Topic: Bitcoin and the NSA - page 2. (Read 5288 times)

To steal your bitcoins by breaking crypto (as opposed to getting your private key), somebody would have to:

1. Break RIPEMD160.  Because your bitcoin address is a RIPEMD160 hash...  AND
2. Break SHA256.  Because your bitcoin address is a RIPEMD160 hash of the SHA256 hash... AND
3. Break the ECDSA elliptic curve encryption signature algorithm, to figure out the private key that corresponds to the public key that they got from breaking (1) and (2).

That's assuming that you don't re-use bitcoin receiving addresses (your public key is revealed the first time you spend coins that were sent to that address).  If you do re-use the same receiving address, then they just need (3).

I don't spend any time worrying about whether or not the NSA (or anybody else) can break ECDSA.

Unknowable.

No.  At best, they would have the power to steal bitcoins from individual accounts.  Both the merkle tree inside of the blocks, and the blockchain itself, uses secure hashing, not public/private keypair encryption.  So if SHA256 (the hash that Bitcoin presently uses) were broken in the future, this would not expose the individual account balances of all users, but only those of the most recent blocks in the blockchain.  Likewise, if the public/private keypair encryption that Bitcoin presently uses was broken, this would expose the accounts of individual users that the attacker was willing to commit resources to break open; but would not expose the blockchain itself to attack, nor the whole of the Bitcoin user base.  If both are broken at the same time, we would be in trouble.  However, if either is broken (or even appears to be subject to breaking in the near future) then each is modular and can be replaced with another method within the same class of encryption.  Bitcoin is not 'married' to elliptical curve encryption, per se.

Also, the hashing methods used for the blockchain can be different than those used for the merkle tree, or even two different secure hashing methods used for each block; because the blockchain is currently secured using a SHA256 hash of a SHA256 hash of the block's header.  Which would further seperate sections of Bitcoin from the risk of any one part of the system being broken.

Thanks guys

Related discussion here:
  https://bitcointalksearch.org/topic/secp256k1-2699

No the NSA hasn't broken it.  In fact, ECC is the only public key algorithm that they've cleared for use by the government itself to secure top secret documents.

http://www.nsa.gov/ia/programs/suiteb_cryptography/

I'm not a cryptography expert  at all, but I understand that is easy to change btc in the protocol, from sha256 to whatever other technology, if the old one happens to be cracked.

I posted the following on my blog, but I figured that people here would be able to point me to the answers more easily.  I apologize in advance if this has been discusses ad nauseam already.


Bitcoin utilizes something called elliptical curve encryption in its processes. I remember back in the day, attending Bob Hettinga’s “Digital Commerce Society of Boston” meetings, and hearing this discussed then That was about 15 years ago now. I’m not a cryptographer, but from what I remember, elliptical curve encryption offered extraordinarily strong encryption without requiring an extraordinary amount of processing power. It was envisioned at the time that this method of encryption would be extremely useful in mobile devices.

My question is simple: Has the NSA broken elliptical curve encryption yet? And if they have, would they have it within their power to destroy Bitcoin?

If the NSA has broken elliptical curve encryption, they surely wouldn’t announce such a capability. But it does mean that if the US Federal Government wanted to, they could crush Bitcoin in seconds flat, inflating it beyond measure. By doing so, they would announce to the world that they can break elliptical curve encryption, but maybe that would be worth doing in certain circumstances.

But put aside the NSA for a moment. Theoretically, there is also what I would call the MC Frontalot problem as well. In his song, Secrets From The Future, he writes:


The point being, that even the best cryptography today is likely to be broken, even by brute force, at some point in the future. So my question is, how is the Bitcoin development community planning to work around the MC Frontalot problem? IPhysical currency gets recalled and re-issued with new anti-counterfeiting measures added periodically, but what's the equivalent for Bitcoin?  I assume somebody has already asked this question, but I thought I’d ask it here in any event.