Author

Topic: If one day, people find Bitcoin is no longer safe. How about the feature of btc? (Read 1044 times)

newbie
Activity: 42
Merit: 0
i think litecoin must be future
newbie
Activity: 56
Merit: 0
If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?

Bitcoin addresses can't be "cracked" by simply using a more powerful computer. Not now, not in 10 year, not in 1000 year. The amount of bruteforce computation power required would use up all the energy in the universe.

Of course, if a flaw is found in the algorithm that is used to generate bitcoin addresses from private keys, it's a different story alltogether.

Anything is possible, I remember people saying Litecoin is anti FPGA..

I agree this point. Maybe after few years, current trade methods are not safe.
full member
Activity: 200
Merit: 104
Software design and user experience.
If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?

If one day something about Bitcoin is cracked, it will be fixed, bogus transactions reverted by miners, some people will lose some money and then life will go on. Abandoning Bitcoin is equivalent to everyone losing all their wealth. That's not going to happen without a fight.
sr. member
Activity: 370
Merit: 250
legendary
Activity: 3472
Merit: 4801
Why does someone need to reverse an algo to get exact match?

Poor choice of words on my part.

When I said "reverse the . . . hash function", I meant to do the opposite of what the hash function is intended to do, regardless of the method chosen.

In other words, a hash function is designed to provide a digest when given a message.

When I say "reverse the . . . hash function", I mean to provide a message when given its digest. The conditions on the message being that it is exactly 256 bits long and has the given digest as the result of performing the intended hash on it.
legendary
Activity: 2142
Merit: 1010
Newbie
Now, the only way to steal coins is to reverse the RIPEMD-160 hash function to find a valid SHA-256 hash
AND
then reverse the SHA-256 hash function to find a valid public key
AND
then reverse the public key generation to find a valid private key

Why does someone need to reverse an algo to get exact match? Probabilistic approach combined with brute force gives results much faster. Read more - http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.215.1617&rep=rep1&type=pdf
sr. member
Activity: 322
Merit: 250
If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?

Bitcoin addresses can't be "cracked" by simply using a more powerful computer. Not now, not in 10 year, not in 1000 year. The amount of bruteforce computation power required would use up all the energy in the universe.

Of course, if a flaw is found in the algorithm that is used to generate bitcoin addresses from private keys, it's a different story alltogether.

Anything is possible, I remember people saying Litecoin is anti FPGA..
legendary
Activity: 3472
Merit: 4801
The whole security of ECDSA is based on the assumption that the sign function (which takes the hash, random R and private key D, calculating S that corresponds to the public key) cannot be reversed with far fewer resources, using some not yet publicly known algorithm.

The math behind it is quite complex and the mathematicians are not entirely certain whether it is in fact impossible to reverse the function.
Use a new address for every transaction (as suggested in the white paper).

Problem solved.
Not quite.
Because before your transaction gets mined, the public key and R is still exposed to the world and if someone can calc the D from it fast enough, he can spend your money before you.

True, if ECDSA was so broken that the private key could be calculated in minutes (or faster) instead of days.

Your bitcoins would be safe so long as you don't try to spend them.  If (after ECSDA is so broken) you were going to try to spend bitcoins that were received at a legacy address (one requiring an ECDSA signature), then it would require that there be some trusted mining operations.

You could then submit the transaction directly to the trusted mining operations, bypassing all other peers.  The mining operations would need to be trusted not to re-broadcast the transaction, and not to take advantage of the ECDSA weakness. When you spend the bitcoins, you would want the receiving address to use the new unbroken signature and/or hash functions.
legendary
Activity: 1176
Merit: 1015
To put this into perspective, if we cloned the fastest supercomputer in the world right now and made one for every atom in not one, but 100,000 people, we would have the capability to crack Bitcoin addresses through brute force.

Math: (speed of current top super in flops, times amount of atoms in a human times 100,000, this gives 1 order of magnitude larger than needed to assume 10 flop operation equilviant is required for creating a Bitcoin addresses and testing balance)
http://www.wolframalpha.com/input/?i=38+x+10%5E15+x+7+x+10%5E27+x+10%5E5

Top super: http://en.wikipedia.org/wiki/Tianhe-2
legendary
Activity: 2053
Merit: 1356
aka tonikt
The whole security of ECDSA is based on the assumption that the sign function (which takes the hash, random R and private key D, calculating S that corresponds to the public key) cannot be reversed with far fewer resources, using some not yet publicly known algorithm.

The math behind it is quite complex and the mathematicians are not entirely certain whether it is in fact impossible to reverse the function.

Use a new address for every transaction (as suggested in the white paper).

Problem solved.
Not quite.
Because before your transaction gets mined, the public key and R is still exposed to the world and if someone can calc the D from it fast enough, he can spend your money before you.
legendary
Activity: 3472
Merit: 4801
The whole security of ECDSA is based on the assumption that the sign function (which takes the hash, random R and private key D, calculating S that corresponds to the public key) cannot be reversed with far fewer resources, using some not yet publicly known algorithm.

The math behind it is quite complex and the mathematicians are not entirely certain whether it is in fact impossible to reverse the function.

Use a new address for every transaction (as suggested in the white paper).

Problem solved.

Now, the only way to steal coins is to reverse the RIPEMD-160 hash function to find a valid SHA-256 hash
AND
then reverse the SHA-256 hash function to find a valid public key
AND
then reverse the public key generation to find a valid private key

All without having a signature to work from.

If any one or two of these functions become weak due to some newly discovered exploit, the bitcoins will continue to be protected by the remaining functions, allowing time for the bitcoin community to replace the weakened cryptographic functions.
legendary
Activity: 1176
Merit: 1015
The amount of bruteforce computation power required would use up all the energy in the universe.

I am not sure about this.

http://www.wolframalpha.com/input/?i=10%5E21+x+60+x+60+x+24+x+365+x+9+x+10%5E9+x+4.5+x+10%5E9

http://en.wikipedia.org/wiki/Orders_of_magnitude_(numbers)#1021

WolframAlpha says if 9 billion computers hash at one sextillion hashes per second for 4.5 billion years (age of Earth) then you will exhaust the entire supply of addresses.

Obviously this is a huge number, but I doubt all the energy of the universe would be required to do this operation.
legendary
Activity: 2053
Merit: 1356
aka tonikt
Bitcoin addresses can't be "cracked" by simply using a more powerful computer. Not now, not in 10 year, not in 1000 year. The amount of bruteforce computation power required would use up all the energy in the universe.
We are not talking about bruteforcing, per se.

The whole security of ECDSA is based on the assumption that the sign function (which takes the hash, random R and private key D, calculating S that corresponds to the public key) cannot be reversed with far fewer resources, using some not yet publicly known algorithm.

The math behind it is quite complex and the mathematicians are not entirely certain whether it is in fact impossible to reverse the function.
In other words: it has not been mathematically proven that it is impossible to calculate D, having the public key, the hash, R and S.

Moreover: we know for sure that if you reuse the same R with a different hash, the way to calc D is pretty straight forward.
Now, using a different R the only thing that makes calculating D not straight forward is a magic behind a shape of the curve...
And the curve has been shaped by people who don't tell us how they did it Smiley
hero member
Activity: 728
Merit: 500
If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?

Bitcoin addresses can't be "cracked" by simply using a more powerful computer. Not now, not in 10 year, not in 1000 year. The amount of bruteforce computation power required would use up all the energy in the universe.

Of course, if a flaw is found in the algorithm that is used to generate bitcoin addresses from private keys, it's a different story alltogether.
legendary
Activity: 2053
Merit: 1356
aka tonikt
There have been uncertainties concerning the security of ECDSA.
We still don't know how they chose the curve params and it doesn't seem that they are going to tell us.

It would be useful to at least add support for RSA/DSA signed transaction, in parallel to the ECDSA.
Then people could at least diversify their savings - e.g. split it 50:50 between ECDSA and RSA protected addresses.

This kind of change needs a hard fork and so the sooner you put it in, the better.
staff
Activity: 4284
Merit: 8808
I'm sure your english is much better than my ability to speak whatever language that you're native in, but I still can't understand your question.

Perhaps you could also try google translate?
newbie
Activity: 56
Merit: 0
It would happen in feature.
newbie
Activity: 56
Merit: 0
If one day, people find Bitcoin is no longer safe. Using more powerful computer, btc address could be cracked. How about the feature of btc?
Jump to: