Should bitcoin move to SHA-3 ? | Bitcointalksearch.org

jaywaka2713

sr. member

Activity: 266

Merit: 250

aka 7Strykes

Quote from: Anonymailer on February 24, 2013, 03:39:35 PM

Quote from: JordanL on February 23, 2013, 08:42:52 AM

Quote from: Scrat Acorns on February 23, 2013, 06:52:24 AM

You're also forgetting that ditching SHA256 will make all mining software and current ASIC designs useless.

In other words... impossible. Miners would never vote themselves into obsolescence.

Interesting. In that case, surely a way to support two standards simultaneously will have to be devised, at some point? Otherwise the security of the network and the difficulty would drop near zero overnight…

Difficulty would drop to 0 along with the hashrate because you need libraries that are SHA-3 capable, along with new miner software. Simply, forget the idea.

oakpacific

hero member

Activity: 784

Merit: 1000

SHA3 offers absolutely no advantage. Even if collisions for SHA2 can be found, it still won't affect mining, and address hashing can be improved with quick fixes, rather than implementing a new hashing algorithm. If QC is invented, its influence on SHA2 and SHA3 will be the same.

Luckybit

hero member

Activity: 714

Merit: 510

Quote from: Monster Tent on February 23, 2013, 12:47:18 AM

http://en.wikipedia.org/wiki/SHA-3

Now that the standard for SHA-3 is known why not upgrade for the 1.0 release of bitcoin ?

This might be a good idea for Netcoin.

gmaxwell

staff

Activity: 4284

Merit: 8808

Quote from: ripper234 on February 25, 2013, 12:52:18 AM

Untrue.
Miners voted on BIP 16 vs BIP 17 in the past. No reason to think they won't on hardforks in the future.
Miners aren't the only ones that count, but they certainly play a role in determining whether to adopt a hardfork or not.

BIP16 wasn't a hardfork.

iddo

sr. member

Activity: 360

Merit: 251

Quote from: ripper234 on February 25, 2013, 12:52:18 AM

Quote from: gmaxwell on February 24, 2013, 11:12:53 PM

Miners vote on the ordering of transactions, _thats it_. The rest of the rules are baked in... bit as a whole Bitcoin's users moved to something incompatible with existing miners— well, they just wouldn't be miners anymore. Otherwise— you could presume they'd still be paying themselves 50 BTC/block now.

Untrue.

Maybe it's better to say "unclear" than "untrue". I think that the interesting observation is that the more decentralized the SHA256 (ASIC) hashpower is, the more users who'd prefer to stay with the SHA256 PoW network. One reason for that is simply that there'd be more users who are also SHA256 ASIC miners, and those users have a financial interest to stay with SHA256. Another reason for that is that when the hashpower becomes more centralized, it also becomes more worthless, so the users who aren't miners wouldn't have an incentive to stick to SHA256.

Quote from: gmaxwell on February 24, 2013, 11:12:53 PM

Though this is all a silly tangent: the use of SHA256 for the POW is totally distinct from the hash used elsewhere. It's quite possible to change other things to use something else but keep the POW SHA256. Not even unlikely, since problems in SHA256 which would be fatal elsewhere would be harmless for the POW.

For example the collision attack that Gavin described here could be fixed by switching to SHA3, while still using SHA256 for the PoW, right? So I guess that the SHA256 PoW would become unusable only if there's (full) preimage attack, or worse if there's second preimage attack since we'd need to add SHA3 hashes to all the old blocks. In other words, collision attacks on SHA256 are irrelevant for the PoW.

ripper234

legendary

Activity: 1358

Merit: 1003

Ron Gross

Quote from: gmaxwell on February 24, 2013, 11:12:53 PM

Miners vote on the ordering of transactions, _thats it_. The rest of the rules are baked in... bit as a whole Bitcoin's users moved to something incompatible with existing miners— well, they just wouldn't be miners anymore. Otherwise— you could presume they'd still be paying themselves 50 BTC/block now.

Untrue.
Miners voted on BIP 16 vs BIP 17 in the past. No reason to think they won't on hardforks in the future.

Miners aren't the only ones that count, but they certainly play a role in determining whether to adopt a hardfork or not.

gmaxwell

staff

Activity: 4284

Merit: 8808

Quote from: JordanL on February 23, 2013, 08:42:52 AM

Quote from: Scrat Acorns on February 23, 2013, 06:52:24 AM

You're also forgetting that ditching SHA256 will make all mining software and current ASIC designs useless.

In other words... impossible. Miners would never vote themselves into obsolescence.

uhhhh... That is not how Bitcoin works. Miners exist at the pleasure of the users, not the other way around. Miners vote on the ordering of transactions, _thats it_. The rest of the rules are baked in... bit as a whole Bitcoin's users moved to something incompatible with existing miners— well, they just wouldn't be miners anymore. Otherwise— you could presume they'd still be paying themselves 50 BTC/block now.

Though this is all a silly tangent: the use of SHA256 for the POW is totally distinct from the hash used elsewhere. It's quite possible to change other things to use something else but keep the POW SHA256. Not even unlikely, since problems in SHA256 which would be fatal elsewhere would be harmless for the POW.

Anonymailer

hero member

Activity: 662

Merit: 500

Quote from: JordanL on February 23, 2013, 08:42:52 AM

Quote from: Scrat Acorns on February 23, 2013, 06:52:24 AM

You're also forgetting that ditching SHA256 will make all mining software and current ASIC designs useless.

In other words... impossible. Miners would never vote themselves into obsolescence.

Interesting. In that case, surely a way to support two standards simultaneously will have to be devised, at some point? Otherwise the security of the network and the difficulty would drop near zero overnight…

JordanL

donator

Activity: 294

Merit: 250

Quote from: Scrat Acorns on February 23, 2013, 06:52:24 AM

You're also forgetting that ditching SHA256 will make all mining software and current ASIC designs useless.

In other words... impossible. Miners would never vote themselves into obsolescence.

Gabi

legendary

Activity: 1148

Merit: 1008

If you want to walk on water, get out of the boat

SHA-2 is older and yet, it has not been cracked, despite everyone in the world trying do to that because it is used by everyone.

This SHA-3 is new, much less tested and with much less people trying to break it (any bank that use it yet? Nah)

Right now SHA-2 is safer.

Scrat Acorns

sr. member

Activity: 293

Merit: 250

Quote from: Monster Tent on February 23, 2013, 06:27:15 AM

If you are going to hard fork the chain doesnt it make sense to add more features that also require a fork ie 1 hard fork is better than 100 individual ones.

Yes, but this is not how cryptography works. Keccak has just been announced so it will take a few years of people trying to break it (apart from the NIST competition) before enough confidence is gained in its favor. It is however a great candidate in the event that Merkle-Damgard constructions are weakened.

You're also forgetting that ditching SHA256 will make all mining software and current ASIC designs useless. It will also require completely new addresses if you use it for address generation.

Monster Tent

full member

Activity: 238

Merit: 100

Quote from: Killdozer on February 23, 2013, 06:05:39 AM

Have you completely missed the fact that hard fork is a bad thing? Once we just started talking about raising the block size limit the forum filled with angry discussions, and that change actually has a practical importance. Here you want to make a change which does not really affect anything and make a hard fork, just like that, for the sake of it?

If you are going to hard fork the chain doesnt it make sense to add more features that also require a fork ie 1 hard fork is better than 100 individual ones.

Killdozer

full member

Activity: 203

Merit: 100

Have you completely missed the fact that hard fork is a bad thing? Once we just started talking about raising the block size limit the forum filled with angry discussions, and that change actually has a practical importance. Here you want to make a change which does not really affect anything and make a hard fork, just like that, for the sake of it?

notme

legendary

Activity: 1904

Merit: 1002

Quote from: Nesetalis on February 23, 2013, 01:21:23 AM

Sha3 does not provide anything particularly new or useful, and sha2 is still quite secure.
not to mention, utilizing sha3 would require specific libraries installed on every computer that uses it.. or at least compile time libraries.. which wouldn't be particularly fun. Sha2 is already so well distributed, most systems are already going to have it (though perhaps not windows Tongue

)

give it a few years, then maybe.

(it also gives sha3 a chance to be cracked if there is some inherent flaw in it that no one has found yet.)

This. Let's give it time to be vetted. What we have is fine and will be for some time: http://blog.oleganza.com/post/42523601710/how-to-steal-all-coins

Nesetalis

sr. member

Activity: 420

Merit: 250

Sha3 does not provide anything particularly new or useful, and sha2 is still quite secure.
not to mention, utilizing sha3 would require specific libraries installed on every computer that uses it.. or at least compile time libraries.. which wouldn't be particularly fun. Sha2 is already so well distributed, most systems are already going to have it (though perhaps not windows Tongue

)

give it a few years, then maybe.

(it also gives sha3 a chance to be cracked if there is some inherent flaw in it that no one has found yet.)

Monster Tent

full member

Activity: 238

Merit: 100

http://en.wikipedia.org/wiki/SHA-3

Now that the standard for SHA-3 is known why not upgrade for the 1.0 release of bitcoin ?

Topic: Should bitcoin move to SHA-3 ? (Read 4422 times)