Author

Topic: URGENT: please peer review a possible back door in Bitcoin? (Read 2296 times)

legendary
Activity: 2464
Merit: 1145
They were temp banned for multiple postings in a row. Tptb additionaly posted the same over and over in a multitude of threads...
newbie
Activity: 28
Merit: 0
Note I am not referring to a price decline per se, my point is about the other ways a fiat can be used against the people, such as forcing all our transactions to be tracked with digital identification when we sign our transactions. Forcing us to pay a tax to the world government on each transaction we sign, etc.
...
Mining altcoins to exchange value for BTC, does not decentralize the protocol of the Bitcoin block chain. Only the Bitcoin miners control the policies of the protocol.

If 51% of them decide to change the protocol and the Bitcoiners are unable to mount a successful political campaign to organize a fork, then the oligarchy wins. And if they do fork, they would need to change the hash algorithm, otherwise the oligarchy could simply take over the fork as well. The delusion about forking is the the Bitcoiners can't agree on anything, so they certainly couldn't agree on a new proof-of-work hash algorithm. Besides, no one cares. Everybody only cares about profit and using what is already popular. No one here has a clue about how to organize to make something widely adopted and popular. The elite are in control. Now get down on your knees and pray to the elite, because they own you.



Well gleb gamow and SebastianJu both got temp banned too for similar reasons not too long ago.   At least the forum rules are being enforced somewhat fairly.

Which similar reasons?

Tisk tisk. Keep your posts in Meta or ...

"Tsk. Tsk" are the words I expect to hear from your grandmother calling you to have your daily scolding. I don't cowtail to theymos' delusions, technical incompetence, and censorship.

If I may express some frustration w.r.t. to desire to troll and censor, "Fuck you and theymos too". TPTB_need_war doesn't care. He can always subvert any ban.

Any way, TPTB_need_war is too busy programming. He has provided a public service.

And yes he was banned for revealing a potential back door in Bitcoin[1]. Just goes to show how theymos and gmaxwell are protecting you.

And yourself, how about you grow up and learn to tolerate open dialogue.

P.S. permanently banning TPTB_need_war is perfect for his plans. I hope theymos has the balls and the technical knowledge to attempt it.

Also I didn't start this thread. I didn't ask for this thread. I wasn't intending to post in this subforum at this time. Blame the person who created this thread. I read so much misunderstanding and slander of TPTB_need_war that required clarification and correction.


[1] In the ban message and in theymos's private message which is quoted by TPTP_need_war, theymos indicated the reason for the ban in addition to his incorrect claim of spouting technical nonsense, he also alleged spamming of messages in several threads and the ad hominem attacks against others. Theymos appears to be protecting Foxpop who hurled ad hominemfirst, and CIYAM who also hurled ad hominem first. TPTB_need_war had stated that the reason for posting in numerous threads, is because the mods allowed people to make numerous duplicate threads on the same topic about Craig Wright claiming to be Satoshi Nakamoto. Do take note that at the time he was having the debate with CIYAM, he had thought that Craig's signature had matched the hash of the Sartre text because he was misled by sloppy reporting and sloppy writing of those who did the technical analysis. It was only later that he learned that was not the case. And after all, his alleged back door in Bitcoin remains potentially true. You don't ban people for these incorrect reasons and expect to remain respected and expect others to not want to overcome inappropriate use of influence. There is too much ignonymous influence in Bitcoin.



...absolutely petrifying.    Cry

You did it to yourselves. Now you will reap what you have sown.

I am an American who doesn't share your looney European Marxism. Last time it was a million in the gas chambers. Let's see how it goes this round.

Shut up and get back to work on building your copy-leftist clusterfuck.

I don't associate with scum like you. I compete and overcome. Bye. Unless that is you want to say those words about my kids to my face. Otherwise we have nothing more to discuss. Enjoy your life.
sr. member
Activity: 420
Merit: 262
FYI truce, I will cease & desist:

Quote from: myself in a private message
I also don't believe CW is Satoshi. But that isn't my point. I explained the salient point more concisely here which is really about ridicule, censorship, and manipulation of public opinion instead of rational, well elucidated, and amicable/patient/unencumbered reasoned discussion (i.e. acadamics versus corporate fiefdoms):

https://bitcointalksearch.org/topic/m.14766475

Please also read the subsequent to the above linked post as I broad stroked some of my theoretical concerns about the double-hashing in Bitcoin.

Theymos is allowing me to continue so I think it is possible that Theymos is helpless due to not being capable himself of leading technologically. So appears he may be trying to appease Greg while also allowing for the minute possibility that someone else could accomplish in code and in reality something as relevant. I think I respect Theymos if this is the case. But we don't really know what is going on behind the scenes. I am at the point now where I really want to ignore everything on BCT and Reddit. My discussions about programming language theory are going very well at the Rust forum. Did you see I solved the age old computer science problem known as the Expression Problem articulated by Philip Wadler in 1999:

https://bitcointalksearch.org/topic/m.14757751
(click the sublink in item #6)

Did you see how I REKTed Greg's logic on the Ogg streaming index which was hilarious given he is co-inventor of the Ogg orbis codec:

https://bitcointalksearch.org/topic/m.14035614
(search for the phrase "Also I don't understand how you calculate 20% increase" within that post)

I don't claim he isn't smart in his cryptography and math fields of expertise. And generally a very smart guy. But that is not the problem we are apparently agreeing on.
sr. member
Activity: 420
Merit: 262
TPTB_need_war, you cannot prove nor disprove that the Sartre text Craig Wright supposedly hashed is a collision for SHA256.

I asked you to not do what you just did above:

Don't cherry pick my context to make inane non-rebuttals which side-step my holistic set of points.



You also pointed out that he supposedly has access to a supercomputer. Even with access to a supercomputer, he would not be able to find a collision as other researchers have already tried. Simply having a lot of computing power does not mean that he can find a collision.

Alternatively, Craig could have found a vulnerability in sha256, in which case a lot more things than just Bitcoin is screwed. If Craig did not responsibly disclose such a vulnerability and instead exploited it, this would be incredibly sketchy and dishonest behavior.

The point is that with a supercomputer together with a new cryptoanalysis break, the two together might be required to accomplish the attack. I want you to know that if China's pools see nearly all the mining shares, then they are viewing about 268 of SHA-256 hashing power per annum which may or may not be fulcrum. Don't presume you know all the theoretical attacks that are possible.

The theory that the sha256 double hash is weaker than sha256 is false. It has been proven that performing multiple iterations of a hash is more secure than just one iteration. Specifically, many websites will store users passwords in the form of a multiple iteration hash.

You've made at least two mathematically illiterate errors in that quoted text:

1. Testing that double-hashing fulfills some criteria you have prechosen, says nothing about security against cryptoanalysis which your criteria has not considered.
2. Securing a password by iterated hashing (because it requires the dictionary attacker to perform the iteration cost on each dictionary trial) says nothing about the increased vulnerability of collision cryptanalysis. You are conflating two separate issues of security.  Roll Eyes

I am done speaking to these amateurs. Waste of my time.
sr. member
Activity: 420
Merit: 262
I will proceed to explain once you confirm that do not understand why Merkle–Damgård construction is relevant? Either explain or admit you don't know. So I can proceed to teach you something. You are wasting my scarce time with your stalling/deception tactics and trolling.

No, you're the one wasting my time. I don't have to explain anything. You do. And you're not. I can only assume by your lack of explanation that you can't produce one.

Next time you will realize not to fuck with me, because I know a lot more than you assume.

I assume you know nothing, so knowing more than that isn't much of an accomplishment. But please go ahead and demonstrate your accomplishment. We're all waiting.

I'll interpret your reply as an ostensibly intentional veiled admission that you could not answer the question. So I will proceed to explain the sort of theoretical analysis that I was interested in discussing in the thread that the "forum-Hitler" Gmaxwell nuked.


Tangentially note the disclaimer that I wrote in the OP of the thread which was nuked:

Does anyone know what black hole Bitcoin core (Blockstream) developer Gmaxwell moved the quoted thread to?

[...]

I urge immediately peer review of my statements by other experts. I have not really thought deeply about this. This is just written very quickly off the top of my head. I am busy working on other things and can't put much time into this.

I had written in that nuked and vaporized thread a post (my last or nearly last post in that nuked thread) which explained that at the moment I wrote that quoted OP, I had been mislead by sloppy writing on the news sites (and also the linked sites of the protagonists) into thinking that the hash of the Sartre text was already confirmed. For example, I provided this quote:

Craig Wright’s chosen source material (an article in which Jean-Paul Sartre explains his refusal of the Nobel Prize), surprisingly, generates the exact same signature as can be found in a bitcoin transaction associated with Satoshi Nakamoto.

Being at is was by that time late in the evening for my timezone and I had been awake roughly 18 hours already, and I was skimming in an attempt to make some quick feedback on this potentially important event, so I could return to my work asap. In the nuked thread, I quickly realized that the Sartre text hadn't been verified to match the hash, so I actually stopped posting in the nuked thread for a few hours. Then when I came back to thread, it didn't exist so I could no longer follow up or read what had been elucidated. Thus note my original focus was on how the hell could Craig have achieved that match, so he must have broken the hash. I had recalled that I had theoretically doubts about the double hashing which I had never bothered to discuss with anyone. It had been 2+ years since I did that research on cryptographic hash functions, so I had to decide if I was going to go dig back into that research or not. I figured I'd sleep on it and then be able to think with a clearer, rested mind about the implications of the revelation (to me) that the hash had not been verified to match the text because the portion of the text had not been sufficiently specified (again the "undisclosed" term didn't make sense to me in quick skimming because I had read on the blog that the Sartre text was referred to).

But instead of being able to sleep on it and then decide whether to let it go or dig back into my past research, my thread was nuked and I was under attack. Remember I don't back down from anyone when I think I am justified. When I think I am wrong, I mea culpa.



So now back to the subject matter of whether double hashing could theoretically lead to any weakening of the second preimage and/or collision security of the SHA-256 cryptographic hash function.

Afaik, there is no research on this question. If anyone is aware of any, please kindly inform me.

First I will note the Merkle–Damgård construction (which SHA-256 employs) is subject to numerous generic attacks and even though afaik none of these are currently known to be a practical threat against a single hash of SHA-256, we can perhaps look to those generic attacks for potential clues as to what a double-hashing might enable which a single-hash application perhaps might not.

Note in the pseudo-code for SHA-256 that what distinguishes a double-hashing from doubling rounds (i.e. "Compression function main loop:") or repeating the input text in double the block chunks (i.e. "Process the message in successive 512-bit chunks:"), is that the h0 - h8 compression function state which is normally orthogonal to the input block chunks instead gets transmitted as input to a block chunk in the second hash application (i.e. "Produce the final hash value (big-endian):") after being added to the output of the compression function (i.e. "Add the compressed chunk to the current hash value:"). And the h0 - h8 compression function state is reset to a constant (i.e. "Initialize hash values:").

The reason I think this might be theoretically significant is because we should note that the way cryptographic hash functions are typically broken is by applying differential cryptanalysis. Differential cryptanalysis is attempting to find some occurrence of (even higher order) differences between inputs that occurs with more frequent probability than a perfectly uniform distribution. In essence, differential cryptanalysis is leveraging some recurrent structure of the confusion and diffusion and avalanche effect of the algorithm.

Not only does the double-hashing introduce a constant  h0 - h8 midstream thus introducing a known recurrent structure into the middle of the unified algorithm of a double-hashing, but it shifts the normally orthogonal compression function state to the input that it is designed supposed to be orthogonal to. On top of that, the additions of the h0 - h8 state at the midpoint, can possibly mean the starting state of the midpoint is known to have a higher probability of zeros in the least significant bits (LSBs). This last sentence observation comes from some research I did when I created a much higher bandwidth design variant of Berstein's ChaCha by fully exploiting AVX2 SIMD, that was for a specific purpose of creating a faster memory hard proof-of-work function. In that research, I had noted the following quote of an excerpt in my unfinished, rough draft, unpublished white paper written in late 2013 or early 2014 (and kindly note that the following might have errors because it was not reviewed for publishing and was merely notes for myself on my research understanding at that time 2+ years ago):

Quote from: shazam.rtf
Security

Addition and multiplication modulo (2^n - 1) diffuse through high bits but set low bits to 0. Without shuffles or rotation permutation to diffuse changes from high to low bits, addition and multiplication modulo (2^n - 1) can be broken with low complexity working from the low to the high bits [5].

The overflow carry bit, i.e. addition modulo minus addition modulo (2^n - 1), obtains the value 0 or 1 with equal probability, thus addition modulo (2^n - 1) is discontinuous i.e. defeats linearity over the ring Z/(2^n) [6] because the carry is 1 in half of the instances [7] and defeats linearity over the ring Z/2 [8] because the low bit of both operands is 1 in one-fourth of the instances.

The number of overflow high bits in multiplication modulo ∞ minus multiplication modulo (2^n - 1) depends on the highest set bits of the operands, thus multiplication modulo (2^n - 1) defeats linearity over the range of rings Z/2 to Z/(2^n).

Logical exclusive-or defeats linearity over the ring Z/(2^n) always [8] because it is not a linear function operator.

Each multiplication modulo ∞ amplifies the amount diffusion and confusion provided by each addition. For example, multiplying any number by 23 is equivalent to the number multiplied by 16 added to the number multiplied by 4 added to the number multiplied by 2 added to the number. This is recursive since multiplying the number by 4 is equivalent to the number multiplied by 2 added to the number multiplied by 2. Addition of a number with itself is equivalent to a 1 bit left shift or multiplication by 2. Multiplying any variable number by another variable number creates additional confusion.

Multiplication defeats rotational cryptoanalysis [9] because unlike for addition, rotation of the multiplication of two operands never distributes over the operands i.e. is not equal to the multiplication of the rotated operands. A proof is that rotation is equivalent to the exclusive-or of left and right shifts. Left and right shifts are equivalent to multiplication and division by a factor of 2, which don't distribute over multiplication e.g. (8 × 8 ) × 2 ≠ (8 × 2) × (8 × 2) and (8 × 8 ) ÷ 2 ≠ (8 ÷ 2) × (8 ÷ 2). Addition modulo ∞ is always distributive over rotation [9] because addition distributes over multiplication and division e.g. (8 + 8 ) ÷ 2 = (8 ÷ 2) + (8 ÷ 2). Due to the aforementioned non-linearity over Z/(2^n) due to carry, addition modulo (2^n - 1) is only distributive over rotation with a probability 1/4 up to 3/8 depending on the relative number of bits of rotation [9][10].

However, multiplication modulo (2^n - 1) sets all low bits to 0 orders-of-magnitude more frequently than addition modulo (2^n - 1)—a degenerate result that squashes diffusion and confusion.

[5] Khovratovich, Nikolic. Rotational Cryptanalysis of ARX. 2 Related Work.
[6] Daum. Cryptanalysis of Hash Functions of the MD4-Family.
     4.1 Links between Different Kinds of Operations.
[7] Khovratovich, Nikolic. Rotational Cryptanalysis of ARX.
     6 Cryptanalysis of generic AR systems.
[8] Berstein. Salsa20 design. 2 Operations.
[9] Khovratovich, Nikolic. Rotational Cryptanalysis of ARX.
     3 Review of Rotational Cryptanalysis.
[10] Daum. Cryptanalysis of Hash Functions of the MD4-Family.
    4.1.3 Modular Additions and Bit Rotations. Corollary 4.12.

So now put those aforementioned insights about potential recurrent structure at the midpoint of the double-hashing, together with the reality that a Boomerang attack is a differential cryptoanalysis that employs a midpoint in a cipher to form new attacks that weren't plausible on the full cipher. Bingo!

I'll refrain from providing my further insights on specifics beyond this initial sharing. Why? Because I've been treated like shit by Gmaxwell and you all here grant him too much Hitler-esque control over the Bitcoin Technical Discussion subforum where these sort of discussions are supposed to occur, so I will take my toys else where. Enjoy your echo chamber.

Do I have an attack against Bitcoin's double-hashing? I leave that for you to ponder.
hero member
Activity: 583
Merit: 505
CTO @ Flixxo, Riecoin dev
The resulting hash of a multihash function (including multiple iterations) has the same collision resistance as the collision resistance of the weakest hash.

This is not exactly true, the collision resistance is weaker than the weakest.

Just to be clear, for practical purposes what knightdk says is true. But from a cryptoanalysis point of view, it's slightly more likely to have a collision.

Another idea: if the NSA has a backdoor for sha256, then it is possible that backdoor doesn't work for double sha256.
hero member
Activity: 583
Merit: 505
CTO @ Flixxo, Riecoin dev
The resulting hash of a multihash function (including multiple iterations) has the same collision resistance as the collision resistance of the weakest hash.

This is not exactly true, the collision resistance is weaker than the weakest.

Hashing many times protects from some preimage attacks. It's sometimes used to make the hashing slower on purpose (like in WPA, in order to make cracking slower and more expensive). Doing it twice for mining makes sense because it prevents some mining algorithm optimizations and also because ASICs for sha256 existed before bitcoin, but not ASICS for double sha256. So hashing  twice may have been a way to prevent those ASICS from working.

Hashing more than once does increase the probability of collisions, however that increase is negligible. Consider the case of double sha256:
output = sha256(sha256(input))

If one of the two sha256 have a collision, then the double sha will have a collision too. So it's weaker: at least one of the two hashes is required sufficient for the double sha to collide. That probability of having one of two hashes collide is certainly higher than having only one hash collide.

However, consider that if double sha256 has a collision it is because at least one of the two iterations of sha256 did collide. So you see, it is still very unlikely because it still requires a collision in sha256. And as someone mentioned, a collision in sha256 is in itself more important news than having found Satoshi.

I consider it safe to assume that CSW didn't find a collision in sha256.
legendary
Activity: 1210
Merit: 1024


Other than the OP

How is any of this "Meta"?


~BCX~
staff
Activity: 3458
Merit: 6793
Just writing some code
TPTB_need_war, you cannot prove nor disprove that the Sartre text Craig Wright supposedly hashed is a collision for SHA256. The hash that he published is the exact hash that is signed by the signature that spent the Block 9 coinbase. Because calculating that hash is trivial and the signature is already public, it is reasonable and safe to assume that Craig Wright simply took that hash and claimed that it was the hash of the sartre text.

You also pointed out that he supposedly has access to a supercomputer. Even with access to a supercomputer, he would not be able to find a collision as other researchers have already tried. Simply having a lot of computing power does not mean that he can find a collision.

Alternatively, Craig could have found a vulnerability in sha256, in which case a lot more things than just Bitcoin is screwed. If Craig did not responsibly disclose such a vulnerability and instead exploited it, this would be incredibly sketchy and dishonest behavior.

The theory that the sha256 double hash is weaker than sha256 is false. It has been proven that performing multiple iterations of a hash is more secure than just one iteration. Specifically, many websites will store users passwords in the form of a multiple iteration hash. This is significantly more secure than a single iteration hash. The resulting hash of a multihash function (including multiple iterations) has the same collision resistance as the collision resistance of the weakest hash. This means that sha256d has the same collision resistance as sha256. What multiple hashes protect against is a preimage attack.





Other than the OP

How is any of this "Meta"?


~BCX~
It isn't really, it started as a complaint against the removal of his thread and then he promptly continued the thread here.
sr. member
Activity: 420
Merit: 262
I was sleeping. Now the REKTing will ensue.

I am an innocent Noob, and not a sock puppet. Grin

I believe you are a liar. Prove it by revealing your identity. My identity is known to everyone. I have revealed my full name, where I live, my history, my LinkedIn account, my public non-anonymous writings published over the internet, etc..

If you believe that, you are dumber than I thought.

Yes, I do believe I explained it.

If you feed the script a plain ASCII text file, you'll just claim he might have used UTF16. Or a PDF file, which can altered in infinitely many ways without affecting the text content. Or a JPEG of a photograph of a printout of the document. Or something else entirely.

Perhaps you're illiterate?

Yes of course there is a combinatorial explosion of possibilities which was my point that you all can't conclude with 100% certainty that Craig can't produce a preimage of the hash, unless you can be sure he can't second preimage SHA-256 or otherwise find a collision. And I had stated that double hashing with SHA-256 might possibility have a cryptoanalysis hole that isn't known to exist in the cryptoanalysis of a single hashing. Again this was just a theory I wanted to discuss. Perhaps you don't like theories. Perhaps you would have preferred that Einstein didn't ponder riding in elevators. Well small, closed minds aren't very creative and thus don't achieve greatness. More on that with follow in a subsequent post.

However, in spite of the fact that you can't disprove any possible means of representation or permutation of the Sartre text, I wrote several times upthread that at the bare minimum, those protagonists who were claiming 100% certainty that Craig could not do something (btw a very strong claim), it would behove them to at least show that using typical representations of the Sartre text (e.g. ASCII text and perhaps UTF8/UTF16), that no contiguous portion of the text could hash to the signed hash. Moreover and more saliently, I pointed out that the protagonists were disingenuous or derelict by not pointing out the possibility that Craig might still be able to match the hash with some revealed content, Iff (if and only if) Craig had found a way to second preimage or otherwise find the necessary collision on the SHA256 hash. That the protagonists were too lazy to do this and were also too lazy to even verify if the website drcraigwright.com is Craig Wright's official communication vehicle (which apparently it is not and is now for sale here on bitcointalk.org according to a screen capture I quoted upthread), points to the lack of diligence and/or disingenuity in this tribe of Bitcoin maximalists including apparently yourself, who think they are holier than thou.

Do not disingenously quote my above two paragraphs out-of-context again. Don't cherry pick my context to make inane non-rebuttals which side-step my holistic set of points.

Note when I am done REKTing you on the technical points (again more is to follow below after this post), I never again want to waste my precious time with a useless and disingenuous turd. So this will be your last interaction with me.

We do have fairly convincing evidence that the signature Wright posted is not a signature of any subset of the Sartre document.

Specifically, it matches an early public signature from Satoshi lifted from a Bitcoin transaction. The chance against any portion of the Sartre document generating an identical signature are astronomical. Hence, it's pretty clearly an attempt at fraud or at the very least intentional misdirection.

You are apparently mathematically illiterate. If Craig can't find the second preimage or necessary collision, then he can't find a text that matches. Period. If he can find the second preimage or necessary collision, then he can find a text that matches. Period. When we analyze the probability, we don't start only with the Sartre text document. He could have chosen from any document on earth.

Thus his ability to use only contiguous portions of the Sartre document is mathematical plausible (again assuming he has the necessary cryptographic breakage), and thus it behoves the protagonists to explain this and even to write a quick script to prove that the contiguous portions possibilities in the common encoding formats does not hash to the signature he provided. The derelicts didn't do this. My necessary mathematical assumption in this paragraph (not impacting the prior paragraph) is that the hash function would be subject to a multi-collision attack. Thus if the breakage is not multi-collision, then Craig could not have reasonably limited himself to contiguous portions because the search for document matches in itself would probably be an intractable computational problem. My point remains that we see none of this sophisticated explanation from the protagonists. Instead they do a little bit of half-ass analysis and then everyone proclaims Craig is a fraud. This is Craig's point! I simply wanted to have a theoretical discussion in the Bitcoin Technical Discussion subforum and instead had my legitimate inquiry vaporized by the Bitcoin maximalist "forum-Hitler" moderator who uses the moniker Gmaxwell or in real life Gregory Maxwell. And we have all his underlings here who promulgate his shitty attitude and actions.
sr. member
Activity: 433
Merit: 260
Hey TPTB_need_war, I love what you're doing, but dude, tune down the arrogance a tiny bit... You're more effective and influential as a gentle leading researcher than as a jackass with a high opinion of himself and a low opinion of less technically proficient people. Quit calling people idiots and retards if you want to have greater impact and be more appreciated by the community.


Quote
I just wanted to have a discussion. The Bitcoin maximalists turned it into a war. Bastards.
Posting what you're posting, people invested will act emotionally, and you then exacerbate the reactions with your insults. They are reflecting to you what you are putting out. Smiley
copper member
Activity: 2996
Merit: 2374
Since this thread has changed from a discussion about the deletion of the thread in question (was it ever?) to a continuece of the deleted thread itself, I guess I will give my input on the OP's original concern.

(Note that I am far from an expert on the subject). My understanding is that you can potentially sign two different "messages" with the same private key and produce the same valid signature. I would note that it is trivial to validate if any "message" is signed by a particular private key by looking at only the signature. 

If Wright wanted to sign a message that appears to be from a particular private key, that uses a particular signature then I would speculate that he would simply check a large volume of messages until he finds one that, when signed the signature matches the signature that he wishes to use. If this is true then he would have to expand a very large amount of resources to produce his supposed signed message.

I would say that a "worse case" scenario would be that Wright figured out a way to trivially figure out multiple "messages" when both the public key and signature are known. Since he has an unlimited amount of messages that he can sign to make it look like he has possession of an unencrypted version of a given private key, this does not matter because no matter what message that he signs, it will appear that he owns the private key in question.

However to spend BTC that was previously sent to a particular BTC address, you will need to sign a message that contains the specific inputs that you are trying to spend and you (should) control the private key at which the message spends the BTC to. This will greatly reduce the potential valid messages that you can "sign" when knowing only the public key and the signature. I think it is probably safe to say that no money will be lost even if the largest unspent input was one satoshi.

In both of the above scenarios, the "value" of a signed message is decreased, however if the person validating the signed message provides the specific message that needs to be signed then this is a non-issue, at least if my understanding is correct, which it may not be.
legendary
Activity: 3066
Merit: 1147
The revolution will be monetized!
Jezee guys he is just asking us to look at the code. It's not a bad idea to peek at the publicly available source code from time to time. Fortunately this is an open source project and that allows us to be certain that nothing malicious is in the code. I'll go through it tonight and see for myself. A "backdoor" is not hide-able in the source.

Specifically I am not alleging something is maliciously hiding in the source code.

I am asking if the double hashing could possibly be itself a cryptographic hole that enables someone to preimage via collisions an existing signature so as to prove they signed a message from that key.

Apparently the double hash is also on the public key as well as on the hash that is signed? If true, this means that someone might be able to preimage a collision on the hash(hash(public key)) and thus spend other people's coins as well.
So more of an exploit then? IMO, these are good questions to ask and if someone thinks it's just a misunderstanding then let's enlighten each other instead of bashing the questioner. I would also like to hear an answer to your question.
sr. member
Activity: 420
Merit: 262
HAHhahaha.. Sorry - just reading TPTB's  post.. You are one relentless guy TPTB.  It must be tiring being you.

Yeah it is tiring to deal with trolls who are too ignorant to realize they are.


Why do you not want readers to read the truth.
sr. member
Activity: 420
Merit: 262
You could at a minimum disprove that any contiguous portion of the document can't match the hash.

No, you couldn't, and I explained why.

If you believe that, you are dumber than I thought.

Perhaps you aren't even a programmer?

Of course one can write a script to hash all continuous portions of the Sartre document and check against the hash and then show that he could not possibly be correct with any contiguous portion of the Sartre document that was claim to have been signed for.

Please don't waste my time with your inane inability to understand rudimentary concepts.  Even Yarkol already explained it.

I want you to prove you understand how cryptographic hash functions are constructed and prove you have knowledge about how collision attacks are often constructed. Because these are things I had researched in the past.

Why should I? I'm not the one making outlandish claims about the subject. You are, and I doubt (based on the fact that your posts are nonsense) that you have actually researched it in any capacity.

I will proceed to explain once you confirm that do not understand why Merkle–Damgård construction is relevant? Either explain or admit you don't know. So I can proceed to teach you something. You are wasting my scarce time with your stalling/deception tactics and trolling.

Next time you will realize not to fuck with me, because I know a lot more than you assume.
sr. member
Activity: 420
Merit: 262
Jezee guys he is just asking us to look at the code. It's not a bad idea to peek at the publicly available source code from time to time. Fortunately this is an open source project and that allows us to be certain that nothing malicious is in the code. I'll go through it tonight and see for myself. A "backdoor" is not hide-able in the source.

Specifically I am not alleging something is maliciously hiding in the source code.

I am asking if the double hashing could possibly be itself a cryptographic hole that enables someone to preimage via collisions an existing signature so as to prove they signed a message from that key.

Apparently the double hash is also on the public key as well as on the hash that is signed? If true, this means that someone might be able to preimage a collision on the hash(hash(public key)) and thus spend other people's coins as well.
sr. member
Activity: 420
Merit: 262
If we are basing it on the drcraigwright.com website "proof", then the Sartre document is the one claimed to have been hashed, but he didn't disclose what portion of that document.

He didn't disclose anything else about the document, which is why it's impossible to disprove any claim about it.

You could at a minimum disprove that any contiguous portion of the document can't match the hash. You all haven't done that, thus you are derelict. You all shouldn't go spouting off "Craig a fraud" without even attempting to verify some basic things such as whether drcraigwright.com is his website and whether any portion of the text could match the hash that was signed.

My point is the you Bitcoin zealots didn't do your homework. Haha. You also didn't even validate if that was his official website.

I never claimed that it was, nor do I even care. Why would I if it doesn't contain any evidence for any claims that have been made?

'backsplaining.

You guys are derelict, as well as censoring free speech and technical discussion. No wonder you will end up in failure mindlessly following Blockstream's SegWit soft forking Trojan Horse.

Non sequitur.

See above. REKTED.

I asked you a specific question, "Do you for example even understand why two SHA256 hash function applications in series is not equivalent to 2 x 64 rounds?". I see you are unable to answer it?

I didn't care to answer it since it is irrelevant. I have explained the most likely reason why double SHA256 was used, which is what you asked.

Which is technically incorrect, but I will come back to that point to REKT you after we finish this.

After we confirm that you can't answer it, then I will REKT the rest of your technically incorrect response above.

Alright, fine. The answer is yes. I do understand why two SHA256 hash function applications in series is not equivalent to 2 x 64 rounds. It would be pretty meaningless if it was.

So tell me the reason? Obviously I didn't ask the question to only receive a "yes". Anyone can say "yes". I want you to prove you understand how cryptographic hash functions are constructed and prove you have knowledge about how collision attacks are often constructed. Because these are things I had researched in the past. You've had enough delay to google it by now, so surely you can cheat and tell me?

Try reading the linked article to learn more about your character.

It says more about yours than mine.

That is the sort of reply which the linked article explains you would make. So you've confirmed it. Thanks.
legendary
Activity: 3066
Merit: 1147
The revolution will be monetized!
Jezee guys he is just asking us to look at the code. It's not a bad idea to peek at the publicly available source code from time to time. Fortunately this is an open source project and that allows us to be certain that nothing malicious is in the code. I'll go through it tonight and see for myself. A "backdoor" is not hide-able in the source.
sr. member
Activity: 420
Merit: 262
The thread likely got deleted because of your repeated insults leveled against other posters there

I do not remember making any such insult. Please quote them and don't allege something you can't demonstrate, for that is a very slimy tactic.

, why you never got a notification could be because it was a whole thread that was deleted rather then a single post.  I'm not sure if a notification is sent out if a whole thread is deleted, never had one deleted myself.

Even when threads are moved to the Trashcan, we get a link showing they have been. Gmaxwell has some sort of super powers as a mod. I have no idea what kind of incestuous relationship is going on between theymos and Gmaxwell, but it doesn't really matter since Bitcoin is basically destroyed now with 70% of the mining controlled by China, soon to be 98+%, and with Blockstream implementing their SegWit soft fork Trojan Horse so as Matonis admits can end up increasing the 21 million coins limit.

The entire ecosystem is headed for a clusterfuck.

This certainly makes GA (chief bitcoin scientist?) look pretty gullible.  Not sure who that Jon guy is and how he backed CWs claim.

Not at all. If the drcraigwright.com is a farce, then nothing has been shown to be untrue about what Wright allegedly proved in private.

This is a masterful chess game being played.

And it is making everyone look like a fool, including those who said Craig was confirmed to be a fraud.

And including yourself for alleging that I speak FUD.

Those who have disingenuous intentions and attitudes eventually get what they deserve and that will include yourself.
sr. member
Activity: 420
Merit: 262
1. Craig said he signed a hash of some Sartre document but did not disclose which portion of the text. No one has written a script to prove that no portion or combination of portions of that Sartre text will not hash to the value that was signed. Thus I stated until someone has proven that it is impossible for Craig to later show that some portion of the Sartre text will hash to the sign hash value, then you can't claim with certainty that he can't do that. At the bare minimum, those who were checking Craig's proof, should have at least run a simple script to try every contiguous portion (no permutations) of the Sartre text (which is a tractable computation).

Such a script would prove nothing, since you know nothing about the input Craig allegedly used.

If we are basing it on the drcraigwright.com website "proof", then the Sartre document is the one claimed to have been hashed, but he didn't disclose what portion of that document.

Nice try. Fail.

My point is the you Bitcoin zealots didn't do your homework. Haha. You also didn't even validate if that was his official website. You guys are derelict, as well as censoring free speech and technical discussion. No wonder you will end up in failure mindlessly following Blockstream's SegWit soft forking Trojan Horse.

2. I have stated that no one seems to know why Bitcoin employs double hashing, and I have stated a theory that double hashing may weaken the collision resistance of the SHA256. I gave my logic for why that may be the case. I also note that SHA256 is documented to be reasonably close to being broken with 46 - 52 of the 64 rounds already broken. Thus I presented the theory that perhaps the double-hashing might push the vulnerability over the edge of breakage of 64 rounds. I didn't present that as a likely theory. I presented it as a point of discussion. If you have no way to refute this technical possibility because you don't know a damn thing about cryptographic hash function construction then that means you are not expert enough to comment about the quality of my theory. Do you for example even understand why two SHA256 hash function applications in series is not equivalent to 2 x 64 rounds? I ask you a specific question and I expect a specific answer.

Because double hashing is routinely employed to avoid preimage and length extension attacks, whether such protection is needed or not. Multiple iterations do not make it more vulnerable (again, if you believe it does, it's up to you to produce evidence of such a vulnerability), so there's no downside except for a slight reduction in performance.

I asked you a specific question, "Do you for example even understand why two SHA256 hash function applications in series is not equivalent to 2 x 64 rounds?". I see you are unable to answer it?

After we confirm that you can't answer it, then I will REKT the rest of your technically incorrect response above.

I understand you don't like me, but that is your personal problem.

No, it isn't. It would a problem if I did like you, since anyone who does must be a poor judge of character.

Try reading the linked article to learn more about your character.

Btw, why are you so defensive of a coin that is 70% controlled by China's miners and allegedly soon to be 98.5% controlled. Can you even look in the mirror and not laugh at yourself.
sr. member
Activity: 420
Merit: 262
The plot thickens.  Tongue

Makes everyone who says he was a fraud look like a total imbecile for not checking whether the website is really the official word of Craig Wright.

In the thread of mine that Gregory Maxwell deleted, I made the point that those accusing Craig of fraud, hadn't done their homework. Lol.  Roll Eyes

Think about it - if you were purchasing a domain with your name in the title, why would you register it using an anonymous registrant to hide your name?

Forgot to tick-off default option "Protect my privacy for 5.99$ per year" maybe?

That's one perfectly plausible explanation Smiley
It couldn't possibly be anything like

My guess is wishful thinking. Never change, bitcointalk, never change...



not really sure where you're going with this. so you're saying that craig can deny his ties to the domain? what would that do? his claims on satoshi's identity were recorded in a video.

Not suggesting that he did not claim to be Satoshi. Merely that not everything posted on the internet can be taken at face value. If he needed to claim that he is not the author of that apology, he easily could.
And, of course,
Quote
< >The BBC understands that this tweet signifies that Mr Matonis still believes Dr Wright is indeed Satoshi.

"A lot more people in the Bitcoin community are going to be unconvinced of Dr Wright's claims than will believe he is Satoshi, based upon what's happened to date," commented Dr Garrick Hileman, an economic historian at the Cambridge Centre for Alternative Finance.

"But many of the doubters don't want to be convinced. Satoshi has been mythologised and if you pull back the curtain, you shatter a lot of people's fantasies.
sr. member
Activity: 420
Merit: 262
Your thread was deleted because it was utterly moronic, even more so than your usual bullshit. Everyone who had the misfortune to read it is now dumber for having done so. Go ahead and sell your coins, and don't let the door hit you on your way out.

The Bitcoin maximalists are having a heart attack because they don't like the facts.

While there are facts I don't like, I can accept them and I've never suffered a heart attack as a result. Though it's irrelevant since you've never said anything that even remotely resembles a fact.

You are free to present a refutation of anything I've written. So far, I've seen no technical argument from you.

How can I? One can only make a technical argument against disputed facts, and as I said, nothing you've ever said resembles a fact, disputed or otherwise.

I presented a technical argument. Regardless of the actions of Craig, that technical argument remains.

A technical argument by definition is not a fact. It is a technical position that stands to be debated. So if you are unwilling to respond technically to my technical points, then obviously you have nothing technical to say.

Here are some positions I made which you and no one else has refuted:

1. Craig said he signed a hash of some Sartre document but did not disclose which portion of the text. No one has written a script to prove that no portion or combination of portions of that Sartre text will not hash to the value that was signed. Thus I stated until someone has proven that it is impossible for Craig to later show that some portion of the Sartre text will hash to the sign hash value, then you can't claim with certainty that he can't do that. At the bare minimum, those who were checking Craig's proof, should have at least run a simple script to try every contiguous portion (no permutations) of the Sartre text (which is a tractable computation).

2. I have stated that no one seems to know why Bitcoin employs double hashing, and I have stated a theory that double hashing may weaken the collision resistance of the SHA256. I gave my logic for why that may be the case. I also note that SHA256 is documented to be reasonably close to being broken with 46 - 52 of the 64 rounds already broken. Thus I presented the theory that perhaps the double-hashing might push the vulnerability over the edge of breakage of 64 rounds. I didn't present that as a likely theory. I presented it as a point of discussion. If you have no way to refute this technical possibility because you don't know a damn thing about cryptographic hash function construction then that means you are not expert enough to comment about the quality of my theory. Do you for example even understand why two SHA256 hash function applications in series is not equivalent to 2 x 64 rounds? I ask you a specific question and I expect a specific answer.

I understand you don't like me, but that is your personal problem. Only a technical reply from you is relevant. Of course you can't make one.

Also how do you know that Craig didn't withdraw his plan because I just explained how he may of accomplished the feat he claimed he can do? I mean if someone could even explain the rational justification for the double-hashing, then we wouldn't be wondering as much.
legendary
Activity: 1078
Merit: 1011
Dang, well that ended quickly. I was just starting to take an interest in this whole "some part of the Sartre text might possibly result in same hash" discussion.
sr. member
Activity: 420
Merit: 262
You got your answer, satoshi my ass... lol

http://www.drcraigwright.net/



LOL, back to work Cheesy

We don't know yet for sure who Craig is working for.

This obviously was not done without a purpose.

You don't take these huge risk (e.g. of being sued, etc) without a sufficient reason.

Is Matonis a large blocker like Gavin?

Not?

https://www.reddit.com/r/Bitcoin/comments/3yupa6/philosophy_jon_matonis_extending_transaction_fee/

But they both are key members (control?) the Bitcoin Foundation?

What were their positions on Blockstream's SegWit?

Matonis is against block chain soft forks that are in SegWit:

https://www.cryptocoinsnews.com/jon-matonis-believes-block-size-debate-precursor-block-reward-debate/

http://bitcoinist.net/bitcoin-industry-leaders-block-size/



I guess there goes your Bitcoin is broken fud theory.

It might still be technically valid even if Craig isn't availing of such a vulnerability. And I am not yet sure if Craig has quit. He would place himself in greater legal burden by not following through.

Asking to have a technical discussion with a question mark and asking readers to please wait for the replies from other experts, hardly constitutes FUD. Please re-read the quote where I specifically stated those caveats from the very start (of course Gmaxwell deleted the thread but we still have my quote of the OP).

Remember Monero (not smooth) ignored for a year or more my points about combinatorial unmasking and IP address correlation. Finally now they admit it.
sr. member
Activity: 420
Merit: 262

It appears that the entire fiasco was crafted to destroy Matonis and Andresen.

He has apparently taken the fall in order to hand more power to those who are not Matonis and Andresen.

But the saga may not be fully played out yet...
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
Edit: let's go on Skype now. I want to talk some sense into you or at least find out in voice and webcam what sort of idiot trolls me. Are you afraid?
I don't have a webcam.

Disingenuous fuckers you all are.
Hey, I'm man enough to take a few insults, but now you've gone too far. Angry I am not a disingenuous fucker. My sex life has always been genuine. Are you just jealous?
sr. member
Activity: 420
Merit: 262
I understand it is only speculation at this point, and perhaps the other explanation you mentioned is more likely.

Yes it is much more likely he is a fraud. But one has to wonder why he has gone this far, if he can't follow through.

My theory was only to discuss a theory, but the Bitcoin maximalists can't tolerate freedom-of-speech. So this might tell you where Blockstream will lead Bitcoin. Their SegWit is arguably a scam where they will not have soft fork versioning control over Bitcoin after adding SegWit, as has been explained by Professor Stolfi for example.

The soft fork versioning is a Trojan Horse. Smooth and I challenged Gmaxwell on that point some weeks ago in the Bitcoin Technical Dicussion thread, and last time I checked he had never replied.

It is all politics.

Is there any other reason there is double hashing? I mean are there known benefits and thus reasons it was employed? It was simply a mystery addition that nobody could justify its existance?

Afaik, nobody can justify it. Apparently only Satoshi knows why.

I am now offering a theory as to why. And speculation could be perhaps some people already knew this and were covering it up perhaps, but that isn't necessary to make my theory worth discussing.

If there are no high level tech people here that can explain exactly why it is there then it does seem strange? why was it not questioned before and perhaps removed?

Afair it has been questioned and brushed aside as, "only satoshi knows".

So specifically LTC/Doge would be effected too? the algo does not matter ie scrypt is just as vulnerable as sha256 because this same double hashing is present?

Transaction signing is not related to mining hash algorithm.

Are there any other high level programmers here who have looked at the double hashing and have any ideas about it? negative or positive?

As far as I know, I am the first to present the potential for decreased collision resistance. I googled and didn't find anything.

Hopefully this is not the case and even if it were it is fixable before someone and their super computer or large hash farm can cause any issues.

What about ETH is that vulnerable.

I don't know if ETH uses a double hash on signing.

Also there is another detail which I am not sure about, which I was hoping to ask in that other thread that got deleted. I want to know if Bitcoin is signing a double hash of the transaction, or if the double-hash is only on the public key? That makes a big difference. If only the latter, then perhaps my theory is incorrect. As I wrote in the OP of the thread that got deleted, I didn't spend a lot of time checking all the details and hoped to receive peer review from other experts. but the thread was deleted.

I mean hopefully even worst case there would be a rush to other non vulnerable cryptos and not everyone bailing on the entire cryto scene.

This is why it is always good to have a few different currencies. Some which share practically no similaries so if a whole is found it one then capital can flow to another.

The most likely outcomes are:

1. Craig is a fraud and this issue dies.
2. I misunderstood some detail about where the double-hashing is in Bitcoin's transaction system, thus my theory is invalid.

However, there is also a chance my theory is correct. In that case, I don't know if altcoins without the vulnerability would benefit or suffer.

I just wanted to have a discussion. The Bitcoin maximalists turned it into a war. Bastards.
sr. member
Activity: 420
Merit: 262
I did not write that text with bolded phrase and without the context of the caveats that I provided at the deleted thread which was quoted out-of-context and missing the link to the context

Regardless of whether the context is provided, trying to deny you wrote the text is a lie. Granted the meaning changes somewhat when context is provided, however it doesn't change the fact.

I denied writing the text without the context. Where is the lie? Are you pulling my words out of my context again! Disingenuous fuckers you all are.

I don't understand what this thread's point is. Are you complaining that the staff deleted your post, or just trying to spread your 'facts' around the forum further to cause unnecessary panic?

Yeah you don't understand. Probably because you don't want to understand. Enjoy.
legendary
Activity: 2674
Merit: 2965
Terminated.
Liars and spin masters rephrase the wording to present someone's argument out-of-context (and delete entire threads where the caveats where disclaimed by myself which you are failing to mention).
Nothing was 'rephrased'. It was a screenshot from something that you wrote, even though you claim that you didn't.

P.S. the context at the deleted thread which LauraM didn't even link to, contained bolded and red caveats similar to my reexplanation as follows (which I was forced to repeat after your leader gmaxwell vaporized an entire thread):
"Laura" can't link to things that have been trashed. Technically, I can, but you are unable to see them directly.


You're producing so much spam in addition to breaking several rules along the way.
sr. member
Activity: 420
Merit: 262
Your thread was deleted because it was utterly moronic, even more so than your usual bullshit. Everyone who had the misfortune to read it is now dumber for having done so. Go ahead and sell your coins, and don't let the door hit you on your way out.

The Bitcoin maximalists are having a heart attack because they don't like the facts.

While there are facts I don't like, I can accept them and I've never suffered a heart attack as a result. Though it's irrelevant since you've never said anything that even remotely resembles a fact.

You are free to present a refutation of anything I've written. So far, I've seen no technical argument from you.

Please do try, so I can REKT you.

Edit: let's go on Skype now. I want to talk some sense into you or at least find out in voice and webcam what sort of idiot trolls me. Are you afraid?
legendary
Activity: 2352
Merit: 1268
In Memory of Zepher
I did not write that text with bolded phrase and without the context of the caveats that I provided at the deleted thread which was quoted out-of-context and missing the link to the context
Regardless of whether the context is provided, trying to deny you wrote the text is a lie. Granted the meaning changes somewhat when context is provided, however it doesn't change the fact.

I don't understand what this thread's point is. Are you complaining that the staff deleted your post, or just trying to spread your 'facts' around the forum further to cause unnecessary panic?
sr. member
Activity: 420
Merit: 262
Who are you quoting? I never wrote that text.
Yes you did. Either that or you decided to take credit for someone else saying it. Maybe you should go to a doctor and ask for an Alzheimer's screening, considering you've already forgotten something you wrote today.

I did not write that text with bolded phrase and without the context of the caveats that I provided at the deleted thread which was quoted out-of-context and missing the link to the context, as explained already dufus:

Quote
It seems likely that Craig has identified the back door that was placed in Bitcoin as explained above, and used his supercomputer access to find a preimage of SHA256.

Who are you quoting? I never wrote that text.

Liars and spin masters rephrase the wording to present someone's argument out-of-context (and delete entire threads where the caveats where disclaimed by myself which you are failing to mention).

Is that the best you retards can do?

P.S. the context at the deleted thread which LauraM didn't even link to, contained bolded and red caveats similar to my reexplanation as follows (which I was forced to repeat after your leader gmaxwell vaporized an entire thread):

What I stated in that thread is that this is all presuming that Craig will be able to tell us which portion of the Sartre text hashes the hash output that was signed as proof on his blog. If Craig doesn't ever do that, then he is a fraud. But if he does it, then it means there is some cryptographic breakage in Bitcoin. And I am identifying the double hash as the greatest potential weakness.

1. The more I think about it, the more I realize that if it is true, then it means who ever can do this, could potentially spend other people's coins. So maybe this is how Craig will spend coins from an early block of Bitcoin (although he might have mined then also depending how early the block is he moves coins from). And the only fix I think would be to have everyone respend their coins with a fixed block chain and fixed wallets. And for lost or inactive coins, they would remain vulnerable. You may or may not need a super computer depending on the cryptographic breakage. I am not sure if an ASIC miner would help or if having access to a miner in China with 30% of Bitcoin's hashrate would help or be necessary. I can't really speculate on the exact metrics of any cryptographic breakage since this would have I assume required a lot of research on his part.

2. Yes it would apply to clones which copies the double hashing.

I repeat this is conjecture that hinges on two speculations:

a) That Craig can present the portion of the Sartre text which hashes correctly.

b) That the cryptographic breakage that allowed #a, is a break in the SHA256 presumably due to the double hashing.

You continue following gmaxwell. He will lead you to failure.
legendary
Activity: 2674
Merit: 2965
Terminated.
Who are you quoting? I never wrote that text.
Yeah, definitely did not say that in your thread:


Dude they know they can't ban me. I have too much political clout here. You should be careful with your words.

legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
legendary
Activity: 2352
Merit: 1268
In Memory of Zepher
Who are you quoting? I never wrote that text.
Yes you did. Either that or you decided to take credit for someone else saying it. Maybe you should go to a doctor and ask for an Alzheimer's screening, considering you've already forgotten something you wrote today.

Dude they know they can't ban me. I have too much political clout here. You should be careful with your words.
I don't know about anyone else, but I'm terrified.
sr. member
Activity: 420
Merit: 262
Quote
It seems likely that Craig has identified the back door that was placed in Bitcoin as explained above, and used his supercomputer access to find a preimage of SHA256.

Who are you quoting? I never wrote that text.

Liars and spin masters rephrase the wording to present someone's argument out-of-context (and delete entire threads where the caveats where disclaimed by myself which you are failing to mention).

You should be thankful that you are not banned (yet) due to the amount of spam that you've posted in the recent days.

Dude they know they can't ban me. I have too much political clout here. You should be careful with your words.

If they do ban me, it will only only make me stronger, because so many people will see the forum as a farce.

Besides my posting here on this forum is irrelevant to my work. I donate my time and effort as a public service.
legendary
Activity: 2674
Merit: 2965
Terminated.
Quote
It seems likely that Craig has identified the back door that was placed in Bitcoin as explained above, and used his supercomputer access to find a preimage of SHA256.



You should be thankful that you are not banned (yet) due to the amount of spam that you've posted in the recent days.
sr. member
Activity: 420
Merit: 262
Okay now we are starting to get some evidence that there might be a coordinated attack to hide the facts I have presented (note the following thread move to Meta is not the thread that Gmaxwell deleted):

Your thread was deleted because it was utterly moronic, even more so than your usual bullshit. Everyone who had the misfortune to read it is now dumber for having done so. Go ahead and sell your coins, and don't let the door hit you on your way out.

The Bitcoin maximalists are having a heart attack because they don't like the facts.



Okay now we are starting to get some evidence that there might be a coordinated attack to hide the facts I have presented (note the following thread move to Meta is not the thread that Gmaxwell deleted)

It's likely not a coordinated attack but a manifestation of collective conscience of bitcoin holders who don't want a sell panic to start.

Well let them be the last one out the door. Much better they can trample each other on the way out.  Grin
sr. member
Activity: 420
Merit: 262
Can someone explain how he signed the 'Satre' quote WITHOUT having to break SHA256 (finding a collision) ?

It's pretty important, as if he did do that, Bitcoin is broken.

He never used the hash of any Sartre quote (that was just misdirection) - the double hash that he used was simply that used in Satoshi's tx along with the signature that was used in the tx.

(basically he just copied and pasted from the blockchain then put together an elaborate pretense that he had somehow managed to sign something else using a private key known to belong to Satoshi)

Even the silly BBC report has been corrected once they finally worked out that they had been tricked.


Oh.. I see.. thanks.

How can 'big boys' like Gavin and Matonis have fallen for this.. !? That shows very poor skills..  Embarrassed ( ..too poor if you ask me.. )

No one has presented a script which hashes all portions of the Sartre text to verify whether it does or does not hash to the correct value.

Until someone does that, they can't be sure that Craig won't reveal the Sartre text which does hash to the correct value, thus proving that he broke the cryptography. Since the SHA-256 was already broken to 46 - 52 rounds of the 64 rounds (for a single hash), then doubling the hash as Bitcoin does could potentially break it for all 64 rounds, because ostensibly collision resistance gets worse when doubling a hash (as I had explained in detail upthread). No one knows why Satoshi designed Bitcoin with a double hash. I am positing it might be a back door.

CIYAM is misleading you. Follow an idiot if you want to be one.



I'm sorry for my lack of technical understanding, but if there were a back door in btc.

1. Could this be fixed easily before it could be used in a way to hurt btc? i.e do you need a super computer to utilize this back door?
2. would this same issue be there in all alts that were essentially cloned from btc code or does using a different algo or POS help to nullify this backdoor?

I am not sure if you thread was deleted since you didn't receive a PM about it. Does one receive a personal message when a thread is moved?

No when a thread is moved they don't receive a PM, but there is no "Moved: ....." thread message remaining the Bitcoin Technical Discussion subforum. And I also checked Off-topic and it hasn't been moved there afaics. Also normally the link doesn't stop functioning even when it is moved. Clearly Gmaxwell is trying to hide it.

Gmaxwell might try to claim he banned me from that sub-forum, yet he had mentioned in our last communications that I am not banned from that forum. And also smooth and I recently posted in the thread in that sub-forum on one of the SegWit threads and afaik my post hadn't been deleted the last time I looked. He didn't just delete my posts in the thread but also posts from several other forum members who posted in that thread. The entire thread has been vaporized afaics. I presume Gmaxwell is formulating his plan now how to try to make me look like a fool. We know what happened the last time he tried to do that, I embarrassed him technically.

What I stated in that thread is that this is all presuming that Craig will be able to tell us which portion of the Sartre text hashes the hash output that was signed as proof on his blog. If Craig doesn't ever do that, then he is a fraud. But if he does it, then it means there is some cryptographic breakage in Bitcoin. And I am identifying the double hash as the greatest potential weakness.

1. The more I think about it, the more I realize that if it is true, then it means who ever can do this, could potentially spend other people's coins. So maybe this is how Craig will spend coins from an early block of Bitcoin (although he might have mined then also depending how early the block is he moves coins from). And the only fix I think would be to have everyone respend their coins with a fixed block chain and fixed wallets. And for lost or inactive coins, they would remain vulnerable. You may or may not need a super computer depending on the cryptographic breakage. I am not sure if an ASIC miner would help or if having access to a miner in China with 30% of Bitcoin's hashrate would help or be necessary. I can't really speculate on the exact metrics of any cryptographic breakage since this would have I assume required a lot of research on his part.

2. Yes it would apply to clones which copies the double hashing.

I repeat this is conjecture that hinges on two speculations:

a) That Craig can present the portion of the Sartre text which hashes correctly.

b) That the cryptographic breakage that allowed #a, is a break in the SHA256 presumably due to the double hashing.
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
Your thread was deleted because it was utterly moronic, even more so than your usual bullshit. Everyone who had the misfortune to read it is now dumber for having done so. Go ahead and sell your coins, and don't let the door hit you on your way out.
sr. member
Activity: 420
Merit: 262
The thread with the above title was deleted to the ether:

https://bitcointalksearch.org/topic/m.14758977

There is something very fishy going on. I'd sell BTC immediately as this is a very dangerous time. Something is happening that "they" don't want us to know.
Jump to: