Author

Topic: Cryptographical Arms Race (Read 978 times)

legendary
Activity: 3472
Merit: 4801
February 16, 2014, 02:41:42 PM
#11
As such, if ECDSA is suddenly completely broken such that there isn't time to move to a new signature algorithm, then an industry of trusted mining will have to evolve.  It will become necessary to be able to submit a transaction directly to a trusted miner that will confirm the transaction into a block without relaying it to others that might modify before it is confirmed.

The block still could become orphaned, even trusted miners don't guarantee that ur coins r 100% safe.

Correct.  It would take a significant effort and solving some serious trust issues to spend bitcoins into a transaction that uses a new signature algorithm of ECDSA were to be suddenly completely broken.

Fortunately:

Far more likely is that these algorithms slowly become slightly weaker over time.  As such there is plenty of time to replace any of them before they become a serious problem.
legendary
Activity: 2142
Merit: 1010
Newbie
February 16, 2014, 02:33:49 PM
#10
As such, if ECDSA is suddenly completely broken such that there isn't time to move to a new signature algorithm, then an industry of trusted mining will have to evolve.  It will become necessary to be able to submit a transaction directly to a trusted miner that will confirm the transaction into a block without relaying it to others that might modify before it is confirmed.

The block still could become orphaned, even trusted miners don't guarantee that ur coins r 100% safe.
legendary
Activity: 3472
Merit: 4801
February 16, 2014, 02:01:02 PM
#9
If ECDSA is broken then u won't be able to spend ur coins. What if a hacker intercepts ur transactions and changes outputs?

Correct.  The bitcoins will be safe as long as you don't try to spend them.  As soon as you spend them, you will make your public key available and then (if ECDSA is completely broken) someone can alter the transaction and re-transmit it.  At that point you have a race to see which transaction is confirmed first.

As such, if ECDSA is suddenly completely broken such that there isn't time to move to a new signature algorithm, then an industry of trusted mining will have to evolve.  It will become necessary to be able to submit a transaction directly to a trusted miner that will confirm the transaction into a block without relaying it to others that might modify before it is confirmed.

Furthermore, if SHA-256 becomes so broken that a block can be solved within fractions of a second regardless of difficulty, then there are likely to be some issues with confirmations that will need to be resolved.  There are a few ways to deal with such a situation. They are all pretty messy, but it can be done if necessary.

Far more likely is that these algorithms slowly become slightly weaker over time.  As such there is plenty of time to replace any of them before they become a serious problem.
legendary
Activity: 2142
Merit: 1010
Newbie
February 16, 2014, 12:44:31 PM
#8
in order to break bitcoin you would have to break all 3? not just one of them?

Correct.  If you use a new keypair for every transaction (as recommended in the original Bitcoin Whitepaper), then your balances are all protected by 3 layers of cryptography.  If RIPEMD-160 were completely broken today, my balances would still be protected by both SHA-256 AND ECDSA.  If SHA-256 were completely broken today, my balances would still be protected by both RIPEMD-160 AND ECDSA.  If ECDSA where completely broken today, my balances would still be protected by both SHA-256 AND RIPEMD-160.

The only way my balances would become vulnerable would be if ALL THREE of RIPEMD-160, SHA-256, and ECDSA were all COMPLETELY broken suddenly and unexpectedly within a very short amount of time.

Any one (or more) of those three algorithms can be swapped out for a newer algorithm in the future if the situation warrants it.  So, if RIPEMD-160 were to be considered too weak, it could be replaced with a newer hash algorithm that the cryptography community considers more secure.  As you mention, newer algorithms have not stood the test of time as long, but that's ok, because the balance would be protected by BOTH the newer replacement for RIPEMD-160 AND the older algorithms of SHA-256 and ECDSA.  By the time one of the other algorithms (SHA-256 or ECDSA) becomes weak, the RIPEMD-160 would have been running for quite a while and would therefore have the test of time behind it.

If you are concerned about SHA or ECDSA, then you don't need to worry much about bitcoin, but you need to worry significantly about the security of everything else on the internet.  Because almost everything else does not use this 3-layer system, a sudden complete break of just one algorithm would be devastating to the security of a huge potion of connected systems, while bitcoins would safely and smoothly replace the broken algorithm.

If ECDSA is broken then u won't be able to spend ur coins. What if a hacker intercepts ur transactions and changes outputs?
legendary
Activity: 3472
Merit: 4801
February 16, 2014, 10:03:57 AM
#7
in order to break bitcoin you would have to break all 3? not just one of them?

Correct.  If you use a new keypair for every transaction (as recommended in the original Bitcoin Whitepaper), then your balances are all protected by 3 layers of cryptography.  If RIPEMD-160 were completely broken today, my balances would still be protected by both SHA-256 AND ECDSA.  If SHA-256 were completely broken today, my balances would still be protected by both RIPEMD-160 AND ECDSA.  If ECDSA where completely broken today, my balances would still be protected by both SHA-256 AND RIPEMD-160.

The only way my balances would become vulnerable would be if ALL THREE of RIPEMD-160, SHA-256, and ECDSA were all COMPLETELY broken suddenly and unexpectedly within a very short amount of time.

Any one (or more) of those three algorithms can be swapped out for a newer algorithm in the future if the situation warrants it.  So, if RIPEMD-160 were to be considered too weak, it could be replaced with a newer hash algorithm that the cryptography community considers more secure.  As you mention, newer algorithms have not stood the test of time as long, but that's ok, because the balance would be protected by BOTH the newer replacement for RIPEMD-160 AND the older algorithms of SHA-256 and ECDSA.  By the time one of the other algorithms (SHA-256 or ECDSA) becomes weak, the RIPEMD-160 would have been running for quite a while and would therefore have the test of time behind it.

If you are concerned about SHA or ECDSA, then you don't need to worry much about bitcoin, but you need to worry significantly about the security of everything else on the internet.  Because almost everything else does not use this 3-layer system, a sudden complete break of just one algorithm would be devastating to the security of a huge potion of connected systems, while bitcoins would safely and smoothly replace the broken algorithm.
member
Activity: 71
Merit: 10
February 16, 2014, 08:55:23 AM
#6
another thing to consider though is as the price of bitcoin rises the incentive to break the underlying cryptography in a hidden way goes up with it. has there ever been such a large incentive to break a cryptographic system out in the public like this before?

and thanks i'll check out that article

Sure, there is a huge incentive to break this crypto: all the banks are running it. If crypto is broken, bitcoin might be the last thing to come under attack, as it is a relatively small thing.
newbie
Activity: 6
Merit: 0
February 16, 2014, 08:40:42 AM
#5
another thing to consider though is as the price of bitcoin rises the incentive to break the underlying cryptography in a hidden way goes up with it. has there ever been such a large incentive to break a cryptographic system out in the public like this before?

and thanks i'll check out that article
newbie
Activity: 27
Merit: 2
February 16, 2014, 08:13:03 AM
#4
Quote
most cryptographic algorithms break slowly

I think this is pretty much the best way to look at it. There's no telling how/when/if some of these algos will break, though we're pretty sure they're safe for a while. But Bitcoin is not even a 1.0 product yet, it's still an idea in the infancy of manifestation.

Quantum safe cryptography has been developed, though I don't think it's as widely tested and it can have it's own problems (memory usage, key size, etc...). I think for the begginning, while we're still trying to figure out the concept of a cryptocurrency itself and hammer out the details of implementation, it's probably better to stick with really known algorithms which are easier to implement and have been successfully implemented elsewhere for quite some time. It's better to reuse code that has already been tested a bunch than to develop new code for the sake of being "quantum safe" at this stage in the game.

Unless someone comes along and proves that PSPACE = P or NP = P, which would be one of the greatest mathematical discoveries for a century or two, I think it's better to focus on fixing little things with the implementation that are real threats to credibility and safety of use. Things like the recent transaction malleability issue and finding ways to have more generic and/or anonymous transactions.

Once these things are figured out and there is provably solid code in place that can be made into a "generic coin", then I think we can worry about the further future and possibility that quantum computers will ruin everything. By then hopefully some of the quantum safe algos will have been tested more extensively and we can drop those in too. But, the final product doesn't have to be Bitcoin itself - it's a good thing that it hasn't grown even faster than it already has, because it still needs tested and tested and tested. Every day there are posts about weird transactions showing up.

http://www.cs.virginia.edu/~robins/The_Limits_of_Quantum_Computers.pdf
That's a pdf by Scott Aaronson where he discusses what quantum computers can and can't do (doesn't just talk about cryptography, mainly about problem difficulty/problem spaces). It's a good read to put things into perspective.
newbie
Activity: 6
Merit: 0
February 16, 2014, 05:37:26 AM
#3
in order to break bitcoin you would have to break all 3? not just one of them?

and also, i'm speaking in the very long term. It just makes sense to me that eventually (as in raised to infinity) that at some point the cryptography would be broken while it is live whatever the itteration is at that time and that would be irrecoverable. like are there any forms of cryptography that are quantum safe?

like it seems to me that given enough time that the cryptography is it's biggest liability for long term survival.

is this all in my head? am i wrong? are cryptographers that are involved in this project not worried about this?
sr. member
Activity: 476
Merit: 251
COINECT
February 16, 2014, 05:05:32 AM
#2
Breaking Bitcoin as it stands would require breaking RIPEMD160, SHA256, and ECDSA. Since most cryptographic algorithms break slowly, it's quite unlikely that all three would be broken at the same time. Bitcoin will need to eventually upgrade though, which is quite possible.
newbie
Activity: 6
Merit: 0
February 16, 2014, 03:00:13 AM
#1
Let me start this off by saying I am heavily invested in bitcoin and I am practically obsessively mentally invested in it so I am not trying to spread fud. Anyways here is my question.

What would we do if there was a flaw in the way that adresses are created? Is there a way to change the cryptography that is behind the pub/private key if it is found to be flawed or as time goes on and computing power gets more powerful? And isn't this a serious concern? This isn't an if question... this is a when question. And if we haven't moved past this form of cryptography before the weakness is found or before computers are able to just out pace it then bitcoin loses all of it's security and becomes worthless. But then there's the problem of what cryptography do we use to replace it right? How do we know that it's secure? New cryptographic schemes havent lived up to as much scrutiny as older schemes so there could very easily be a flaw that just hasn't been found yet. Is it actually possible to change the way adresses are generated and how would they adapt the bitcoin to go to those new addresses? I was hoping you could explain these things to me or perhaps point me to a wiki page or an article that addresses these concerns.

Now these concerns seem to me that this arms race will eventually wind up killing bitcoin. It seems like eventually it just has to happen that a flaw in the cryptography will be discovered before they can prevent the damage and that will kill bitcoin. It seems like it just comes with the teritory. Do you think that it is possible to permanently stay on the winning end of this arms race? Like even if the current gen cryptography weakens at a predictable rate and we are able to move to something that can replace it all it takes is 1 instance of cryptographical failure at any point before they are able to respond to cause this entire system to come crashing down.


if my understanding is flawed please say so. thanks!
Jump to: