Topic: Guy on twitter claims he is working on hash method without brute force. - page 3. (Read 8701 times)

ROT-13 is nondestructive.  Very different from SHA-256.

relatively little research has been done on the subproblem of sha256 compromise on which bitcoin's security depends. it is not the same problem as one-to-one collisions (i.e., an outright compromise of the function). in the general case, it cannot be determined whether finding a result that corresponds to a pattern that matches x out of 2^256 hashes is indeed no more than x times easier than forcing a one-to-one collision. there are reasons to think that in bitcoin's particular case, it is just about that easy and thus that bitcoin's use of sha256 in mining is secure - but to my knowledge that hasn't been proven.

update for john: for technical reasons, i'm less concerned about that feature of bitcoin's use of sha256. the problem isn't necessarily the same for cyphers as for hashes. as for the former, as potentially interesting background reading (though not necessarily relevant here), see the excellent classic article by maurer called something like 'the importance of being first' in the journal of cryptology.

I'm aware, thank you for spreading the word.

ROT-13 is harder to crack than ROT-13(ROT-13).  Has anyone proven the same is not true of SHA256?  I will be very surprised...

http://en.wikipedia.org/wiki/SHA-2#Cryptanalysis_and_validation

SHA256 isn't JUST used in bitcoin.  It's used in SSL, in banks all over the world, wireless encryption, cellphone encryption, encryption/verification for thousands of open source projects, etc.  If you need a citation for it's strength, it's been used for 10 years in all these fields without any likely attack vector found.

Ah, of course.

If I'm not mistaken, most effort has gone into "single" SHA256, and though the composition of SHA256 operations would seem harder to crack, one never knows.

Not that I think the Twitter guy is likely to succeed, but in general I see too little attention placed on the strength of Bitcoin's cryptography and too many explanations that fail to mention its theoretical vulnerability.  Or citations in support of its strength, for that matter.

The input is a block header, the contents of which are not flexible. Only the nonce is.

We was lazy disscussed that approuch to breack down the BTC prices (to buy them cheap) on russian local, month ago, and come to conclusion, that there is always be some nerd with numbers in hand, that will destroy that idea, - therefore we refuse it.

proof - http://forum.bitcoin.org/index.php?topic=4128.0

Er... No... bitcoin is dead, but i'll buy all your bitcoins for $1 each.

Oh, wait, so is it safe to go back to mining?

I thought he was designing a miner.  Why would he need a pre-image for that?  All he needs is a partial collision with zero.

For what it's worth I talked to one of the authors behind the current best result against SHA256. They didn't think a failure of SHA256 as it's used in Bitcoin was likely any time soon. The best results from academia produce a random bitstring as the pre-image and only work against a reduced strength version of the algorithm.

Ultimately, it looks like he's some young hotshot who thinks he understands everything, considers himself a "hacker", and thinks he can best the worlds top mathematicians because he's 2 years into an associates degree at a shitty college.  I am dissapoint.

+1 on what Quantumplation said.

Looking at how he "thinks" his solution will work, He doesn't understand the concept of destructive operations.  Think of it this way: The simplest hash function is %2.  Basically, given any input, find the remainder after you divide by 2.  It simplifies things down to a keyspace of 1 bit, and obviously there's lots of collisions.  However, given that information, there's no way to go backwards to the original number.  If I say the "hash" is 1, it could be 1, 3, 5, 7, 9, etc.

SHA256 has the following destructive operations:
6x non-carrying addition
Shift right
I believe the combination of ANDs and XORs ends up being destructive.

That's just in one iteration, and there are 64 iterations per hash.

^this. Good luck to the guy. Many have tried - and there's so much other security infrastructure that uses SHA256 that we Bitcoin is the least of our worries. Besides, bitcoin'd just move to some other hashing algorithm.

bitcoinfail.  Oh well, I guess I'll just start playing Crysis 2 now.

If he succeeds, bitcoin compromization will be the least of our worries.  SHA256 has stood up to mathematical analysis for many years, not just from the bitcoin community but from the entire world.

garethnelson Gareth Nelson
@
@lemonzest2008 my new approach is going to take lots of fucking about with the maths before I write the actual miner itself
4 minutes ago

garethnelson Gareth Nelson
@
@lemonzest2008 the one on the AFF site is just a mod of a standard miner - there's source available at aspiesforfreedom.com/mining/src
4 minutes ago

garethnelson Gareth Nelson
@
@lemonzest2008 nowhere near complete yet, unless you mean the boring standard one on the AFF site
5 minutes ago


garethnelson Gareth Nelson
@
@lemonzest2008 the bitcoin client? run bitcoind, but note it's a bit slow at generating if that's what you're after
12 minutes ago

garethnelson Gareth Nelson
@
@ZauberExonar great - how's your digital circuit design? in particular, boolean expression simplification for FPGAs
14 minutes ago

garethnelson Gareth Nelson
@
@LozKaye who on earth asked for that?
14 minutes ago

garethnelson Gareth Nelson
If I generate one block a day, at current exchange rates that'd be $11200USD/month - anyone want to help out for a cut?
21 minutes ago

garethnelson Gareth Nelson
@
@FabinetPM you don't know? :O
22 minutes ago

garethnelson Gareth Nelson
I then don't even have to bruteforce - just pick any of the remaining branches at random, then "..." and then "profit" #bitcoin #win
24 minutes ago

garethnelson Gareth Nelson
I eliminate the branches that lead to bits outside of the nonce changing in the input, then i'm left with a fixed set of branches
25 minutes ago
»

garethnelson Gareth Nelson
For NOT gates for example, it's easy - if you want a 0 out, you put a 1 in - for an XOR there's 2 possible inputs that lead to a 1
26 minutes ago

garethnelson Gareth Nelson
Then I can calculate the fixed inputs for each gate that will satisfy the output such that it's got the right number of 0s
27 minutes ago

garethnelson Gareth Nelson
The output is a wildcard prefix and a bunch of 0s at fixed length - I run backwards from the wildcard bits up through the boolean network
27 minutes ago

garethnelson Gareth Nelson
Doing the maths, a circuit with about 6000 logic gates can do SHA256, and 2000 odd of them are OR gates with multiple possible inputs
29 minutes ago

garethnelson Gareth Nelson
If my method works, i'll be able to generate 50BTC every few seconds but i'll lower it a bit to avoid arousing suspicion #bitcoin
30 minutes ago

garethnelson Gareth Nelson
So i've been working on a method for calculating valid hashes without doing a lame bruteforce

"So i've been working on a method for calculating valid hashes without doing a lame bruteforce"
"If my method works, i'll be able to generate 50BTC every few seconds but i'll lower it a bit to avoid arousing suspicion"

Ummm, satoshi?

http://twitter.com/#!/garethnelson