Note: Pardon me if I have any of the wording or concepts of this post incorrect.With the recent release of the beta version of Bitcoin Core v0.10, a new library was introduced,
libsecp256k1.
In the release notes it says, "
we have reason to believe that libsecp256k1 is better tested and more thoroughly reviewed than the implementation in OpenSSL"
The introduction of a new library with functions as important as this could be manipulated to have mathematically introduced back-doors which would enable backward engineering of keys or other manipulations (perhaps seeming to be random when in fact having patterns to the numbers which could be used by NSA-type organizations to "infiltrate" bitcoin security). I am not saying this has happened, but just saying that this would be a sneaky and effective way to implant backdoors into bitcoin.
If I was an enemy organization (NSA, PRISM, etc) and I wanted to infiltrate bitcoin, this is how I would do it.
I would handsomely pay off some coder(s) to introduce a backdoor or predictable mathematical weakness and implement it into some obscure aspect of the code, such as the elliptic curve functions in libsecp256k1. Has this possibility been considered?
While I do not have the knowledge to verify the security of this new library, does anyone else have proof that it is secure? What assurance do we have that it is as secure or more secure than the library it replaced? 99.9% of people adopting the new version are not going to know what is in that new library or how it operates.
I just wanted to voice this concern because it had been on my mind.
----------------------------------------------------
To illustrate the point further, here are two quotes from a recent Edward Snowden interview (conducted around Jan 23rd, 2015):
Edward Snowden talking about cryptography and how it takes a few years to fully vindicate that it's safe:https://www.youtube.com/watch?x-yt-ts=1422327029&v=7Ui3tLbzIgQ&feature=player_embedded&x-yt-cl=84838260#t=713time:
11:53-12:24Also with encryption one of the things that we've seen is: given this sort of dark age mentality that you've mentioned, there really are two risks:
One is that the algorithm itself could be weak-- A weakness that we are not currently aware of.
Also the implementation could be bad. When we get new crypto tools it normally takes a number of years before we know they're robust; Before we know they're reliable. They have to be reviewed by a number of people. They have to be broken a number of times and they have to be fixed. And eventually they reach a level where they're sort of defensible.
-Edward Snowden, Jan 23 2015.
Also, a little bit later in the same video, Bruce Schneier talks about backdoor entered into linux code that almost got through.
(time:
13:31-15:53)
----------------------------------------------------
These are the same kind of concerns that entered my mind. My intent of this thread is twofold: 1.) to pass this knowledge on to raise community awareness (as bitcoin is open source), and 2.) To see if any individuals can come forth to provide information that the new library is safe. And how we can know that so quickly when Snowden himself says it can take years to fully prove it (as in the first quoted passage above).
I want it to be clear that there is no present threat to Bitcoin that I'm aware of. I am being preemptive.
My logic is that if we can all spot this kind of infiltration, then it will be less likely to happen in the future. And I want a safe Bitcoin for years to come.
----------------------------------------------------
Feb 19, 2015 UPDATE:Bitcoin Developer Peter Wuille speaks about the new lipsecp256k1 library
here in this video.