Pages:
Author

Topic: "New address for each payment" is a logic bomb - page 5. (Read 9193 times)

legendary
Activity: 2142
Merit: 1010
Newbie
I'm not an expert at all, but after a quick search BLAKE2s came up, for example?

Did BLAKE2 exist when Satoshi was coding Bitcoin? Also RIPEMD-160 wasn't "sponsored" by the US govt, was it?
sr. member
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
So why take the risk of restraining the 256 bit key pairs to fit in a collision-more-likely 160 bit public address?

For security reason. If NSA knows how to reverse SHA-256, it may not know how to do the same with RIPEMD-160.

I can understand and agree with that, but there are other hash functions, it seems...
I'm not an expert at all, but after a quick search BLAKE2s came up, for example?
legendary
Activity: 2142
Merit: 1010
Newbie
So why take the risk of restraining the 256 bit key pairs to fit in a collision-more-likely 160 bit public address?

For security reason. If NSA knows how to reverse SHA-256, it may not know how to do the same with RIPEMD-160.
sr. member
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
I agree that public address should be a 256bit hash, too.
Why do we care about the size of the public base58 address, anyways?

It's either copied/pasted or QR-code-scanned, I'm pretty sure nobody ever typed-in an address char by char using a keyboard.
So why take the risk of restraining the 256 bit key pairs to fit in a collision-more-likely 160 bit public address?
legendary
Activity: 1176
Merit: 1005
Media will be happy to publish articles with "Bitcoin completely broken" title...

They wouldn't be the first completely moronic, uninformed media attention Bitcoin has survived. 

I'm not sure we should make technical decisions based on the moronic, uninformed opinions of, well, morons.  Seems the current system is inevitably going to lead to some measurable problems, while the alternative leads to a nearly unmeasurable chance of a problem.  Also, if that completely breaks Bitcoin, then the mere existence of brain wallets using bad passphrases is much more of a worry.
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
Maybe. As time passes probability of 51% attack goes to zero, while probability of collision attack goes to 100%.
We all know that Bitcoin will have to evolve or face technical obsolescence. We have no way to know *today* what changes will be correct in the future though. Bitcoin still uses a near optimum set of tradeoffs for today's technology because those decisions were made just a few years ago.

Bring this up again in about eight years.
legendary
Activity: 2142
Merit: 1010
Newbie
It's a PR attack.
You can launch a 51% attack just by expending more effort than all miners expend. Worrying about a PR attack that requires you to expend hundreds of times that effort is senseless.

Maybe. As time passes probability of 51% attack goes to zero, while probability of collision attack goes to 100%.
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
It's a PR attack.
You can launch a 51% attack just by expending more effort than all miners expend. Worrying about a PR attack that requires you to expend hundreds of times that effort is senseless.
legendary
Activity: 2142
Merit: 1010
Newbie
It's a PR attack. An attacker can even invest freshly printed millions dollars.
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
U can generate addresses much faster coz u don't need to know the private key. Pick any set of bytes and say it's a public key. 2^80 is not a big number.
If you don't know the private key, then there's no attack. But even so ..

Quote
Edit:
2^80 == (2^10)^8 ~ 1000^8 == 10^24.
And now look at the hash rate of Bitcoin network.
Okay, it's 7 years with the full hashing power of all Bitcoin mining. And all such an attacker would have is an account that he himself had compromised. He'd be a long way from compromising anyone else's account.
legendary
Activity: 2142
Merit: 1010
Newbie
But still, even if someone is generating billions of addresses a second for millions of years, the statistical odds are extremely low they would find a collision even under those circumstances.  I'm not a math whiz or I'd show you the proof, but I know the calculations have been done many times before, and always check out.

U can generate addresses much faster coz u don't need to know the private key. Pick any set of bytes and say it's a public key. 2^80 is not a big number.

Edit:
2^80 == (2^10)^8 ~ 1000^8 == 10^24.
And now look at the hash rate of Bitcoin network.
legendary
Activity: 2072
Merit: 1049
┴puoʎǝq ʞool┴
I think the math works out that there's more Bitcoin addresses than there are atoms in the universe.  Basically, it's been talked about many times, and it's nothing to worry about.

True, BUT there is still the possibility of a collision!
legendary
Activity: 1400
Merit: 1005
I think the math works out that there's more Bitcoin addresses than there are atoms in the universe.  Basically, it's been talked about many times, and it's nothing to worry about.

U r talking about a case when u need to create a collision for one special address. Read http://en.wikipedia.org/wiki/Birthday_problem plz.
But still, even if someone is generating billions of addresses a second for millions of years, the statistical odds are extremely low they would find a collision even under those circumstances.  I'm not a math whiz or I'd show you the proof, but I know the calculations have been done many times before, and always check out.
legendary
Activity: 2142
Merit: 1010
Newbie
I think the math works out that there's more Bitcoin addresses than there are atoms in the universe.  Basically, it's been talked about many times, and it's nothing to worry about.

U r talking about a case when u need to create a collision for one special address. Read http://en.wikipedia.org/wiki/Birthday_problem plz.
legendary
Activity: 1400
Merit: 1005
I think the math works out that there's more Bitcoin addresses than there are atoms in the universe.  Basically, it's been talked about many times, and it's nothing to worry about.
legendary
Activity: 2142
Merit: 1010
Newbie
As u know, each time u make a payment Satoshi's client generates a new address to send change to. He (or someone else) also advised to create a new address each time someone needs to receive a payment (for anonymity reason). Entropy of an address is 160 bits (due to RIPEMD-160 "compression"). Applying Birthday Paradox we get that when 2^80 addresses are created we will, likely, get a collision. This is not critical, coz "older" address will be empty, probably. But this can be used in black PR against Bitcoin. An adversary (who is generating addresses non-stop) will be able to show 2 different public keys with the same address. Media will be happy to publish articles with "Bitcoin completely broken" title...
Pages:
Jump to: