. But if someone get a quantum computer and manage to falsify a digitally signed contract then only authentic owner of the contract will be harmed. If someone manage to falsify an SSL certificate then only visitors of the site will be harmed. But if someone manage to find block nonces every second, then everyone who uses bitcoins will be in troubles.

Quantum computers aren't  a magic bullet.  Yes using Shor's algorithm the search speed can be increased exponentially however at what cost?   For example say once ASICs become mainstream the cost to attack/defend the network using ASICs is $20,000 per TH.  Now say a quantum computer which could implement shor's algorithm on 256bit numbers could be built for $50,000 per TH equivelent.  Who cares?  An attacker is going to take the more economical option.

So quantum computer is only a threat if all 5 elements are true
a) it is possible to build a quantum computer which can implement shor's algorithm on 256bit numbers
b) it is possible to build a quantum computer large enough to 51% attack the network
c) it is possible to build a quantum computer that makes such attack more economical than ASIC based brute force
d) quantum technology can be restricted so that a computer meeting requirements a,b, c isn't available to "defenders"
e) Bitcoin protocol isn't changed to implement quantum resistant block hashing algorithm

The idea that a,b,c,d & e will all remain true at the same time is implausible.  a & b are technical limitations and currently impossible although they MAY be possible in the future.  c is likely only true if quantum computers are being mass produced.  If c is true then it is very likely d isn't true.   a,b,c &d aren't going to happen overnight so as implausible as that set on conditions is some years or decades before it becomes true Bitcoin could adopt a quantum reistant hashing algorithm making conditon e false.

This guy makes Bitcoin seem immortal.

Bitcoin as we know it isn't immortal. SHA256 will definitely be broken eventually, stopping Bitcoin mining completely.

But the concept behind Bitcoin, future forks of it, and its spirit will likely last until the fall of humanity.

[cypherdoc]

SHA256 will definitely be broken eventually, stopping Bitcoin mining completely.

But the concept behind Bitcoin, future forks of it, and its spirit will likely last until the fall of humanity.

yes, the fork that will take Bitcoin beyond SHA 256

[finkleshnorts]

SHA256 will definitely be broken eventually, stopping Bitcoin mining completely.

Is this really the case? "Definitely?" If bitcoin's algo's become useless to the point of causing bitcoin to completely fail, I'm not sure people would ever have faith in cryptocurrency again. At least not the public. Hell, I wouldn't.

I read time and time again that if catastrophic flaws in SHA256 are discovered, bitcoin is the least of our problems. Not really sure if that is true or not, though.

[Gyrsur]

SHA256 will definitely be broken eventually, stopping Bitcoin mining completely.

But the concept behind Bitcoin, future forks of it, and its spirit will likely last until the fall of humanity.

yes, the fork that will take Bitcoin beyond SHA 256

what about the coins in this case then? please point it out for a new member of the comunity.  

[jimbobway]

When sha256 becomes broken, the way it will be detected is that the blocks will be be solved faster than anticipated.  Perhaps someone finds a weakness in sha256 which will make it a little easier to solve blocks.  This happens in cryptography once in a blue moon.  When this happens, the dev team will change the algorithm to something that is unbroken and tell everyone to upgrade.

All ASIC miners will become obsolete.  CPU miners will once again be used to solved blocks for maybe a month.  Then GPU and FPGA miners will be reprogrammed to solved the new cyptographic puzzle.

Bitcoin will endure until quantum computing becomes a reality but that is so far in the future.  At that time, advances in cryptography will allow the Bitcoin devs to adapt to Shor's algorithm.

As a side note, the way I understand it, the private keys are encrypted using elliptical curve cryptography which is different from solving blocks which use sha256.

[notme]

SHA256 will definitely be broken eventually, stopping Bitcoin mining completely.

Is this really the case? "Definitely?" If bitcoin's algo's become useless to the point of causing bitcoin to completely fail, I'm not sure people would ever have faith in cryptocurrency again. At least not the public. Hell, I wouldn't.

I read time and time again that if catastrophic flaws in SHA256 are discovered, bitcoin is the least of our problems. Not really sure if that is true or not, though.

Every past hash function has failed at some point.  It's likely only a matter of time.  However, they are usually broken in increments (instead of 256 bits of protection, you only practically get 256 - X bits).  Before X reaches 128 bits, I'd expect to see bitcoin (and anything else using SHA256) to move to a newer, more robust algorithm.

Bitcoin won't fail because of this.  Even with a partially broken SHA256, difficulty will just go up because miners can use the shortcuts just as easily as attackers.  When the time comes, the switch will require a hard fork, but what miner would want to stay with the old, broken algorithm?  The biggest threat is if we have two competing algorithms to replace it.  However, by the time we get there I would think there would be several companies and individuals in the position (the funds and motivation) to really analyze the options thoroughly and to be able to reach an information based consensus.

[cypherdoc]

When sha256 becomes broken, the way it will be detected is that the blocks will be be solved faster than anticipated.

we will have a sense well before then.  reports will start surfacing from the academic/mathematics community that a "solution" to SHA 256 is on the verge of happening.  it will be then, if not before, that the cryptographers will need to get to work to find the next solution.  i think Bitcoin will be able to outrun any of these new discoveries as it has it the past.  remember that Bitcoin and all open source projects are leveraging the use of the worldwide community as a whole rather than select closed groups of individuals.

[Gyrsur]

ok thank you! but what will happen with the old coins? they become worthless and need to be replaced with new ones?

[jimbobway]

When sha256 becomes broken, the way it will be detected is that the blocks will be be solved faster than anticipated.

we will have a sense well before then.  reports will start surfacing from the academic/mathematics community that a "solution" to SHA 256 is on the verge of happening.  it will be then that the cryptographers will need to get to work to find the next solution.  i think Bitcoin will be able to outrun any of these new discoveries as it has it the past.  remember that Bitcoin and all open source projects are leveraging the use of the worldwide community as a whole rather than select closed groups of individuals.

Here is an example post of sha1 being broken by a chinese university team:

http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html

[cypherdoc]

ok thank you! but what will happen with the old coins? they become worthless and need to be replaced with new ones?

no.  these new algorithms will be constructed to perpetuate the usage of existing coins.

[finkleshnorts]

Every past hash function has failed at some point.  It's likely only a matter of time.  However, they are usually broken in increments (instead of 256 bits of protection, you only practically get 256 - X bits).  Before X reaches 128 bits, I'd expect to see bitcoin (and anything else using SHA256) to move to a newer, more robust algorithm.

Bitcoin won't fail because of this.  Even with a partially broken SHA256, difficulty will just go up because miners can use the shortcuts just as easily as attackers.  When the time comes, the switch will require a hard fork, but what miner would want to stay with the old, broken algorithm?  The biggest threat is if we have two competing algorithms to replace it.  However, by the time we get there I would think there would be several companies and individuals in the position (the funds and motivation) to really analyze the options thoroughly and to be able to reach an information based consensus.

Thank you for explaining this to me. So it will more likely follow the demise of MD5, correct?

Also, I'm assuming the only way to fix that problem in the future will be a hard fork. (I'd like to see a thread about the problems of an organized fork, I'm headed to the search bar)

@jimbobway
How would that appear any different than more hashing power added to the network? I'm guessing no one will know that it's broken until someone draws up a proof.

[jimbobway]

ok thank you! but what will happen with the old coins? they become worthless and need to be replaced with new ones?

If sha256 is broken then, I think, everyone will keep their coins.  It's just that it is easier to solve blocks so the hackers* get more of the newly mined coins.

If elliptical curve cryptography is broken, what a hacker would do, for maximum profit/destruction is to target the wallet address with the most bitcoins and hack that address to determine the private key.  ECC is very, very strong and it is unlikely it will be broken without the use of a quantum computer.

* EDIT: Actually they would not be hackers, IMO.  They just found a better way to mine.

[Gyrsur]

ok thank you! but what will happen with the old coins? they become worthless and need to be replaced with new ones?

no.  these new algorithms will be constructed to perpetuate the usage of existing coins.

thank you! great! and now spread this to "ordinary" people...  

[finkleshnorts]

ok thank you! but what will happen with the old coins? they become worthless and need to be replaced with new ones?

no.  these new algorithms will be constructed to perpetuate the usage of existing coins.

The only problem would be if the fork was poorly organized, and people were still sending their coins around about the time of the fork. I'm scared of a blockchain fork.

[Mike Jones]

ok thank you! but what will happen with the old coins? they become worthless and need to be replaced with new ones?

no.  these new algorithms will be constructed to perpetuate the usage of existing coins.

The only problem would be if the fork was poorly organized, and people were still sending their coins around about the time of the fork. I'm scared of a blockchain fork.

Too many people have too much money put into this thing for something to be poorly organized.

With that said, I'm sold on Bitcoins now.

[Gyrsur]

ok thank you! but what will happen with the old coins? they become worthless and need to be replaced with new ones?

no.  these new algorithms will be constructed to perpetuate the usage of existing coins.

The only problem would be if the fork was poorly organized, and people were still sending their coins around about the time of the fork. I'm scared of a blockchain fork.

yeah it's like if greece will give up the Euro in the future and the greek government has nobody to tell it and it should happen during a weekend.

[jimbobway]

@jimbobway
How would that appear any different than more hashing power added to the network? I'm guessing no one will know that it's broken until someone draws up a proof.

Good point.  Depending on the strength of the cryptographic attack, let's supposed 100 blocks where solved in an hour.  It would raise a lot of suspicion since 100 is a lot.  The bitcoin client would then readjust the difficulty level and all other miners would not solve very many blocks.  Miners would complain and most likey the bitcoin dev team would change the algorithm.

But, if 10 blocks were solved in an hour and then the difficulty adjusted it could have been pure luck and there would be no sure fire way to prove it without mathematical proof.

I don't think breaking sha256 is "hacking".  It's like a gold miner finding the motherload.  However, I think breaking EC would be hacking.

[dooglus]

D&T is a respected member of the community who falls into the "brilliant" category when it comes down to mathematics and mining.  you have to at least respect his opinion.

I remember this argument he had with hashcoin on the subject of quantum computing.  I thought that D&T was wrong throughout the argument, but I'm no expert.  It just kind of ended with neither side coming around to the other's point of view.  Can you imagine??