Pages:
Author

Topic: When SHA-256 is compromised (Read 2788 times)

legendary
Activity: 1176
Merit: 1011
December 22, 2013, 06:53:51 PM
#23
Folks, read the Bitcoin whitepaper, use the search engine, and in general just assume whatever flaw with Bitcoin that occurs to your brain, has already occurred along with a dozen others to someone with 160+ IQ

http://bitcoin.org/bitcoin.pdf
This.
newbie
Activity: 53
Merit: 0
December 22, 2013, 02:38:27 PM
#22
Such a move will take years.  The first step would probably be to alter the Bitcoin protocol to allow a different hashing method.  This hashing method would not be valid until the majority of miners and clients had moved to the protocol version that supports the new hash method.  Then we enter the time of dual hashing.  Old-style double-SHA256 hashes would be valid, but new style DERP512 hashes would also be equally valid.  After enough time has passed, and enough blocks are mined using DERP512 instead of double-SHA256 (say, 10 to 1) then the network could cut over to only accept the new hashes, and the old miners would be retired.  At least, that's one way to do it.

Ah I didn't consider this scenario ... that might actually be a good way to convince miners to invest in new hardware, while not completely losing their old investments.
legendary
Activity: 1148
Merit: 1018
December 22, 2013, 10:53:36 AM
#21
1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
2) Attacker zip through blocks, providing instant confirmation for his malicious activities.
3) Attacker tries to sell all the coins.
4) Exchanges freeze.
5) No one needs convincing that the hashing algorithm is really broken.
6) Bitcoin algorithm switched
7) Everyone agrees to rewind to a block before the attack
8 ) bitcoin continues.

Assuming the discoverer is malicious and smart:
2) Attacker zip through blocks at 5 minutes interval to avoid detection.
3) When this has happened for a while, more and more people will become suspicious
4) 5 - 8 will happen.


Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.

I have left out the other serious implications of the complete breakdown of SHA-256.  

 


4-5 would be too hard for it to happen.
Another coin would replace it that uses different security.
A coin with more security like Quark Coin would most likely replace it or another alt coin that uses another security.
The general public would not be able to trust Bitcoin again even if 4-8 happens.



How is that quark coin is more secure with that ridiculously fast maturing?
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
December 22, 2013, 10:28:36 AM
#20
1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
s and smart:


........


Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.

I have left out the other serious implications of the complete breakdown of SHA-256.  

 


4-5 would be too hard for it to happen.
Another coin would replace it that uses different security.
A coin with more security like Quark Coin would most likely replace it or another alt coin that uses another security.
The general public would not be able to trust Bitcoin again even if 4-8 happens.



Kermitcoin? The mother of all scamcoins ? Are you serious?

i would prefer dogecoin  Grin
sr. member
Activity: 475
Merit: 255
December 22, 2013, 10:06:49 AM
#19
And RIPEMD-160 would need to be broken too.

Not if someone has spent outputs with that address. Then public key for that address would be known. This is one reason you should not re-use addresses.

True.
hero member
Activity: 1036
Merit: 500
December 22, 2013, 09:56:51 AM
#18
Folks, read the Bitcoin whitepaper, use the search engine, and in general just assume whatever flaw with Bitcoin that occurs to your brain, has already occurred along with a dozen others to someone with 160+ IQ

http://bitcoin.org/bitcoin.pdf
full member
Activity: 182
Merit: 100
December 22, 2013, 08:25:05 AM
#17
And RIPEMD-160 would need to be broken too.

Not if someone has spent outputs with that address. Then public key for that address would be known. This is one reason you should not re-use addresses.
sr. member
Activity: 475
Merit: 255
December 22, 2013, 08:12:55 AM
#16
And RIPEMD-160 would need to be broken too.
full member
Activity: 182
Merit: 100
December 22, 2013, 08:04:03 AM
#15
Bitcoin uses double-SHA256, which is not broken if SHA256 is compromised. But other financial and banking protocols (credit cards, wire transfers, etc) all use algorithms way, WAY weaker than SHA256, so they're in big trouble.

So, when SHA-256 is compromised, everybody will flee from fiat to Bitcoin.

And then, it will take several more years before before double-SHA256 is broken in any way, so we'll have plenty of time to switch to SHA3.

Bitcoin wins.

This, along with the fact that if SHA-256 is compromised, there are FAR more valuable targets than Bitcoin.  

1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
2) Attacker zip through blocks, providing instant confirmation for his malicious activities.
3) Attacker tries to sell all the coins.
4) Exchanges freeze.
5) No one needs convincing that the hashing algorithm is really broken.
6) Bitcoin algorithm switched
7) Everyone agrees to rewind to a block before the attack
8 ) bitcoin continues.

Assuming the discoverer is malicious and smart:
2) Attacker zip through blocks at 5 minutes interval to avoid detection.
3) When this has happened for a while, more and more people will become suspicious
4) 5 - 8 will happen.


Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.

I have left out the other serious implications of the complete breakdown of SHA-256. 

 

If someone malicious or dishonest broke SHA-256, why would they mine blocks when they would have the private key to every wallet?

Because they wouldn't have the private key. For that they will need to compromise ECDSA too. We are talking about having SHA-256 compromised only.
sr. member
Activity: 302
Merit: 250
December 22, 2013, 07:48:37 AM
#14
Bitcoin uses double-SHA256, which is not broken if SHA256 is compromised. But other financial and banking protocols (credit cards, wire transfers, etc) all use algorithms way, WAY weaker than SHA256, so they're in big trouble.

So, when SHA-256 is compromised, everybody will flee from fiat to Bitcoin.

And then, it will take several more years before before double-SHA256 is broken in any way, so we'll have plenty of time to switch to SHA3.

Bitcoin wins.

This, along with the fact that if SHA-256 is compromised, there are FAR more valuable targets than Bitcoin.  

1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
2) Attacker zip through blocks, providing instant confirmation for his malicious activities.
3) Attacker tries to sell all the coins.
4) Exchanges freeze.
5) No one needs convincing that the hashing algorithm is really broken.
6) Bitcoin algorithm switched
7) Everyone agrees to rewind to a block before the attack
8 ) bitcoin continues.

Assuming the discoverer is malicious and smart:
2) Attacker zip through blocks at 5 minutes interval to avoid detection.
3) When this has happened for a while, more and more people will become suspicious
4) 5 - 8 will happen.


Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.

I have left out the other serious implications of the complete breakdown of SHA-256. 

 

If someone malicious or dishonest broke SHA-256, why would they mine blocks when they would have the private key to every wallet?
sr. member
Activity: 475
Merit: 255
December 22, 2013, 06:44:37 AM
#13
1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
2) Attacker zip through blocks, providing instant confirmation for his malicious activities.
3) Attacker tries to sell all the coins.
4) Exchanges freeze.
5) No one needs convincing that the hashing algorithm is really broken.
6) Bitcoin algorithm switched
7) Everyone agrees to rewind to a block before the attack
8 ) bitcoin continues.

Assuming the discoverer is malicious and smart:
2) Attacker zip through blocks at 5 minutes interval to avoid detection.
3) When this has happened for a while, more and more people will become suspicious
4) 5 - 8 will happen.


Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.

I have left out the other serious implications of the complete breakdown of SHA-256. 

 

Such unanimous agreement is very doubtful.
hero member
Activity: 499
Merit: 500
December 22, 2013, 06:29:14 AM
#12
Compromised how?
This is an important question. Cryptography tends to get "cracked" step by step, it never goes from being secure to utterly and completely broken over night. If there's an indication of it having a weakness there is a lot of time to prepare.

This bears repeating and elaborating.

It's not like you go to bed and SHA256 is fine, and you wake up in the morning and it's broken.  The chances of this happening to SHA256 are zero.  The chances of this happening to anything written by you or I that hasn't been reviewed and examined by thousands of brilliant minds is pretty much guaranteed.  

One day a researcher will publish a paper that shows that they can, say for example, drop the size of the brute-force keyspace for creating a collision by an order of magnitude or three.  So instead of SHA256 being 2^256 strong, it will be "only" 2^252 strong.  

Then someone else discovers another flaw that, say, allows them to partially recover the input based on a given hash, such that repeated hashing of messages that differ by a known amount allow an attacker to recover the original message.

In ways such as these, the strength of the algorithm is weakened over time.  But the key point is that it happens over significant time - years.  As soon as the first real dent is made in the strength of SHA256, we can begin discussing what should replace it, and how we move there.

Yes, mining hardware that utilises double-sha256 will be useless (although as was pointed out above, just because SHA256 is broken doesn't mean double-SHA256 is broken).

Such a move will take years.  The first step would probably be to alter the Bitcoin protocol to allow a different hashing method.  This hashing method would not be valid until the majority of miners and clients had moved to the protocol version that supports the new hash method.  Then we enter the time of dual hashing.  Old-style double-SHA256 hashes would be valid, but new style DERP512 hashes would also be equally valid.  After enough time has passed, and enough blocks are mined using DERP512 instead of double-SHA256 (say, 10 to 1) then the network could cut over to only accept the new hashes, and the old miners would be retired.  At least, that's one way to do it.
hero member
Activity: 518
Merit: 500
December 22, 2013, 06:26:03 AM
#11
Replace SHA-256 with something newer

This would make all the ASIC mining equipment worthless... wouldn't miners need to sell all their coins to recover their losses? With the network ending up less secure. That could completely crash the market and people spreading over to different altcoins to hedge their bets.

ASIC mining equipment has a short shelf life anyway. Current-gen equipment will be long dead by the time bitcoin uses anything apart from SHA-256
newbie
Activity: 53
Merit: 0
December 22, 2013, 06:10:29 AM
#10
Replace SHA-256 with something newer

This would make all the ASIC mining equipment worthless... wouldn't miners need to sell all their coins to recover their losses? With the network ending up less secure. That could completely crash the market and people spreading over to different altcoins to hedge their bets.
hero member
Activity: 826
Merit: 501
in defi we trust
December 22, 2013, 03:57:37 AM
#9
1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
2) Attacker zip through blocks, providing instant confirmation for his malicious activities.
3) Attacker tries to sell all the coins.
4) Exchanges freeze.
5) No one needs convincing that the hashing algorithm is really broken.
6) Bitcoin algorithm switched
7) Everyone agrees to rewind to a block before the attack
8 ) bitcoin continues.

Assuming the discoverer is malicious and smart:
2) Attacker zip through blocks at 5 minutes interval to avoid detection.
3) When this has happened for a while, more and more people will become suspicious
4) 5 - 8 will happen.


Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.

I have left out the other serious implications of the complete breakdown of SHA-256.  

 


4-5 would be too hard for it to happen.
Another coin would replace it that uses different security.
A coin with more security like Quark Coin would most likely replace it or another alt coin that uses another security.
The general public would not be able to trust Bitcoin again even if 4-8 happens.



Kermitcoin? The mother of all scamcoins ? Are you serious?
legendary
Activity: 1176
Merit: 1011
December 22, 2013, 03:45:38 AM
#8
Bitcoin uses double-SHA256, which is not broken if SHA256 is compromised. But other financial and banking protocols (credit cards, wire transfers, etc) all use algorithms way, WAY weaker than SHA256, so they're in big trouble.

So, when SHA-256 is compromised, everybody will flee from fiat to Bitcoin.

And then, it will take several more years before before double-SHA256 is broken in any way, so we'll have plenty of time to switch to SHA3.

Bitcoin wins.
sr. member
Activity: 430
Merit: 250
December 22, 2013, 02:57:03 AM
#7
Compromised how?
This is an important question. Cryptography tends to get "cracked" step by step, it never goes from being secure to utterly and completely broken over night. If there's an indication of it having a weakness there is a lot of time to prepare.
member
Activity: 98
Merit: 10
December 22, 2013, 02:06:52 AM
#6
1) SHA-256 compromised as in there is a quick way to discover the nonce required to produce the valid block hash.
Assuming the discoverer is malicious and stupid:
2) Attacker zip through blocks, providing instant confirmation for his malicious activities.
3) Attacker tries to sell all the coins.
4) Exchanges freeze.
5) No one needs convincing that the hashing algorithm is really broken.
6) Bitcoin algorithm switched
7) Everyone agrees to rewind to a block before the attack
8 ) bitcoin continues.

Assuming the discoverer is malicious and smart:
2) Attacker zip through blocks at 5 minutes interval to avoid detection.
3) When this has happened for a while, more and more people will become suspicious
4) 5 - 8 will happen.


Assuming the discoverer is benevolent:
2) Research claims SHA-256 compromised
3) demonstrates this by zipping pass a few blocks.
4) 4-8 in the stupid attacker case happens.

I have left out the other serious implications of the complete breakdown of SHA-256.  

 


4-5 would be too hard for it to happen.
Another coin would replace it that uses different security.
A coin with more security like Quark Coin would most likely replace it or another alt coin that uses another security.
The general public would not be able to trust Bitcoin again even if 4-8 happens.

hero member
Activity: 518
Merit: 500
December 21, 2013, 10:41:06 PM
#5
Replace SHA-256 with something newer
sr. member
Activity: 484
Merit: 250
HubrisOne
December 21, 2013, 09:42:09 PM
#4
Not so well, I'm afraid.
Pages:
Jump to: