From: Karl <gmkarl@gmail.com>
To: Ariel Lorenzo-Luaces <arielluaces@gmail.com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] hashcash-newhash
Date: Mon, 25 May 2020 03:03:20 -0400 [thread overview]
Message-ID: <CALL-=e5ZJsUfkgOyVQhAXHpYp7-2xrpjphO77ixwrva1uTEfmQ@mail.gmail.com> (raw)
In-Reply-To: <f74fc5a4-b09b-41d0-a3c4-7d6726cee016@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2715 bytes --]
Hi Ariel,
Thanks for your reply.
You state that once "the entire world" can quickly find a hash that it then
"needs to be changed", but that that "won't happen in a day".
It sounds like you believe compromise of the algorithm as a concern
provides a _lot_ of time to migrate to a new hash function, and that it is
indeed important to do so when it becomes needed.
Let's talk about relaxing the time scale. Making such plans seems more
important than agreeing on how soon they happen. It's possible it could be
decades before having a new hash is actually needed to protect financial
security. Who knows.
How does that land? Is the idea more available with a looser time scale?
It seems to me with ongoing cryptanalysis research, new things like quantum
computers, conventional computer hardware always advancing, that some day
far in the future it will be easy to find an sha256 preimage on a personal
device, somehow.
Let's improve the security of the blockchain.
On Sun, May 24, 2020, 7:51 PM Ariel Lorenzo-Luaces <arielluaces@gmail.com>
wrote:
> On May 24, 2020, at 1:26 PM, Karl via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
>>
>> You mention ASICs becoming commoditized. I'd remind you that eventually
>> there will be a public mathematical breaking of the algorithm, at which
>> point all ASICs will become obsolete regardless. Would you agree it would
>> be better to prepare for this by planning algorithm change?
>>
>> Cryptographic algorithms don't usually break this way. In the case of
>> hash functions it may be possible to find an exploit that reduces the
>> function's security from 256 bits to 128 for example. So an algorithm that
>> could find 80 zero bits per energy unit before can now find 160 zero bits
>> per energy unit with an exploit.
>>
>> If this exploit can be deployed as a software patch to most ASICs then
>> the issue will sort itself out on the next difficulty adjustment.
>>
>> If the exploit instead requires an entirely new ASIC then GPUs and FPGAs
>> that could previously find 40 zero bits per energy unit can now compete
>> with the less adaptive ASICs until new ASICs that use the exploit start
>> getting produced and shipped.
>>
>> There's never any official "public breaking" of a hash function. The
>> function will just loose security over time until it's deemed to not be
>> "secure enough" for certain applications. Thankfully mining is an
>> application where the only important thing is that the difficulty can be
>> increased. In other words, if the entire world can consistently find 256
>> zero bits of SHA-256 in under 10 minutes then definitely the hash function
>> needs to be changed. But this won't happen in a day.
>>
>
[-- Attachment #2: Type: text/html, Size: 3848 bytes --]
prev parent reply other threads:[~2020-05-25 7:03 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <mailman.2587.1590231461.32591.bitcoin-dev@lists.linuxfoundation.org>
2020-05-23 11:00 ` [bitcoin-dev] hashcash-newhash Karl
2020-05-24 1:12 ` ZmnSCPxj
2020-05-24 9:02 ` Karl
2020-05-24 16:51 ` ZmnSCPxj
2020-05-24 19:50 ` Karl
2020-05-25 7:58 ` ZmnSCPxj
2020-05-25 11:54 ` Karl
2020-05-27 4:47 ` ZmnSCPxj
2020-05-27 14:12 ` Erik Aronesty
2020-05-24 23:51 ` Ariel Lorenzo-Luaces
2020-05-25 7:03 ` Karl [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALL-=e5ZJsUfkgOyVQhAXHpYp7-2xrpjphO77ixwrva1uTEfmQ@mail.gmail.com' \
--to=gmkarl@gmail.com \
--cc=arielluaces@gmail.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox