5
If one of the cryptographic building blocks of Bitcoin were to be broken, couldn't that result in the entire block chain needing to be recomputed? And how would that work, given the computational expense involved?
Wouldn't compromised crypto require entire block chain to be recomputed?
Answers
4
If one of the cryptographic building blocks of Bitcoin were to be broken
This is a difficult question to answer because Bitcoin uses so many.
SHA256d
This is Bitcoin's main hashing algorithm. It uses it for proof-of-work, building merkle trees, and lots of other stuff.
Collision resistance
If broken, you could create two blocks that hashed to the same thing. This would be bad because you could give both out, and nodes would think that they agreed, but they were actually talking about different blocks.
Preimage resistance
If broken, you'd have essentially infinite hashpower, and you could do the previous attack on blocks that had already been mined.
Mining faster than brute force
Currently, the fastest known way to get a hash that starts with lots of zeros is to just run through that hash lots of times. However, if you could figure out at the start that certain ranges of nonces weren't going to result in a block, you'd have a significant advantage over ASIC miners, who wouldn't be able to change the way they mined.
HASH160
Collision resistance
Irrelevant.
Preimage resistance
If broken, you could steal bitcoins.
ECDSA
If broken, you could steal bitcoins.
Final remarks
It's unlikely that every crypto primitive that bitcoin relies on would be broken. If they were, there are usually better primitives that could replace them.
So if SHA-256 was broken in some significant way and needed replacement, wouldn’t that involve recomputing the entire block chain with a different hash function? And if so, would that be feasible or would the whole system collapse? – George – 2013-04-12T18:32:09.313
3 @George Actually, you could use the existing checkpoint system, but use a different hash, like SHA3. You'd want to switch to SHA3 for the new blocks though, which would require a mutually-exclusive hard fork.
Considering the NSA uses SHA256 hashes in their suite B protocols, I doubt that one could deduce nonce results. – Charles Hoskinson – 2013-04-18T07:21:59.687
Please define "broken" and "building blocks" The word "block" has a specific meaning in bitcoin. – Ben – 2013-04-12T15:07:44.960
1
I know it's on another stack exchange (and closed) but there is a solid explanation of how this scenario could be resolved at http://stackoverflow.com/questions/5605571/is-bitcoin-protocol-future-proof
– eMansipater – 2013-04-12T19:01:24.043@Ben: I meant the crypto primitives, of course. By "broken" I mean any occurence where one of these primitives were proven not to be up to specs and would become unreliable, possibly making the whole block chain to that date unreliable. – George – 2013-04-12T19:11:29.313
1
Related: http://bitcoin.stackexchange.com/q/8702/153
– Stephen Gornick – 2013-04-13T05:04:33.277