Pages:
Author

Topic: Change Bitcoin SHA-256 to SCRYPT (Read 5858 times)

legendary
Activity: 1596
Merit: 1091
July 17, 2013, 05:01:54 AM
#50
I think Let's Talk Bitcoin covered the issue pretty well in Episodes 21 and 22. I've had the same beliefs for some time, and with the way the ASIC world is going, it is playing out. If the community doesn't step up and make the change, or at least have an open discussion on the issue, I see Bitcoin dead in less than a year.

Andreas is grossly wrong on this one.

Indeed.  See http://www.coindesk.com/bitcoin-developer-jeff-garzik-on-altcoins-asics-and-bitcoin-usability/ for some thoughts.

hero member
Activity: 517
Merit: 501
July 16, 2013, 06:32:43 AM
#49
Yeah, I was also in the room when Kaminsky made that statement, and was paying attention to the entire session and context. Cypher is right.

arnuschky - Go watch the videos from the conference....the security panel should be up.

I did by now, thanks. Context is important. Smiley
legendary
Activity: 1722
Merit: 1003
July 14, 2013, 11:51:30 PM
#48

you misunderstood what jgarzik was saying that Kaminsky was saying in that tweet.


No, sorry. Wrong again. The bet concerned Kaminsky's statement at the security panel of the Bitcoin 2013 conference that the current proof-of-work function will not see the end of 2013:

I assign a 0% probability that we will continue with the present proof of work function. The present proof of work function is not going to survive the year. Period. If there’s one hard prediction I’m going to make it’s going to be that.” – Dan Kaminsky

Sources:

i know what he said, i attended the session.  i've also read those links.

what he means is exactly what i said.  he predicts Bitcoin's POW won't survive b/c he thinks someone is going to accumulate enough ASIC hash power to perform a 51% attack.

he said nothing about SHA256.


Yeah, I was also in the room when Kaminsky made that statement, and was paying attention to the entire session and context. Cypher is right.

arnuschky - Go watch the videos from the conference....the security panel should be up.
legendary
Activity: 1764
Merit: 1002
July 13, 2013, 11:36:56 PM
#47
Remember a couple of years ago, right after GPU mining really took off, when everybody panicked because of Deepbit? Remember how that turned out?

exactly right.

nothing.
legendary
Activity: 1400
Merit: 1009
July 13, 2013, 11:35:37 PM
#46
Remember a couple of years ago, right after GPU mining really took off, when everybody panicked because of Deepbit? Remember how that turned out?
legendary
Activity: 1764
Merit: 1002
July 13, 2013, 11:32:39 PM
#45

you misunderstood what jgarzik was saying that Kaminsky was saying in that tweet.


No, sorry. Wrong again. The bet concerned Kaminsky's statement at the security panel of the Bitcoin 2013 conference that the current proof-of-work function will not see the end of 2013:

I assign a 0% probability that we will continue with the present proof of work function. The present proof of work function is not going to survive the year. Period. If there’s one hard prediction I’m going to make it’s going to be that.” – Dan Kaminsky

Sources:

i know what he said, i attended the session.  i've also read those links.

what he means is exactly what i said.  he predicts Bitcoin's POW won't survive b/c he thinks someone is going to accumulate enough ASIC hash power to perform a 51% attack.

he said nothing about SHA256.
hero member
Activity: 517
Merit: 501
July 13, 2013, 11:30:22 PM
#44

you misunderstood what jgarzik was saying that Kaminsky was saying in that tweet.


No, sorry. Wrong again. The bet concerned Kaminsky's statement at the security panel of the Bitcoin 2013 conference that the current proof-of-work function will not see the end of 2013:

I assign a 0% probability that we will continue with the present proof of work function. The present proof of work function is not going to survive the year. Period. If there’s one hard prediction I’m going to make it’s going to be that.” – Dan Kaminsky

Sources:
legendary
Activity: 1764
Merit: 1002
July 13, 2013, 10:31:45 PM
#43
A security researcher has predicted SHA 256 will be cracked this year.  When that happens the algorithm may change.

