Topic: When SHA-256 is compromised (Read 2765 times)

This.

Ah I didn't consider this scenario ... that might actually be a good way to convince miners to invest in new hardware, while not completely losing their old investments.

How is that quark coin is more secure with that ridiculously fast maturing?

i would prefer dogecoin  

True.

Folks, read the Bitcoin whitepaper, use the search engine, and in general just assume whatever flaw with Bitcoin that occurs to your brain, has already occurred along with a dozen others to someone with 160+ IQ

http://bitcoin.org/bitcoin.pdf

Not if someone has spent outputs with that address. Then public key for that address would be known. This is one reason you should not re-use addresses.

And RIPEMD-160 would need to be broken too.

Because they wouldn't have the private key. For that they will need to compromise ECDSA too. We are talking about having SHA-256 compromised only.

This, along with the fact that if SHA-256 is compromised, there are FAR more valuable targets than Bitcoin.  


If someone malicious or dishonest broke SHA-256, why would they mine blocks when they would have the private key to every wallet?

Such unanimous agreement is very doubtful.

This bears repeating and elaborating.

It's not like you go to bed and SHA256 is fine, and you wake up in the morning and it's broken.  The chances of this happening to SHA256 are zero.  The chances of this happening to anything written by you or I that hasn't been reviewed and examined by thousands of brilliant minds is pretty much guaranteed.  

One day a researcher will publish a paper that shows that they can, say for example, drop the size of the brute-force keyspace for creating a collision by an order of magnitude or three.  So instead of SHA256 being 2^256 strong, it will be "only" 2^252 strong.  

Then someone else discovers another flaw that, say, allows them to partially recover the input based on a given hash, such that repeated hashing of messages that differ by a known amount allow an attacker to recover the original message.

In ways such as these, the strength of the algorithm is weakened over time.  But the key point is that it happens over significant time - years.  As soon as the first real dent is made in the strength of SHA256, we can begin discussing what should replace it, and how we move there.

Yes, mining hardware that utilises double-sha256 will be useless (although as was pointed out above, just because SHA256 is broken doesn't mean double-SHA256 is broken).

Such a move will take years.  The first step would probably be to alter the Bitcoin protocol to allow a different hashing method.  This hashing method would not be valid until the majority of miners and clients had moved to the protocol version that supports the new hash method.  Then we enter the time of dual hashing.  Old-style double-SHA256 hashes would be valid, but new style DERP512 hashes would also be equally valid.  After enough time has passed, and enough blocks are mined using DERP512 instead of double-SHA256 (say, 10 to 1) then the network could cut over to only accept the new hashes, and the old miners would be retired.  At least, that's one way to do it.

ASIC mining equipment has a short shelf life anyway. Current-gen equipment will be long dead by the time bitcoin uses anything apart from SHA-256

This would make all the ASIC mining equipment worthless... wouldn't miners need to sell all their coins to recover their losses? With the network ending up less secure. That could completely crash the market and people spreading over to different altcoins to hedge their bets.

Kermitcoin? The mother of all scamcoins ? Are you serious?

Bitcoin uses double-SHA256, which is not broken if SHA256 is compromised. But other financial and banking protocols (credit cards, wire transfers, etc) all use algorithms way, WAY weaker than SHA256, so they're in big trouble.

So, when SHA-256 is compromised, everybody will flee from fiat to Bitcoin.

And then, it will take several more years before before double-SHA256 is broken in any way, so we'll have plenty of time to switch to SHA3.

Bitcoin wins.

This is an important question. Cryptography tends to get "cracked" step by step, it never goes from being secure to utterly and completely broken over night. If there's an indication of it having a weakness there is a lot of time to prepare.

4-5 would be too hard for it to happen.
Another coin would replace it that uses different security.
A coin with more security like Quark Coin would most likely replace it or another alt coin that uses another security.
The general public would not be able to trust Bitcoin again even if 4-8 happens.

Replace SHA-256 with something newer

Not so well, I'm afraid.