Catastrophic breaks in hashes are pretty much unheard of these days. What happens is that they get weaker gradually, with plenty of warning. For example, MD5 is considered to be totally broken now, and should never be used. On the other hand, if it was used in bitcoin transactions, those transactions would still be totally safe, for at least a few more years, because all of the attacks require conditions that can't be met in the bitcoin system. As in, if we changed one of the NOPx opcodes to OP_LOL_CHECKMD5SIG which used MD5(MD5(key)) instead of RIPE-MD160(SHA256(key)), it would still take decades to crack, probably centuries.
And your estimate of how long a brute force attack on SHA-256 would take is wrong, it isn't centuries, it is billions and billions of years, minimum. If you converted the entire mass of the sun into energy, and used all of that energy to increment a counter using the absolute limit of physics for minimum energy used to flip a bit, you'd get to around 2225. You'd need 231 suns of similar mass to finish just iterating through all of the possible inputs. So, billions of stars, or trillions or quadrillions if you want to actually perform the hashes too.
There are no "plans" exactly, on what to do next, but it is widely understood that we can swap out the primitive operations when needed. We might not be alive then, why should we presume that the people that will actually be doing the work want to follow our plans instead of making their own?
Topic: SHA-256 broken, collisions found... Bitcoin then? - page 4. (Read 17113 times)
If SHA-256 is ever found to have a flaw, it won't allow anyone to spend or "steal" your coins. It won't allow someone to create counterfeit coins. It might allow someone to increase the number of coins they mine, and it might allow someone to double-spend coins that they own, but the bitcoin community is aware of this weakness and is likely to notice if something like this starts to happen.
Changing the proof-of-work hashing algorithm would be a pretty significant change, but if it is discovered that there is a weakness in SHA-256, there would be enough incentive that it would likely be accepted by the community and a new proof-of-work algorithm would likely be implemented pretty fast. Until it was, spending bitcoin through the blockchain might be a bit difficult (since people would be wary of accepting bitcoin that might be double-spent).
Of course if we are talking about 10 or more years from now, a large percentage of bitcoin denominated transfer may not go through the blockchain, so that the delay waiting for a new proof-of-work algorithm might not significantly affect the ability for individuals to engage in commerce.
Changing the proof-of-work hashing algorithm would be a pretty significant change, but if it is discovered that there is a weakness in SHA-256, there would be enough incentive that it would likely be accepted by the community and a new proof-of-work algorithm would likely be implemented pretty fast. Until it was, spending bitcoin through the blockchain might be a bit difficult (since people would be wary of accepting bitcoin that might be double-spent).
Of course if we are talking about 10 or more years from now, a large percentage of bitcoin denominated transfer may not go through the blockchain, so that the delay waiting for a new proof-of-work algorithm might not significantly affect the ability for individuals to engage in commerce.
Every world cryptographer has no reservations about SHA-224, SHA-256, SHA-384 or SHA-512, which is why a few of them including Bruce Schneier (who submitted Skein) thought the new SHA-3 standard wasn't necessary just yet, but NIST chose one anyways a month ago. http://csrc.nist.gov/groups/ST/hash/sha-3/winner_sha-3.html
I would assume bitcoin is fine, and they can probably go to SHA-3 whenever it needs to be done
SHA-1 is the problem http://www.schneier.com/blog/archives/2012/10/when_will_we_se.html
"A collision attack is therefore well within the range of what an organized crime syndicate can practically budget by 2018, and a university research project by 2021"
I would assume bitcoin is fine, and they can probably go to SHA-3 whenever it needs to be done
SHA-1 is the problem http://www.schneier.com/blog/archives/2012/10/when_will_we_se.html
"A collision attack is therefore well within the range of what an organized crime syndicate can practically budget by 2018, and a university research project by 2021"
Hello,
So my understanding is that Bitcoin relies at its core on SHA-256 to ensure it is secure and works. Since RIPEMD-160 is just a shortening layer, and nobody seems to worry about the ECDSA secp256k1 curve, let's talk about SHA-256 and Bitcoin.
It is just a matter of time before SHA-256 gets broken. By brute-force we are fine (centuries, or centuries/2 with quantum computing).
But what about flaws in the "design", like every other cryptographic hashing algorithm before, it will be broken down by cryptanalysts. Question is when? 5 years? 10 years?
2nd Question: how is Bitcoin network going to react? Are there already plans for this?
Some links I gathered while quicksearching on the subject:
http://security.stackexchange.com/questions/6458/security-of-sha256-and-bitcoins
https://bitcointalksearch.org/topic/bitcoin-could-easily-survive-sha-256-being-broken-18211
https://www.google.com/search?q=quantum+sha256
https://bitcointalksearch.org/topic/what-does-quantum-computing-mean-for-bitcoin-3008
http://en.wikipedia.org/wiki/Post-quantum_cryptography
https://bitcointalksearch.org/topic/could-bitcoin-eventually-crack-sha256-7769
http://en.wikipedia.org/wiki/Comparison_of_cryptographic_hash_functions#Cryptanalysis
So my understanding is that Bitcoin relies at its core on SHA-256 to ensure it is secure and works. Since RIPEMD-160 is just a shortening layer, and nobody seems to worry about the ECDSA secp256k1 curve, let's talk about SHA-256 and Bitcoin.
It is just a matter of time before SHA-256 gets broken. By brute-force we are fine (centuries, or centuries/2 with quantum computing).
But what about flaws in the "design", like every other cryptographic hashing algorithm before, it will be broken down by cryptanalysts. Question is when? 5 years? 10 years?
2nd Question: how is Bitcoin network going to react? Are there already plans for this?
Some links I gathered while quicksearching on the subject:
http://security.stackexchange.com/questions/6458/security-of-sha256-and-bitcoins
https://bitcointalksearch.org/topic/bitcoin-could-easily-survive-sha-256-being-broken-18211
https://www.google.com/search?q=quantum+sha256
https://bitcointalksearch.org/topic/what-does-quantum-computing-mean-for-bitcoin-3008
http://en.wikipedia.org/wiki/Post-quantum_cryptography
https://bitcointalksearch.org/topic/could-bitcoin-eventually-crack-sha256-7769
http://en.wikipedia.org/wiki/Comparison_of_cryptographic_hash_functions#Cryptanalysis
Jump to: