Author

Topic: Alt Coin CRC32/MD5/RSA (Read 1185 times)

full member
Activity: 156
Merit: 100
March 14, 2014, 01:06:02 PM
#9
Nah Ya Boring
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
March 14, 2014, 12:56:52 PM
#8
how many bits would represent the probability of a monkey accidentally typing the complete works of Shakespeare?
donator
Activity: 1218
Merit: 1079
Gerald Davis
March 14, 2014, 11:05:00 AM
#7
I also thought that RSA is weaker than ECDSA and why it was not selected for Bitcoin.

RSA requires a larger key size than ECC for the same bit strength thus it would be a less optional choice where bandwidth and storage are constrained (like cryptocurrencies).

All of the following offer 128 bit security
Hashing Function: RIPEMD-128* 128 bit
Symmetric Encryption: AES 128 bit
Asymmetric (elliptic curve): ECC 256 bit
Asymmetric (prime integer): RSA 3,072 bit

* technically RIPEMD-128 is cryptographically weak against collisions and thus no longer offers full 128 bit security.  Newer hash functions have gotten larger so I couldn't find any 128 bit hash functions which are still unweakened by cryptanalysis.

It gets worse for RSA if we ever need 160/256 bit security.

All of the following offer 160 bit security (or better)
Hashing Function: RIPEMD-160
Symmetric Encryption: AES 192 bit (actually is 192 bit security but it is the smallest key size which is >= 160 bit)
Asymmetric (elliptic curve): ECC 320 bit
Asymmetric (prime integer): 7,864 bit

All of the following offer 256 bit security (or better)
Hashing Function: RIPEMD-256
Symmetric Encryption: AES 256 bit
Asymmetric (elliptic curve): ECC 512 bit
Asymmetric (prime integer):15,360 bit

Even 128 bit key strength is beyond what can be brute force using classical computing.  The higher key strengths are intended to be protection against cryptanalysis. For example a break which reduces the key strength of AES 256 by 28 bits has no practical application but the same 28 bit reduction on AES 128 starts to get it dangerously close to what "could" be brute forced.
legendary
Activity: 872
Merit: 1010
Coins, Games & Miners
March 14, 2014, 10:49:01 AM
#6
One could even use XOR8 Cheesy for a lot more crappyness... also, mining only allowed from a DOSbox
full member
Activity: 144
Merit: 100
February 08, 2014, 04:18:21 AM
#5
Ok so you guys are saying. Technically an AltCoin based off of RSA and MD4 would be secure.

I also thought that RSA is weaker than ECDSA and why it was not selected for Bitcoin.
RSA isn't broken; it just requires longer keys to achieve the same level of security of ECDSA (as far as we know).

I did not understand CRC32 was any different from SHA. I figured they are both checksums.
Checksums are more complicated than you might think. CRC32s are easy to calculate to check for data corruption, but they weren't designed for cryptographic purposes and are unsuitable for this kind of thing.
newbie
Activity: 14
Merit: 0
February 08, 2014, 03:54:28 AM
#4
Ok so you guys are saying. Technically an AltCoin based off of RSA and MD4 would be secure.

I also thought that RSA is weaker than ECDSA and why it was not selected for Bitcoin.

I did not understand CRC32 was any different from SHA. I figured they are both checksums.
legendary
Activity: 1512
Merit: 1036
February 08, 2014, 03:43:25 AM
#3
CRC32 has 32 bits. Even if there was only one difficulty target of "0" it would be significantly lower in difficulty than bitcoin difficulty 1.

An insecure hashing algorithm such as MD4, as long as it has enough bits for a realistic difficulty, would still provide the same protection against attack as SHA256, there is no specific aspect of the "insecurity" that makes it practically less secure as a block hash. They still have as much practical avalanche and unpredictability. The demonstrated attacks that lead us to call them insecure are, for example, the creation of two datas with a hash collision by researchers, which should instead be computationally infeasible; they do not demonstrate ease of making a 0000f hash of non-user data + nonce in blockchain time scale.

If there was a significant breakthrough in finding target hashes, it could be disruptive if known by only one party to mount 51% attack. If known by all, it would simply create a higher difficulty as long as there are difficulty bits to burn.

For address hash-masking CRC32 would mean only 4 billion addresses could exist, finding keys to spend every address would be easy. MD5 gives 128 bits of addresses (compared to 160 bits of addresses for RIPEMD160) and is more practical and still outside the limits of imaginable attack or collision.
legendary
Activity: 4535
Merit: 3188
Vile Vixen and Miss Bitcointalk 2021-2023
February 08, 2014, 03:42:03 AM
#2
CRC32 is useless for proof of work since it is easily reversible (finding a nonce which produces a particular CRC result takes little more effort than verifying it). It is not a hash function and was never designed to be. RSA is currently safe as long as reasonable key sizes are used. I have no idea where you got the idea that RSA private keys can be brute forced "in a few days", but they can't.
newbie
Activity: 14
Merit: 0
February 08, 2014, 03:21:57 AM
#1
How hard would it be to create an alt coin using obsolete proof of work (CRC32) and RSA for signatures. I think this would be an interesting project considering that the design of bit coin would still hold up even in a ridiculous context. It would also be interesting to have a block chain where some one could brute force your private keys in a few days. Self refund if you will, The chaos would be pretty fun.
Jump to: