Reused R values again | Bitcointalksearch.org

SpanishSoldier

sr. member

Activity: 728

Merit: 256

Quote from: amaclin on April 12, 2015, 11:45:25 AM

Quote from: cor on April 12, 2015, 11:25:02 AM

Processing fiat money transactions surely cost no less energy and resources. Maybe there are ways to incentive the network operation.

Today Bitcoin network runs at 346,145,605 GH/s ( according to https://bitcoinwisdom.com/bitcoin/difficulty )
and processes ~100k transactions dayly https://blockchain.info/charts/n-transactions
The question is: are you able to calculate how much energy takes processing & securing one transaction?

First time I wrote about the end of bitcoin (and all other decentralized cryptos) ~half year ago when the price was ~$400
In the early January when I gave three months the price was ~$300
Today the price is ~$230
Every day we are closer to the "stable state" when there are no value/no transactions/no markets
Sad but true.

Price went down to 180 in these four months and has gone above 300 after that. So your theory of price going steadily downward is wrong as well Wink

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: cor on April 12, 2015, 11:25:02 AM

Processing fiat money transactions surely cost no less energy and resources. Maybe there are ways to incentive the network operation.

Today Bitcoin network runs at 346,145,605 GH/s ( according to https://bitcoinwisdom.com/bitcoin/difficulty )
and processes ~100k transactions dayly https://blockchain.info/charts/n-transactions
The question is: are you able to calculate how much energy takes processing & securing one transaction?

First time I wrote about the end of bitcoin (and all other decentralized cryptos) ~half year ago when the price was ~$400
In the early January when I gave three months the price was ~$300
Today the price is ~$230
Every day we are closer to the "stable state" when there are no value/no transactions/no markets
Sad but true.

cor

full member

Activity: 121

Merit: 100

Quote from: amaclin on April 12, 2015, 11:08:02 AM

Quote from: SpanishSoldier on April 12, 2015, 10:24:06 AM

Quote from: amaclin on January 03, 2015, 06:32:52 PM

Quote

...When bitcoin accumulates few decades...

Bitcoin will die in three months maximum. May be sooner.

Four months over. Bitcoin is still alive. What about U ? Wink

I was wrong expecting death in this period. Sorry.
But the main problem is still here: bitcoin network spends too much energy for transaction securing & processing.
The game will be over soon.

Sure but Bitcoin is in the phase when it needs a solid infrastructure in order to sustain more development and more users...
Processing fiat money transactions surely cost no less energy and resources. Maybe there are ways to incentive the network operation.

Just like the internet in 90s needed a bigger network, good tools and information available for wider audience.
You may remember or know this vid:
https://www.youtube.com/watch?v=UlJku_CSyNg&spfreload=10&ab_channel=JasonMiklacic

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: SpanishSoldier on April 12, 2015, 10:24:06 AM

Quote from: amaclin on January 03, 2015, 06:32:52 PM

Quote

...When bitcoin accumulates few decades...

Bitcoin will die in three months maximum. May be sooner.

Four months over. Bitcoin is still alive. What about U ? Wink

I was wrong expecting death in this period. Sorry.
But the main problem is still here: bitcoin network spends too much energy for transaction securing & processing.
The game will be over soon.

SpanishSoldier

sr. member

Activity: 728

Merit: 256

Quote from: amaclin on January 03, 2015, 06:32:52 PM

Quote

...When bitcoin accumulates few decades...

Bitcoin will die in three months maximum. May be sooner.

Four months over. Bitcoin is still alive. What about U ? Wink

gmannnnn

member

Activity: 78

Merit: 10

Quote from: Amitabh S on January 30, 2015, 12:33:22 PM

I am using bitcoinj-0.11 for creating tx. Is this vulnerable?
Currently, I have not reused any address till now. However, I need to be sure I won't be affected by this.

no, bitcoinj's implementation is sound.

gmaxwell

staff

Activity: 4284

Merit: 8808

Quote from: Amitabh S on January 30, 2015, 11:07:17 AM

I just need one important question answered: why did Satoshi or whoever decide to use this highly vulnerable signature scheme?

LOL. What would you expect to be used instead?

There is nothing "highly vulnerable" here. The software getting hit are _extremely incompetent_. Incompetent implementations of cryptosystems are almost universally insecure.

That DSA requires state/randomness is an extra thing to get right and it would be preferable if that weren't so... but there isn't a reasonable alternative than some kind of DSA signature even now-- and certainly not when Bitcoin was created.... nor is one needed, when coupled with competent software; and without competent software you are already doomed.

johoe

full member

Activity: 217

Merit: 259

Quote from: Amitabh S on January 30, 2015, 12:33:22 PM

two questions:

1. Is it a problem is the same R value is used for two different addresses?

There is a problem, if the addresses were generated with a hierarchically deterministic wallet, e.g. BIP32, without strengthening. This is only a problem if an attacker can also obtain the master public key. The master public key is usually not very well protected to enable simple watch-only access. E.g., electrum doesn't encrypt it, Trezor tells it without requiring the PIN.

Quote from: Amitabh S on January 30, 2015, 12:33:22 PM

2. How do you find reused R values?

I simply walk through the 30 GB block database and search for duplicates (with a self-written program).

Quote from: Amitabh S on January 30, 2015, 12:33:22 PM

I am using bitcoinj-0.11 for creating tx. Is this vulnerable?
Currently, I have not reused any address till now. However, I need to be sure I won't be affected by this.

Newer bitcoinj uses RFC6979. I think bitcoinj-0.11 used SecureRandom from the Java library to generate k. Although the name suggests that it is safe, this library function was unfortunately broken on some platforms, especially Android.

You can check if one of your addresses exhibited a duplicated R value here:
http://johoe.mooo.com/bitcoin/endangered.txt

amaclin

legendary

Activity: 1260

Merit: 1019

Quote

1. Is it a problem is the same R value is used for two different addresses?

Yes. The owner of privkey1 can resolve privkey2 and visa versa

Quote

2. How do you find reused R values?

sort uniq -d
of course this is not only way

Amitabh S

legendary

Activity: 1001

Merit: 1005

Quote from: johoe on December 08, 2014, 12:38:41 PM

Quote from: btcdrak on December 08, 2014, 11:57:19 AM

this: http://www.reddit.com/r/Bitcoin/comments/2onm5r/blockchaininfo_security_disclosure/

Thanks, for the link. Although, if they already fixed this problem this morning, why are there still repeated R values generated?
I still find reused R values in new transactions. Is this just a browser cache issue or is the problem still not solved completely?

E.g.:

https://blockchain.info/tx/f10d5c469c634de25276aae9c4e14add80ad9c66000182fac1b30e72a99298fb

uses the same R values as:

https://blockchain.info/tx/cf0b65ec6a2f9b5e003358d7b9bb6e04b30138c4dba30724f600bf753bfc3f4a

two questions:

1. Is it a problem is the same R value is used for two different addresses?
2. How do you find reused R values?

For others:

I am using bitcoinj-0.11 for creating tx. Is this vulnerable?
Currently, I have not reused any address till now. However, I need to be sure I won't be affected by this.

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: amaclin on January 30, 2015, 11:19:12 AM

Because he/they didn't know about this vulnerability?

My guess is that and also that he/she/they didn't realise about the malleability issue (otherwise the sig would never have been included in the transaction hash).

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: Amitabh S on January 30, 2015, 11:07:17 AM

I just need one important question answered: why did Satoshi or whoever decide to use this highly vulnerable signature scheme?

Because he/they didn't know about this vulnerability?

Amitabh S

legendary

Activity: 1001

Merit: 1005

I just need one important question answered: why did Satoshi or whoever decide to use this highly vulnerable signature scheme?

TooDumbForBitcoin

legendary

Activity: 1638

Merit: 1001

Quote from: amaclin on December 13, 2014, 03:44:18 AM

Quote

How about you? No one but you chose to use counterparty or blockchain.info.

Great.
A have to add:
No one but you chose to use crypto-currency instead of national money.
You pay nothing to community - you have nothing back from it. Point.
This is law of conservation. Even Satoshi Nakamoto can not break it.

Transaction fees - read about them.

amaclin

legendary

Activity: 1260

Merit: 1019

Quote

And the award for "First BCT Poster to Show No Understanding of the Term 'Ponzi Scheme' in 2015" goes to ..... Amaclin! Congratulations.

Thank you. Where can I get it?

Quote

This is a threat, not a prediction.

It is physics and math. I can not do anything with it. The network will die itself with or without my opinion

TooDumbForBitcoin

legendary

Activity: 1638

Merit: 1001

Quote from: amaclin on January 03, 2015, 06:32:52 PM

Bitcoin will die in three months maximum. May be sooner.

This is a threat, not a prediction.

TooDumbForBitcoin

legendary

Activity: 1638

Merit: 1001

Quote from: amaclin on January 03, 2015, 07:02:44 PM

Quote

Bitcoin is an ongoing experiment, not a finished product.
Hence, we enjoy some of the early adopter's advantage.

No. You enjoy seeing the fall of one another financial pyramid. You are not early adopter today.
You are looser in ponzi scheme called "crypto-currency"

And the award for "First BCT Poster to Show No Understanding of the Term 'Ponzi Scheme' in 2015" goes to ..... Amaclin! Congratulations.

amaclin

legendary

Activity: 1260

Merit: 1019

Quote

The same way banks are "better", but blockchain is so much more then "electronic money".

Blockchain is the solution for Byzantine Generals Problem.
But.
Each solution has a cost (expenses).
The cost of blockchain solution becomes higher than the army cost.
So.
There are no reasons to spend more resources to solve a problem, than the cost of your army.
I am sorry, I can not explain it to everyone in good English language (yes, I am Russian).

If you don't believe me or don't get it, I don't have time to try to convince you, sorry. {*}

JorgeStolfi

hero member

Activity: 910

Merit: 1003

Trivia: This address is claimed to have the private key "1" and therefore to be the secp256k1 generator
http://btc.blockr.io/address/info/1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm
Funny that it has activity at all. Reddit thread about it:
http://www.reddit.com/r/Bitcoin/comments/2ra24j/til_the_secp256k1_generator_point_has_had_a_lot/

BitCoinDream

legendary

Activity: 2394

Merit: 1216

The revolution will be digital

Quote from: itod on January 03, 2015, 07:27:03 PM

Quote from: amaclin on January 03, 2015, 06:32:52 PM

Quote

It doesn't mean that banks are better than the blockchain

It does. Or what the meaning of the word "better" in your language?

If one system has better security then the other, it says nothing about other aspects of these systems. If you level them to common denominator so that you can claim one is better, you completely lose sight of their complexity which is above that common denominator. It's best seen when internet was described in the mid-90's as "electronic post-office". As a post office, old school ones may be "better", but internet is so much more. The same way banks are "better", but blockchain is so much more then "electronic money".

Like Andreas Antonopoulos described bitcoin in Canadian senate...

"it is a programmable money"

Topic: Reused R values again (Read 121295 times)