Pages:
Author

Topic: A basic question (Read 5598 times)

hero member
Activity: 955
Merit: 500
May 04, 2015, 08:28:51 PM
  any randomness can eventually be figured out

No proof of that statement.

The evidence suggests otherwise.  Certain codes are unbroken after thousands of years.

http://www.viralnova.com/unbreakable-codes/


Awesome link, will have to go through that list.

But the most difficult code ever broken in history was broken in a tiny fraction of the time available to break it.

legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
May 04, 2015, 05:08:44 PM
  any randomness can eventually be figured out

No proof of that statement.

The evidence suggests otherwise.  Certain codes are unbroken after thousands of years.

http://www.viralnova.com/unbreakable-codes/
hero member
Activity: 955
Merit: 500
May 04, 2015, 04:45:57 PM
Well, it is true that "we dont know what we don't know".  If there was a method to solve an equation with less steps than previously known, you can't know about it simply by following the math of published methods.
Still, the OP is basically a certain group of intellectuals is keeping information from the rest of the world, which is implausible in this case.

Although I personally am not familiar with them, there are branches of theoretical math that allow one to prove that a certain problem admits no solution, or no "easier" solution than brute force.

I never said a certain group of intellectuals is doing anything like that. I said that in the past the NSA has promoted broken codes to the public so it could decypher encrypted coms. The question in my opinion is whether NSA algorithms are trustworthy. The issue regarding keeping cryptography 'possibly breakable' is an argument someone else made. I do not agree with people who act on that motive but it is a separate issue.

Regarding a proof that a problem has no easier solution than brute force, any randomness can eventually be figured out, we don't know what we don't know, as someone just said.
sr. member
Activity: 392
Merit: 268
Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ
May 04, 2015, 04:33:50 PM
Well, it is true that "we dont know what we don't know".  If there was a method to solve an equation with less steps than previously known, you can't know about it simply by following the math of published methods.
Still, the OP is basically a certain group of intellectuals is keeping information from the rest of the world, which is implausible in this case.

Although I personally am not familiar with them, there are branches of theoretical math that allow one to prove that a certain problem admits no solution, or no "easier" solution than brute force.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
May 04, 2015, 03:46:48 PM
Math is math.  Public key cryptography relies on the difficulty of solving certain math problems such as factoring, discrete logarithms, etc.  Some of your points don't really make sense to me because you're in effect saying that all mathematicians in the world could be conspiring together to deceive the rest of the world. 

Quote
Some people will say that cryptography should be only a small step ahead of cutting edge, in order to motivate people to learn math. Someone did use that argument. The problem there is that it is just a cheap rationale for academics to submit, surrender, under the guise of some hidden superior motive. e.g. "We are promoting some greater good secretly that justifies helping the NSA with its sneakiness".

That in essence is only possible if math could not be described as a logical set of steps of deduction, itself a false premise. If mathematicians did submit to an external influence to backdoor an algorithm, it would be visible upon inspection of the logic and algorithm definition (if the algorithm is properly published and defined). Of course, there are concerns with some algorithm parameters such as ECC curve definitions, but there aren't really any fatal flaws in secp256k1 (or even major unexplained decisions).

Well, it is true that "we dont know what we don't know".  If there was a method to solve an equation with less steps than previously known, you can't know about it simply by following the math of published methods.
Still, the OP is basically a certain group of intellectuals is keeping information from the rest of the world, which is implausible in this case.
sr. member
Activity: 392
Merit: 268
Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ
May 04, 2015, 03:28:42 PM
Math is math.  Public key cryptography relies on the difficulty of solving certain math problems such as factoring, discrete logarithms, etc.  Some of your points don't really make sense to me because you're in effect saying that all mathematicians in the world could be conspiring together to deceive the rest of the world. 

Quote
Some people will say that cryptography should be only a small step ahead of cutting edge, in order to motivate people to learn math. Someone did use that argument. The problem there is that it is just a cheap rationale for academics to submit, surrender, under the guise of some hidden superior motive. e.g. "We are promoting some greater good secretly that justifies helping the NSA with its sneakiness".

That in essence is only possible if math could not be described as a logical set of steps of deduction, itself a false premise. If mathematicians did submit to an external influence to backdoor an algorithm, it would be visible upon inspection of the logic and algorithm definition (if the algorithm is properly published and defined). Of course, there are concerns with some algorithm parameters such as ECC curve definitions, but there aren't really any fatal flaws in secp256k1 (or even major unexplained decisions).
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
May 04, 2015, 03:23:40 PM

Some people will say that cryptography should be only a small step ahead of cutting edge, in order to motivate people to learn math. Someone did use that argument. The problem there is that it is just a cheap rationale for academics to submit, surrender, under the guise of some hidden superior motive. e.g. "We are promoting some greater good secretly that justifies helping the NSA with its sneakiness".
 

Math is math.  Public key cryptography relies on the difficulty of solving certain math problems such as factoring, discrete logarithms, etc.  Some of your points don't really make sense to me because you're in effect saying that all mathematicians in the world could be conspiring together to deceive the rest of the world. 

sr. member
Activity: 268
Merit: 258
May 04, 2015, 03:01:33 PM
It could be a conspiracy, or it could be coincidence. Given these facts, you can decide whether to use Bitcoin or not. If you are afraid of the NSA doing something,  don't use Bitcoin. You should also check out this thread: https://bitcointalksearch.org/topic/has-the-nsa-already-broken-bitcoin-288545

Personally, I feel that there is little risk of the NSA doing anything with my Bitcoins. I think that they have little gain for tampering with Bitcoin, and so, I will continue to use Bitcoin.
hero member
Activity: 955
Merit: 500
May 04, 2015, 02:25:21 PM

No offense but you don't seem to be a very good listener.  I'm telling you that a better place to search for vulnerabilities would be the elliptic curves used in Bitcoin.  I believe those were used and/or created by agencies of the USA as well.

Thanks, actually I did learn a little searching that.

I don't know enough about this to even begin to search for vulnerabilities though. What I am able to look for though, and what anybody should be able to notice, is the following,

1) Someone using the pseudonym Satoshi Nakamoto developed a digital currency that used one of only three algorithm's approved by NIST http://csrc.nist.gov/groups/ST/toolkit/digital_signatures.html from the only group of hashes approved by them http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html . In other words that person steered bitcoin into American waters.

2) Before Snowden there were numerous questions raised, see previous links. Post Snowden it becomes almost bizarre that bitcoin, all things considered, would stand by the NSA.

3) The arguments defending that decision generally could be described more accurately as "excuses" rather than explanations. In other words even if I don't understand the arguments I can see that something is not quite right.

It is a known fact that ECDSA has been exploited because the people that implemented it did a poor job. Blockchain.info has BTC stolen because of broken values used for one of the value in calculating the signature. Rather, the part that truly affects Bitcoin is the random number generator that each implementation uses. ECDSA relies on diffidently random integers, and when the RNG is predictable, the cryptography can be broken. no-ice-please was actually right in asking about SHA-256 because the implementation of ECDSA used in the Bitcoin protocol used the standardized SHA-256 algorithm. The only other thing to focus on would be the RNG used, but that differs from OS to OS and wallet to wallet.

1) There are a few too many examples of poor implementation. Is it really likely that Blockchain.info, Sony and others were unable to properly use the algorithm? Sorry to be conspiracyish but considering the revisionism of md5 and so on, it's only another reason to be cautious.

2) Random number generators come up too often as a flaw. Someone should make a thermometer that measures temp to 50 decimal places and you can use the last 20 digits as random numbers.

3) I asked about sha2 because there is a heavy layer of bullshit surrounding its defense. It seems to only get thicker.

As far as conspiracy theories go, my understanding is that there are different curves and Satoshi chose a more obscure one with more transparent parameters.

"Satoshi" chose NSA all the way https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml

With all of the people involved in Bitcoin, it seems like there must be some who feel that caution with NSA products is prudent and who also have the ability to create an algorithm suitable for it.

Obviously each person has their own motives.

Some people will support specifically using an NSA algorithm, I think Satoshi falls in that category. No offense, just a fact.

Some people will say that cryptography should be only a small step ahead of cutting edge, in order to motivate people to learn math. Someone did use that argument. The problem there is that it is just a cheap rationale for academics to submit, surrender, under the guise of some hidden superior motive. e.g. "We are promoting some greater good secretly that justifies helping the NSA with its sneakiness".

Call it conspiracy or anything else, the facts remain.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
May 03, 2015, 11:02:59 PM
It is a known fact that ECDSA has been exploited because the people that implemented it did a poor job. Blockchain.info has BTC stolen because of broken values used for one of the value in calculating the signature. Rather, the part that truly affects Bitcoin is the random number generator that each implementation uses. ECDSA relies on diffidently random integers, and when the RNG is predictable, the cryptography can be broken. no-ice-please was actually right in asking about SHA-256 because the implementation of ECDSA used in the Bitcoin protocol used the standardized SHA-256 algorithm. The only other thing to focus on would be the RNG used, but that differs from OS to OS and wallet to wallet.

Any hash function could be used (i assume) but the exploit would not be because the hash function is reversible.  As far as conspiracy theories go, my understanding is that there are different curves and Satoshi chose a more obscure one with more transparent parameters.
sr. member
Activity: 268
Merit: 258
May 03, 2015, 10:57:52 PM
It is a known fact that ECDSA has been exploited because the people that implemented it did a poor job. Blockchain.info has BTC stolen because of broken values used for one of the value in calculating the signature. Rather, the part that truly affects Bitcoin is the random number generator that each implementation uses. ECDSA relies on diffidently random integers, and when the RNG is predictable, the cryptography can be broken. no-ice-please was actually right in asking about SHA-256 because the implementation of ECDSA used in the Bitcoin protocol used the standardized SHA-256 algorithm. The only other thing to focus on would be the RNG used, but that differs from OS to OS and wallet to wallet.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
May 03, 2015, 10:35:34 PM
you're chasing ghosts with this SHA-256 thing.
You seem to keep ignoring the fact that
even MD-5 doesn't have pre-image attacks.

Instead, if you want to look for weakness in
Bitcoin, you should look into the ECDSA, as that is far
more likely to be exploitable.



Not to be disrespectful, but you seem to be ignoring both the history of cryptography and what we know about the NSA.

There isn't much to add to previous posts. It seems like a poor choice for bitcoin to continue with an NSA algorithm post Snowden, considering huge questions existed pre Snowden. The recent history of the NSA and the fact that it's intelligence has been used to harm dissidents in numerous repressive countries should be enough, even without cryptography questions.

If they do have, or do develop, some control over bitcoin it will not be to help vulnerable people in poor countries. http://www.usatoday.com/story/news/politics/2013/10/16/nsa-drone-campaign-cia/2998439/

No offense but you don't seem to be a very good listener.  I'm telling you that a better place to search for vulnerabilities would be the elliptic curves used in Bitcoin.  I believe those were used and/or created by agencies of the USA as well.
legendary
Activity: 2254
Merit: 1290
May 03, 2015, 10:20:36 PM
#99
To aid your research, I suggest that your first read through these:

I also strongly recommend:

http://ehash.iaik.tugraz.at/wiki/The_Hash_Function_Zoo

and, less relatedly

http://ehash.iaik.tugraz.at/wiki/The_SHA-3_Zoo

Cheers

Graham


legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
May 03, 2015, 09:52:36 PM
#98
you're chasing ghosts with this SHA-256 thing.
You seem to keep ignoring the fact that
even MD-5 doesn't have pre-image attacks.

Instead, if you want to look for weakness in
Bitcoin, you should look into the ECDSA, as that is far
more likely to be exploitable.

sr. member
Activity: 268
Merit: 258
May 03, 2015, 08:10:24 PM
#97
I am not saying you are doing that, I am only pointing out a pattern. Sha defenders alternate between ad hominems and nonsense, so far, and I will try to research your post and see where it leads.

To aid your research, I suggest that your first read through these:
https://en.wikipedia.org/wiki/SHA-2#Cryptanalysis_and_validation
https://en.wikipedia.org/wiki/Collision_attack
https://en.wikipedia.org/wiki/Preimage_attack
https://bitcoin.org/en/developer-guide#transactions
sr. member
Activity: 268
Merit: 258
May 03, 2015, 07:54:48 PM
#96
The NSA has a history of promoting flawed cryptography deliberately, so that it can access encrypted material.

Is that true?
Historically, the NSA has published, promoted and standardized their own broken cryptography, most notably Dual_EC_DRBG, a random number generator. Since Dual_EC_DRBG is a broken RNG, any algorithm using it for random numbers is thus broken, which happened to on of RSA Security's products. The NSA had paid RSA a lot of money to use the broken Dual_EC_DRBG in their flagship encryption products so that the NSA could decrypt the information. However, Dual_EC_DRBG's flaws were discovered very quickly, and attacks were developed in a short amount of time. The cryptography community discovered the flaw within a year of its publishing.

Now, if the NSA did backdoor SHA-256, they must have done it extraordinarily well since no working flaws and attacks have been found against SHA-2 in the past 14 years. Furthermore, they must have hidden the backdooring from the docs that Snowden took since those docs also revealed and proved that the NSA did backdoor Dual_EC_DRBG and did pay RSA to use that RNG in one of their products. Since no flaw has been found nor any docs revealed backdooring so far, it is highly unlikely, though not impossible, that the NSA backdoored SHA-2.
hero member
Activity: 955
Merit: 500
May 03, 2015, 04:13:23 PM
#95
SHA-1 and SHA-2 have zilch in common, moron. They are totally different algorithms.

