Topic: Bitcoin cryptography. (Read 1227 times)

Never forget this

One can never prove something is not broken.  The best evidence that it hasn't been sufficiently broken yet to exploit the mining algorithm is to look at the mining hash rate. 

Of course in the usual crypto fashion, if you did have a way to construct blocks other than brute force (mining) you wouldn't want anyone to know would you, you would just take one "every now and then" to stay under the radar. 

So, we won't ever know for sure this isn't going on. 

With fiat however, we are guaranteed that it is broken and that private money printing is going on.   Proof is everywhere.   

The Q about Bitcoin Cryptography is old enough. I would just quote core dev G. Maxwel about it...

True, I think everyone knows the 184 billion BTC incident, but those were the super early days. At this point, all those sorts of problems have been patched.

I don't see him mentioning anything about cracking the BTC code, and your answer is very incorrect. SHA256 can be fine as an algorithm, and secp256k1 can be fine as a curve, but Bitcoin's implementation of both of those could be flawed.

Let's not forget that someone did legitimately create 184 billion Bitcoin in a single block in 2010, and the network had to be patched (resulting in a short-lived fork).

The Bitcoin wiki has a good article covering OP's concerns: https://en.bitcoin.it/wiki/Weaknesses

There's nothing to "crack" about the BTC code... again, at the end of the day it all comes down to cracking the cryptographic algorithm which is simply ridiculous. If someone cracked SHA256, it would be a global catastrophe, since endless security is based around SHA256.

There have been enough computer scientists and researchers that have looked over Bitcoin's theory and cryptography and code in the past 6 years. If it was a problem they would've said something already :-)

It's open source and it's not crackeable unless the gov has quantum machines ready to bruteforce SHA256 based passes (thats just straight Sci-fi). So yeah, you can be safe with your BTCs, the only problem one has is storing them in a place that can't be accessed online, and even if they did they would need to crack the pass, which is impossible given it's a decent one.
So your main mission is not forgetting your pass. If you want to be your own bank that's expected. If not, you always have stuff like Xapo.

no, no ones ever looked at it.

ECC is well known and studied.  
http://en.m.wikipedia.org/wiki/Elliptic_curve_cryptography


Bitcoin uses a 256 bit key and the secp256k1 curve.

see https://en.bitcoin.it/wiki/Secp256k1


The SHA-256 hash function is based on a Merkle Damgard construction,
which has been considered solid for decades.

https://www.youtube.com/watch?v=U2bw_N6kQL8

https://www.youtube.com/watch?v=ZloHVKk7DHk


this can help too.

Yes, that's not in the protocol.
Correct me, if I'm wrong, but Bitcoin Core generates 100 private keys for newly created wallet.dat, each key consumes 32 bytes of entropy, internal state of default OpenSSL RNG is 1023+16 bytes, keys are created in bulk, so not much additional entropy could be gathered. No way (up to my knowledge) to exploit it, but Bitcoin Core is ~16000 bits of entropy short on the first run (EDIT: and this missing entropy is emulated with MD5) - for the sake of small code simplification.

This is not true. There is nothing in the Bitcoin protocol that requires the use of MD5 in the generation of a private key. Each wallet creator is welcome to use whatever process they prefer for gathering entropy and generating a private key.

And MD5 between external entropy and private key.

As far as anyone that has spoken publicly has indicated, there are no backdoors.  In reality, it is impossible to know for 100% certainty that the algorithms chosen don't have any intentional weaknesses.  It might help to consider that nobody has ever demonstrated a workable weakness in a properly generated address.  Given the financial incentive that exists, if there were any intentional weaknesses, you'd think someone would have used them by now (and/or that someone would have discovered them by now).  It also might help to know that there are three separate cryptographic functions between your private key and your address (ECDSA, SHA256, and RIPEMD160).  Therefore, even if there's a weakness in one (or two) of those algorithms, it would require that all three algorithms be significantly broken before someone could gain control of bitcoins sent to a properly secured address.


100%?

Nah.  There's always a chance that someone will discover some weaknesses in any cryptographic function.  However, the odds against it are so astronomically small, that you're better off worrying about other things in life.


IIRC, the United States NSA designed SHA-256, the concept of ECC was introduced by Neal Koblitz and Victor S. Miller, Certicom came up with the parameters of the Secp256k1 curve, and RIPEMD was developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel at the COSIC research group at the Katholieke Universiteit Leuven.


You'd have to assume that all of the "brightest minds" in the world would choose to cooperate with world governments in a conspiracy that spans a few decades.  There are a lot of talented mathematicians in the world. It seems likely to me that one of them would eventually figure out what's going on.  It isn't possible to hide the actual math that is happening.


It could.  Given the financial incentives and the number of "experts" looking at it, it seems highly unlikely.


To the best of their abilty?  Yes.


Anything that they can break, can be broken by someone else.  If they want something to be secure, then they need it to be "unbreakable".


Exactly.


Except it wouldn't be "Comply, or else you will lose your coins" would it?  As soon as it was clear that they could "control" the movement of the value, all bitcoins would essentially lose any value they have.  So, it would be "Comply, or it will become evident to the world that bitcoin isn't secure and EVERYONE that is holding any bitcoins at all will lose ALL value".


Exactly.  On the other hand, they don't really need it to be insecure at all.  All they need is for you to be insecure.  Then they can gain access to your private keys.  Malware on your computer, surveillance, social engineering, any (or all) of these can be used to trick you into giving up the necessary information much more easily and much more cheaply than trying to "break" all the algorithms used to secure bitcoins.

For example, they could create a service (like blockchain.info) that encourages users to reuse the same address for multiple payments.  Voila, they no longer need to crack SHA-256 or RIPEMD-160.  Suddenly the ECDSA public key is available for them in the blockchain.  This reduces their effort to just having control over the Secp256k1 curve.

Better yet, they could create a service (like Coinbase) that encourages users to turn complete control over the private keys to the service.  Voila, they no longer need to crack any cryptography at all.  You've just handed over complete control of your bitcoins without even realizing it.


There are no guarantees in life.  But you have the choice to trust that the government will do a good job of managing the value of the fiat currency that you hold, or trusting that any intentional weaknesses in the cryptographic functions would have been discovered by now.  I know which of those I'm more likely to put my faith in.

Well you can't be sure until proven otherwise, actually. Thing is: those algorithms are perfectly well known and there are a lot of mathematicians who are getting a kick out of proving/disproving the security behind those algorithms (they're being paid, also). Well, that being said: I guess they're pretty safe!

Here you go https://bitcointalksearch.org/topic/m.10943694

Bitcoin is as secured as it comes, many people are obviously trying to crack it but none have found any success so far and it will not happen in the near future as per my knowledge. The entire source code is open source and has been reviewed by so many people and it is obvious that there is no backdoor in it.

...

This is a a great topic.  I am not qualified either to look at the open-source code to make a judgement as to whether or not there are any hidden back-doors and related.

Has anyone really good at coding and cryptography here at bitcointalk (or anyone else who presumably could be trusted) taken a good hard look at this?

I have seen various comments about how robust the three encryption techniques are, but I have not run into a definitive study as to how robust BITCOIN is to snooping, back-doors, etc.

Yes of course, the code is obviously open source and this is one of the numerous reason of why bitcoin is very successful, in 5-6 years of "life" no one found a backdoor or a shitty code, so it is not a "software" written by any government. The sha of 256 bits is based on math, if you don't trust math it is obvious that you should not trust bitcoin (but it doesn't seem this is the case ).

Got it. What are the arguments for this? I guess more research is warranted on my part.


It would be stupid of me to assume I would be able to see something in the source code, as I do not have the required skills, and would need to trust other crypto experts and their statements.