Cite?  There are not even any "academic attacks" against SHA-2 at this time.  An academic attacking being a method which is faster than brute force but still computationally infeasible to exploit in the real world.

https://mobile.twitter.com/jgarzik/status/336218499938668544

you misunderstood what jgarzik was saying that Kaminsky was saying in that tweet.

what Kaminsky was saying was that the Bitcoin POW system would be broken by a 51% attack due to the concentration of ASICs into a single attackers hand, not that SHA256 would be cracked.  there's a big difference. 

even so, Kaminsky is nuts in making that prediction.  no way in hell that happens by the end of the year; or perhaps EVER.


donator
Activity: 2772
Merit: 1019
July 13, 2013, 03:43:23 AM
#42
conclusion: sha-2(56) reasonably secure (thanks DeathAndTaxes for explaining the research). Reason for doubt (and also LTC popularity): GPU miner denial. Centralization by ASIC seems to be a myth so far.

case closed. jgarzik will win the bet against @dakami (if Kaminzki has the balls to take it, which doesn't seem to be the case. But maybe he has no bitcoins, who knows).

vip
Activity: 1316
Merit: 1043
👻
July 13, 2013, 02:10:58 AM
#41
Besides, the more specialized hardware has to be to complete, the harder it will be for an attacker to use off the shelf hardware to attack the network. ASICs are good.
donator
Activity: 1218
Merit: 1079
Gerald Davis
July 13, 2013, 01:48:03 AM
#40
A security researcher has predicted SHA 256 will be cracked this year.  When that happens the algorithm may change.

Cite?  There are not even any "academic attacks" against SHA-2 at this time.  An academic attacking being a method which is faster than brute force but still computationally infeasible to exploit in the real world.

Er,
Let's all be clear that bitcoin  utilizes DOUBLE SHA-2 before making bold statements.

Actually there are partial attacks that are very well documented against SHA 2 upto about 25 bits , but not so much against double SHA 2....

The other issue is that the research into SHA 2* attack vectors has a weakness.....(which you can figure out yourself if you think about it....)

Plus there is some VERY interesting shit if you can program up your own FPGA farm..... The big issue is getting the shit out fast enough...

It isn't a bold statement, it is merely a statement of fact.  Lets ignore the potential added security of double SHA hash and just focus on single SHA-2 hashes.

SHA-2 uses 64 or 80 rounds.  There are no known attacks against 64 or 80 round SHA-2.  None.  No first preimage attacks, no second preimage attacks, no random collisions.  

This isn't for a lack of trying.  SHA-2 is one of the most analyzed algorithms in the world.  It is used for just about everything from banking to PGP to SSL.  A lot of different entities in a lot of different places all around the world have a very vested interest in knowing if SHA-2 is secure.  Cryptography can never be mathematically proven secure, the best we can do is (collectively) look for flaws and if enough people look hard enough for long enough the probability that an unknown flaw will appear suddenly and without warning is reduced, never eliminated but reduced.

An academic attack on a theoretical variant of SHA-2 which uses 41 instead of 64 rounds isn't an attack vector unless Bitcoin happens to use this modified variant with 41 instead of 64 rounds.  For the record it doesn't, nobody does, anywhere, for anything.  Publishing a reduced round version of an attack is essentially saying "we looked for a flaw but couldn't find one however if this algorithm only used x rounds instead of y rounds here is a flaw".  It is a way for other researchers to potentially expand upon but often many of these reduced round attacks are simply dead ends.  What works for 41 rounds may NEVER work for 64 rounds.  It is possible that these known reduced round attacks are dead ends.  That is to say that eventually SHA-2 is broken but it is broken in a completely unrelated manner and researchers who will try to expand on these known attack vectors will spend countless hours it what will ultimately prove to be "barking up the wrong tree".

I never predicted that SHA-2 won't eventually be broken but to claim it will be broken this year requires some significant supporting evidence and none was provided.  When asked for a cite, link to tweets unrelated to the claim were provided.  When confronted the person left saying he "doesn't need to prove anything to anyone".  That isn't what I would call "significant supporting evidence".  

Maybe SHA-2 will be broken this year, or maybe next year, or maybe it is never broken because over time most applications migrate to SHA-3 (after significant cryptoanalysis) because it has less theoretical flaws.  If that happens a exploitable flaw in SHA-2 may never be found because the focus of global analysis will shift to SHA-3 as it will be the bigger target.  To make a long story long regardless of if/when SHA-2 is broken the statement that "it will be broken by the end of the year" is rubbish.  Nobody credible said that, and nobody credible would.
sr. member
Activity: 399
Merit: 250
July 12, 2013, 11:57:04 PM
#39
A security researcher has predicted SHA 256 will be cracked this year.  When that happens the algorithm may change.

Cite?  There are not even any "academic attacks" against SHA-2 at this time.  An academic attacking being a method which is faster than brute force but still computationally infeasible to exploit in the real world.

Er,
Let's all be clear that bitcoin  utilizes DOUBLE SHA-2 before making bold statements.

Actually there are partial attacks that are very well documented against SHA 2 upto about 25 bits , but not so much against double SHA 2....

The other issue is that the research into SHA 2* attack vectors has a weakness.....(which you can figure out yourself if you think about it....)

Plus there is some VERY interesting shit if you can program up your own FPGA farm..... The big issue is getting the shit out fast enough...
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
July 12, 2013, 11:08:29 PM
#38
What would be the point?  No one would use it.
hero member
Activity: 572
Merit: 506
July 12, 2013, 10:44:40 PM
#37
Outcompeted GPU miners are engaging in wishful thinking. Face the reality and invest into development of the next generation of Bitcoin chips if you want to keep competing in this marketplace. Nobody in his right mind will agree to decrease security of Bitcoin network just to satisfy your greed dear GPU dinosaurs. Wake up and move on.
I like short posts like this one, hitting the nail on the head.
legendary
Activity: 1304
Merit: 1014
July 12, 2013, 11:35:08 AM
#36
A security researcher has predicted SHA 256 will be cracked this year.  When that happens the algorithm may change.

Cite?  There are not even any "academic attacks" against SHA-2 at this time.  An academic attacking being a method which is faster than brute force but still computationally infeasible to exploit in the real world.

https://mobile.twitter.com/jgarzik/status/336218499938668544

Not sure if you can't read or you think this says something it doesn't.  Nothing in there about SHA-2 being compromised this year.

I am tired of doing research for other people.  I dont have to prove anything too anyone.  Esp on my mobile phone.

Then stop being tired.  Nobody asked you to do any research.  You made an unsubstantiated claim.  When asked for a cite you linked to something completely unsupporting.

I will take your claim of SHA-2 being broken this year (as if such a thing is even predictable) as utter nonsense.  See your done.


No problem.  Thanks for making my decision easier.
donator
Activity: 1218
Merit: 1079
Gerald Davis
July 12, 2013, 11:29:50 AM
#35
A security researcher has predicted SHA 256 will be cracked this year.  When that happens the algorithm may change.

Cite?  There are not even any "academic attacks" against SHA-2 at this time.  An academic attacking being a method which is faster than brute force but still computationally infeasible to exploit in the real world.

https://mobile.twitter.com/jgarzik/status/336218499938668544

Not sure if you can't read or you think this says something it doesn't.  Nothing in there about SHA-2 being compromised this year.

I am tired of doing research for other people.  I dont have to prove anything too anyone.  Esp on my mobile phone.

Then stop being tired.  Nobody asked you to do any research.  You made an unsubstantiated claim.  When asked for a cite you linked to something completely unsupporting.

I will take your claim of SHA-2 being broken this year (as if such a thing is even predictable) as utter nonsense.  See your done.


donator
Activity: 1218
Merit: 1079
Gerald Davis
July 12, 2013, 10:52:30 AM
#34
A security researcher has predicted SHA 256 will be cracked this year.  When that happens the algorithm may change.

Cite?  There are not even any "academic attacks" against SHA-2 at this time.  An academic attacking being a method which is faster than brute force but still computationally infeasible to exploit in the real world.

https://mobile.twitter.com/jgarzik/status/336218499938668544

Not sure if you can't read or you think this says something it doesn't.  Nothing in there about SHA-2 being compromised this year.
donator
Activity: 2772
Merit: 1019
July 12, 2013, 10:37:06 AM
#33
A security researcher has predicted SHA 256 will be cracked this year.  When that happens the algorithm may change.

In that case the algorithm will get changed... pretty much overnight. You can bet all your coins on that.
full member
Activity: 200
Merit: 104
Software design and user experience.
July 12, 2013, 10:24:06 AM
#32
If Bitcoin was using scrypt from the start, you won't escape from ASICs. Just accept that people will optimize mining and there is nothing you can do about it. Like in every social organisation there are leaders, runner-ups and outsiders. Bitcoin is no exception. Communism never works. I, for instance, couldn't care less about mining BTC myself and don't see a problem with some bunch of guys having 70% of hashing power. Those who are interested in preserving the value of their coins would strive to process transactions "fairly" and distribute mining hardware as wide as possible.
legendary
Activity: 2184
Merit: 1011
Franko is Freedom
July 12, 2013, 09:22:14 AM
#31
I personally think that ASIC minning was innevitble and only hurts those that dont have them. But once everyone has them, well, something better will come out. It just further secures the chain.

Changing to scrypt.. Well mine FRK's  Grin
Pages:
Jump to: