Topic: in the future: sha256 gets cracked (Read 6236 times)

When weaknesses like that are found, the world generally takes it as a warning sign.  It means that future weaknesses are very likely to be coming, and worse.  In that scenario, everyone would have a strong incentive to change.  But we'd also have lots of time to do it.

Look at MD4.  It is considered to be totally broken, and should not be used for anything, ever.  But really, none of the attacks on MD4 are even remotely useful for mining.  If we were using MD4 for mining, we would have years, probably decades really, to engineer a switch.

And a switch can be relatively painless.  As an example, we could all agree that ~2 years is plenty of time for everyone to upgrade their software, and ~4 years is enough to upgrade hardware.  That would mean that starting with block 3,150,000 the network would accept blocks with valid hashes under either SHA or the new algorithm, whatever we decide that may be.  And starting with block 4,200,000 the network would stop accepting blocks with SHA.

Exactly, a later development of the public key cryptography principle.

Bitcoin is not using RSA. Bitcoin is using ECC.

Well depending on the magnitude there is also an increased risk of a 51% percent attack from people who learn about the flaw first.

Really so it would be better to see their product instantly become worthless, sales plummet to zero overnight, and all miners revert to using (cryoptographic flaw enhanced) GPU?  That is better than a (essentially 0.0%) chance that Bitcoin will switch to a new algorithm.  Note the clumsiness of the saying "Bitcoin will switch".  Is Bitcoin a person?  a corporation?  Who exactly would switch?  EVERYONE?  Nobody would decide to keep using "original bitcoin".  Imagine the confusion and chaos if for example MtGox supported original Bitcoin but bitpay supported "new bitcoin" and there were two incompatible forks of the reference client each supporting one version of the protocol and users had coins on both versions with initial balances at the point the blockchain permenently and irrevocably split.  Think that chaos might be bad for Bitcoin?  Think that might be worse than the non-problem of miners calculating hashes faster?

The hashing algorithm isn't going to change.  Anyone who understands the decentralized consensus that is Bitcoin understands that.   A flaw which allows someone to hash 1000x, 1,000,000x, hell 50 quadrillion times faster presents absolutely no risk to Bitcoin.  It simply means everyone will end up using the "flaw" (either back on CPU/GPU/FPGA or on some future ASICs) and difficulty will increase by an equivalent amount.  

I'm doubtful that an ASIC developer would release a chip that makes use of a broken hash function. The chance would be too high that Bitcoin would switch to a new algorithm, rendering their new (and old) chips worthless.

True but there will be a very large incentive for an ASIC developer to release a chip which takes the crytographic flaw into effect.  Until that happens you could see (hypothetically) a period of time where the average GPU can out hash a high end ASIC. 

That is everyone except the ones with non-programmable asic chips.

If ASICs are being sold at a pace by 2015 where every Bitcoin miner is using them, then the ASIC companies will have enough money to re-tool the mining rigs and start selling upgraded versions a lot faster than they are now. They will have vetted out most of their processes by then and have staff to push it through.

The short version of the history of cryptography,

1 Write the message. In those days, most people could not read, not even the couriers.

2 Reconfigure the characters in a secret way. Started with the Ceasar code and other variants. Could be decoded manually by smart guys.

3 Mechanical computers used to rearrange the code. A key was supplied to the machine using numbered discs. Used in world war 2, but still crackable in hours (at the end of the war).

4 The concept of a key was introduced. The protocol and algoritm could be public, the problem of cracking was concentrated into the key. That was the Kerckhoffs's principle. Computers used to encrypt and break encryption.

5 Longer keys were used, and better algoritms were found, making the messages cryptograhically secure. The encryptors definitely won over the crackers. (bearing in mind that encryption and cracking is two sides of the same coin, a cryptographer also needs to be a cracker and vice versa).

6 Public key crypthography (used in the bitcoin addresses) were invented by Rivest, Shamir and Adelmann, in 1977, patented and lecensed by the RSA corporation. Bitcoin uses a later development of this principle.

7 A secure hash algoritm was designed and published by RSA in 1995, later version 5 of what was called MD5 (message digest version 5). It is still used today, but has some weaknesses. SHA  (secure hash algoritm, later enumerated SHA-0) and SHA-1 and SHA-2 was developed by NSA. SHA-2 is used in bitcoin for all the hashes. SHA-2 has several key lengths, the one chosen for bitcoin has 256 bits and is also called SHA-256.

8 A new hash SHA-3 is designed outside the NSA. A competition was started in 2007 by NIST. A victor was declared in 2012. This might be recommended for future use after some years of scrutiny.

In some ways, history repeats itself, in some ways the world develops. Both could be true at the same time. In cryptography however, the truth is that there has been development and secure cryptography is possible. The scrutiny of the different algoritms sometimes reveals _possible_ defects years before they can be realistically cracked. This gives us the time needed to change the system if a problem should arise.

Of course it is always a remote possibility of a crack beeing found that could render the system unusable from one day to the other. But now, that seems very, very remote.

Well this appeared to be not so short after all...

thanks for the long and good reply, explains a lot. it was also my first thought that a change of the algorythm used is possible, but it would be hard to realize, because peolpe not updating their client would be abandoned from the network.

For mining purposes MD5 being "cracked" wouldn't prevent it from being used a proof of work.  It is unlikely SHA-256 will ever be replaced as the proof of work algorithm in Bitcoin (this is different than the hashing algorithm used in address creation).

For example say an cryptogrpahic flaw was found that would allow one to find SHA-256 collisions 1000x faster than brute force.  Ok everyone uses it and difficulty rises by 1000x.  Difficulty is a completely arbitrary construct.  Difficulty 20M on unhacked SHA-256 vs difficulty 20B on "hacked" (1000x faster than brute force) SHA-256.   Who cares?  People stopped using MD5 because one could find a collision faster than brute force this is bad for things like securing passwords or validating encrypted packets.  In Bitcoin mining we are attempting a brute force attack. Rather than looking for a specific collision we are looking for a hash which is below a completely arbitrary number.  If it gets easier to to that difficulty will rise and the completely arbitrary number (the target) will be smaller/harder.

To change the mining algorithm would be a hard fork.  It is unlikely anyone would get enough support for a change like that.  Miners and merchants will continue to use the "real" Bitcoin fork.

I think Bitcoin with ASICs stands and falls with the hashing algorithm. Switching it or trying to switch it would result in more chaos than it can handle.

A scenario like you described would result in nobody willing to actually do the switch. But then it isn't certain that ASICs are the future of Bitcoin mining either, if the current wave of preorders turn out to be a bum people could realize that it isn't in their best interest to switch to asics at all. FPGAs are becoming better by the year and gain more market penetration in every other field.
In the future almost any computing might be done with FPGAs, MPPAs and similar devices with the performance penalty in comparison to ASICs negligible.

it was clear to me that difficulty will drop and the rate of generation will be constant, i was more focused on the economic aspect, because people invested lots of money into a then useless technology.

Very unlikely.
But if the algorithem was changed so ASICs would no longer work, mining difficulty would drop automatically and mining would be done using CPUs & FPGA's for a while untill new ASICs was manufactured.

https://en.bitcoin.it/wiki/Difficulty

Depending on how quick the fix is implemented and what losses people will suffer the price will drop to almost nothing because noone would buy bitcoins but it would go back up after the fix is installed.

Fixing bitcoin would be very easy: just make it use another algorithm. Everyone download it, problem solved.

Yeah ASIC would be useless but as other said, the whole world use sha256 so if that happens then bitcoin will be the last of our problems. This implying sha256 will be cracked of course...

The hashing algorigthm can be changed - that would require patching lots of clients - but in case of an sha256 breach I believe a consensus on the need for such a change would be reached quickly.  Also a breach does not mean bashing the entire network - it only means that whoever does that can double spend - this is dangerous - but is easy to spot and once registered people can react.

but md5 is not nearly as essential to the bank industry as sha256 is for bitcoin. in the worst case scenario, banks could shut down all atm/online banking and only handle cash at the counters.
but if you find a way to reverse the sha256 algorythm, you alone could bash the entire bitcoin network.

The difficulty is only adjusted every 2016 blocks, and large changes are filtered! so, for maybe 2 months this will be way off. but still, transactions stay the same and during that time, many enthusiasts will jump in to safe the system …

One could say that MD5 has already been broken and banks have already dealt with this problem by switching to sha256.  The switch takes years but we know that banking customers do not riot in the street when an algorithm is broken.

Regarding obsolete hardware,  hash rate drops by 99.99% but the system still pumps out the same reward every 10 minutes.  Supply/demand stays the same.