Bitcoin Forum
April 18, 2024, 08:13:33 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Just throwing this out there: Using multiple forms of encryption for redundancy
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Just throwing this out there: Using multiple forms of encryption for redundancy  (Read 913 times)
barbarousrelic (OP)
Hero Member
*****
Offline Offline

Activity: 675
Merit: 502


View Profile
July 30, 2012, 06:39:41 PM
 #1
It's unlikely, but possible, that someone could break ECDSA or SHA256, which would be bad for the Bitcoin community.

What would be the drawbacks of using two methods of encryption, one on top of the other, so that if either one is broken, Bitcoin remains unaffected?

I presume it would be far less likely for two distinct forms of encryption to be defeated at exactly the same time, than to have one broken.

Are there strong, well-tested encryption schemes that are based on mathematics sufficiently distinct from ECDSA?

Side question: Do there exist viable forms of cryptography which are thought not to be defeatable by a quantum computer? I've heard of "Unbalanced Oil and Vinegar" which is supposed to be quantum-computer-resistant but not thoroughly tested.
Do not waste your time debating whether Bitcoin can work. It does work.

"Early adopters will profit" is not a sufficient condition to classify something as a pyramid or Ponzi scheme. If it was, Apple and Microsoft stock are Ponzi schemes.

There is no such thing as "market manipulation." There is only buying and selling.
Every time a block is mined, a certain amount of BTC (called the subsidy) is created out of thin air and given to the miner. The subsidy halves every four years and will reach 0 in about 130 years.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
notme
Legendary
*
Offline Offline

Activity: 1904
Merit: 1002


View Profile
July 30, 2012, 06:45:54 PM
 #2
Quote from: barbarousrelic on July 30, 2012, 06:39:41 PM
It's unlikely, but possible, that someone could break ECDSA or SHA256, which would be bad for the Bitcoin community.

What would be the drawbacks of using two methods of encryption, one on top of the other, so that if either one is broken, Bitcoin remains unaffected?

I presume it would be far less likely for two distinct forms of encryption to be defeated at exactly the same time, than to have one broken.

Are there strong, well-tested encryption schemes that are based on mathematics sufficiently distinct from ECDSA?

Side question: Do there exist viable forms of cryptography which are thought not to be defeatable by a quantum computer? I've heard of "Unbalanced Oil and Vinegar" which is supposed to be quantum-computer-resistant but not thoroughly tested.

Keep in mind a "break" never shatters an encryption or hashing method.  It always happens in small incremental improvements on brute force techniques.

That said, doubling up on the hash should be simple and would likely improve security.  I believe layering ECDSA with another signing/verification method would be a little more challenging, but I don't have a strong enough crypto background to delve into how that might work.
https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
Sergio_Demian_Lerner
Hero Member
*****
expert
Offline Offline

Activity: 549
Merit: 608


View Profile WWW
July 30, 2012, 07:27:22 PM
 #3
Mekle-Winternitz signatures are Quantum-computer proof.

To achieve composed security form signatures is very easy, you just sign the transaction with two different signature schemes and only allow it if both are valid.

Both methods can be added to Bitcoin, but both require a hardfork.

Best regards.
notme
Legendary
*
Offline Offline

Activity: 1904
Merit: 1002


View Profile
July 30, 2012, 07:33:38 PM
 #4
Quote from: Sergio_Demian_Lerner on July 30, 2012, 07:27:22 PM
Mekle-Winternitz signatures are Quantum-computer proof.

To achieve composed security form signatures is very easy, you just sign the transaction with two different signature schemes and only allow it if both are valid.

Both methods can be added to Bitcoin, but both require a hardfork.

Best regards.


Double signatures is a nonsolution.  If one is broken, that means they will be attacking the private key.  If the private key is discovered, both signatures can be generated.  You need two separate private keys and a way to combine the public keys into a single address.
https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
Sergio_Demian_Lerner
Hero Member
*****
expert
Offline Offline

Activity: 549
Merit: 608


View Profile WWW
July 30, 2012, 08:27:26 PM
 #5
Quote from: notme on July 30, 2012, 07:33:38 PM
Double signatures is a nonsolution.  If one is broken, that means they will be attacking the private key.  If the private key is discovered, both signatures can be generated.  You need two separate private keys and a way to combine the public keys into a single address.

I clearly said "two different signature schemes". That means two different public keys, two private keys, two algorithms, read forum messages twice  Smiley
notme
Legendary
*
Offline Offline

Activity: 1904
Merit: 1002


View Profile
July 30, 2012, 08:29:10 PM
 #6
Quote from: Sergio_Demian_Lerner on July 30, 2012, 08:27:26 PM
Quote from: notme on July 30, 2012, 07:33:38 PM
Double signatures is a nonsolution.  If one is broken, that means they will be attacking the private key.  If the private key is discovered, both signatures can be generated.  You need two separate private keys and a way to combine the public keys into a single address.

I clearly said "two different signature schemes". That means two different public keys, two private keys, two algorithms, read forum messages twice  Smiley



I thought you were referring to using the same private data as the key for both schemes.  I'm sorry for misinterpreting, but reading twice doesn't clarify it.  However, you don't tackle the real problem, which is how do you combine these two schemes in a way that is compatible with the design of bitcoin.
https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
blueadept
Full Member
***
Offline Offline

Activity: 225
Merit: 101


View Profile
July 30, 2012, 08:35:10 PM
 #7
Just add a new opcode to verify a different signature scheme. Then use it in scripts just like the existing opcodes. You can hash the keys and entire scripts exactly like now.
Like my posts?  Connect with me on LinkedIn and endorse my "Bitcoin" skill.
Decentralized, instant off-chain payments.
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Just throwing this out there: Using multiple forms of encryption for redundancy
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!