Topic: Japanese researchers break 41 out of 64 steps of SHA256 with preimage attack. - page 2. (Read 8602 times)

41 out of 64 steps and each step getting  parabolically more difficult, now i know why i just cleaned up on the Price of coin 

A pre-image attack that does not encompass all 64 steps just results in something indistinguishable from the empirical effect of everyone in the world being able to hash faster. As long as access to those implementations is relatively widely known and not asymmetric, there is no threat to mining whatsoever.

Also its important to note that any implementation of a pre-image attack is going to have memory requirements well-above a normal reference SHA256d mining implementation, and it is not predictable a priori whether that will actually result in better real world performance than the current extremely low-memory brute force techniques.

Have you always been so charming?

I know, right? So my "forecast" is too good to be true. Reality is worse. Don't worry about your 0.01 bitcoins, no one is going to take them.

A lot of other things in the world would be more critically impacted than Bitcoin if SHA-256 were broken. Finding some random preimage of a SHA-256 hash is just one of the many steps needed in order to do a double spend. However, it is probably the only step needed to break into bank accounts if you already had a DB dump of userids and hashed passwords. Guess which one a crook would rather do?

That's not how it works .... its an elliptical curve ............ its not incremental steps.

Repeating this.

Thread can be closed now.  This responds to the original post.  And newbies need not fret.

-Burger-

Hahahahahaahah... mining.

Let's pretend it's 3 steps additional per year.

2010 = 41
2011 = 44
2012 = 47
2013 = 50
2014 = 53
2015 = 56
2016 = 59
2017 = 62
2018 = 65 (cracked, broken, whatever.)

We have several years to do something about it.

But, this isn't going to happen.

You make this stuff up as you type right?

You "could" if you made computers out of something other than matter and they occupied something other than space.

You could make a start on this attack by convincing people to pool their resources, perhaps by offering a financial incentive (maybe some bitcoins for contributing computing power)? People could even work on creating some sort of application specific hardware to efficiently search for SHA-256 hash values. You could structure it so that rewards are payed out proportionally to each persons contribution.

  really? noob?

Something like that. 

Everyone panic, IIRC in some limited applications the highest attack is on a 45 or 46 rounds.   

Attacks like those (with complexity of 2^120 or higher) can be considered impossible to implement.  The attack with practical complexity (in theory could be built in our lifetime at insane cost) is 24 rounds.  I am away from my home computer which has a folder of research articles so I am going off memory on those two records.

So they are up to 42 now then

I would also point out this "news" is from 2010.

Still even if this attack worked on the full SHA-2 algorithm the OP conclusion that one could create blocks infinitely fast isn't even close to accurate.

Still lets assume this attack worked on the full version of SHA-2 (64 rounds).  It doesn't so none of this is possible at any amount of time or energy but to illustrate how silly the OP "conclusions" are lets assume this attack does work on the full SHA-2.

Today mining has a difficulty of ~900 million.  That means it takes 3.86547E+12 (900 million * 2^32) hashes on average to solve a block.  To put it into cryptographic terms that is a complexity of 2^72.
Attempting a preimage attack of an existing SHA-256 hash by brute force has a complexity of 2^256.  So if you wanted to replace a block in the middle of the blockchain by brute force would require 2^256 attempts.  That is why we consider blocks deep in the blockchain "safe" because it is infeasible to replace a block by preimage.  Now an attacker can always build a longer chain to replace a block but that the deeper the block is the less probable that becomes (without 51% of hashrate).

So as a theoretical concept you can already replace a block in the blockchain it just requires an amount of energy and time that is beyond the life of our star.  So how much does this attack improve that equation?
This attack has a complexity of 2^253.5.  That's right 2 raised to the 253 1/2 instead of 256.   So it is a staggering 5.6 times easier than a (for all practical purposes impossible) brute force attack  [ 2^(256 - 253.5) ]. It is still 4.33455E+54 (that is 4 followed by 53 zeros) times harder than solo mining a block at difficulty 900 million [ 2^(253.5 - 72) ].  If the entire blockchain from the genesis block till today was all difficulty 900 million then the complexity of replacing the entire blockchain with a new one would be 2^90.  So for any amount of computing power in the time it takes to preimage a single block or transaction (2^253.5) one could mine 16,535,003,495,550,700,000,000,000,000,000,000,000,000,000,000,000 complete unique alternate copies of the Bitcoin blockchain.

In mining terms for someone to preimage a block in 600 seconds would require 34,115,571,461,443,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 PH/s of computing power.

Summary:
This attack doesn't have any effect on the full (64 round) SHA-2 hash function.  Researchers work on reduced round versions of algorithms because they are easier to break and it allows learning and progress which in theory someday over the course of years and decades could lead to an attack on the full algorithm.  This isn't anything new or novel.  There are at least 8 papers outlining similar theoretical attacks on reduced round versions of SHA-2.  Also the OP is an idiot if he think "heat death of the universe" = "instantly mine blocks".

Quark promoting FUD thread.
Nothing to see here.

Yet another thread to spread FUD.
The exponential function is there for a reason. Good luck with steps 50 and above.

You probably. Anyone else. I'm not sure.