Topic: Multiple Hashing Algorithms Make a Coin More Secure? (Read 1649 times)
Thank you for all the replies, especially Vorksholk's educational post.
In reply to Vorksholk:
Thanks for your informative post. I just want to add a few more ideas I have to the discussion.
I think it is quite possible for someone to invent an asic for almost every possible hashing configuration we can think of. Even when switching the order or behavior of hashing functions, it may be possible to create a microcontroller that allows an asic to be dynamic enough to work. So long as we give miners the incentive to mine, they will invent more efficient ways to do it.
I think it is very healthy for the world to have many different cryptocurrencies that each use different hashing algorithms or combinations thereof. Thankfully, with the invention of Proof-of-stake, even very small currencies can resist 51% attacks, so it is no longer an issue.
I am very confident that humans are smart enough to crack every kind of mathematical mystery, whether it be cryptographic hashing functions or even prime factorization itself. It becomes easier to understand SHA-256 when we can leverage the data created by the miners continuously using it. It will probably be only a short time before it can be compromised.
On the other hand, I am sure that humans are smart enough to find new, secure cryptographic methods. Whoever is too slow to adopt the new technologies will find their obsolete bitcoins worthless.
Maybe I am being too cynical. Perhaps it will be possible to migrate the current bitcoin blockchain and userbase to newer technology while preserving their assets.
I'd love to hear more thoughts on all these issues.
Thanks for your informative post. I just want to add a few more ideas I have to the discussion.
I think it is quite possible for someone to invent an asic for almost every possible hashing configuration we can think of. Even when switching the order or behavior of hashing functions, it may be possible to create a microcontroller that allows an asic to be dynamic enough to work. So long as we give miners the incentive to mine, they will invent more efficient ways to do it.
I think it is very healthy for the world to have many different cryptocurrencies that each use different hashing algorithms or combinations thereof. Thankfully, with the invention of Proof-of-stake, even very small currencies can resist 51% attacks, so it is no longer an issue.
I am very confident that humans are smart enough to crack every kind of mathematical mystery, whether it be cryptographic hashing functions or even prime factorization itself. It becomes easier to understand SHA-256 when we can leverage the data created by the miners continuously using it. It will probably be only a short time before it can be compromised.
On the other hand, I am sure that humans are smart enough to find new, secure cryptographic methods. Whoever is too slow to adopt the new technologies will find their obsolete bitcoins worthless.
Maybe I am being too cynical. Perhaps it will be possible to migrate the current bitcoin blockchain and userbase to newer technology while preserving their assets.
I'd love to hear more thoughts on all these issues.
Ha ha I just read that post and was thinking the same thing ...
Vork , cool ideas !
Why hasn't anyone worked on this I wonder ?
Vorkcoin and Vorkminer coming ? Ha ha
** of course lots of people have no worries about ASICs per say, the issue is with market inequities, the relationship and incentives for ASIC manufacturers are not always simple and clear.
In contrast the production cycle of a corporation like, for example AMD, from manufacturing to end user is much clearer.
Its these unique issues that reinforce the relevance of your educated words volk.
Vork , cool ideas !
Why hasn't anyone worked on this I wonder ?
Vorkcoin and Vorkminer coming ? Ha ha
** of course lots of people have no worries about ASICs per say, the issue is with market inequities, the relationship and incentives for ASIC manufacturers are not always simple and clear.
In contrast the production cycle of a corporation like, for example AMD, from manufacturing to end user is much clearer.
Its these unique issues that reinforce the relevance of your educated words volk.
Hashing algorithms become irreversable due to their 'loss' of data. Consider some simple circuit logic:
1101001101010110 XOR 0110101000011000 = 1011100101001110. However, given 1011100101001110, you couldn't give me, with certainty, the two inputs that were XOR'd together. To simplify this further, let's take the example of multiplication. If I give you 6 and 9, you can quickly tell me '54'. However, if I gave you 54, you wouldn't be able to tell me which two numbers I multiplied together. You could guess, and you could give me a list of possibilities, and one of them would likely be correct. However, consider doing this 'stacked' thousands of times. The idea is that, as you continue to guess all the possible inputs, and all the possible inputs to create those inputs, your search area grows exponentially. This is, of course, a very vague simplification of the internals of a hashing function, but it gives an idea as to how they work. If someone does figure out some sort of shortcut for the algorithm, they could very easily mine faster, but this isn't a likely possibility. If someone was able to find some method of actually reversing SHA256, then the coin would certainly be more secure having multiple hashes.
For example, say we were just considering a normal password, rather than something for bitcoin. Say our password is 'passw0rd12345' (pretty great, right?). Hashing functions aim to be one-to-one mappings, however this isn't quite the case. This means, of course, that if a hash output was 16 characters of hexadecimal long, it has a total of 16^16th possibilities for outputs. However, you need to understand the idea of collisions, and the idea of entropy. Entropy is the 'randomness' for lack of a better term of a system. It's a measure of chaos. If I have a ACTUALLY random string of 100 characters, each of which can be either an a or a b, I have 2^100 entropy, or a 2^100 sample space. Now, given SHA256 has 16^64 bits of entropy if it existed as a perfect hashing function. A hashing function can only reduce entropy. If my input has more than 16^64 bits of entropy, then it is automatically reduced to the entropy of the hashing function. Since SHA256 isn't perfect and doesn't fully live up to its potential entropy (aka it has collisions, where two inputs give one output/the same output, although one has yet to be found), each SHA256(string) has some loss of entropy. If we continually feed data into a SHA256 loop (SHA256(SHA256(SHA256(SHA256......(string)....)))) we slowly lose entropy.
While having six or seven hashing functions would ensure that, if some of the hashing functions were compromised, the network would continue to function properly. For example, if you has a(b(c(d(e(string))))), where a, b, c, d, and e are all hashing functions, and b was compromised, that doesn't compromise the entire system, quite clearly. But, if you get too complex with the layering of hashing functions, you can carelessly loose entropy. Someone, to make such a coin, would have to make sure that all the hashing algorithms provide the required entropy, and that one of them critically reduce entropy due to a bug. It's certainly an idea worth implementing for someone who has the skills and knowledge, but it would just have to be done carefully.
Additionally, I think the idea of multiple algorithms has another interesting use--ASIC-resistant networks. Imagine a coin which was able to reorganize the hashing algorithms in order, complexity, length, entropy, etc. based on blockchain data. For example, say we have six hashing functions, a-f. For 100 blocks, the network could use a(c(d(e(a(c(d(b(a(f(f(e(f(c(info)))))))))))))). Then, the network could switch to a(d(f(e(c(a(f(d(b(b(b(b(a(c(info))))))))))))). It would be hard to design an ASIC to do this. However, it's still perfectly dooable. Now, imagine if the network could change the actual algorithm behind a. Maybe, a would have an injected starting value of the last 16 bits of the retarget block. Or perhaps the order of XOR, AND, and OR in the algorithm would be remixed depending on orders dictated by some pre-determined number of bits in the retarget block. Every client would be able to calculate the required hashing algorithm data and could mine with it. GPUs, CPUs would fairly easily adapt to changes, although mining software might be a bit of a PITA to write. However, creating an ASIC that is capable of changing the very circuit logic that backs the algorithms would be nearly impossible, given the static nature of ASIC chips.
People keep complaining about not having a way to be ASIC-resistant. If a developer was willing to put in the time and money, they could certainly create a coin which could never have ASICs created for it (unless the idea of ASICs were reinvented).
1101001101010110 XOR 0110101000011000 = 1011100101001110. However, given 1011100101001110, you couldn't give me, with certainty, the two inputs that were XOR'd together. To simplify this further, let's take the example of multiplication. If I give you 6 and 9, you can quickly tell me '54'. However, if I gave you 54, you wouldn't be able to tell me which two numbers I multiplied together. You could guess, and you could give me a list of possibilities, and one of them would likely be correct. However, consider doing this 'stacked' thousands of times. The idea is that, as you continue to guess all the possible inputs, and all the possible inputs to create those inputs, your search area grows exponentially. This is, of course, a very vague simplification of the internals of a hashing function, but it gives an idea as to how they work. If someone does figure out some sort of shortcut for the algorithm, they could very easily mine faster, but this isn't a likely possibility. If someone was able to find some method of actually reversing SHA256, then the coin would certainly be more secure having multiple hashes.
For example, say we were just considering a normal password, rather than something for bitcoin. Say our password is 'passw0rd12345' (pretty great, right?). Hashing functions aim to be one-to-one mappings, however this isn't quite the case. This means, of course, that if a hash output was 16 characters of hexadecimal long, it has a total of 16^16th possibilities for outputs. However, you need to understand the idea of collisions, and the idea of entropy. Entropy is the 'randomness' for lack of a better term of a system. It's a measure of chaos. If I have a ACTUALLY random string of 100 characters, each of which can be either an a or a b, I have 2^100 entropy, or a 2^100 sample space. Now, given SHA256 has 16^64 bits of entropy if it existed as a perfect hashing function. A hashing function can only reduce entropy. If my input has more than 16^64 bits of entropy, then it is automatically reduced to the entropy of the hashing function. Since SHA256 isn't perfect and doesn't fully live up to its potential entropy (aka it has collisions, where two inputs give one output/the same output, although one has yet to be found), each SHA256(string) has some loss of entropy. If we continually feed data into a SHA256 loop (SHA256(SHA256(SHA256(SHA256......(string)....)))) we slowly lose entropy.
While having six or seven hashing functions would ensure that, if some of the hashing functions were compromised, the network would continue to function properly. For example, if you has a(b(c(d(e(string))))), where a, b, c, d, and e are all hashing functions, and b was compromised, that doesn't compromise the entire system, quite clearly. But, if you get too complex with the layering of hashing functions, you can carelessly loose entropy. Someone, to make such a coin, would have to make sure that all the hashing algorithms provide the required entropy, and that one of them critically reduce entropy due to a bug. It's certainly an idea worth implementing for someone who has the skills and knowledge, but it would just have to be done carefully.
Additionally, I think the idea of multiple algorithms has another interesting use--ASIC-resistant networks. Imagine a coin which was able to reorganize the hashing algorithms in order, complexity, length, entropy, etc. based on blockchain data. For example, say we have six hashing functions, a-f. For 100 blocks, the network could use a(c(d(e(a(c(d(b(a(f(f(e(f(c(info)))))))))))))). Then, the network could switch to a(d(f(e(c(a(f(d(b(b(b(b(a(c(info))))))))))))). It would be hard to design an ASIC to do this. However, it's still perfectly dooable. Now, imagine if the network could change the actual algorithm behind a. Maybe, a would have an injected starting value of the last 16 bits of the retarget block. Or perhaps the order of XOR, AND, and OR in the algorithm would be remixed depending on orders dictated by some pre-determined number of bits in the retarget block. Every client would be able to calculate the required hashing algorithm data and could mine with it. GPUs, CPUs would fairly easily adapt to changes, although mining software might be a bit of a PITA to write. However, creating an ASIC that is capable of changing the very circuit logic that backs the algorithms would be nearly impossible, given the static nature of ASIC chips.
People keep complaining about not having a way to be ASIC-resistant. If a developer was willing to put in the time and money, they could certainly create a coin which could never have ASICs created for it (unless the idea of ASICs were reinvented).
What a great post that is!! Hopefully people will read it and become more educated! Kudos!
Hashing algorithms become irreversable due to their 'loss' of data. Consider some simple circuit logic:
1101001101010110 XOR 0110101000011000 = 1011100101001110. However, given 1011100101001110, you couldn't give me, with certainty, the two inputs that were XOR'd together. To simplify this further, let's take the example of multiplication. If I give you 6 and 9, you can quickly tell me '54'. However, if I gave you 54, you wouldn't be able to tell me which two numbers I multiplied together. You could guess, and you could give me a list of possibilities, and one of them would likely be correct. However, consider doing this 'stacked' thousands of times. The idea is that, as you continue to guess all the possible inputs, and all the possible inputs to create those inputs, your search area grows exponentially. This is, of course, a very vague simplification of the internals of a hashing function, but it gives an idea as to how they work. If someone does figure out some sort of shortcut for the algorithm, they could very easily mine faster, but this isn't a likely possibility. If someone was able to find some method of actually reversing SHA256, then the coin would certainly be more secure having multiple hashes.
For example, say we were just considering a normal password, rather than something for bitcoin. Say our password is 'passw0rd12345' (pretty great, right?). Hashing functions aim to be one-to-one mappings, however this isn't quite the case. This means, of course, that if a hash output was 16 characters of hexadecimal long, it has a total of 16^16th possibilities for outputs. However, you need to understand the idea of collisions, and the idea of entropy. Entropy is the 'randomness' for lack of a better term of a system. It's a measure of chaos. If I have a ACTUALLY random string of 100 characters, each of which can be either an a or a b, I have 2^100 entropy, or a 2^100 sample space. Now, given SHA256 has 16^64 bits of entropy if it existed as a perfect hashing function. A hashing function can only reduce entropy. If my input has more than 16^64 bits of entropy, then it is automatically reduced to the entropy of the hashing function. Since SHA256 isn't perfect and doesn't fully live up to its potential entropy (aka it has collisions, where two inputs give one output/the same output, although one has yet to be found), each SHA256(string) has some loss of entropy. If we continually feed data into a SHA256 loop (SHA256(SHA256(SHA256(SHA256......(string)....)))) we slowly lose entropy.
While having six or seven hashing functions would ensure that, if some of the hashing functions were compromised, the network would continue to function properly. For example, if you has a(b(c(d(e(string))))), where a, b, c, d, and e are all hashing functions, and b was compromised, that doesn't compromise the entire system, quite clearly. But, if you get too complex with the layering of hashing functions, you can carelessly loose entropy. Someone, to make such a coin, would have to make sure that all the hashing algorithms provide the required entropy, and that one of them critically reduce entropy due to a bug. It's certainly an idea worth implementing for someone who has the skills and knowledge, but it would just have to be done carefully.
Additionally, I think the idea of multiple algorithms has another interesting use--ASIC-resistant networks. Imagine a coin which was able to reorganize the hashing algorithms in order, complexity, length, entropy, etc. based on blockchain data. For example, say we have six hashing functions, a-f. For 100 blocks, the network could use a(c(d(e(a(c(d(b(a(f(f(e(f(c(info)))))))))))))). Then, the network could switch to a(d(f(e(c(a(f(d(b(b(b(b(a(c(info))))))))))))). It would be hard to design an ASIC to do this. However, it's still perfectly dooable. Now, imagine if the network could change the actual algorithm behind a. Maybe, a would have an injected starting value of the last 16 bits of the retarget block. Or perhaps the order of XOR, AND, and OR in the algorithm would be remixed depending on orders dictated by some pre-determined number of bits in the retarget block. Every client would be able to calculate the required hashing algorithm data and could mine with it. GPUs, CPUs would fairly easily adapt to changes, although mining software might be a bit of a PITA to write. However, creating an ASIC that is capable of changing the very circuit logic that backs the algorithms would be nearly impossible, given the static nature of ASIC chips.
People keep complaining about not having a way to be ASIC-resistant. If a developer was willing to put in the time and money, they could certainly create a coin which could never have ASICs created for it (unless the idea of ASICs were reinvented).
1101001101010110 XOR 0110101000011000 = 1011100101001110. However, given 1011100101001110, you couldn't give me, with certainty, the two inputs that were XOR'd together. To simplify this further, let's take the example of multiplication. If I give you 6 and 9, you can quickly tell me '54'. However, if I gave you 54, you wouldn't be able to tell me which two numbers I multiplied together. You could guess, and you could give me a list of possibilities, and one of them would likely be correct. However, consider doing this 'stacked' thousands of times. The idea is that, as you continue to guess all the possible inputs, and all the possible inputs to create those inputs, your search area grows exponentially. This is, of course, a very vague simplification of the internals of a hashing function, but it gives an idea as to how they work. If someone does figure out some sort of shortcut for the algorithm, they could very easily mine faster, but this isn't a likely possibility. If someone was able to find some method of actually reversing SHA256, then the coin would certainly be more secure having multiple hashes.
For example, say we were just considering a normal password, rather than something for bitcoin. Say our password is 'passw0rd12345' (pretty great, right?). Hashing functions aim to be one-to-one mappings, however this isn't quite the case. This means, of course, that if a hash output was 16 characters of hexadecimal long, it has a total of 16^16th possibilities for outputs. However, you need to understand the idea of collisions, and the idea of entropy. Entropy is the 'randomness' for lack of a better term of a system. It's a measure of chaos. If I have a ACTUALLY random string of 100 characters, each of which can be either an a or a b, I have 2^100 entropy, or a 2^100 sample space. Now, given SHA256 has 16^64 bits of entropy if it existed as a perfect hashing function. A hashing function can only reduce entropy. If my input has more than 16^64 bits of entropy, then it is automatically reduced to the entropy of the hashing function. Since SHA256 isn't perfect and doesn't fully live up to its potential entropy (aka it has collisions, where two inputs give one output/the same output, although one has yet to be found), each SHA256(string) has some loss of entropy. If we continually feed data into a SHA256 loop (SHA256(SHA256(SHA256(SHA256......(string)....)))) we slowly lose entropy.
While having six or seven hashing functions would ensure that, if some of the hashing functions were compromised, the network would continue to function properly. For example, if you has a(b(c(d(e(string))))), where a, b, c, d, and e are all hashing functions, and b was compromised, that doesn't compromise the entire system, quite clearly. But, if you get too complex with the layering of hashing functions, you can carelessly loose entropy. Someone, to make such a coin, would have to make sure that all the hashing algorithms provide the required entropy, and that one of them critically reduce entropy due to a bug. It's certainly an idea worth implementing for someone who has the skills and knowledge, but it would just have to be done carefully.
Additionally, I think the idea of multiple algorithms has another interesting use--ASIC-resistant networks. Imagine a coin which was able to reorganize the hashing algorithms in order, complexity, length, entropy, etc. based on blockchain data. For example, say we have six hashing functions, a-f. For 100 blocks, the network could use a(c(d(e(a(c(d(b(a(f(f(e(f(c(info)))))))))))))). Then, the network could switch to a(d(f(e(c(a(f(d(b(b(b(b(a(c(info))))))))))))). It would be hard to design an ASIC to do this. However, it's still perfectly dooable. Now, imagine if the network could change the actual algorithm behind a. Maybe, a would have an injected starting value of the last 16 bits of the retarget block. Or perhaps the order of XOR, AND, and OR in the algorithm would be remixed depending on orders dictated by some pre-determined number of bits in the retarget block. Every client would be able to calculate the required hashing algorithm data and could mine with it. GPUs, CPUs would fairly easily adapt to changes, although mining software might be a bit of a PITA to write. However, creating an ASIC that is capable of changing the very circuit logic that backs the algorithms would be nearly impossible, given the static nature of ASIC chips.
People keep complaining about not having a way to be ASIC-resistant. If a developer was willing to put in the time and money, they could certainly create a coin which could never have ASICs created for it (unless the idea of ASICs were reinvented).
Ehem.
I don't believe these cryptocoins chose to use multiple hashes in order to avoid 51% attacks. I believe the security of using multiple hashing algorithms is the security from the difficulty of mathematically understanding the algorithms themselves.
No matter how much hashing power the Bitcoin network attracts, there might always be some smart cookie that successfully cryptanalyses SHA-256. It is quite possible that someone will be able to understand the algorithm enough that (in the best case) they can mine blocks without needing a computer, or (in the worst case) they will sell their knowledge to anyone interested in shutting down the bitcoin network. It will be simple to do so, because almost all of the security of the currency relies on the complexity of SHA-256.
Also, in regards to the opinion that making a 51% attack against bitcoin is so difficult as to be impossible, I offer this rebuttal:
ASIC innovation means that, at least right now, anyone with a few million dollars can purchase enough processing power to SHUTDOWN bitcoin, especially when considering that most miners will leave as soon as they are unable to compete profitably. You see, because the POW system of bitcoin relies on the profitability of mining to attract computing power, it will inevitably become centralized. Remember the countless cases of corporate monopolization that have happened. Anytime competitors came along, the big fish would swallow them up by buying them. These kinds of situations can only be stopped by governmental intervention, but there is no government interested in protecting free bitcoin users.
This is to say, we should never put a price tag on security. There is always someone willing to pay enough to control other people. In order to have real security, we must rely on technological innovation.
Also, POS systems seem to be more sane approaches to security because, by design, the holders of POS currencies are the ones that control it, NOT miners. Yet, fundamentally, they are still susceptible to monopolization, but at least 51% of the users' money will already be sold before its too late.
I don't believe these cryptocoins chose to use multiple hashes in order to avoid 51% attacks. I believe the security of using multiple hashing algorithms is the security from the difficulty of mathematically understanding the algorithms themselves.
No matter how much hashing power the Bitcoin network attracts, there might always be some smart cookie that successfully cryptanalyses SHA-256. It is quite possible that someone will be able to understand the algorithm enough that (in the best case) they can mine blocks without needing a computer, or (in the worst case) they will sell their knowledge to anyone interested in shutting down the bitcoin network. It will be simple to do so, because almost all of the security of the currency relies on the complexity of SHA-256.
Also, in regards to the opinion that making a 51% attack against bitcoin is so difficult as to be impossible, I offer this rebuttal:
ASIC innovation means that, at least right now, anyone with a few million dollars can purchase enough processing power to SHUTDOWN bitcoin, especially when considering that most miners will leave as soon as they are unable to compete profitably. You see, because the POW system of bitcoin relies on the profitability of mining to attract computing power, it will inevitably become centralized. Remember the countless cases of corporate monopolization that have happened. Anytime competitors came along, the big fish would swallow them up by buying them. These kinds of situations can only be stopped by governmental intervention, but there is no government interested in protecting free bitcoin users.
This is to say, we should never put a price tag on security. There is always someone willing to pay enough to control other people. In order to have real security, we must rely on technological innovation.
Also, POS systems seem to be more sane approaches to security because, by design, the holders of POS currencies are the ones that control it, NOT miners. Yet, fundamentally, they are still susceptible to monopolization, but at least 51% of the users' money will already be sold before its too late.
It isn't so much which hash you use or how many types of hashes you use, as do you have more than 50% of the GPUs or CPUs or whatever the world can muster?
Bitcoin seems reasonably secure because you can add up the computing power of gosh knows how many of the top supercomputers and computing nets in the world and all working together they still do not add up to enough computing power to pull off an attack...
-MarkM-
Bitcoin seems reasonably secure because you can add up the computing power of gosh knows how many of the top supercomputers and computing nets in the world and all working together they still do not add up to enough computing power to pull off an attack...
-MarkM-
I believe that the coins are as strong as the best hash. What I mean is that if five out of the six hashes are compromised, the coin is still okay.
Please, anyone, tell me if I'm wrong. I bought some Quark's and SRC's assuming this.
Please, anyone, tell me if I'm wrong. I bought some Quark's and SRC's assuming this.
With more coins adopting multiple algorithms for hashing, such as sifcoin, quark and securecoin, I just want to ask does using multiple algorithms make it more secure than using any one of them individually? Or is the group of algorithms together only as secure as the weakest link?
All ideas welcomed.
All ideas welcomed.
Jump to: