Published on: 2014-06-05T06:09:15+00:00
Charlie Shrem reached out to Rusty Russell expressing interest in a project and asked if there was a write-up available for him to read. Rusty acknowledged some areas needing improvement but shared a link to his Github repository containing the code and an unfinished paper with graphs. The PDF was also included for easier reading.Rusty addressed the issue of SHA256d being broken on a Bitcoin-development mailing list. While Luke Dashjr stated that Bitcoin would fail entirely if SHA256d was broken, Rusty proposed a gradual transition scheme using solve-SHA256-then-solve-SHA3. The difficulty of SHA256 would decrease while SHA3 increases over the transition period. Estimating the SHA3 difficulty over time was a challenge, so Rusty suggested adjusting only the SHA3 target every second difficulty change. This scheme would work even if the initial SHA3 difficulty is off or if SHA2 breaks halfway through the transition.Satoshi's post on bitcointalk.org discussed the implications of SHA-256 being broken for Bitcoin. A gradual breakdown would allow for an orderly transition to a new hash function through software updates. In case of a sudden breakdown, an agreement on the honest blockchain would be needed before trouble starts, enabling the use of a new hash function. Ethan Heilman mentioned that an attack on the mining difficulty algorithm may not violate typical security properties of a cryptographic hash function. If miners discovered a method making it easier to find new blocks, they would need to switch to new ASICs and change the hash function without resistance. However, if the attack severely affected difficulty scaling and leading zeroes ran out, SHA256 collision resistance would be broken. Luke Dashjr emphasized that if SHA256d broke, Bitcoin would fail entirely. The possibility of fabricating past blocks was also discussed, suggesting a switch to a new hash function by requiring miners to find two blocks computed using different functions.A Freenet project developer named 'xor' expressed concern about the potential breaking of SHA256d and its impact on Bitcoin miners who have invested heavily in hardware for mining. The developer proposed introducing multiple hash functions in a chain, chaining SHA256d with a new hash function. This would allow existing ASIC owners to solve the old SHA proof of work using their hardware and use a general-purpose CPU for the second hash function. Difficulty migration could be achieved smoothly with this method.Rusty responded to Luke Dashjr's suggestion on Bitcoin's failure if SHA256d is broken by proposing a gradual transition scheme to avoid financial disruption. His scheme involved solve-SHA256-then-solve-SHA3, ramping down SHA256 difficulty and ramping up SHA3 difficulty over the transition period. Estimating the SHA3 difficulty posed a challenge, but Rusty's solution was adjusting only the SHA3 target on every second difficulty change. He offered to provide more details if anyone was interested.The article discusses the consequences of an attack on the mining difficulty algorithm and its implications for the security properties of a cryptographic hash function. If a method making it easier to find new blocks is discovered, it may or may not be implementable by current SHA256 ASIC hardware. If usable, there would be a brief period of overproduction followed by a difficulty adjustment. However, if the attack prevents difficulty scaling and leads to running out of leading zeroes, SHA256 collision resistance would be broken, necessitating an immediate switch to new hardware. If the attack is not usable, miners would still need to switch to new ASICs, allowing for a change in the hash function without resistance. Switching hash functions could be done through finding two blocks computed using different functions as a roadmap for infrastructure transition.Luke Dashjr pointed out that if SHA256d is broken, Bitcoin would fail entirely due to the ability to fabricate past blocks. However, weakening collision resistance does not violate typical security properties of a cryptographic hash function.In 2014, a user named xor expressed concerns about the potential consequences of SHA256d being broken in the Bitcoin network. They outlined worst-case scenarios, including reducing mining block work, instant mining, and fabricating past blocks, which could lead to complete failure of the Bitcoin network. The discussion prompted further exploration of solutions to prevent such an event. Luke-Jr responded, acknowledging the seriousness of the situation. It's important to note that since this discussion occurred, the Bitcoin network has not experienced a major security breach related to SHA256d. Nonetheless, ongoing development and vulnerabilities highlight the importance of strong security protocols in the cryptocurrency ecosystem.The author suggests that if SHA256d is broken in a way that allows for easier mining, simply replacing it with a new hash function would not be accepted by miners who have invested heavily in their hardware. Instead, the author proposes chaining SHA256d with a new hash function to allow existing ASIC owners to continue using their hardware while transitioning to the new algorithm smoothly.
Updated on: 2023-08-01T09:26:12.226207+00:00