Both are derived from sha  http://en.m.wikipedia.org/wiki/Comparison_of_cryptographic_hash_functions and as has been mentioned previously, experts have said that some of the hacks used against md5 may be applicable to sha.

I'm not saying anything is wrong with sha.

Just saying something doesn't look kosher.

It may well not ”look kosher“ but that's primarily because your own reasoning is being spared the standard of rigour that you insist should be applied to cryptography.

The unanimous rejection of your argument by those from whom you sought an opinion in the first place should be a cue for you to re-examine your underlying assumptions. It's likely that your conclusions are flawed because an incorrect assumption is resulting in false premises, an instance of GIGO. OTOH, you may be experiencing a cognitive illusion (PDF, sry) which I've observed to be particularly prevalent in cryptography.


Cheers

Graham



Kind of a polite ad hominem but you did not address a single one of the points raised by others in the previous post.

Here it is again

A quote from http://web.archive.org/web/20140912134430/https://cdt.org/blog/what-the-heck-is-going-on-with-nist%e2%80%99s-cryptographic-standard-sha-3/

"In 2005, researchers developed an attack that called into question the security guarantees of an earlier secure hash algorithm, SHA-1. The characteristics of this 2005 attack seemed to hint that it could be refined to attack many of the secure hash functions at the time, including SHA-0, MD4, MD5 and even SHA-2. At the time, for many cryptographers, the message was clear: a new hash algorithm is needed and it should be based on completely different underlying mathematics that are not susceptible to the attacks threatening known hash functions."

I'm not saying anything is wrong with sha.

Just saying something doesn't look kosher.

Plenty of time for developers to move to SHA512 or whatever hash they wish, whenever they deem it's necessary. Bitcoin is not carved in stone

I am not trying to be rude, but doesn't the above quoted paragraph indicate that there might have been an indication of some developing problem in 2005.

Some posts on another thread from 2011:

Interesting discussion, hate to see it stopped there. Having 2 levels of hashing with different algorithms will be much safer.

In the New to BitCoin thread (http://forum.bitcoin.org/?topic=7269.0) it says

The cryptography used in BitCoin is so strong that all the world's online banking would be compromised before BitCoin would be, and it can even be upgraded if that were to start to happen.  It's like if each banknote in your pocket had a 100-digit combination lock on it that couldn't be removed without destroying the bill itself.  BitCoin is that secure.

I sensed a lot of complacency here. What it didn't mention is bitcoin network is much more accessible than online banking systems, which usually are monitored by security staff. 

If SHA256 is suddenly broken -- however a remote possibility it is -- very likely the fully automated Bitcoin network will suffer the most, as SHA256 is THE cornerstone bitcoin is built on, and all the eggs are in one basket. The banking industry on the other hand has many ways to make human intervention under similar circumstance. If all online banking service is  shut down, they still can run computers on their private network and physically secure the communication lines.

Please excuse my paranoia but unfortunately with the appreciation of btc, a single private/public key pair can now hold millions dollar of value, the incentive for finding and hacking any weakness has increased exponentially too

The cryptography used in BitCoin is so strong that all the world's online banking would be compromised before BitCoin would be, and it can even be upgraded if that were to start to happen.  It's like if each banknote in your pocket had a 100-digit combination lock on it that couldn't be removed without destroying the bill itself.  BitCoin is that secure.

this is just false, and it's unfortunate that people often claim this. it applies to the public-key encryption that bitcoin uses but to no other feature of the system. 'all the world's online banking' does not depend fully on sha-2 for its security, for example.

sha-2 is likely secure for the foreseeable future (although there's too much complacency around certain features of its use in bitcoin), so it may not make much difference in practice. i just hate to see the repetition of the false comparison between bitcoin and the security of unnamed 'banks' when it's patently false.

No disrespect to mr Andreson but his comment seems to recall that reply:
As you can see, this tries to be more secure by hashing twice. However, this actually reduces security. To break pure SHA256, an attacker needs to find a d' such that SHA256(d') == SHA256(d), for a known d. This is also sufficient to break Hash(). However the attacker can also attack the outer layer of the hash, finding a d' such that SHA256(SHA256(d')) == SHA256(SHA256(d)), even though SHA256(d') != SHA256(d). As you can see, the double hashing here makes it _easier_ to break the hash!

If I understand correctly, you've got two chances to find a collision instead of one.

So this decreases the security of SHA256 by a factor of 2... which is just Not a Big Deal.  Bitcoin is using, essentially SHA255 instead of SHA256.  It'll still take longer than forever to find a collision...

Shor's Algorithm.  A quantum algorithm which can evidently be used to break RSA encryption.  $10M for a quantum computer is not a lot of money to many corporations or even individuals.

http://en.wikipedia.org/wiki/Shor's_algorithm

Just when you thought it was safe to go back into the water.

Amazing that the amount $10 million was chosen.

http://www.infosecurity-magazine.com/news/rsa-received-10-million-from-the-nsa-to-make/




sr. member
Activity: 268
Merit: 258
May 02, 2015, 10:49:06 AM
#94
As you have established earlier, SHA-2 is based on SHA-1 which is based on SHA-0 which is based on MD5 which has some known weaknesses. SHA-1, SHA-0, and MD5 all have known collision attacks, but reasearchers have not been able to get any of the attacks used in these algorithms to work on SHA-2. There has obviously been an evolution of the algorithms from MD5, as the attacks for each broken algorithm is different from the previous.

All cryptographic algorithms and such will at some point be broken, however, Bitcoin's developers can have the time to shift Bitcoin to another algorithm which will be more secure than SHA-256 once SHA-2 is broken. As stated earlier, algorithms are not broken overnight, and there is plenty of warning between the time that a paper is released announcing a successful attack and a working exploit which can damage things.

As for the NSA or other government agencies for having known exploits or vulnerabilities in SHA-2. These agencies, by having these exploits, would severly undermine entire industries as many many companies, organizations, other governments, and industries rely on SHA-2 for their security. Furthermore, SHA-2 is one of the most popular hashing algorithms, and has been studied by almost every cryptographer since its release in 2001. It has been more than a decade since its release, and no one has found a working attack against SHA-2.

Even if the NSA has broken SHA-2, why would they go after Bitcoin? Once people realize that SHA-2 is broken, Bitcoin would become unused, have no value, or be shifted to a new algorithm which would take the NSA more time to break. It would be a waste of time and money for them to break Bitcoin and for almost no gain whatsoever.

Now onto the technical aspect. As we know, SHA-1, SHA-0, and MD5 all have collision attacks but not preimage attacks. The collision attacks allows someone to find the same hash for different inputs. The current attacks on these three algorithms involve knowing the hash output for the attack to work. Now, if these could be applied to SHA-256, it still would be pointless. In order for this attack to be able to steal Bitcoin, the owner of the sign the transaction first in order for the hash to become available. The signature comprises of essentially the entire transaction, all of the inputs and the outputs, and the private key, in order for the transaction to verified and used in further transactions. In order to use a collision attack, you would need to have the owner of the transaction create and sign the transaction in order to get the hash. Thus, the attack would not work because the Bitcoins would already be spent and an attacker could not use a collision attack without first knowing the hash that would spend such bitcoins. A collision attack on SHA-256 would then not work to break Bitcoin or allow someone to steal Bitcoins.

As for a preimage attack, if one were to be found, Bitcoin would be screwed. However, its none of its predecessors have working preimage attacks. If one were to be found, an attacker could get the private key and use that to steal Bitcoins. It would then be possible to reverse a signature and find the private key from the input, take the key, import it and steal all of the Bitcoins associated with said key. This kind of theoretical attack would work to break Bitcoin, but a preimage attack has yet to be found in all of the aforementioned hash algorithms.

The preimage attack would also allow someone to mine Bitcoin much faster than the current miners do, and give said miner a massive advantage. At this point though, the developers could switch Bitcoin to another algorithm to make it secure.

Thus, your concern, though valid, is not yet applicable. At some point, SHA-256 will be broken, but it has not been broken yet. If a collision attack were found, it could not undermine Bitcoin. If a preimage attack were found, it could screw over Bitcoin. But, neither attack has been found and none of the previous attacks on older hash algorithms have been applied successfully to SHA-256
newbie
Activity: 25
Merit: 0
May 02, 2015, 07:01:21 AM
#93
Who knows where to take blockchain.info Second Wallet Password?
rax
member
Activity: 86
Merit: 12
May 02, 2015, 05:21:24 AM
#92
SHA-1 and SHA-2 have zilch in common, moron. They are totally different algorithms.
Pages:
Jump to: