Pages:
Author

Topic: A basic question - page 5. (Read 5598 times)

legendary
Activity: 1988
Merit: 1012
Beyond Imagination
April 02, 2015, 09:15:16 AM
#31
Two problems:

1. you can not calculate the public key from the address, since the conversion is not lossless. This is similar to, you can not get the raw picture data from a compressed JPG file, since lots of raw data have been thrown away during the compression. The only way is to guess the missing part using brute force. That is only possible by a 256 bits quantum computer, which only exists in imagination

2. You can get the public key in an transaction if one address has spent its coins. Then it is theoretically possible to calculate the private key using public key, by using a specially designed 256 bits quantum computer, which only exists in imagination

In fact, the difficulty for quantum computer lies in the calculation. You can factor large numbers since the calculation is extremely simple, just multiply, but to do hash function using quantum computer would be a huge challenge
legendary
Activity: 3528
Merit: 4945
April 02, 2015, 08:33:35 AM
#30
There is a difference between the appearance of entropy and the reality of it. Something encrypted is most definitely not random. It is made to appear random. But that is not the same as being random.

Fortunately, nothing in bitcoin is encrypted.  Furthermore, hashes are not "random"  they are entirely deterministic.  Every time I perform SHA-256 against the words "no-ice-please is spouting off words without taking the time to understand the processes that he is attempting to discuss", I will ALWAYS get the result: bf403c0c12e1f27f5bd372b4724a2a41bbc2360a02c52ead40b4c7b4b66e6d11.  There is nothing random about it.  However, you aren't going to find a pattern in the SHA-256 inputs and outputs that will allow you to look at the hash: 1e39dffd07a1690be370193a7c03ae6e494f2adb98a8391c83c4920a5951f857 and figure out exactly what text I started with.  It is deterministic, but it isn't reversible.

Someone mentioned that md5 has weaknesses.

Certainly.

Is that an ancient cryptographic system, untrusted in recent years?

Well that's a ridiculously non-specific question.

Ancient?  Like hundreds of years old?  No.

Untrusted?  That depends on the person doing the trusting and the purpose that it's being used for.

Recent?  Like within the past few hours?  Sure.

So in 2012 Microsoft was using a flawed cryptographic system,

Microsoft does a lot of stupid things.  I don't understand the point you're trying to make.

and each of the people on this thread who defend sha256 probably would have defended md5.

I'd still defend MD5 as being perfectly suitable for some purposes.  MD5 (and SHA-1, and SHA-2, and RIPEMD-160) is just a tool.  When used properly, it can serve a purpose.  When used improperly, it will result in problems.

Note that MD5 didn't go from "very secure" to "completely useless" in a matter of hours (or days, or weeks).  There were incremental advancements on finding weaknesses in the algorithm building on those weaknesses.  There was a significant amount of time between when the first weakness was identified and when it was possible to forge a certificate.  Those aware of advancements in cryptography (the same types of people that contribute to the bitcoin protocol) would have been aware of the early discoveries and would have had plenty of time to adopt newer algorithms as needed.

Anyway, hypothetically, if a credible flaw were found in sha then the effect would be to help scrypt coins.

Perhaps.  Or perhaps the effect would be to increase the mining difficulty in bitcoin and work towards replacing SHA-2 in the generation of bitcoin addresses.

Note that if it was possible today to calculate an ECDSA 256 bit public key from its SHA-256 hash in a fraction of a second, bitcoin would still be perfectly secure.  The public key is broadcast EVERY time you spend your bitcoins.  Knowing it isn't going to help you steal someone's bitcoins.
hero member
Activity: 658
Merit: 500
April 01, 2015, 09:17:52 PM
#29
and each of the people on this thread who defend sha256 probably would have defended md5.

You're just jumping to conclusions.

Anyway, hypothetically, if a credible flaw were found in sha then the effect would be to help scrypt coins.

And if a credible flaw were found in scrypt, we would need to find other hashing algorithms. What's your point?
legendary
Activity: 1176
Merit: 1011
April 01, 2015, 02:22:26 AM
#28

As I understand it, sha256 uses 32 bit characters,
You understood wrong.

That is a very rough example but again it shows that using more complex numbers, like having a large number of possible addresses, gives a false impression of security.
You really have a false conception of the underlying math.

It's not "more complex" numbers. It's longer numbers, as in, more bits. With no correlation. More entropy. And more entropy does not mean more detectable patterns, it means harder to guess.
hero member
Activity: 493
Merit: 500
March 31, 2015, 03:27:32 PM
#27
Although hashing is used, both in the ECDSA calculations, as well as in additional steps to calculate the address from the public key.

True, but to get from a public key to a private key, reversing the hashing algorithm will get you exactly nowhere.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
March 31, 2015, 02:48:43 PM
#26
Okay, that is clear, but a hash is not a random number.

The relationship between a private and public key is not based on a hash.  Bitcoin uses an elliptic curve algorithm.  Here's a good primer: https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm

This particular type of public/private key algorithm is used all over the place.  If it were cracked, huge portions of our electronic security systems would collapse.  So if you do crack it, you should probably choose a more lucrative target than bitcoin.

Although hashing is used, both in the ECDSA calculations, as well as in additional steps to calculate the address from the public key.
hero member
Activity: 493
Merit: 500
March 31, 2015, 02:42:24 PM
#25
Okay, that is clear, but a hash is not a random number.

The relationship between a private and public key is not based on a hash.  Bitcoin uses an elliptic curve algorithm.  Here's a good primer: https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm

This particular type of public/private key algorithm is used all over the place.  If it were cracked, huge portions of our electronic security systems would collapse.  So if you do crack it, you should probably choose a more lucrative target than bitcoin.
legendary
Activity: 3528
Merit: 4945
March 31, 2015, 02:22:18 PM
#24
You clearly don't understand much about what you are talking about and you are taking a very simplistic understanding of arithmetic and attempting to apply it to a very complex area of mathematics (specifically cryptography).

Lets try and get you straightened out on the very basics that you're lost on before we waste time trying to help you see the more complex areas of digital signature algorithms and hashes.

As I understand it, sha256 uses 32 bit characters,

You are mistaken.  SHA256 uses two hundred fifty-six single bit characters. Each and every one of those characters is either a 1 or a 0.  The results are converted to base58 for display to humans, but the math is all done in binary.  You are welcome to convert the 256 bit primary key and the 512 bit public key into any format you like, it won't change the security of the underlying binary numbers.

Certainly it would take a long time to find many using a pen and paper. With a calculator someone who knew math could find a bunch of these patterns for any particular number base quickly. With a regular computer you could find quite a few patterns in a short time.

You are talking about patterns as if they are guaranteed to exist.  It is quite likely that there are no discoverable patterns linking an ECDSA private key to an associated bitcoin publick key hash.  Clearly if they do exist, then they can't be found with a regular computer "in a short time", because people have been trying to crack these cryptographic functions for many years and nobody has been successful yet.
 
You might be able to say for example " looking at that bitcoin address it is possible to say that the associated private key does not contain the string '234' ".

That is almost certainly not something that is going to happen.

That is a very rough example but again it shows that using more complex numbers, like having a large number of possible addresses, gives a false impression of security.

Fortunately bitcoin doesn't rely on complex numbers and a false impression of security.

Note that even if weaknesses are discovered in any of the cryptographic functions, there will almost certainly be plenty of time to adapt the protocol to user newer signature and hashing algorithms before those weaknesses are expanded enough to be a problem.  For example, weaknesses were discovered in the SHA-1 hashing algorithm a decade ago in 2005 and yet it would still work perfectly fine as a hashing function for bitcoin mining today if Sathoshi had chosen it instead of SHA-2

legendary
Activity: 1176
Merit: 1011
March 31, 2015, 03:18:06 AM
#23
If you could look at two bitcoin addresses and say "there is at least a 50.000001% chance that it is higher than another specific address" then, because of the astronomical number of addresses, all addresses would be vulnerable.
It's exactly 50%.

For any given random address, there is an equal probability for it (that's 2-256) belonging to ANY random private key.

donator
Activity: 1617
Merit: 1012
March 31, 2015, 01:39:47 AM
#22
Note that to convert from private key to bitcoin address you need to go through 2 transforms that are each "one-way", at least for now.

private key -> public key -> address

Someone already mentioned what these transforms are (EC PK cryptography and SHA256). Cryptographers spend their careers designing as well as trying to break these transforms, because they protect other stuff much more valuable than bitcoins.

Now you come out of the blue, claim you know nothing about cryptography, but assert that is should be easy to go directly from address -> private key because there must be some pattern that should be easy to find?
legendary
Activity: 1904
Merit: 1074
March 31, 2015, 12:21:23 AM
#21
When SHA256 gets too easy, they just incorporate SHA512 etc... etc.. The protocol could evolve with time and computational power.. It's not set in stone.  Wink

If you ever fear this possibility... watch this video -->  https://www.youtube.com/watch?v=ZloHVKk7DHk

"Quindecillion" is HUGE numbers! .... The metaphor he used with drawers was excellent to explain it.... The time and resources to solve this, will be HUGE and it will kill most of your profit from doing this.  Wink
legendary
Activity: 1092
Merit: 1001
March 31, 2015, 12:13:38 AM
#20

There is no formula or progression that exists.
If it did, then current known cryptographic systems used by world intelligence agencies would be rendered worthless.
It is not possible to do what you propose since calculating all addresses from private keys would also take thousands of years and millions of dollars.
You need to do more reading on how Bitcoin's cryptographic system is implemented and functions.



The whole basis of 'cracking' a code is finding a pattern.

When a code involves a small number of samples it can be hard to crack.

But bitcoin not only involves a large number, a very large number, it also lets a person easily generate an almost unlimited number of points to test.

Code breaking computers exist whose only purpose is to run vast numbers of tests on data samples looking for a pattern. In the case of bitcoin, all that would be needed would be the tiniest correlation between the position of low numbered private keys and their addresses.

If you took the first 1 million bitcoin addresses, generated from the lowest 1 million private keys, and you were able to find any difference whatsoever with the last million addresses, generated from the highest 1 million private keys, it would be the end of bitcoin using the current key/address system. Is there any such difference? There certainly is.

I was not talking about cracking "all possible addresses". i was talking about using a very selective tactic to solve one bitcoin address at a time by gradually narrowing the range of potential private keys it might have come from. It is the opposite of brute force and once it could be shown workable for one address it would be useful for any address. The question is not whether it is possible. It is. It is only a matter of finding a pattern.
...

Each address is supposed to be generated independently of other addresses. Thus, no pattern can be found between addresses.
If a private key, for example, ends in EpqWR73, and its corresponding address is gCaAbj23,
then the same private key, but ends in EpqWR74, its corresponding address is 55dXgH29.

There is no beginning or end or boundary to attempt to crack within.
The governments know this and don't waste time cracking,
they will just install malware through progs or etc to get around the cryptographic functions.

What you are describing is like finding Einstein's Unifying Theory.

EDIT: This video might be of interest to you, called "How did the NSA hack our emails?"
https://www.youtube.com/watch?v=ulg_AHBOIQU
This video shows that cryptographically, it is impossible to crack, so the NSA actually needed to place backdoors in the cryptographic functions, originally.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
March 30, 2015, 11:37:23 PM
#19

There is no formula or progression that exists.
If it did, then current known cryptographic systems used by world intelligence agencies would be rendered worthless.
It is not possible to do what you propose since calculating all addresses from private keys would also take thousands of years and millions of dollars.
You need to do more reading on how Bitcoin's cryptographic system is implemented and functions.



The whole basis of 'cracking' a code is finding a pattern.

When a code involves a small number of samples it can be hard to crack.

But bitcoin not only involves a large number, a very large number, it also lets a person easily generate an almost unlimited number of points to test.

Code breaking computers exist whose only purpose is to run vast numbers of tests on data samples looking for a pattern. In the case of bitcoin, all that would be needed would be the tiniest correlation between the position of low numbered private keys and their addresses.

If you took the first 1 million bitcoin addresses, generated from the lowest 1 million private keys, and you were able to find any difference whatsoever with the last million addresses, generated from the highest 1 million private keys, it would be the end of bitcoin using the current key/address system. Is there any such difference? There certainly is.

I was not talking about cracking "all possible addresses". i was talking about using a very selective tactic to solve one bitcoin address at a time by gradually narrowing the range of potential private keys it might have come from. It is the opposite of brute force and once it could be shown workable for one address it would be useful for any address. The question is not whether it is possible. It is. It is only a matter of finding a pattern.

Brute forcing a private key would be incredibly difficult considering that a password that is 10-15 digits is considered secure a private key would be beyond the computing capabilities of today. But in the future with large amounts of power it could be possible.

You are ignoring what I said. I have no interest in brute forcing keys.


Quote
That does make brute forcing near impossible, but it also makes a more sophisticated attack much easier.
Easier? Why? Just because people don't know about the iron door doesn't make it less sturdy.


Easier because you have literally trillions of trillions of possible data sets to test.

To my knowledge it hasn't been done.

On rare occasion, when something has never been
done before, an innovator steps up and opens a new door.

However, most times, there are reasons why things
that intuitively seem easy that no one (or few people)
can do, are actually difficult.

Many times those reasons aren't discovered until you
actually try for yourself.

So, try it.

Try to find a pattern.

Maybe you will come back
later and tell us you found
a pattern...or more likely
that you haven't and why not.

sr. member
Activity: 467
Merit: 267
March 30, 2015, 11:17:57 PM
#18
The question is not whether it is possible. It is. It is only a matter of finding a pattern.
Well, it's the difference between theory and practice. Since a hash has a finite length and can be applied on arbitrary long messages, there is an infinite number of collisions, and yet not a single one has been found.

And we can live on Mars, it's only a matter of building a colony there.
hero member
Activity: 658
Merit: 500
March 30, 2015, 10:49:47 PM
#17
I'll research it a bit more and decide whether to admit defeat or not.

Please do, because your hypothesis relies on baseless assumptions.
sr. member
Activity: 467
Merit: 267
March 30, 2015, 10:37:08 PM
#16
It would be easy to construct a proof that showed there was some qualitative difference between any two addresses or groups of addresses that corresponded with differences in private keys. It might be an extremely tiny difference but that is all that is needed.
Easy? I doubt it. You seem to think that a hash is calculated from a mathematical formula whether in fact the process is more akin to shuffling and combining a list of bits.

Quote
Many people believe that bitcoin's cryptographic strength comes from the high number of possible keys.
Right, it is a common misconception carried on by popular culture.

Quote
That does make brute forcing near impossible, but it also makes a more sophisticated attack much easier.
Easier? Why? Just because people don't know about the iron door doesn't make it less sturdy.

Quote
I'll research it a bit more and decide whether to admit defeat or not.
I recommend reading the papers on MD5. It was successfully cracked and its construction is the same as SHA-256.
newbie
Activity: 56
Merit: 0
March 30, 2015, 10:30:11 PM
#15
Brute forcing a private key would be incredibly difficult considering that a password that is 10-15 digits is considered secure a private key would be beyond the computing capabilities of today. But in the future with large amounts of power it could be possible.
full member
Activity: 210
Merit: 100
March 30, 2015, 09:52:30 PM
#14
Of course anything is possible, it's just not practical, and that's the design: to be elegantly simple, but incredibly convoluted at the same time.

Even if you had the "master" algorithm, modern computers can't crunch it, and humans can't do it on paper. That Satoshi was a genius. All this trouble for invisible money. LOL
legendary
Activity: 1092
Merit: 1001
March 30, 2015, 09:24:30 PM
#13
...
The obvious question then, does some formula or progression exist that could put bitcoin addresses in sequence? Any set of numbers that are derived from another set of numbers ultimately can be ordered in the same sequence as the original set. Therefore it seems that the "security" of the cryptography used in bitcoin would come not from the size of the number set but rather from the computational difficulty of converting private key to public address or vice versa. Since in bitcoin the conversion in one direction, i.e., private key to public address, requires little effort, there is really no security once a formula or progression rule for addresses is discovered. And such a fomula or progression is easily findable by anyone with a little skill in that kind of thing.
...

There is no formula or progression that exists.
If it did, then current known cryptographic systems used by world intelligence agencies would be rendered worthless.
It is not possible to do what you propose since calculating all addresses from private keys would also take thousands of years and millions of dollars.
You need to do more reading on how Bitcoin's cryptographic system is implemented and functions.

legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
March 30, 2015, 08:41:19 PM
#12
Most of the responses are over my head, but here is the basic point I try to make, even if it is not practical.

Private keys can be arranged from lowest to highest, 000... to 111... and the addresses that correspond to those keys can be put along side them.

Looking at any two addresses, there would seem to be exactly a 50% chance that address #1 comes from a private key that is lower than the private key for address #2.

If you knew for certain that one address came from a higher or lower numbered private key then you could slowly reduce the number of possible keys until you solved it.

The point that is importaant though is that the amount of certainty you would need is very low.

If you could look at two bitcoin addresses and say "there is at least a 50.000001% chance that it is higher than another specific address" then, because of the astronomical number of addresses, all addresses would be vulnerable.

As we've been trying to explain, there IS no way to way to know
if one address came from a higher or lower private key than
another address.
 
Why is that so hard to accept?
Pages:
Jump to: