From: "Charlie 'Charles' Shrem" <cshrem@gmail•com>
To: Rusty Russell <rusty@rustcorp•com.au>
Cc: "bitcoin-development@lists•sourceforge.net"
<bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] Lets discuss what to do if SHA256d is actually broken
Date: Tue, 3 Jun 2014 21:38:04 -0400 [thread overview]
Message-ID: <CAC787aM3bcfcw8zQQbNYXqxASFarW-z9wqiePmb6rv0RiiTdeA@mail.gmail.com> (raw)
In-Reply-To: <87iooi40ws.fsf@rustcorp.com.au>
[-- Attachment #1: Type: text/plain, Size: 2344 bytes --]
Hey Rusty,
This is intriguing, do you have a writeup somewhere I can read more about ?
Thanks,
Charlie
CharlieShrem.com | *Please **encrypt messages with my PGP key
<http://charlieshrem.com/contact/>*
On Tue, Jun 3, 2014 at 8:45 AM, Rusty Russell <rusty@rustcorp•com.au> wrote:
> Luke Dashjr <luke@dashjr•org> writes:
> > On Tuesday, June 03, 2014 4:29:55 AM xor wrote:
> >> Hi,
> >>
> >> I thought a lot about the worst case scenario of SHA256d being broken
> in a
> >> way which could be abused to
> >> A) reduce the work of mining a block by some significant amount
> >> B) reduce the work of mining a block to zero, i.e. allow instant mining.
> >
> > C) fabricate past blocks entirely.
> >
> > If SHA256d is broken, Bitcoin as it is fails entirely.
>
> I normally just lurk, but I looked at this issue last year, so thought
> I'd chime in. I never finished my paper though...
>
> In the event of an *anticipated* weakening of SHA256, a gradual
> transition is possible which avoids massive financial disruption.
>
> My scheme used a similar solve-SHA256-then-solve-SHA3 (requiring an
> extra nonce for the SHA3), with the difficulty of SHA256 ramping down
> and SHA3 ramping up over the transition (eg for a 1 year transition,
> start with 25/26 SHA2 and 1/26 SHA3).
>
> The hard part is to estimate what the SHA3 difficulty should be over
> time. My solution was to adjust only the SHA3 target on every *second*
> difficulty change (otherwise assume that SHA2 and SHA3 have equally
> changed rate and adjust targets on both).
>
> This works reasonably well even if the initial SHA3 difficulty is way
> off, and also if SHA2 breaks completely halfway through the transition.
>
> I can provide more details if anyone is interested.
>
> Cheers,
> Rusty.
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
[-- Attachment #2: Type: text/html, Size: 4482 bytes --]
next prev parent reply other threads:[~2014-06-04 1:38 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-03 4:29 xor
2014-06-03 4:52 ` Luke Dashjr
2014-06-03 11:51 ` Ethan Heilman
2014-06-03 15:12 ` Ashley Holman
2014-06-03 12:45 ` Rusty Russell
2014-06-04 1:38 ` Charlie 'Charles' Shrem [this message]
2014-06-05 6:09 ` Rusty Russell
2014-06-03 14:43 ` Kevin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAC787aM3bcfcw8zQQbNYXqxASFarW-z9wqiePmb6rv0RiiTdeA@mail.gmail.com \
--to=cshrem@gmail$(echo .)com \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=rusty@rustcorp$(echo .)com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox