Topic: Can Bitcoin be decrypted? (Read 3284 times)

There is no way to find private key when you know public key (it means that ECDSA is not broken). Bitcoin private key is protected by ECDSA, and public key is protected by SHA-256/RIPEMD-160. When you do a transaction, you publish your address' public key, so the address becomes protected only by ECDSA, what is still perfectly safe.

I know what your friend means: if some entity breaks SHA256 or ECDSA , it can generate blocks at will (thus breaking the Proof Of Work schema) or steal bitcoin from any wallet (thus breaking the security of the system).
Most if not all crypto-authorities say that those algorithms are not breakable with current technology. If technology advances and threatens the algorithms there will be plenty of time for modifying the bitcoin protocol before an actual implementation works.

Also there is the bitcoin-robustness principle that applies to breaking ECDSA, SHA256 and a 51% attack: You need resources to break bitcoin. If you break bitcoin you get lots of bitcoins but they will be worthless overnight. How are you going to pay for the resources then?

When you say "this would be a massive problem if  there were any way to use the public key as an input to crack the private key (or use it to verify)..." do you mean that there is a way to use the public key to crack the private key? Does this relate to the advice I have read but not quite understood the reason for, that paper wallets should never be re-used? (putting to one side the "change" issue which is a separate point)

Ehh, I'm affraid in that case they most certainly *will* get the big wallet. This is America we're talking about, not some civilized country that respects human rights



Then again, even if they do get hold of a large sum of bitcoins. Like a few 100k BTC or whatever. Exactly how would that harm Bitcoin in general? It's not like someone can suddenly disrupt the network or cause trouble for the rest of us, just because they got a big stack of coins.

(oh, Wachtwoord had the same in mind, haha )

In general yes. 

The technicalities are a little complex.

Bitcoin tx can have more than one input.  So for EACH input a simplified version of the tx consisting of that input and all outputs is constructed, that is then hashed and signed using the private key for that input.  The signature and public key for the input is recorded in the final tx. So if a tx has 4 inputs there were will be 4 signatures and 4 public keys.   

A hash of a simplified version of the transaction.

If I remember correctly it is a signature of a hash of everything except the scriptSig fields of the inputs.

When you say Bitcoin txs are signed, what exactly is signed? I mean, is everything signed? the outputs, the inputs, and any other parts making up the transaction that I might have missed

So first off Bitcoins aren't encrypted as other people here have said.

He has a bit of a point in a roundabout way, though, in that if the one-way-hash algy that was used to secure Bitcoin & allows difficulty to "work", the "Secure Hash Algorythm", was entirely reversed, then Bitcoin would be in huge trouble.

The thing is, that this is pretty damn impossible to reverse, and if it were, there would be a lot of problems entirely unrelated to Bitcoin. For example, all (or at least, the vast majority) of your passwords on all online services. The fact that everbody from google to facebook to microsoft to apple uses it, as well as the fact that its basically been given the OK by cryptologists & mathematicians alike should inspire confidence.

Slight correction of the correction.  ECDSA is not an encryption algorithm.   It is a digital signature algorithm.  It is not possible to perform encryption or decryption with ECDSA only digitally singing and verifying signatures.

Private keys are used to sign Bitcoin txs to "prove" the tx was created by someone with access to the private key.
Public keys are used to verify Bitcoin txs are properly signed by the correct private key.

There is NO encryption in the Bitcoin protocol although some clients do employ encryption client side to protect wallet files from unauthorized access.

Cryptography
 - Hashing Functions
 - Digital Signatures
 - Encryption

All encryption involves cryptography, not all cryptography involves encryption.

So they'll be using rubber hose cryptanalysis then. Glad I'm not Mr. Ulbricht.

I don't think they're going to get the big wallet (if there truly is one).  It's almost certainly a brainwallet using a large phrase as the key that only Ross U. knows. 

Yes.  In fact, if you're paranoid, you can do the following:

• Shut down bitcoin client
• Get scrypt encryption software
• Encrypt the wallet.dat you use with scrypt as wallet.dat.enc

And to use the wallet again:

• Decrypt wallet.dat.enc as wallet.dat
• Start the bitcoin client

That way, when you're not using the wallet, it's encrypted with an algorithm that is memory-hard, and is made to be nearly impossible to bruteforce because of the sheer amount of computation needed to decrypt the data (it's SLOOOOWWW).

Slight correction - ECDSA is not a hash function, but an elliptic curve encryption algorithm.  The main difference is hash functions aren't meant to be reversible (taking the hash and finding the original input), where encryption functions are (using a password, we can derive the original input). 

To address the original post, the best mathematicians in the world have been looking at ECDSA for over 15 years, and beyond implementation errors (which are easy with any encryption algorithm), it has proven to be secure.  Here's the wikipedia section on the implementation errors that have compromised security in the past:

https://en.wikipedia.org/wiki/Elliptic_Curve_DSA#Security

Bitcoin uses OpenSSL's implementation of ECDSA:

https://github.com/bitcoin/bitcoin/blob/master/doc/build-unix.md
https://www.openssl.org/docs/crypto/ecdsa.html

The OpenSSL codebase has had much more scrutiny than the bitcoin source code because it is literally used EVERYWHERE on the internet.  Sure, there could be a flaw in it (another implementation error), but even if that happens, as we saw with the android wallets, exploiting such a flaw does NOT destroy bitcoin, as these implementation errors are generally easily fixed and remedied before attackers can successfully exploit many users.

Many warn that quantum computing will destroy bitcoin, and that the quantum computers that are being released today will assist with this.  Last year, they were able to factor the number 21 (yes, that's 7 * 3)!

https://en.wikipedia.org/wiki/Shor%27s_algorithm

So, needless to say, they have a long way to go with that technology before new schemes will need to be developed to combat it.  We're talking tens of years.

ALSO, the public key is not known for addresses that have no spent coins.  This would be a massive problem if there were any way to use the public key as an input to crack the private key (or use it to verify).  If you're paranoid, send your coins to cold storage and only spend them from that address once - most clients do this anyway by generating a "change" address for every transaction instead of reusing the sending address.

TL;DR
The algorithms used in bitcoin are state of the art, have withstood much scrutiny in the last 2 decades from the best mathematicians in the world, and there are no known security issues with them.

Well the only thing known is the FBI siezed the hotwallet. It only had a few days worth of revenue and because it is a hot wallet it wasn't encrypted.  If convinced those coins will be the property of the DOJ.

The rest of SR "profit" coins there would be no reason for the wallet to be on the server.   We don't even know if the FBI has the wallet, if they do and it has a strong passphrase then there is no decrypting it.   If it was a weak passphrase then they likely will be able to decrypt the wallet eventually.

Also just because the SR profited x BTC over the past 3 years doesn't mean they have a giant wallet sitting there with every BTC in profit.   Who knows how much of it has been spent.  Most people do spend money.   

Still none of this has anything to do with the Bitcoin protocol being broken, anymore than a bank robbery means cash has been hacked.

To riff off Danny,

It's also my understanding that if any of those protective algorithms were to become broken it is possible to add another layer of encryption.

See, this is why I love this forum. Great answers, no trolling.

Appreciate it. So he also mentioned the whole Silk Road thing, and once they decrypt the wallet of Ross Ulbricht, it will mess up the BTC market. First of all, can they even break into his wallet? Realistically, what are the chances of that happening. Secondly, even if they did - I'm struggling to see how that could have any significant effect on the market - when there's almost a $2bn cap at the moment.

Not really.

There's no 'encryption' as such. Bitcoin uses (I think) three 'cryptographic hash functions' called ECDSA, RIPEMD-160 and SHA256. They're like encryption in the sense that you can put some info in, they mess it up in a way that is thought to be impossible to undo easily. But they're different in the sense that you could not 'decrypt' the data uniquely. E.g. SHA256 (the only one I've studied much) takes arbitrarily long messages and generates 256-bit 'message digests' from them. Given a message, you can easily determine its message digest. But the converse is not true. Not only are there infinitely many messages that would generate the same digest, but it is 'computationally infeasible' (a coy term of art) to find even ONE such message, given a known digest.

Such schemes could in principle be 'cracked' although similar schemes have really only been incrementally weakened. What could conceivably happen is that, over several years, papers from cryptographers and computer scientists come out that keep progressively weakening such algorithms rather than breaking them completely. I think Bitcoin can survive a transition to newer, better hash function(s) in good time before this becomes a problem, though I expect that needs a hard fork.

+1

You can't decrypt something that isn't encrypted.

There seems to be a lot of confusion because bitcoin uses hashes and signatures which are commonly called "cryptographic functions".

The study of cryptography isn't limited to encrypting things.

Furthermore, bitcoin stacks 3 different cryptographic functions on top of each other for the purpose of protecting your bitcoins.  This means that, when bitcoin is used properly, even if 2 of them are completely broken, your bitcoins are still protected by the remaining function.  As such, there is time to update the broken functions to newer more secure functions and get everyone using the new software.

Bitcoin isn't encrypted.   So that is the first clue your mate has no clue what he is talking about.