Why Is Your Wallet Safe?

Once quantum computers come out it will obviously be a different world but there are a few years to figure that out and IOHK is working on the problem now.

1 Like

Quantum computers have not been built at full scale and capability. Even if one began to try to build for that, tell me, how can you build for something where the full capability has not been understood completely? The ideas behind quantum resistant is based only on what is known of quantum computing at a public level. This likely does not include things at a non-public secret level.

Advances are learned once they are available for use. Things might be found that were not considered prior to quantum computers becoming available.

If you look at the wallets and transactions they are not from a single source, transactions not from single origin, and were very likely not placed in those locations. In addition, the pool is searching for the collisions and keys and not guided by any one user. This falls in line with the applied theory.

https://lbc.cryptoguru.org/man/theory

Airgapped In give you. For now that seems to be secure in these terms. There is additional exposure however but right. This is the better option.

Here is a video that attempts to put numbers and probabilities in perspective.

About current supercomputers: One has to convert number of calculations of current supercomputers from teraflops/second into terahashes per second to make a reasonable comparison…

But given how far removed we are from reaching the power needed to “crack” SHA256, we are pretty safe. If they ever get close, we could just increase the bitsize to 512 or 1024…

To me, the fact that bitcoin survived 10 years is a testament to the fact that no such capacity exist to compromise your crypto. If it existed the whole crypto space would not have sprung up.

I’d be more worried about a loop on ECSA, than a brute force attack on Sha256.

3 Likes

Very interesting article but I think I didn’t understand everything.

First of all, an “addition” on the elliptic curve seems to be very different from the addition I learned during my first year in school. Is that correct?

Furthermore I don’t really understand why showing the proof that I know X using m, R, and s is secure. Ok, noone can guess my privat key X from that proof. But what keeps other people from just using the same m, R, and s for a second transaction? So they could “proof” thy know my private key X and transfer everything to their account. I’m just missing the point here.

Yes, the math is different on elliptic curves. It’s computationally less expensive to multiply large numbers on it because of its properties.

It guarantees security because given a number X = xP, where X and P are public information, it is impossible to calculate x without having to plug different values for x to solve for it. In other words ECs allow for easier multuiplicafion but harder divisions. For large numbers the computation time increases beyond feasibility.

Here X is your public key, P a point on Elliptic Curve and x a random number from a set {1, 2^256} , which is your private key.

Each m, which represents contents of a transaction, generates a unique signature.

If someone were to use your signature that was used for m, for another transaction, it wouldn’t be verified by the network.

1 Like

Ui, one more thing I never heard before. I have to learn a lot it seems… :wink:

1 Like

Haha. Ui = fat finngers+small screen

Facts:

  1. NSA created SHA. Agree or Disagree?
  2. SHA 1 created, well released around 1995. Agree or Disagree?
  3. SHA 1 first proven instances of collisions found in 2005.
    https://www.tsinghua.edu.cn/publish/casen/1695/2010/20101224093253705266640/20101224093253705266640_.html
  4. Google executes collision attack. SHA 1 rendered useless.
    https://www.theregister.co.uk/2017/02/23/google_first_sha1_collision/
  5. Revised method lowers cost of attack.
    https://www.infoworld.com/article/2990831/security-management/sha-1-hashing-algorithm-could-succumb-to-75k-attack-researchers-say.html

Th fact is people keep reinforcing these talking points that SHA is impossible to hack and will last forever and ever. I think some people said that about SHA 1. The same is being said about SHA 2. I’m throwing SHA 256 into “SHA 2” because it belongs here so lets not confuse that point.

It took one cryptographer who wasn’t even known as one of the top cryptographers on Earth at the time to show the flaw in SHA 1. SHA 2 was made by people and ill be broken by people. Remember back when people were saying SHA 1 and MD5 wouldnt be broken in the next 1000 years…ya 10 years later, its rendered useless.

Only staying facts here…dont hate the messenger.

1 Like

SHA256 is just the method for choosing a 256 bit number to use as a key. As long as the function isn’t outputting the same number for different inputs it’s fine. If this were happening we’d hear reports of people finding bitcoin in newly created wallets.

The point is that the keys are large enough that it’s practically impossible to guess them, even with orders of magnitude more computing power and time than are available.

Here’s the article from the last thread explaining why LBC isn’t a threat:

2 Likes

You’ve missed the point again. So lets go through this one at a time.

  1. In your opinion, are collisions or detection of collisions detrimental to the security of a blockchain? This is a yes or no question.

  2. Do you. Agree with every other expert, including the NSA which states unequivocally that SHA1 has been compromised? This is a yes or no question.

  3. If SHA1 was created in 1995 and proven hackabel and hacked by a Google team in 2005, is it fair to assume that an accomplishment such as this in a 10 year time span directly disputes the claims that SHA1 would last more than 100+ years? If this is a fair assumption, is it fair to conclude that a flaw could be identified in SHA2 that would allow for collisions or collision detection that would compromise the security provided by SHA2?

  4. Since the basis of Google, NSA, PRC and every other security agency’s decision to have SHA1 not used is the proven compromised state of SHA, what is your basis and claim that the collision detection used by LBC and the identification of associated public keys, is not a hack of SHA1?

SHA2 does not solve, mapping data of size > n into a space = n creates collisions.

Finding collisions in SHA256 would mean that two different inputs created the same output. This doesn’t compromise private keys. It doesn’t make it any easier to find a number in 256 bits that belongs to an existing wallet.

Mapping 2^256 to 2^160 obviously means collisions exist, but these numbers are large enough that you wouldn’t find one for an existing wallet in any reasonable amount of time.

2 Likes

Agree.

Agree.

Agree.

Agree.

Agree, but that doesn’t mean SHA1 was completely compromised. They encouraged migration to SHA2 just because SHA1 was less safe. A quote from your article:

" Happily, the researchers have only shown a way to simplify an identical-prefix attack on SHA-1, meaning it is not yet possible to generate fake SSL certificates allowing the impersonation of arbitrary websites.

“This is still far from being able to create a rogue CA, as such an attack would require a stronger type of collision,” said Peyrin, one of the authors of the research paper.

“We advise the industry to not play with fire and accelerate the migration process toward SHA2 and SHA3 before such dramatic attacks become feasible,” Peyrin concluded."

So you are saying that SHA2 (which comprises a number of algorithms ranging from 256 up to 512bits) is vulnerable to attacks because SHA1 was without even looking at the differences between the two?

I agree. There is nothing with 100% security, BUT SHA256 is used widely in all kinds of commercial applications, including your online bank connection.

If it was compromised (as you seem to suggest) wouldn’t we be all migrating to SHA3? SHA256 collision vulnerability isn’t the issue of crypto only. Your entire online presence could be compromised if the threat was real. If LBC was serious about their claims they would have produced a body of evidence that would irrefutably confirm their position. Agree or disagree?

I agree with the facts. I just don’t see how they lead to your claims which are:

  1. SHA256 isn’t safe because LBC::Server, says they found some collisions.

  2. SHA256 is vulnerable to attacks because SHA1 was vulnerable to attacks.

I would counter your arguments by saying (as I stated above) that:

  1. Regardless of its origins SHA256 is used in a wide array of applications. Agree or Disagree?

  2. if SHA256 as proven to have collisions that are easy to compute, we would retired SHA2 by now as many billion dollars of value are dependent on it outside crypto. Agree or Disagree?

  3. The claims of the LBC project are easily refuted. Others have pointed out to them on this forum repeatedly. They did not produce tangible/irrefutable evidence that supports their claims. In other words they are FUDding the space. Agree or Disagree?

  4. Hash functions undergo extreme scrutiny/testing for security vulnerabilities before being recommended for and deployed in widespread applications. Collision-resistance is one of these vulnerabilities/tests. There is an acceptable level of collisions that the industry deems appropriate and it is a function of total computing power available to adversaries at this point and in the foreseeable future. Agree or Disagree?

Here is an article that showcases probabilities of finding a collision based on computing power. Scroll down to the bottom to see the comparison. It all boils down to how much computing power is available… as long as the gap is significant the hash function is safe.

  1. The fact that SHA1 turned out to be provably vulnerable to collision attacks doesn’t mean that SHA2 is subject to the same. I haven’t researched all the differences, but I would assume SHA2 uses a different algorithm than SHA1, which (again i assume) is impervious to the kind of attacks used to break SHA1.Agree or Disagree?

  2. Finally, I don’t rule out that someday, someone could theoretically break SHA2. BUT we have to agree that the vector of attack wouldn’t necessarily be brute forcing it with computing power. Such claims just don’t make mathematical sense. Proving that collisions exist in SHA256 above an beyond the stated acceptable levels by the security standards, requires finding them repeatedly and consistently during a reasonable course of time. Either that or finding a shortcut/loophole in cryptography/math that governs SHA256. From what I see, no one has done that.

I’m simply saying SHA2 was created by the NSA, anflaw in the algorithm was found by a researcher who was relatively unknown at the time of the discovery. If that’s the case SHA2 could have a vulnerability that is discovered by another researcher.

I was actually quite surprised in that flaws generally aren’t publically reported because it allows for an intelligence agency to have a possible avenue that has been compromised to gather signal intel.

Think Turing.

This is a whole separate issue, isn’t it though?

My take: As long as the inner workings of SHA256 are publicly available, anyone can research and find vulnerabilities in math/algorithms. This is quite expected actually, that someone relatively unknown discovers something that makes one methodology obsolete but pushes us to learn, to iterate and improve it. If it were for NSA, they would never reveal the flaws. It’s not in their interest to expose their own flaws. It takes time, money and talent to create new standards.

This is an acceptable protocol in the cryptographic community. It doesn’t necessarily mean someone is gathering intel. The two researchers who found vulnerabilities in Intel chips kept their finding secret until some form of workable solution was found. This is done to preserve the continuity of business/economic processes. Overall its an ethical thing to do.

Not a whole separate issue to me.

I think flaws exist and it has not been disclosed.

New standards. I think SHA 3.

Acceptable protocol in the community: it may not necessarily mean that someone is gathering intel, but the more likely scenario is that someone is and its likely multiple nation states.