Author

Topic: Should bitcoin move to SHA-3 ? (Read 4423 times)

sr. member
Activity: 266
Merit: 250
aka 7Strykes
June 01, 2013, 12:41:02 AM
#16
You're also forgetting that ditching SHA256 will make all mining software and current ASIC designs useless.

In other words... impossible. Miners would never vote themselves into obsolescence.

Interesting. In that case, surely a way to support two standards simultaneously will have to be devised, at some point? Otherwise the security of the network and the difficulty would drop near zero overnight…

Difficulty would drop to 0 along with the hashrate because you need libraries that are SHA-3 capable, along with new miner software. Simply, forget the idea.
hero member
Activity: 784
Merit: 1000
June 01, 2013, 12:35:19 AM
#15
SHA3 offers absolutely no advantage. Even if collisions for SHA2 can be found, it still won't affect mining, and address hashing can be improved with quick fixes, rather than implementing a new hashing algorithm. If QC is invented, its influence on SHA2 and SHA3 will be the same.
hero member
Activity: 714
Merit: 510
June 01, 2013, 12:29:18 AM
#14
http://en.wikipedia.org/wiki/SHA-3

Now that the standard for SHA-3 is known why not upgrade for the 1.0 release of bitcoin ?

This might be a good idea for Netcoin.
staff
Activity: 4284
Merit: 8808
May 31, 2013, 05:47:34 PM
#13
Untrue.
Miners voted on BIP 16 vs BIP 17 in the past. No reason to think they won't on hardforks in the future.
Miners aren't the only ones that count, but they certainly play a role in determining whether to adopt a hardfork or not.
BIP16 wasn't a hardfork.
sr. member
Activity: 360
Merit: 251
February 25, 2013, 11:53:44 AM
#12
Miners vote on the ordering of transactions, _thats it_. The rest of the rules are baked in... bit as a whole Bitcoin's users moved to something incompatible with existing miners— well, they just wouldn't be miners anymore. Otherwise— you could presume they'd still be paying themselves 50 BTC/block now. Smiley

Untrue.

Maybe it's better to say "unclear" than "untrue". I think that the interesting observation is that the more decentralized the SHA256 (ASIC) hashpower is, the more users who'd prefer to stay with the SHA256 PoW network. One reason for that is simply that there'd be more users who are also SHA256 ASIC miners, and those users have a financial interest to stay with SHA256. Another reason for that is that when the hashpower becomes more centralized, it also becomes more worthless, so the users who aren't miners wouldn't have an incentive to stick to SHA256.


Though this is all a silly tangent: the use of SHA256 for the POW is totally distinct from the hash used elsewhere. It's quite possible to change other things to use something else but keep the POW SHA256.  Not even unlikely, since problems in SHA256 which would be fatal elsewhere would be harmless for the POW.

For example the collision attack that Gavin described here could be fixed by switching to SHA3, while still using SHA256 for the PoW, right? So I guess that the SHA256 PoW would become unusable only if there's (full) preimage attack, or worse if there's second preimage attack since we'd need to add SHA3 hashes to all the old blocks. In other words, collision attacks on SHA256 are irrelevant for the PoW.
legendary
Activity: 1358
Merit: 1003
Ron Gross
February 25, 2013, 12:52:18 AM
#11
Miners vote on the ordering of transactions, _thats it_. The rest of the rules are baked in... bit as a whole Bitcoin's users moved to something incompatible with existing miners— well, they just wouldn't be miners anymore. Otherwise— you could presume they'd still be paying themselves 50 BTC/block now. Smiley

Untrue.
Miners voted on BIP 16 vs BIP 17 in the past. No reason to think they won't on hardforks in the future.

Miners aren't the only ones that count, but they certainly play a role in determining whether to adopt a hardfork or not.
staff
Activity: 4284
Merit: 8808
February 24, 2013, 11:12:53 PM
#10
You're also forgetting that ditching SHA256 will make all mining software and current ASIC designs useless.
In other words... impossible. Miners would never vote themselves into obsolescence.
uhhhh... That is not how Bitcoin works. Miners exist at the pleasure of the users, not the other way around. Miners vote on the ordering of transactions, _thats it_. The rest of the rules are baked in... bit as a whole Bitcoin's users moved to something incompatible with existing miners— well, they just wouldn't be miners anymore. Otherwise— you could presume they'd still be paying themselves 50 BTC/block now. Smiley

Though this is all a silly tangent: the use of SHA256 for the POW is totally distinct from the hash used elsewhere. It's quite possible to change other things to use something else but keep the POW SHA256.  Not even unlikely, since problems in SHA256 which would be fatal elsewhere would be harmless for the POW.
hero member
Activity: 662
Merit: 500
February 24, 2013, 03:39:35 PM
#9
You're also forgetting that ditching SHA256 will make all mining software and current ASIC designs useless.

In other words... impossible. Miners would never vote themselves into obsolescence.

Interesting. In that case, surely a way to support two standards simultaneously will have to be devised, at some point? Otherwise the security of the network and the difficulty would drop near zero overnight…
donator
Activity: 294
Merit: 250
February 23, 2013, 08:42:52 AM
#8
You're also forgetting that ditching SHA256 will make all mining software and current ASIC designs useless.

In other words... impossible. Miners would never vote themselves into obsolescence.
legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
February 23, 2013, 08:15:04 AM
#7
SHA-2 is older and yet, it has not been cracked, despite everyone in the world trying do to that because it is used by everyone.

This SHA-3 is new, much less tested and with much less people trying to break it (any bank that use it yet? Nah)

Right now SHA-2 is safer.
sr. member
Activity: 293
Merit: 250
February 23, 2013, 06:52:24 AM
#6
If you are going to hard fork the chain doesnt it make sense to add more features that also require a fork ie 1 hard fork is better than 100 individual ones.

Yes, but this is not how cryptography works. Keccak has just been announced so it will take a few years of people trying to break it (apart from the NIST competition) before enough confidence is gained in its favor. It is however a great candidate in the event that Merkle-Damgard constructions are weakened.

You're also forgetting that ditching SHA256 will make all mining software and current ASIC designs useless. It will also require completely new addresses if you use it for address generation.
full member
Activity: 238
Merit: 100
February 23, 2013, 06:27:15 AM
#5
Have you completely missed the fact that hard fork is a bad thing? Once we just started talking about raising the block size limit the forum filled with angry discussions, and that change actually has a practical importance. Here you want to make a change which does not really affect anything and make a hard fork, just like that, for the sake of it?

If you are going to hard fork the chain doesnt it make sense to add more features that also require a fork ie 1 hard fork is better than 100 individual ones.
full member
Activity: 203
Merit: 100
February 23, 2013, 06:05:39 AM
#4
Have you completely missed the fact that hard fork is a bad thing? Once we just started talking about raising the block size limit the forum filled with angry discussions, and that change actually has a practical importance. Here you want to make a change which does not really affect anything and make a hard fork, just like that, for the sake of it?
legendary
Activity: 1904
Merit: 1002
February 23, 2013, 01:49:15 AM
#3
Sha3 does not provide anything particularly new or useful, and sha2 is still quite secure.
not to mention, utilizing sha3 would require specific libraries installed on every computer that uses it.. or at least compile time libraries.. which wouldn't be particularly fun. Sha2 is already so well distributed, most systems are already going to have it (though perhaps not windows Tongue)

give it a few years, then maybe.

(it also gives sha3 a chance to be cracked if there is some inherent flaw in it that no one has found yet.)

This.  Let's give it time to be vetted.  What we have is fine and will be for some time: http://blog.oleganza.com/post/42523601710/how-to-steal-all-coins
sr. member
Activity: 420
Merit: 250
February 23, 2013, 01:21:23 AM
#2
Sha3 does not provide anything particularly new or useful, and sha2 is still quite secure.
not to mention, utilizing sha3 would require specific libraries installed on every computer that uses it.. or at least compile time libraries.. which wouldn't be particularly fun. Sha2 is already so well distributed, most systems are already going to have it (though perhaps not windows Tongue)

give it a few years, then maybe.

(it also gives sha3 a chance to be cracked if there is some inherent flaw in it that no one has found yet.)
full member
Activity: 238
Merit: 100
February 23, 2013, 12:47:18 AM
#1
http://en.wikipedia.org/wiki/SHA-3

Now that the standard for SHA-3 is known why not upgrade for the 1.0 release of bitcoin ?
Jump to: