Topic: Hard-forking Bitcoin to SHA-3 from SHA-2 (Read 2984 times)

If it turns out that there's collision attack (see here?) or some peculiar partial preimage attack on SHA-256 then we'd need a new protocol rule (hardfork) that says that starting from block #X in the future the protocol uses SHA-3 everywhere that SHA-256 was used.
If there's a full second preimage attack on SHA-256 then we also need to add an extra field to all the old blocks with their SHA-3 hash, otherwise an attacker could replace an old block with his malicious block, see this.



From what I've heard that's an overstatement: cryptographers focused their efforts mostly on practical collision attacks on SHA-1, and on the SHA-3 competition, so in a relative sense SHA-2 was left neglected.

Seriously....
To ban bit-coin would be a world wide effort, Every government would need to make it illegal.
I do actually hope that the USA does this.. it would force the current mining operations being setup. to be moved off shore to more secure locations, at the very least it would prevent much of the current bit-coin backbone traffic from being monitored.

As regards 'security' or 'backdoors' being built into SHA256... one would have to ask WHY build a backdoor into a hashing algorithm?
It's not encryption, there are no 'secret' messages to uncover.

I fixed your quote for you to make it more obvious that we are dealing with different grades of impossible.

Note that 2²⁵⁶, 2^253.5 and 2^251.7 all mean exactly the same thing:  NEVER.

It only requires trust and faith if you don't understand how hash functions are constructed. The attacks on SHA-256 are all against reduced round versions, that is, they know how to beat it .... if they change it so it's not SHA-256 anymore. Well, surprise, that's why the algorithm uses lots of rounds. And Bitcoin actually doubles it up as well.

Nobody has ever suggested that SHA-256 has some kind of magic NSA back door, and if it did, it's unclear what would be done with it. For the US Government to interfere with Bitcoin by trying to back-door the crypto it uses would be a waste of time ... they could cause chaos for a bit, a new version that uses SHA-3 would be released, people would carry on as before.

If a government (any government) wants to kill Bitcoin, it will be done by passing a regulation (or re-interpreting an existing one) that essentially forbids its usage, or makes it too expensive to be worthwhile. See how some cash-strapped European governments are trying to ban the usage of cash for anything other than tiny transactions. There's a real risk those governments will simply see Bitcoin as "electronic cash" and try to ban it on the pretext of fighting tax evasion.

It's far from impossible to tax Bitcoin using businesses. But so far nobody is talking about that.

Federal government agencies, with their granted sovereignty and secrecy, tend to work against each other. It would not be out of the question for the NSA to purposefully have a hold on the crytography used by all federal agencies and beyond. The President is likely not even on a need-to-know basis or security clearance with the higher echelons of the NSA. It requires trust and faith to believe the NSA is working in unison with the entire federal government and the American people. Their budget is classified. Their offices overload electrical grids. They employee thousands. People granted enormous power have an endless incentive to grow it. To have access to all government data and be able to spy on it is very valuable and is right in the NSA's jurisdiction.

Okay, SHA-256 has been well-studied. There are vulnerabilities. It is not unreasonable to believe these don't go further. Take from this what you wish but SHA-256 makes me uneasy. It makes me want to sell all my bitcoins.  

I do not trust the cryptography bitcoin is using and that is all the trust bitcoin has. Without that, bitcoin is nothing. SHA-256 will make or break bitcoin.

I put this warning on the record for the future look back at.

Probably not. The NSA has a dual mission - to attack foreign codes and build strong ones for the USA. SHA-256 came out of the latter effort and it's been extensively studied. Hash functions aren't so complicated you can hide backdoors in them and remain undetected.

SHA-3 is interesting but currently, I'm not aware of any real evidence it's stronger than SHA-2, just less studied.

If it were to be done, it'd have to be done at the same time as other hard-forking changes.

http://en.wikipedia.org/wiki/SHA-3

Is it worth doing since SHA-256 was directly designed by a centralized, secretive government agency who may have included a nuanced and hidden flaw?

There are also pre-image attacks against SHA-256:


Would it be hard to switch Bitcoin over to SHA-3? How would it be done?