Topic: Could code be changed quickly if vulnerability found? - page 2. (Read 3174 times)

ITT:
Things that are way over my head.
 

Have you read those threads?
SHA-256 as a boolean function
Potentially faster method for mining on the CPU

We usually just call that mining.

This is interesting.  Please explain what you are on about here.  Assuming you are on to something and you end up mining a huge boatload of BTC how on earth does you having a huge boatload of BTC affect the value of BTC?  If you did not mine the BTC someone else would have, right?  There is no difference to me or the rest of the network who ends up mining the BTC, there is still the same number of BTC mined, still the same long term cap of about 21 million coins.  All you would be affecting would be the initial distribution of the mined BTC - to your favor and financial gain.

Again, more power to you!  Go for it!

All "shortcuts" of this type are totally fair, ethical and expected.  The contract, rules, etc. you are looking for is the Bitcoin protocol.

Back in the old days I had a GPU miner, 5 cards, about 2 GH/s.  I discovered that by doing certain tweeks to my hardware setup I could get 2.4 GH/s out of it.  Were these tweeks unfair?  No.  Anything you can do to get more hashes per second out of your hardware is fair game.  Also, people discovered slightly faster hashing algorithms on a pretty regular basis.  I would download these firmware updates to my system.  Still fair.  Anything you can do to make your hashing algorithm more efficient is fair game.  The mining game boils down to just one thing:  whoever can get the most hashes per joule out of their system (and therefore the most BTC per joule) wins.

It sounds like you think you have found a way to more quickly get to the hash of the proper difficulty.  If that is true then I do not see it as fundamentally different from tweeking the hardware parameters or hashing algorithm.  If by hashing using this new algorithm you get an advantage over the other miners then your hashes/joule will be higher than the rest of the network and you will make more BTC/joule than others.

The system hash rate will go up by the amount of hashing you add to the network, the network will adjust, you will make a boatload of BTC, that is how the system works.

You will be rewarded for being more clever than all the other miners.

Even if your can use half the energy per hash as anyone else what would it matter to Bitcoin?  Of course, you should and would be rewarded for figuring that out.

Now, if you think you can get many orders of magnitude more hashes per joule than the others and by doing so can eventually take over the entire mining network that might becomes a bit sticky.  But I have faith that just by seeing that it is possible to do others would quickly figure out what you are doing and begin hashing in the same way.

What amount of gain/advangate are you talking about here (assuming I am on the right track regarding your discovery)?  0.01%? 0.1%? 1%? 10%? 100%? more?

There's always a possibility of a shortcut unless it's mathematically proven not to exist - which is very rare in the field of cryptology. Having said that, bitcoin is a self-adjusting system and even if such a vulnerability is found in sha256 (unless it's a complete break) it would just adjust itself and no harm would be done.

You just don't understand the system. This is exactly what proof of work does. Proof of work can be calibrated such that it is an even game. There is no shortcut - that's basically the definition of proof of work. There is no clever solution, it's all brute force.

There is no possibility of the same class of attacks of traditional software. Traditional vulnerabilities are about getting root access, or changing some strings, so that execution follows a different execution path, or spoofing. All of these really don't apply to bitcoin, as the nodes are run simultaneously. Its a completely new category of system, such as operating systems, databases, viruses, the internet. Most of the normal concepts just don't apply, which is one reason so few people understand it. Bitcoin is a theoretical concept, an opensource project, a network and a currency.

The real question is how to solve the pool problem so that proof of work is forced to be distributed. Unfortunately this is a flaw that seems to be hard to fix.

This seems to be the general consensus -- let's sit back and relax, and wait for a problem to come; let's not think about it now.

Put more bluntly, if I am on to something, and chose to take advantage of it -- you might never know.  You'd be sitting back chatting away with people about the $10B network, as I'm slowly lowering the BTC value and siphoning out money.

Of course, your response may be that if it was limited to a flaw that allowed people to mint coins more quickly, it would be fair game.  But I haven't seen any consensus about whether or not such would be ethical (as opposed to double-spending, reversing transactions, etc., that most would agree would not be ethical).  I'm not aware of any contract, rules, etc. regarding Bitcoin -- it's just sort-of assumed that you are supposed to check every possible hash, and shortcuts never were considered.

Fortunately, I read about that before doing my work.  What we see now in the nonces is the high bits skewing slightly towards 0 (as is expected if you start at zero).

I got thrown off by a pattern that I was seeing, but the same pattern appears in (truly) random numbers as well.  It still doesn't explain my initial results, which I will be testing some more.

We have had plenty of problems in the past, and they have all been fixed rather quickly.
Even if we did have a problem we are talking about a $10B network here.

If something really really broke, I'm sure all the core devs, thousands of coders, and all the Bitcoin companies could get together and probably rewrite Bitcoin from scratch in 24 hours.

If you find a flaw, you can get the email addresses of the main bitcoin developers from bitcoin.org

But I don't think that will be necessary

Did it have something to do with the probability distribution of the blocks mined by Satoshi which were the first few (among others) of the blocks created?

If so, take a look here:
https://bitcointalksearch.org/topic/new-mystery-about-satoshi-286883

Just an update for those following:

Indeed, it may be back to the drawing board.

I had first discovered something by looking at the first few blocks that were created.  Rather than tediously going through many variables on many blocks, I wrote code to do it automatically.  That code came up with what appeared to be a statistical anomaly that seemed to confirm my original finding.  Further testing today, however, makes it look like there was a flaw in my logic with the code I wrote.

However, the original anomaly I found is still there, and I need to do some testing with that to see if it is an issue or not.  Since I was only looking at the first few blocks, it could be completely irrelevant at this point.

Fixed my original post, I meant posts.  OOPS.

Erm... Not even god has 2500+ activity...   Highest is theymos with 1428.

Right, unless you mean a critical vulnerability in the software, not in the protocol.

Yeah - we've been there. More than once, I think.
A new software is then being released within hours, all the miners switch to it ASAP and the fixed branch catches up to overtake the broken one -  problem solved.
I mean, some people could have lost some money because of double spending, but it would not be a total disaster, just a disturbance.

If something is found then a hard fork can carry all/most/some the current accounts forward on to the new fork (probably, depending on the flaw found).

I say either PM a "super" hero or spit it out right here and now.

No offence man, but I'm betting my entire bitcoin stash on you being wrong.
So go ahead and say it loud what vulnerability you think you have discovered - don't be shy

But let's assume...
IMHO, if a really critical vulnerability is found, it would rather be in ECDSA, not in SHA256.
I mean, if someone finds a way to solve SHA256 like 10 times faster - this is already accounted for. The difficulty will adjust and it should go on just fine.
But if the signatures are found to be broken, the value of bitcoin will quite likely go down to zero within a single day.
People are saying that if you don't reuse addresses then it should not matter, but I think they are wrong, since being unable to reuse an address would totally break a core function of the currency.
So in such a case there would be no sense to fix it - we can just as well start a new block chain, a new crypto-currency.
And all the coin holders would loose, though the hashing power should still be reusable, so the new currency shall quickly build up a value.

Pick someone who may know a bit about what you are talking about.  Someone who has been around a while.  Someone you trust.  Then PM them.

Some of the smartest and well known are gmaxwell, DeathAndTaxes, Mike Hearn, theymos, or Gavin himself.  I suggest you run your idea by one or more of them.

(This list is just off the top of my head - did not mean to leave anyone out )

Pretty much anyone with over 2500 posts or 900 activity can probably tell you if you have found something or not.

But pick someone you trust.

I don't agree.  If you did find a way to quickly find a valid hash, then you are just as entitled to mine as any other miner.

ASIC manufacturers take business from GPU miners, but there is nothing unethical about that.

Miners (including those with large investments) have no entitlement to block rewards.

Using your knowledge to double spend, reverse transactions or DDOS the network would not be ethical.

In summary, stealing bitcoins is unethical, but the coinbase bitcoins don't belong to anyone other than the miner who solves the hash.

If you don't know if you scheme will work, you could try it out.  If it does involve transferring bitcoins that you don't own to yourself, you could test it on bitcoins that you actually own.