What to do in case of hash collision? · Issue #24 · ipfs ...
What to do in case of hash collision? · Issue #24 · ipfs ...
Trustless Bitcoin bounty for SHA1, SHA256, etc. collisions ...
sha 256 - Why haven't any SHA-256 collisions been found ...
Is bitcoin mining itself compromising the security of SHA256
sha 256 - How to deal with collisions in Bitcoin addresses ...
Finding SHA256 partial collisions via the Bitcoin blockchain
This is not a cryptocurrency post, per se. I used Bitcoin's blockchain as a vehicle by which to study SHA256. The phrase "partial collision" is sometimes used to describe a pair of hashes that are "close" to one another. One notion of closeness is that the two hashes should agree on a large number of total bits. Another is that they should agree on a large number of specific (perhaps contiguous) bits. The goal in Bitcoin mining is essentially (slight simplification here) to find a block header which, when hashed twice with SHA256, has a large number of trailing zeros. (If you have some familiarity with Bitcoin, you may be wondering: doesn't the protocol demand a large number of leading zeros? It does, kind of, but the Bitcoin protocol reverses the normal byte order of SHA256. Perhaps Satoshi interpreted SHA256 output as a byte stream in little endian order. If so, then this is a slightly unfortunate choice, given that SHA256 explicitly uses big endian byte order in its padding scheme.) Because Bitcoin block header hashes must all have a large number of trailing zeros, they must all agree on a large number of trailing bits. Agreement or disagreement on earlier bits should, heuristically, appear independent and uniform at random. Thus, I figured it should be possible to get some nice SHA256 partial collisions by comparing block header hashes. First, I looked for hashes that agree on a large number of trailing bits. At present, block header hashes must have about 75 trailing zeros. There are a little over 2^19 blocks in total right now, so we expect to get a further ~38 bits of agreement via a birthday attack. Although this suggests we may find a hash pair agreeing on 75 + 38 = 113 trailing bits, this should be interpreted as a generous upper bound, since early Bitcoin hashes had fewer trailing zeros (as few as 32 at the outset). Still, this gave me a good enough guess to find some partial collisions without being overwhelmed by them. The best result was a hash pair agreeing on their final 108 bits. Hex encodings of the corresponding SHA256 inputs are as follows: 23ca73454a1b981fe51cad0dbd05f4e696795ba67abb28c61aea1a024e5bbeca a16a8141361ae9834ad171ec28961fc8a951ff1bfc3a9ce0dc2fcdbdfa2ccd35 (I will emphasize that these are hex encodings of the inputs, and are not the inputs themselves.) There were a further 11 hash pairs agreeing on at least 104 trailing bits. Next, I searched for hashes that agree on a large number of total bits. (In other words, hash pairs with low Hamming distance.) With a little over 2^19 blocks, we have around (2^19 choose 2) ~= 2^37 block pairs. Using binomial distribution statistics, I estimated that it should be possible to find hash pairs that agree on more than 205 bits, but probably not more than 210. Lo and behold, the best result here was a hash pair agreeing on 208 total bits. Hex encodings of the corresponding SHA256 inputs are as follows: dd9591ff114e8c07be30f0a7998cf09c351d19097766f15a32500ee4f291e7e3 c387edae394b3b9b7becdddcd829c8ed159a32879c156f2e23db73365fde4a94 There were 8 other hash pairs agreeing on at least 206 total bits. So how interesting are these results, really? One way to assess this is to estimate how difficult it would be to get equivalent results by conventional means. I'm not aware of any clever tricks that find SHA256 collisions (partial or full) faster than brute force. As far as I know, birthday attacks are the best known approach. To find a hash pair agreeing on their final 108 bits, a birthday attack would require 2^54 time and memory heuristically. Each SHA256 hash consists of 2^5 bytes, so 2^59 is probably a more realistic figure. This is "feasible", but would probably require you to rent outside resources at great expense. Writing code to perform this attack on your PC would be inadvisable. Your computer probably doesn't have the requisite ~600 petabytes of memory, anyway. The hash pair agreeing on 208 of 256 bits is somewhat more remarkable. By reference to binomial distribution CDFs, a random SHA256 hash pair should agree on at least 208 bits with probability about 2^-81. A birthday attack will cut down on the memory requirement by the normal square root factor - among ~2^41 hashes, you expect that there will be such a pair. But in this case, it is probably necessary to actually compare all hash pairs. The problem of finding the minimum Hamming distance among a set doesn't have obvious shortcuts in general. Thus, a birthday attack performed from scratch would heuristically require about 2^81 hash comparisons, and this is likely not feasible for any entity on Earth right now. I don't think these results carry any practical implications for SHA256. These partial collisions are in line with what one would expect without exploiting any "weaknesses" of SHA256. If anything, these results are a testament to just how much total work has been put into the Bitcoin blockchain. Realistically, the Bitcoin blockchain will never actually exhibit a SHA256 full collision. Still, I thought these were fun curiosities that were worth sharing.
Could anyone reverse engineer private keys from public ones? I know it's meant to be impossible, but...
Surely whatever the future brings, it will bring UNTOLD supercomputing power. Computers are already that much better at cryptographic problem-solving, thanks to Bitcoin itself. SHA256 hash may be high-grade for its time, but am I correct in saying that all you need to beat it is more raw computing power? A large amount, but... no higher degree of complexity. Just power and time. Some claims have been made that private keys have already been reverse engineered from public ones. It does seem implausible, but presumably anybody who accomplished this task would end bitcoin and destroy a 100 billion dollar market. Probably a few teams working on it right now. Presumably Satoshi knows precisely how the hashing function works. Wouldn't that help him to reverse engineer keys? If not, why not?
PSA: Anyone who supports a PoW change does not believe in Bitcoin as a system
I can't believe that we are at this point, but anyone who is advocating to change the PoW algorithm does not believe in Nakamoto Consensus and they certainly don't understand why SHA-256 was picked in the first place. This narrative of "We need to change the algorithm to protect us against bad actors" is the biggest load of crap I have ever seen and it is infuriating that our community is being split into a camp of people who literally want to change the protocol that was supposed to be set in stone for version 0.1 as Satoshi stated here: https://bitcointalk.org/index.php?topic=195.msg1611#msg1611. No changing the protocol, no changing the algorithm, just sound stable money for the entire globe.
Bitcoin looks to be a great new digital currency that the whole world may someday use. However there are some odd things about bitcoin that deserve more exposure. First, Bitcoin was officially released by an unknown person who used a Japanese pseduonym, 5 days before Obama was elected. This person does not exist. Secondly, bitcoin mining is designed to solve hashes in the SHA-256 algorithm. SHA-256 is a 256-bit version of an algorithm that is used to encrypt messages sent over the internet. The NSA invented SHA-256.
As people's computers mine bitcoins, they are discovering solutions to SHA-256 hashes, which then get stored in to the blockchain, which is a digital record and repository of all activity within bitcoin to date. Each block is like one SHA-256 puzzle, that the computers try to solve. The only way to solve it is to guess the right answer randomly out of billions or trillions of choices. There is no algorithm or method to find the right solution other than guessing and then doing the computation to see if you were correct or not, due to how the algorithm is constructed (which is exactly what makes it good for security). So when computers mine for bitcoins, they are guessing solutions to that particular block's SHA-256 puzzle. When a solution is found, 50 bitcoins (now, 25, and soon to be 12.5 as dictated by the algorithm) are rewarded to the miner who found the solution. So it's a lottery of sorts. This is why people pool together to form mining pools, where the winnings are shared proportionally among everyone, weighted by their total number of attempted solutions. That helps take the luck out of it so everyone can get more reliable income. Anyway, these solutions are so hard to find that even with all the computers across the world mining for bitcoins, it still takes 10 minutes to solve just one single puzzle. This is why it's so secure. If you want to hack a system that uses SHA-256 (which is a very encryption common system to use, alongside SHA-128 which is even weaker) then hacking it difficult because you have to guess over and over to solve this large prime number problem. However, if you have a list of all the prime numbers and their solutions (including many really huge numbers that haven't been computed except for this list) then that is a speedup to cracking a particular system using SHA-256, because you don't have to run all those calculations, you can simply look them up. In the blockchain. So there is a potential the blockchain is an open distributed-computing SHA-256 solution repository, which enables hackers who know how to use it (like the NSA). With all this in mind, it's easier to see why countries are starting to accept bitcoin as a legal currency. Japan officially recognized it as currency just recently:
We know Japan is often a testing ground for US monetary policy (QE and Abenomics, for example) so this is likely to be the direction of the future, which makes it a good investment because this implies it's backed by the western central banks, which means it will probably prosper in the long term. Which is why we see so many rich people investing in it. But not so much with litecoin or etherium, which are some of the biggest competitors to bitcoin on the cryptocurrency market. You can see the largest coins by total market cap here:
Bitcoin dominates the market, being 20x the size of Litecoin. I think cryptocurrencies are great, but I think people need to be mindful of what is going on behind the scenes, and to ensure there are competing cryptocurrencies rather than a singular bitcoin monopoly that dominates the market. However it's good that one cryptocurrecy grow to prominence to establish the infrastructure of using them. I do think there is government backing because of the relationship of bitcoin to the NSA's SHA-256 algorithm. However over the next few decades, I think that algorithm will become less and less relevant as cryptography becomes more advanced, and thus bitcoin will lose government support because it will no longer be useful to the NSA. However there will likely be replacement cryptocurrencies by that time. So it seems like a short-term western global currency, but in the long term will likely have to be replaced as SHA-256 loses its relevancy, as computers become more powerful.
So are Bitcoin Miners essentially ledger keepers / transaction algorithm solvers?
I just want to understand what math problems they are solving and if a more efficient method of solving that problem comes out will the job of mining slump? Or will it be the same just because the algorithm in not likely to change? Thanks! M
What is the significance of a SHA2-256 hash collision?
Say there's some hypothetical research organisation with many computers/ASICs which brute force generates lots of different inputs to a SHA2-256 hash and stores the output hash as the key and the input as the value in a hash map / lookup table. Eventually after a very long period of time and lots of storage use there will eventually be a collision found (i.e. two different inputs produced the same 256 bit output digest). Now what would be the significance of that collision? Would it mean we need to abandon the hash function immediately or would it be more like a coincidence and merely an interesting footnote? I assume no collision for SHA2-256 has been found so far, correct? If a collision is found, can that be used to work through each step of the hash function for each input and analyse/compare what happened to produce the same final output? Could that research lead to finding weaknesses in the hash function itself so as to produce more collisions with significantly less effort? I'm also interested how much effort/time and hard drive space (on average) it might take to find a single collision and construct this massive lookup table e.g. 2128 time and 400 zebibytes etc.
Is Crypto Currency truly at risk due to Quantum Computers, and what can you do about it?
Is Crypto Currency truly at risk due to Quantum Computers, and what can you do about it?
There is no denying that the Quantum revolution is coming. Security protocols for the internet, banking, telecommunications, etc... are all at risk, and your Bitcoins (and alt-cryptos) are next! This article is not really about quantum computers[i], but, rather, how they will affect the future of cryptocurrency, and what steps a smart investor will take. Since this is a complicated subject, my intention is to provide just enough relevant information without being too “techy.”
The Quantum Evolution
In 1982, Nobel winning physicist, Richard Feynman, hypothesized how quantum computers[ii] would be used in modern life. Just one year later, Apple released the “Apple Lisa”[iii] – a home computer with a 7.89MHz processor and a whopping 5MB hard drive, and, if you enjoy nostalgia, it used 5.25in floppy disks. Today, we walk around with portable devices that are thousands of times more powerful, and, yet, our modern day computers still work in a simple manner, with simple math, and simple operators[iv]. They now just do it so fast and efficient that we forget what’s happening behind the scenes. No doubt, the human race is accelerating at a remarkable speed, and we’ve become obsessed with quantifying everything - from the everyday details of life to the entire universe[v]. Not only do we know how to precisely measure elementary particles, we also know how to control their actions! Yet, even with all this advancement, modern computers cannot “crack” cryptocurrencies without the use of a great deal more computing power, and since it’s more than the planet can currently supply, it could take millions, if not billions, of years. However, what current computers can’t do, quantum computers can! So, how can something that was conceptualized in the 1980’s, and, as of yet, has no practical application, compromise cryptocurrencies and take over Bitcoin? To best answer this question, let’s begin by looking at a bitcoin address.
What exactly is a Bitcoin address?
Well, in layman terms, a Bitcoin address is used to send and receive Bitcoins, and looking a bit closer (excuse the pun), it has two parts:[vi] A public key that is openly shared with the world to accept payments. A public key that is derived from the private key. The private key is made up of 256 bits of information in a (hopefully) random order. This 256 bit code is 64 characters long (in the range of 0-9/a-f) and further compressed into a 52 character code (using RIPEMD-160). NOTE: Although many people talk about Bitcoin encryption, Bitcoin does not use Encryption. Instead, Bitcoin uses a hashing algorithm (for more info, please see endnote below[vii]). Now, back to understanding the private key: The Bitcoin address “1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm” translates to a private key of “5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf” which further translates to a 256 bit private key of “0000000000000000000000000000000000000000000000000000000000000001” (this should go without saying, but do not use this address/private key because it was compromised long ago.) Although there are a few more calculations that go behind the scenes, these are the most relevant details. Now, to access a Bitcoin address, you first need the private key, and from this private key, the public key is derived. With current computers, it’s classically impractical to attempt to find a private key based on a public key. Simply put, you need the private key to know the public key. However, it has already been theorized (and technically proven) that due to private key compression, multiple private keys can be used to access the same public key (aka address). This means that your Bitcoin address has multiple private keys associated with it, and, if someone accidentally discovers or “cracks” any one of those private keys, they have access to all the funds in that specific address. There is even a pool of a few dedicated people hunting for these potential overlaps[viii], and they are, in fact, getting very efficient at it. The creator of the pool also has a website listing every possible Bitcoin private key/address in existence[ix], and, as of this writing, the pool averages 204 trillion keys per day! But wait! Before you get scared and start panic selling, the probability of finding a Bitcoin address containing funds (or even being used) is highly unlikely – nevertheless, still possible! However, the more Bitcoin users, the more likely a “collision” (finding overlapping private/public key pairs)! You see, the security of a Bitcoin address is simply based on large numbers! How large? Well, according to my math, 1.157920892373x1077 potential private keys exist (that number represents over 9,500 digits in length! For some perspective, this entire article contains just over 14,000 characters. Therefore, the total number of Bitcoin addresses is so great that the probability of finding an active address with funds is infinitesimal.
So, how do Quantum Computers present a threat?
At this point, you might be thinking, “How can a quantum computer defeat this overwhelming number of possibilities?” Well, to put it simple; Superposition and Entanglement[x]. Superposition allows a quantum bit (qbit) to be in multiple states at the same time. Entanglement allows an observer to know the measurement of a particle in any location in the universe. If you have ever heard Einstein’s quote, “Spooky Action at a Distance,” he was talking about Entanglement! To give you an idea of how this works, imagine how efficient you would be if you could make your coffee, drive your car, and walk your dog all at the same time, while also knowing the temperature of your coffee before drinking, the current maintenance requirements for your car, and even what your dog is thinking! In a nutshell, quantum computers have the ability to process and analyze countless bits of information simultaneously – and so fast, and in such a different way, that no human mind can comprehend! At this stage, it is estimated that the Bitcoin address hash algorithm will be defeated by quantum computers before 2028 (and quite possibly much sooner)! The NSA has even stated that the SHA256 hash algorithm (the same hash algorithm that Bitcoin uses) is no longer considered secure, and, as a result, the NSA has now moved to new hashing techniques, and that was in 2016! Prior to that, in 2014, the NSA also invested a large amount of money in a research program called “Penetrating Hard Targets project”[xi] which was used for further Quantum Computer study and how to break “strong encryption and hashing algorithms.” Does NSA know something they’re not saying or are they just preemptively preparing? Nonetheless, before long, we will be in a post-quantum cryptography world where quantum computers can crack crypto addresses and take all the funds in any wallet.
What are Bitcoin core developers doing about this threat?
Well, as of now, absolutely nothing. Quantum computers are not considered a threat by Bitcoin developers nor by most of the crypto-community. I’m sure when the time comes, Bitcoin core developers will implement a new cryptographic algorithm that all future addresses/transactions will utilize. However, will this happen before post-quantum cryptography[xii]? Moreover, even after new cryptographic implementation, what about all the old addresses? Well, if your address has been actively used on the network (sending funds), it will be in imminent danger of a quantum attack. Therefore, everyone who is holding funds in an old address will need to send their funds to a new address (using a quantum safe crypto-format). If you think network congestion is a problem now, just wait… Additionally, there is the potential that the transition to a new hashing algorithm will require a hard fork (a soft fork may also suffice), and this could result in a serious problem because there should not be multiple copies of the same blockchain/ledger. If one fork gets attacked, the address on the other fork is also compromised. As a side-note, the blockchain Nebulas[xiii] will have the ability to modify the base blockchain software without any forks. This includes adding new and more secure hashing algorithms over time! Nebulas is due to be released in 2018.
Who would want to attack Bitcoin?
Bitcoin and cryptocurrency represent a threat to the controlling financial system of our modern economy. Entire countries have outright banned cryptocurrency[xiv] and even arrested people[xv], and while discrediting it, some countries are copying cryptocurrency to use (and control) in their economy[xvi]! Furthermore, Visa[xvii], Mastercard[xviii], Discover[xix], and most banks act like they want nothing to do with cryptocurrency, all the while seeing the potential of blockchain technology and developing their own[xx]. Just like any disruptive technology, Bitcoin and cryptocurrencies have their fair share of enemies! As of now, quantum computers are being developed by some of the largest companies in the world, as well as private government agencies. No doubt, we will see a post-quantum cryptography world sooner than most realize. By that point, who knows how long “3 letter agencies” will have been using quantum technology - and what they’ll be capable of!
What can we do to protect ourselves today?
Of course, the best option is to start looking at how Bitcoin can implement new cryptographic features immediately, but it will take time, and we have seen how slow the process can be just for scaling[xxi]. The other thing we can do is use a Bitcoin address only once for outgoing transactions. When quantum computers attack Bitcoin (and other crypto currencies), their first target will be addresses that have outgoing transactions on the blockchain that contain funds. This is due to the fact that when computers first attempt to crack a Bitcoin address, the starting point is when a transaction becomes public. In other words, when the transaction is first signed – a signed transaction is a digital signature derived from the private key, and it validates the transaction on the network. Compared to classical computers, quantum computers can exponentially extrapolate this information. Initially, Bitcoin Core Software might provide some level of protection because it only uses an address once, and then sends the remaining balance (if any) to another address in your keypool. However, third party Bitcoin wallets can and do use an address multiple times for outgoing transactions. For instance, this could be a big problem for users that accept donations (if they don’t update their donation address every time they remove funds). The biggest downside to Bitcoin Core Software is the amount of hard-drive space required, as well as diligently retaining an up-to-date copy of the entire blockchain ledger. Nonetheless, as quantum computers evolve, they will inevitably render SHA256 vulnerable, and although this will be one of the first hash algorithms cracked by quantum computers, it won’t be the last!
Are any cryptocurrencies planning for the post-quantum cryptography world?
Yes, indeed, there are! Here is a short list of ones you may want to know more about:
IOTA[xxii] IOTA uses Winternitz one-time signatures[xxiii]. As the name suggests, an address is considered compromised once it signs a transaction on the network, and, therefore, you can only send from an address one time before it’s compromised.
ADA (Cardano)[xxiv] The Cardano roadmap lists quantum resistant signatures using “BLISS.” While BLISS is a strong hashing method, it has an estimated lifespan with classical computers of 6000 signatures (usages)[xxv] but this number could be significantly reduced with quantum tech.
Ethereum[xxvi] The Ethereum network, as well as many more blockchain networks, use the SHA3[xxvii] hash algorithm which is superior to SHA256. Although this is considered by some to be resistant, it is not technically quantum resistant. There is talk of using Lamport Signatures[xxviii] in the future of Ethereum. Although it is not definite at this point, it’s great to see the developers proactive.
QRL (Quantum Resistant Ledger)[xxix] This blockchain concept was conceived in 2016 and is currently in beta testing. Using XMSS (Extended Merkle Signature Scheme) trees combined with Winternitz one-time signatures (but not one time!), it’s fast, salable and truly quantum resistant. If you have not yet checked out this project, I highly suggest you do. To understand why this project is truly post-quantum cryptography ready, do your own due diligence and read the QRL whitepaper.
Although I am in no way associated with any project listed above, I do hold coins in all as well as Bitcoin, Litecoin and many others. The thoughts above are based on my personal research, but I make no claims to being a quantum scientist or cryptographer. So, don’t take my word for anything. Instead, do your own research and draw your own conclusions. I’ve included many references below, but there are many more to explore. In conclusion, the intention of this article is not to create fear or panic, nor any other negative effects. It is simply to educate. If you see an error in any of my statements, please, politely, let me know, and I will do my best to update the error. Thanks for reading!
An exhaustive look at private keys for the uninitiated.
I wrote this explanation of private keys several months ago for folks in /BitcoinBeginners, but I thought some of the new people here might get some benefit out of it. There is no TL;DR. Sorry for the length! Any corrections or clarifications are welcome and appreciated! A private key is just a really big number--that's it. If someone discovers the number you've chosen to use as your private key, they will be able to access any bitcoins assigned to that number. This may seem disconcerting at first. After all, if someone were to just happen to guess your number, they would have access to all your bitcoins, right? But many types of security come down to knowing or possessing something that is difficult to guess or reproduce. For example, a Master brand combination padlock with a 3 number combination on a dial with 0-36 has around 50,653 possible combinations (373 ). A typical pin-tumbler lock today has 5 pins with each pin having only about 10 different height levels meaning that there are only 100,000 (105 ) effective combinations for an average house key. Even a credit card number is only 15 characters long with 10 digits per character. That means there are only 1015 possible combinations of credit card numbers which is equivalent to about 1 quadrillion (there is some added security by combining that number with an expiration date and 3-digit security code, but I'm ignoring that for now). The point is, we're accustomed to using much smaller pools of possible combinations to protect many parts of our lives today. By comparison, a private key for Bitcoin begins as a 256-bit number or a number that is 256 characters long with 2 digits per character (a bit in the binary number system that computers understand is either 1 or 0), which is 2256. That's huge. How huge? Remember that 1015 was equal to a quadrillion? A 256-bit private key used for Bitcoin can be any number between 0 and 115 quattuorvigintillion 792 trevigintillion 89 duovigintillion 237 unvigintillion 316 vigintillion 195 novemdecillion 423 octodecillion 570 septendecillion 985 sexdecillion 8 quindecillion 687 quattuordecillion 907 tredecillion 852 duodecillion 837 undecillion 564 decillion 279 nonillion 74 octillion 904 septillion 382 sextillion 605 quintillion 163 quadrillion 141 trillion 518 billion 161 million 494 thousand 336. In reality (because of some of the fancy math we do to that 256-bit number to make it a bit more useable create the public key pair value which we will use as the address), some of the available addresses will overlap, so the actual pool of available addresses is more like 2160, but we're still talking about a gigantic number of possible addresses. To give you some context on the sheer scale of 2160, the number of grains of sand on the Earth is estimated at about 266. The number of stars in the universe is estimated at about 276. There are approximately 296 atoms in a cubic meter of water, and the number of atoms in the sun is estimated at 2190. Need a visual comparison? This graph shows the number of available Bitcoin addresses compared to the width of the universe in Zeptometers (one Zeptometer is one quintillionth of a meter) and the age of the universe in Yoctoseconds (one Yoctosecond is one sextrillionth of a second). So your private key with its 2160 possible combinations should be pretty safely hidden. Even a computer that could execute 1013 instructions per second would take around 5 trillion years to guess your private key. Since most humans can't keep a number in the quatturovigintillion's in their head, there are a number of tricks we can use to make it easier to manage. One thing we can do is to reduce the number of characters we have to remember, and the way to do that is to change the numerical base we use. Computers represent numbers in binary (also called base 2) which means every digit in the number is either a 0 or 1. To represent a private key in base 2, we have to use 256 places. To represent the same number in the base 10 we most commonly use, where each digit can be 0-9, we would only need 77 places. So, the higher the base, the smaller the resulting string. Base 16 (also known as hexadecimal) uses 0-9 and A-F for a total of 16 different possibilities for each digit. This reduces the number of places needed to represent the number to 64. There are many other bases that use different characters to represent more and more of the number, but the most common numerical base to use for Bitcoin addresses is Base 58 (actually, it's a special version of Base 58 called Base58Check which only uses characters that are not easily confused visually like 0 and O, and includes a 32-bit checksum appended to the payload, and has an extra step to preserve leading zero bytes). The result is a string of letters and numbers that is usually about 51 characters long. Of course, if you don't want to waste time trying to memorize a string of 51 characters, most of us trust our Bitcoin wallet applications to write that number to a file and to keep track of it for us. But anytime you write down your key, you make it vulnerable to being discovered, especially if the thing you write it on is connected to the Internet. This is why it is smart to encrypt the file containing your private key. And this is where some people get confused: The passphrase for your private key, in this example, is only for locally decrypting a file on your computer or device that stores your private key. It is not for using or accessing the private key itself. You cannot passphrase-protect the ability to use your private key to prevent an unauthorized person from using your private key, you can only take steps to hide what that key actually is. Another way you can hide your private key to make it easier to transport on paper is by using an encryption process developed specifically for Bitcoin addresses known as BIP38 (BIP stands for Bitcoin Improvement Proposal). BIP38 allows you to create a new address which looks similar to a Bitcoin private key, but will not function as one directly. Instead, you will need to decrypt the BIP38 address using a program that understands how to decrypt BIP38 using the passphrase that encrypted the address. This is a handy process because you can carry a BIP38 protected address around on a piece of paper, and as long as you remember the passphrase, your bitcoins should remain safe even if the paper is stolen or lost. Again, this doesn't protect someone from using your private key if they discover it in some other way, but it will conceal your private key when you write it down to make it more difficult to discover. Now, you may have heard in some cases that a passphrase is a private key. This may be confusing, but this is just referring to another way to keep track of this very large number. There are mathmatical formulas that can take data of any length and by passing it through the formula they create a number with the same number of bits every time. These formulas are called hashing algorithms. One such hashing algorithm is called SHA-256 which can take data of any length and produce a 256-bit number from it. You could give it a single word that's 6 letters long, or give it a text file with all the collected works of William Shakespeare in it and each one would produce a unique 256-bit number. And because of the properties of the formula, as long as you feed it the same data that you did originally it will always produce the same number as a result (called a hash). So, when someone tells you that their passphrase is their private key, they mean that they have fed their passphrase through a hashing algorithm to produce a 256-bit number from which they can use as their private key. This process is also known as a brain wallet. While this may seem clever you're essentially pitting your memory capacity against a cracker with a computer, and the odds are the computer will win. Please avoid using brain wallets if you have the choice. If your private key is ever exposed or if it can ever be calculated using a hashing algorithm, that is all someone needs to take any bitcoins contained in that address, so take good care of it! edit: just clarifying a couple of points edit2: updated the name of the number between which private keys can be used, and clarifying that the math is applied to the public key which is what introduces the potential for collisions edit3: clarifying what Base58Check differs from Base58
Evidence Points to Bitcoin being an NSA-engineered Psyop to roll out One-World Digital Currency
Eye I'm going to assume the readers who make it to this article are well informed enough that I don't have to go into the history of the global money changers and their desire for a one world currency. (If you don't yet understand the goal of the globalist banking empire and the coming engineered collapse of the fiat currency system, you're already about 5,000 posts behind the curve.) With that as a starting point, it's now becoming increasingly evident that Bitcoin may be a creation of the NSA and was rolled out as a "normalization" experiment to get the public familiar with digital currency. Once this is established, the world's fiat currencies will be obliterated in an engineered debt collapse (see below for the sequence of events), then replaced with a government approved cryptocurrency with tracking of all transactions and digital wallets by the world's western governments. NSA mathematicians detailed "digital cash" two decades ago What evidence supports this notion? First, take a look at this document entitled, "How to Make a Mint - The Cryptography of Anonymous Electronic Cash." This document, released in 1997 - yes, twenty years ago - detailed the overall structure and function of Bitcoin cryptocurrency. Who authored the document? Try not to be shocked when you learn it was authored by,
"mathematical cryptographers at the National Security Agency's Office of Information Security Research and Technology."
The NSA, in other words, detailed key elements of Bitcoin long before Bitcoin ever came into existence. Much of the Bitcoin protocol is detailed in this document, including signature authentication techniques, eliminating cryptocoin counterfeits through transaction authentication and several features that support anonymity and untraceability of transactions. The document even outlines the heightened risk of money laundering that's easily accomplished with cryptocurrencies. It also describes "secure hashing" to be "both one-way and collision-free." Although Bitcoin adds mining and a shared, peer-to-peer blockchain transaction authentication system to this structure, it's clear that the NSA was researching cryptocurrencies long before everyday users had ever heard of the term. Note, too, that the name of the person credited with founding Bitcoin is Satoshi Nakamoto, who is reputed to have reserved one million Bitcoins for himself. Millions of posts and online threads discuss the possible identity of Satishi Nakamoto, and some posts even claim the NSA has identified Satoshi. However, another likely explanation is that Satoshi Nakamotois the NSA, which means he is either working for the NSA or is a sock puppet character created by the NSA for the purpose of this whole grand experiment. The NSA also wrote the crypto hash used by Bitcoin to secure all transactions On top of the fact that the NSA authored a technical paper on cryptocurrency long before the arrival of Bitcoin, the agency is also the creator of the SHA-256 hash upon which every Bitcoin transaction in the world depends. As The Hacker News (THN) explains.
"The integrity of Bitcoin depends on a hash function called **SHA-256**, which was designed by the NSA and published by the *National Institute for Standards and Technology* ([NIST](https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology))."
THN also adds:
"If you assume that the NSA did something to SHA-256, which no outside researcher has detected, what you get is the ability, with credible and detectable action, they would be able to forge transactions. The really scary thing is somebody finds a way to find collisions in SHA-256 really fast without brute-forcing it or using lots of hardware and then they take control of the network."
Cryptography researcher Matthew D. Green of Johns Hopkins University said. In other words, if the SHA-256 hash, which was created by the NSA, actually has a backdoor method for cracking the encryption, it would mean the NSA could steal everybody's Bitcoins whenever it wants (call it "Zero Day.") That same article, written by Mohit Kumar, mysteriously concludes,
"Even today it's too early to come to conclusions about Bitcoin. Possibly it was designed from day one as a tool to help maintain control of the money supplies of the world."
And with that statement, Kumar has indeed stumbled upon the bigger goal in all this:
To seize control over the world money supply as the fiat currency system crumbles and is replaced with a one-world *digital currency controlled by globalists*.
"The attack allows an attacker to extract the secret crypto key from a system by analyzing the pattern of memory utilization or the electromagnetic outputs of the device that are emitted during the decryption process."
Note, importantly, that this is a 1024-bit encryption system. The same technique is also said to be able to crack 2048-bit encryption. In fact, encryption layers are cracked on a daily basis by clever hackers. Some of those encryption layers are powering various cryptocurrencies right now. Unless you are an extremely high-level mathematician, there's no way you can know for sure whether any crypto currency is truly non-hackable. In fact, every cryptocurrency becomes obsolete with the invention of large-scale quantum computing. Once China manages to build a working 256-bit quantum computer, it can effectively steal all the Bitcoins in the world (plus steal most national secrets and commit other global mayhem at will). (Video) Ten steps to crypto-tyranny - The "big plan" by the globalists (and how it involves Bitcoin) In summary, here's one possible plan by the globalists to seize total control over the world's money supply, savings, taxation and financial transactions while enslaving humanity. And it all starts with Bitcoin...
Roll out the NSA-created Bitcoin to get the public excited about a digital currency.
Quietly prepare a globalist-controlled cryptocurrency to take its place. (JP Morgan, anyone...?)
Initiate a massive, global-scale [false flag operation](http://www.bibliotecapleyades.net/sociopolitica/sociopol_falseflag.htm) that crashes the global debt markets and sends fiat currencies down in flames (hoax alien invasion, hoax North Korean EMP attack, mass distributed power grid terrorism network, etc.)
Blame whatever convenient enemy is politically acceptable (North Korea, "the Russians," Little Green Men or whatever it takes…)
Allow the fiat currency debt pyramid to collapse and smolder until the sheeple get desperate.
With great fanfare, announce a government-backed cryptocurrency replacement for all fiat currencies, and position world governments as the SAVIOR of humanity. Allow the desperate public to trade in their fiat currencies for official crypto currencies.
[Outlaw cash](http://www.bibliotecapleyades.net/sociopolitica/sociopol_globalbanking.htm#Cashless_Society) and *criminalize gold and silver ownership by private citizens*. All in the name of "security," of course.
Criminalize all non-official cryptocurrencies such as Bitcoin, crashing their value virtually overnight and funneling everyone into the one world government crypto, where the NSA controls the blockchain. This can easily be achieved by blaming the false flag event (see above) on some nation or group that is said to have been "funded by Bitcoin, the cryptocurrency used by terrorists."
Require [embedded RFID](http://www.bibliotecapleyades.net/ciencia/secret_projects/implants.htm#RFID) or biometric identifiers for all transactions in order to "authenticate" the one-world digital crypto currency activities. *Mark of the Beast* becomes reality. No one is allowed to eat, travel or earn a wage without being marked.
Once absolute control over the new one-world digital currency is achieved, weaponize the government-tracked blockchain to track all transactions, investments and commercial activities. Confiscate a portion of all crypto under the guise of "automated taxation." In an emergency, the government can even announce *negative interest rates* where your holdings automatically decrease each day.
With all this accomplished, globalists can now roll out absolute totalitarian control over every aspect of private lives by enforcing financial "blackouts" for those individuals who criticize the government. They can put in place automatic deductions for traffic violations, vehicle license plate taxes, internet taxes and a thousand other oppressive taxes invented by the bureaucracy. With automatic deductions run by the government, citizens have no means to halt the endless confiscation of their "money" by totalitarian bureaucrats and their deep state lackeys. How do you feel about your Bitcoin now...? Video by Mike Adams December 10, 2017 from NaturalNews Website Source
Please consider donating to the SHA256 collision bounty smart contract
Congrats to Google on finding the first SHA1 collision. As has been mentioned in the news coverage and on the front page of bitcoin, there was a ~$2.5k USD bounty for this collision using a smart contract on the bitcoin block chain. You can read more about these bounties in this classic bitcointalk thread: https://bitcointalk.org/index.php?topic=293382.0 The next major collision to be found is for SHA2, of which SHA256 is particularly relevant to Bitcoin. However the SHA256 collision bounty address has only ~0.15 btc, the sum of 3 donations made in 2013 and 2014. This is embarrassing! I've sent 0.1 btc myself, just now, and will see if I can get my employer to match my donation. Please consider donating yourself for the integrity of the bitcoin network. It is not expected that the bounty would ever be large enough to pay for the cost of finding a SHA256 collision, but once it is a meaningful amount of money it becomes very difficult for the existence of a collision to be kept secret as anyone involved could anonymously claim the bounty.
I've heard, in a non specific way, that SHA256 mining ASICs can be re-purposed to crack things encrypted with SHA256. Is this just a theoretical thing or is there some software out there that uses SHA 256 ASICs for cracking purposes? Mostly this is to do with me wondering what to do with all my AM keys that are just belching heat in my already overheated appartment
A single SHA256 collision is meaningless for Bitcoin mining. It uses two rounds of SHA256, at worst you can create two blocks with identical hashes - but it's not high with just having valid header data, because your resulting collided hash must ALSO least the proof of work target b in the Bitcoin network. So you have about 10 minutes to create this collision, outcompeting all other miners. To ... ipfs uses a sha256 hash for addressing content. Meaning that there are 2^256 different possible hashes. Lets assume that the entire bitcoin mining economy decides to try and find an ipfs object hash collision, checking hashes at a rate of 400 Petahash (400,000,000,000,000,000 hashes per second) it would take them 2.810^59 seconds, or 910^51 years to compute the entire space. Since Bitcoin addresses are basically random numbers, it is possible, although extremely unlikely, for two people to independently generate the same address. This is called a collision. If this happens, then both the original owner of the address and the colliding owner could spend money sent to that address. It would not be possible for the colliding person to spend the original owner's ... Once that is done, I calculate the sha256 of the data. The data can be divided in two chuncks of 64 bytes each. The hash of the first chuck is given by midstate and therefore does not have to be computed. I must therefore hash the chunck #2 with sha256, using the midstate as the initial hash values. Once that is done, I end up with a hash of ... Certainly there is now a lot of SHA256 specific hardware about in the hands of bitcoin miners and the development of ASIC for SHA256 has been enhanced. Who knows how much of the ASIC chips have been sold "elsewhere" (other than mining rig manufacture) ? It certainly helps offset the developement cost if we have a real world customer base (miners) as well as XXX code cracking company.
Don't Get Scammed! *Part 1* How To Check the SHA256 Hash-Monero's Compromised Binaries-Coin Stealer
https://s.click.aliexpress.com/e/_d6e65ck - used old BTC Miner INNOSILICON Turbo T2T 26TH/s Bitcoin Miner SHA256 With PSU Better Than Antminer S9 S11 S15 S17... Christian Espinosa explains hashing and collisions. Includes a demonstration of a 3-way MD5 collision. Covered in this video: - What is hashing - What are collisions - Birthday attacks Use of ... How We Created the First SHA-1 Collision and What it Means for Hash Security - Duration: 43:11. Black Hat 10,996 views. 43:11 ... Live Bitcoin Trading With DeriBot on Deribit DeriBot Backup 128 ... https://s.click.aliexpress.com/e/_d6Jbzlq - old 80-90% Bitcoin SHA256 ASIC Btc BCH Miner Ebit E9i 13.5T With PSU Low price than Antminer S9 S9j T9+ S11 Z9 z1... How We Created the First SHA-1 Collision and What it Means for Hash Security - Duration: 43:11. Black Hat 10,194 views