/biz/ - Business & Finance

>snooze button

>>30180536
What does that mean?

>>30180536
Literally who? what is this and why should I care

RSA is the standard cryptographic algorithm on the Internet.
The method is publicly known but extremely hard to crack.(at present)
It uses two keys for encryption. ...
Anyone intercepts the encrypted key must use the second key,
the private key, to decrypt it.

The crack the system, they unlock everyone's wallets

>ITT: people who never passed calc II are gonna larp like they even comprehend the first sentence of the abstract.
You must really need them cheapies huh boss

>>30180610
Some /pol/tard explained better
>>310596680

(((They))) are removing it.

>>30180939
you need a quantum computer to find P u dingus

>>30180840
>>>pol/310596680

>>30180840
>>30181552
fail
>>>/pol/310596680

Hedera's asynchronous Byzantine fault tolerance by consensus algorithm will save us.

Satoshi has fucking spoken.

So BTC is dying/dead as soon as this becomes widespread. Are there other coins that use a better algorithm or is everything down the toilet because once the granddaddy of coins get boom headshotted who's going to trust any of the others.

>>30180939
>>30180840
>>30181595
aaaaand here's what he was really trying to do, i thought something was up when he mentioned it in his second or third post but then he just got blatant. not a bad larp t b h
>>>/pol/310604732

>>30181265
Good thing the Jews just donated 60 million to build one

Botcoin is dead, chainlink will dump

>>30181850
Satoshi is in prison

hello i am an actual cryptographer

>>30182191
this has no application to the security of bitcoin
>>30181686
this has no relevance to the security of consensus algorithms

>>30181686
>buying hbar
>pretending you know anything

Fucking kek

>>30182214
They always end up shilling their shitcoin.

>>30180939
>>30180939
>The security of RSA relies on the practical difficulty of factoring the product of two large prime numbers. This takes exponentially longer as the bitsize increases. This method reduces it to polynomial time so instead of (2^800)/2 brute force operations you can now break RSA 800 bit keys is roughly 7x10^10 operations, or 70 Billion. Given a desktop computer with a decent GPU could do that in a couple hours, it's fair to say RSA encryption is functionally dead.

that's what the claim is but there's no actual proof of a polynomial time algorithm in the paper. if there were he would have simply solved rsa-800 and been done with it

>How this applies to Bitcoin is a bit of a stretch but it's there. Finding P given Q on an elliptic curve shares the same computational complexity as the factoring problem. The DLP is just a special case of the Factoring Problem. So the same lattice based methods they used to destroy RSA will shortly be applied to ECC, and before you know it cypherpunks will be emptying the hotwallets of all the big crypto exchanges.

there are no p and q on an elliptic curve. both the integer factorization problem and the discrete log problem are specific cases of the hidden subgroup problem, but whether all solutions for one will be applicable to the other is not known

FUD is getting desperate

>>30182214
lol

anyways please sell your bitcoin to me because they are definitely broken and soon will be stolen by this very real vulnerability that definitely effects bitcoin!

>>30180536
>A bunch of buzzwords and numbers in a word salad that makes no sense
Reminds me of 90% of whitepapers.

>>30180536
Cryptography expert with 25 years of cryptographing experience here, it’s over. Bitcoin is done for, because uhhh, uhhhh because it’s uhhhhhhhhhhhh ummmmmm well you so it’s sort of like ummmmmmm errrerrerrrrr uhhhhhhhhhhhh ummmm
Hope that clears things up for everyone, let’s circle back to this in tomorrow’s thread.

>>30182441
Easy Q to prove you’re not an outright larp; how can DH protocol participants engage in SE without using a PSK?

>>30182441
So what could it impact outside of crypto then?

>>30182413
And we might be in hell.

>>30182659
not sure what you mean by "SE"

assuming you mean symmetric encryption, which is what immediately follows DH as it is a key agreement protocol. After each party multiplies the opposing party's public key with their private scalar to get their shared secret, usually they would then hash this shared secret and use it to key a cipher preferably in an AEAD mode. If you want to authenticate the parties you would want to have each provide a signature which covers their DH share, and some kind of PKI to store their public identity keys. You could also use a PSK to get bidirectional authentication of the handshake.

>>30182669
most likely nothing because there are errors in the paper; the claim about |u-vN| being p_n smooth is very suspicious, his formula for the determinant is wrong (n(n+1)/2 instead of n!), and there are other gaps. there are some interesting ideas here though that will lead to more research though

>>30182214

>>30182594
I hope you are not actually this ignorant without realizing it. In case you are serious, it is not a 'whitepaper' it's an academic article which you can access here.
https://eprint.iacr.org/2021/232

>>30180536
Well this is some fud I wasn't expecting

>>30181265
Only if P != NP

>>30183042
p != np

i can prove it, but the proof is np

>>30183071
Kek

>>30183071
If you have the proof, better call the clay institute for some gains

>>30183018
I knew this wasn't a whitepaper from the title.
I said it reminds me of 90% of whitepapers, cause it reads like it's just someone bullshitting.

>>30183110
i have the proof but it's np

when you look at it and try to figure out if it's true, you just go unconscious and stare at it for a nonpolynomial amount of time

so we make better encryption

>>30183200
the guy who made the paper made some good encryption to replace RSA

no modern blockchains use RSA because the keys are too big

Polkadot in fact uses Schnorr signatures (which are named after the guy in the paper)

>>30183200
This lol.

People love to fud crypto with quantum computers etc. but they don't realize the entire internet is secured by the same basic cryptography.
If this gets broken, crypto is the absolute least of anyone's worries lol.

And all that has to be done is to move to a more sophisticated encryption, which is easy as shit.

>>30183277
the guy in the paper made the Schnorr signature protocol and had the copyright until 2008. satoshi probably would have used schnorr sigs if the patent had run out a bit earlier. they have the nice property of being proven to reduce to the hardness of the discrete log problem in elliptic curve groups, unlike ECDSA which is only thought to reduce to that problem and has no formal proof as such

no coiner gotta cope cope cope

>>30183313
>all that has to be done is to move to a more sophisticated encryption, which is easy as shit.

Oh, and Chainlink won't even be affected. Oracles work inherently off-chain, and can simply be applied to whatever blockchain has the best encryption.

>>30183277
How new do blockchains have to be to not use RSA or similarly-flawed methods? Are just the dinosaur coins (Btc, Ltc, whatever) doomed by this?

>>30182988
why do you waste your time on /biz/?

>>30183463
i have mental illness

>>30183453
bitcoin, litecoin, and other bitcoin forks all use ECDSA over curve secp256k1. Age is not an issue because ECDSA predates bitcoin by many years

>>30183578
So BTC doesnt even use the supposedly cracked RSA?
Fucking fudders man.

This destroys the RSA crypto system.

>>30183632
yeah it does not. it would have been very stupid to do so, satoshi knew that block space would be expensive, and RSA keys are sixteen times larger than ECDSA keys

>>30182988
Thanks
if RSA will be broken for real someday, does that mean we are all fucked? Not talking about shitcoins but just in general

>>30183313
What would be the impact if better encryption was implemented? Would all existing coins need to be forked for something like that? How would it work?

>>30183696
the only thing that might crack it is a quantum computer and you can bet the jews will have one and satoshi will fight back anyway

>>30180536
You again nigger? You just had a whole thread laughing at your Karen-level nonsense. Go back to /pol/

i was about to join the crypto fun. should i just buy sugar and wheat instead

>>30183737
We haven't heard from him in nearly a decade

>>30183696
nah. if a sudden break happens (very unlikely) there will be a day or two like the spectre or meltdown or heartbleed days where every org reissues signing keys and tls certs and junk with EC keys instead of RSA keys

they really should be doing it now anyways because ec schemes like ed25519 are much more efficient and have higher security bounds. most likely by the time any sort of practical rsa attack threatens that's better than GNFS there will be a relatively small number of orgs that need to rotate

>>30183781
Yes

Cased closed

>>30183696
yes , half of the internet and traditional banking would get fucked in the ass leaving them with permanent PTSD

>>30182988
hey anon i'm kind of a poorfag but i've been really trying to DMOR. just based on a cursory skim of their abstract what are your thoughts on Nervos Network as a blockchain and what do you think it can do better than Ethereum? it seems really autistic but that's not necessarily a good thing -- also I get Urbit vibes from the language they use lol. i enjoy Urbit so that's prob why i'm into it, but

i need solid ground to stand on if i'm going to continue holding this crabcoin

>>30183851
What about just being lucky af

If modern cryptography ever gets broken the CIA will not allow it to be released in a fucking whitepaper kek.

>>30183853
Any longterm alternatives to get rich based off speculations, booms and busts and what not anon?

>>30183823
that is good to know
based big brained anon

>>30183866
>>30182988
followup:
>whitepaper
https://github.com/nervosnetwork/rfcs/blob/master/rfcs/0002-ckb/0002-ckb.md
>positioning
https://github.com/nervosnetwork/rfcs/blob/master/rfcs/0001-positioning/0001-positioning.md
>muh tokenomics
https://github.com/nervosnetwork/rfcs/blob/master/rfcs/0015-ckb-cryptoeconomics/0015-ckb-cryptoeconomics.md

genuinely not a shill, i only managed to afford 70,000 CKB. just really interested in what seems to be a good project, and i want to hear the take of someone who knows more about how these things actually function. when they say "state" what are they referring to

>>30180536
is this what BOND is doing?

What is good exchange for mcm. I'm a beginner

Can this be used to optimize the hashing algorithms and get better mining hashrate?

>>30183578
>i have mental illness

>>30184357
Where do you find the other elementsbfor this meme. I only have neon and gold

>>30184463
>not sure

>>30183851

>>30184610
Got a name for this version of the troll face meme with elements

min(p, q) = gcd(floor(sqrt(p*q))!, p*q)

look i broke rsa haha sell me your bitcoins

Ok so how do I hack satoshi's wallet with this?

>>30183578
Which is your mental illness dear anon?

>>30183851
>"guessing"
>not accounting for crack algo
>not accounting fot AI

>>30183922
>CIA controls the internet...

>>30184955
its the kind where people throw bricks of money at me for it

>>30184837
FUCKFUCKFUCK SELL NOW

>>30184295
no, but I can crack SHA-256, so.. not necessary.

>>30185055
Kek

>>30182869
If the paper is correct, has he just shown that factoring primes isn't NP or has he shown that NP = P?

>>30182494
Based Math Uni anon

>>30180536
same low tier fud every year

get a job

>>30182214
kek I will admit I would have fell for it, sadly I already saw some pathetic mochimo shills on /biz/ before, the amount of effort this guy put in is actually impressive

>>30185540
i think he suspects (or hopes) that factoring is in p space but the goal of the paper seems to just be to propose an algorithm that is faster than gnfs. he certainly hasnt shown np=p

>>30182494
>whether all solutions for one will be applicable to the other is not known
And even if there was a comparable method for ECC, a bitcoin script (in its most primitive form a single address) is always published as a hash of a public key, not the public key itself.
If an address hasn't been sent FROM, then there's nothing to apply the (hypothetical) algorithm to. It is even quantum resistant.
So in reality, what one would have to do, if this was a real problem, is to have all bitcoins stored in unused addresses. And in addition it probably wouldn't hurt to split a balance across many addresses, such that running the algorithm between publishing of the public key (spending) and confirmation to the new address, is more costly than the gain that can be had, if the attacker A) cracks the private key from the now published public key and B) can out-bid the initial transaction so he get's confirmed earlier.

>>30180536
When I read Sch on the last name I automaticly think he is a kike scammer and dont pay attention to what he says.

>>30185888
Shameless self check for antikike trips on antikike post

>>30185540
>has he just shown that factoring primes isn't NP
correct. factoring primes is in P.

also if you can factor one RSA key, you can generate the other, so it really does crack RSA in P, if it works.

also, glowies have been doing this since shortly after 9/11, now it just escaped captivity into finspace: https://en.wikipedia.org/wiki/AKS_primality_test

>or has he shown that NP = P?
no, he has not shown NP=P, he has shown primes is in P rather than NP, which many of us already knew.

>>30182494
>. if there were he would have simply solved rsa-800 and been done with it
he's a mathematician, not a coder, dunce.

he left the implementation for braindead zoomers.

>>30185852
you are incorrect

it is possible to recover the public key of any bitcoin address from the signature (r, s):

1. Take point P with x coordinate r
2. Compute the hash of the message h = H(m)
3. Public key is r^-1(s*P - h*G) where G is the generator for the EC group

you have to repeat that at most once because for a given r there are two points P: (r, _) and (-r, _). Sometimes blockchains have an extra bit in the signature to indicate the correct point, but either way it's costless to just compute both.

This is how full-node validation works: without their public key you can't verify their signatures

>>30185852
>what is an address wardialer

>>30186129
shoulda had a grad student do it

but regardless there are glaring errors in the paper, his mistake in the determinant alone puts the complexity back into "worse than gnfs" territory

>>30186250
>mistake in the determinant
based on the assessment of a random internet post?

>>30180536
The paper say RSA keys with 800 bit so don't worry people.. it's just change the computation problem into a storage problem we will see how things will change but for now don't worry.. we just need longer keys and RSA should be ok for first

I'm gonna try to test RSA-896 with this:
>https://github.com/lducas/SchnorrGate

Let's see how it goes frens.

>>30180739
no wallet uses rsa brainlet key too big.

>>30186191
>This is how full-node validation works: without their public key you can't verify their signatures
Sorry, but YOU are incorrect here.

You validate the current UTXO-set from all previously SPENT UTXO's. The current balance in a previously unused, that is never-sent-from, address, has no public key associated with it.

Even a lay-person can instantly see that this is true. For example an address like the Bitcoin-Eater-Address:

1#bitcoin:::Eater///Address...Dont---Send!!!32425663 (intentionally invalid characters added)

It is created without any private or public key to it ever existing. The creator simply stitched a readable string from base58-characters and appended the checksum to make it a valid bitcoin-address.

Or take any other completely new bitcoin-address. I can tell you my address, you send to it, it gets validated. The public key of MY address never got published.

>>30186191
you can recover 2 public keys from any signature to see if the corresponding wallet address is right you have to have the address to which you verify the signature.

>>30186191
Satoshis stash however might be a problem. Back then, bitcoin used pay-to-public-key (P2PK) and not pay-to-public-key-hash (P2PKH, addresses starting with 1) or pay-to-script-hash (P2SH, addresses starting with 3 or bc1).

>>30183884
shhhh anon, no-one is supposed to know about that cheatcode

>>30186503
mm, yes, if you stipulate that an address is never reused, then it works because you never publish a signature until you spend your utxo.

>>30181850
Well what else was he going to say - “YES SELL NOW”

He’s probably cashing out as we speak

>>30186503
he is not incorrect in that a signature gives you the public key and you are not incorrect in saying there is no signature on an unspent wallet available to the public.
but doesn't matter anyhow. bitcoin is not using rsa.

>>30183378
What coins are good to buy right now. Askin for a fren

>>30186730
bitcoin schnorr signatures are being rolled out with taproot.

>>30182494
>there are peepee poopoo posters on 4chin and also guys like this
4chin is a strange place

>>30183153
Based dunning-kruger midwit

>>30183632
well hello! welcome to 4chan!

Right now there is 121 autistic faggots trying to apply this new method to improve the bitcoin mining process

Right now some autist is stiching together code to make use of his GPU to mine bitcoins with exahashes/s.

Reminder the mining process is obfuscation and not in any way a mathematically hard problem. sha256 is a symmetric cipher with the key all known to everybody.

>>30187084
fucking retarded idea. symmetric ciphers can't be approached by the integer factorization problem.
they are xor based mixers and no arithmetic can be defined on them.

>>30186191
>it is possible to recover the public key of any bitcoin address from the signature (r, s):
You are correct. So the crack procedure becomes:

1. identify whale adress.
2. recover public key from address.
3. in polynomial time, generate private key.
4. crack wallet.
5. launder.
6. cash out.

>>30180610
Nothing, it's bullshit shilling campaign.

>>30187149
how hard it is to understand, that what you describe would need a fucking quantum computer that only exist in science fiction?

>>30186250
isn't this literally the Schnorr who Schnorr signatures are named for?

>>30186430
>it's just change the computation problem into a storage problem
no non-quantum encryption is invulnerable from factorization in polynomial time.

people don't realize BTC actually IS FIAT, because glowies have secret backdoor access to all the wallets in polynomial time anyway, therefore can manipulate at will:

https://en.wikipedia.org/wiki/AKS_primality_test

why do you think they let it continue to exist?

...it's no real threat to the global economy.

>>30187149
you don't recover the public key from the address, you recover it from a signature

as >>30186503 explains if there are no signatures you cannot extract the public key, unless you break the preimage resistance of the address hash (assuming the address was actually computed from the public key).

regardless, step 3 is impossible

>>30186445
>test with canned function calls you didn't code
k get back to me, zoomie.

>>30186615
Now that I think about it, if such an algorithm ever happens to be applicable to ECC, it would be trivially mitigated, using multi-sig and cross-signature aggregation (when activated):

Let's say it takes 1 minute to calculate the private key on a system on which the cracking costs $1000.

If you want to send $100, you don't even have to do anything. Nobody will spend $1000 on cracking something that's worth $100.

If you want to spend >$1000, maybe even >>$1000 because the attacker has to take a few probabilistic conditions into his calculation (like propagation speed and block-finding itself), you simply do it from a 100-of-200 Multi-Sig-wallet, using cross-signature aggregation, on the blockchain it still appears as one signature with one public key, but you have to have 100 public keys (and their corresponding private keys) to create it. Now it takes the attacker $100'000 to attempt to steal it. Not enough security? Make it a 100'000-of-200'000 Multi-Sig-wallet. If you send bitcoins worth >$100k, you can wait a few minutes for Electrum to create the signatures and the final aggregated signature.

>>30180739
such a thing would destroy the internet and all bank security, govt security, everything. making this about cryptocurrency is moronic as fuck.

thanks just sold 100k

>>30187254
idiots are going all out i see.

>>30187303
yes and signature aggregation is also coming out with taproot this year.

>>30187303
>>30187384
won't help old wallets and p2pk wallets (satoshi trove)

>>30186492
>no wallet uses rsa brainlet key too big.
what BTC uses is actually easier than RSA.

>>30187187
>what you describe would need a fucking quantum computer that only exist in science fiction?
not if primes is in P, which we've known to be true since shortly after 9/11 when BTC was worth a dollar.

>>30187277
>you don't recover the public key from the address, you recover it from a signature
thank you, I stand corrected.

>>30182869
question. let's pretend crypto is now "broken" by some fancy schenanigans like quantum computing or whatever... doesn't this fuck over everything simulyaneously, not just cryptocurrency?

>>30187419
>what BTC uses is actually easier than RSA.
not with integer factorization no.
>not if primes is in P, which we've known to be true since shortly after 9/11 when BTC was worth a dollar.
again bollocks. sorry.

>>30187303
brilliant. the human wave defense of post quantum crypto

>>30187303
>Nobody will spend $1000 on cracking something that's worth $100.
>assuming money actually means something to state actors
>assuming the largest wallets won't be targeted

>>30187303
even if you aggregate 2 signatures not a 100 the potential solutions are nearly infinite (obviously finite but hard to comprehend the scale).

>>30187493
which is why signature aggregation is thought to defeat q computers because you have no test function to find the keys you are looking for.

>>30187303
>>30187454
isn't it also possible to implement lamport sigs in bitcoin script (albiet expensive)?

>>30187452
>>what BTC uses is actually easier than RSA.
>not with integer factorization no.

>>not if primes is in P, which we've known to be true since shortly after 9/11 when BTC was worth a dollar.
>again bollocks. sorry.

You haven't read this, have you?

https://annals.math.princeton.edu/wp-content/uploads/annals-v160-n2-p12.pdf

Look at the pub date. Imagine how much farther glowies are ahead of the 24-hour-old ideas in your mind, after 20 years of the best cryptograpic minds working together to exploit this?

Schorr is late.

>>30187556
problem is no matter where you want to go with new wallets old wallets will eventually be scavenged.

sorry won't work on ecdsa totally different class of problem. the function of primes is to be a modulo for the arithmetic and not even a secret.

>>30186250
hey anon number theory fag here, I got rejected by every grad school I applied to since covid, how can I become an autist like you? what kind of jobs can I get in cryptography with just a BS and not much coding experience?

>>30187418
>won't help old wallets and p2pk wallets (satoshi trove)
That is true. People with old, large wallets or exchange-cold-storage wallets that reuse addresses, should have enough time to mitigate this, though.
Satoshis stash is something different, though. Let's home someone reputable snatches it, announces the snatching and sends it to the bitcoin-eater-address, minus 1000 or 100k BTC for his effort. Having 100k BTC that are actually worth something is better than having 1M BTC worth nothing.

>>30187459
>>Nobody will spend $1000 on cracking something that's worth $100.
>>assuming money actually means something to state actors
State actors aren't magic either. They can try to cause havoc by spending $1000 over and over again to steal $100 over and over again, but then they bankrupt themselves. It's basically the same game-theory as mining itself.

>>assuming the largest wallets won't be targeted
They have to be vigilant anyway. If an attack like that is on the horizon, they probably will be the first to mitigate it way in advance. Again, it is easy to mitigate even now. Simply send to a never-sent-from address.

>>30187543
>signature aggregation is thought to defeat q computers
incorrect, there seems to exist a common belief that classically secure hash functions will remain secure against quantum adversaries. Indeed, several second-round candidates in the NIST post-quantum competition use existing hash functions, say SHA-3, as quantum secure ones. results disprove this common belief:

https://link.springer.com/chapter/10.1007/978-3-030-45724-2_9

Could you smart fellows who understand this recommend me some shitcoins?

>>30187664
>ecdsa
the trustworthiness of NIST-produced curves being questioned after revelations that glowies willingly insert backdoors into software, hardware components and published standards.

well-known cryptographers have expressed doubts about how the NIST curves were designed, and voluntary tainting has already been proved in the past.

also the difficulty of properly implementing the standard, its slowness, and design flaws which reduce security in insufficiently defensive implementations of the Dual_EC_DRBG random number generator make this weaker than RSA

RSA has nothing to do with btc. However all HTTPS is based on it so... at least the web is dead.

>>30187756
like i said if you have no test function it requires an infinitely large q computer to find all solutions and while they will all be "valid" for a specific transaction won't be for the next one evidently.
you need some massive address reuse in the aggregate to get anywhere.

>>30187684
>State actors aren't magic either. They can try to cause havoc by spending $1000 over and over again to steal $100 over and over again, but then they bankrupt themselves.

>the people who print money
>"bankrupt" themselves

your premise that they seek low value targets is flawed, anyway.

>>30187851
>if you have no test function
Artificial intelligence can use actual compiled binary executables in lieu of test functions, you do not need to explicitly know the actual test function in order to characterize it sufficiently for breakage

>>30187840
>the trustworthiness of NIST-produced curves being questioned
yes i heard about that. one of the many reasons we switching to schnorr.
but it's not something that can potentially be exploited in this century.
look you are moving the goalpost every time someone points out how the bullshit you spout is not applicable to bitcoin. now we are at random generators. holy cow if your random generator is crap then you are fucked but this isn't news for the past 10 years.
all computers since 2015 have quantum phenomena based rng instruction sets that collect real hard random entropy while the computer is running.

This guy is 77 years old, Boomers are going to destroy it all before they go.

>>30187945
no you simply lack the information to make the test function. as it no longer gets leaked.
look quantum computers are incredibly limited in size and capability. if they can break p2pk wallets it will be the breakthrough of this millennia. and we are not making much progress on that.

>>30187961
>yes i heard about that. one of the many reasons we switching to schnorr.
the guy who just said what you are using is broken. gotcha.

>but it's not something that can potentially be exploited in this century.
by you.

>i just ate so world hunger doesn't exist.

>>30187892
>>the people who print money
>>"bankrupt" themselves

> Printing money gives you microchips and electricity to calculate private keys.

Yes, state actors can print money. Yes state actors can tax people. But neither creates actual physical resources needed to attack a system. If that were the case, Zimbabwe would be the global Hegemon with the largest military. They can just print money and have aircraft carriers and ICBM, right?

>>30188012
>no you simply lack the information to make the test function.
deep learning.

>look quantum computers are incredibly limited in size and capability.
public ones. also assuming that quantum algorithms can't be run on turing machines... protip: reality is quantum mechanical but it is being "run" on turing wetware between your ears.

>if they can break p2pk wallets it will be the breakthrough of this millennia. and we are not making much progress on that.
would anyone who could do that advertise it? or hide it? why or why not?

>>30187961
And, satoshi actually chose a curve which was not standardized by NIST, `secp256k1` instead of `secp256r1` a.k.a. P-256. Most of the scrutiny of the NIST curves comes to P-256, which has somewhat arbitrary seeming constants.

>>30188015
>gotcha
nope you are just desperately fudding bitcoin with gargantuan stretches and unproved speculation.
did you miss the train? you had 12 years fag.

>>30188128
you need data for learning god just think for a second!

>>30188036
>neither creates actual physical resources needed to attack a system. If that were the case, Zimbabwe would be the global Hegemon with the largest military. They can just print money and have aircraft carriers and ICBM, right?
first-world countries do this with the same intelligence that came up with what broke RSA, by paying smart people with fiat money.

protip: fiat money is not worthless, it just represents the relative values of social contracts now, instead of a fungible asset like gold or silver.

>>30188188
>you need data for learning god just think for a second!
if you know the hash algorithm you're breaking, you have all the data you need.

>>30188155
yeah i forgot about that.

>>30188156
>everything is about money.
lol.

>>30188155
>>30188156
guys what coins do you hold?

>>30188155
>satoshi actually chose a curve which was not standardized by NIST
making it less secure, actually. couldn't the satoshi organization have put a backdoor in that curve? one they could've shared or sold? what if "satoshi" was a glowie? who built ARPANET? Who built TOR?

>>30188188
>reinforcement learning

>>30188195
>protip: fiat money is not worthless, it just represents the relative values of social contracts now, instead of a fungible asset like gold or silver.
Sure. But that is not the attack we are now talking about. The attack is AFTER you payed all the smart people you needed and AFTER you purchased all the equipment you needed with freshly printed dollars.

And NOW the attack starts, by spending $1000 to get $100. If you finance that by taxing, you are using up resources 10x the rate you earn. If you finance it by inflation, your money loses 10x its purchasing power relative to financial gain you make by attacking. And you HAVE to have gain, because you have to get actual physical resources, electricity and silicone, sooner or later.

>>30188296
none, now.

i'm in gold and commodities.

>>30188340
you're assuming fresh attacks incur fresh costs. after Turing developed his device at Bletchley, it was free to use.

https://99bitcoins.com/bitcoin-obituaries/

Time to update the list

>>30188347
faggot

>>30188296
bitcoin only for me the risk reward is just right

I hope it dips so i can buy more

>>30188323
yes so you need craptons more data and you have none. good luck!

>>30188128
>public ones. also assuming that quantum algorithms can't be run on turing machines
they can be run on turing machines it's just incredibly limited and slow. but ibm said they can run some on the current size range of q computers real fucking fast. but that is a joke really.

>>30180840
Betichod link karna seekh

>>30188596
ibm says many things

>>30180536
I honestly don't understand that.

My school education standards were not high. Also, I'm probably a midwit. Worth studying math/algebra/etc courses for free online?

>>30188221
breaking a hash is a weird concept.
but let's say you can somehow define sha256 as a black box function in a q computer.
what does that achieve? it won't be worth it to mine bitcoin but you would only add to the hashrate if you could by some miracle use it.
determining a single script from the hash the address scheme uses is impractical the script can easily be bigger than 256 bit and then you have infinite solutions.

>>30187145
> no arithmetic can be defined on them.
you're not an autist
ask me how I know

>>30188649
indeed, but i believe them on this one. as far as i know q computers are still not cost effective. but it's getting there. we are still decades from breaking 256 bit private keys.

what is an integer?

>>30188596
>ibm said they can run some on the current size range of q computers real fucking fast.
NASA did it before IBM

https://aip.scitation.org/doi/10.1063/1.346357

>>30188423
You don't have to pretend to be dense in order to promote your shitcoins here, right?

You actually think, that when state-actor-A successfully spent $1000 to sweep those nice $100 worth of bitcoin into his wallet, btw, paying $20 transaction fee going to the miner, not him, he now DOESN'T have to spend another $1000 to attack the next $100?

Yes, please stay with gold and commodities.

>>30188731
>but let's say you can somehow define sha256 as a black box function in a q computer.
good assumption

>what does that achieve? it won't be worth it to mine bitcoin but you would only add to the hashrate if you could by some miracle use it.
you assume the guesses are random, the idea is to stop guessing, and intuit a gradient approach.

>determining a single script from the hash the address scheme uses is impractical the script can easily be bigger than 256 bit and then you have infinite solutions.
all you need is a probable seed phrase

>>30188423
>Turing developed his device at Bletchley, it was free to use
It wasn't. You need at the very least electricity to run it.

>>30188859
>You don't have to pretend to be dense in order to promote your shitcoins here, right?
and where did I do that? you're full of cope.

>You actually think, that when state-actor-A successfully spent $1000 to sweep those nice $100 worth of bitcoin into his wallet, btw, paying $20 transaction fee going to the miner, not him, he now DOESN'T have to spend another $1000 to attack the next $100?
you actually think a state actor goes for $100 in BTC? no dipshit, they'd only go after $100 BTC transactions that lead to wallets containing millions or billions.

or to surveil the BTC transactions of targets of interest, in which case the money isn't the thing.

>>30187434
> doesn't this fuck over everything simulyaneously, not just cryptocurrency?
this fucking crypto braindead defense is vomitinducing

so what would you attack your local bank website or steal 10000 bitcoins and other crypto? which do you think you can get away with?

oh no, you are so clever genius you will actually attack the facebook posts from sluts and whores and post in their name, thats what you will do.

>>30186933
Ignorance is the best way to make money in this market, if you try to calculate every factor, understand every aspect of the technology and analyze every past movement you will go CRAZY, like for real.

>>30188890
>It wasn't. You need at the very least electricity to run it.
from the sublime to the ridiculous, this is pure cope. states capable of cracking SHA256 and/or RSA have no problem with electricity production, anon.

>>30188981
one thing that you might find interesting or that might set your mind at ease is the concept of information-theoretic security https://en.wikipedia.org/wiki/Information-theoretic_security

>>30188984
this poster thinks gud.

>>30189058
Relying on physical layer encryption can be very useful.

>>30188753
never claimed to be.
>>30188876
all you need is a probable seed phrase
lmao you can't be this fucking stupid.
all seed phrases are equally probable. and a q computer won't be able to test them anyhow.

a q computer in it's basic operation gives you all the results at once and you can only collapse it to a stable solution if you have a sufficiently simple test function.

say you have a 256 bit input and a 256 bit hash function that is proven not to generate the same output for different inputs... you can in theory get the input with a q computer.
but it's not applicable in the sense of how we use hash functions.
password hashing would just need to use bigger salt, sigscripts need to be bigger than 256 bit or have random dysfunctional data in the script and suddenly you get nowhere.

it's a quadrillion times cheaper to spoof a q computers ability to revers one way functions than to actually make it happen.

>>30188984
>>30189036
> you actually think a state actor goes for $100 in BTC? no dipshit, they'd only go after $100 BTC transactions that lead to wallets containing millions or billions.

You didn't get anything from the conversation. This attack only works between the time of sending a transaction and it not being confirmed in a new, never-spent-from, address. You can't "crack that $100 transaction and follow it into a $1B wallet, rubbing your hands".

>from the sublime to the ridiculous, this is pure cope. states capable of cracking SHA256 and/or RSA have no problem with electricity production, anon.
> states capable of cracking SHA256 and/or RSA have no problem with electricity production, anon.

Of course not. But if they burn $1000 worth of electricity to get $100 worth of bitcoin, they will bankrupt themselves, because burn, say more oil than they can buy (buying directly or by buying labor and capital to extract and refine it).

The more the spend on producing electricity to attack at 90% loss per attack, the faster they bankrupt themselves.

But I suspect you don't get that attacking an unspent transaction to front-run it with a new transaction, or proof-of-work mining, is not a one-off attack like emptying a gold-fault and hauling it to your secret dungeon. You incur permanent ongoing cost in a replace-by-fee-attack or a 51% attack.

>>30188984
what you would attack as a nation state is the intelligence of other countries. while keeping your ability a secret not advertise it for meager scraps from internet funny money.

>>30189172
>all seed phrases are equally probable.
not true at all. only physical-layer encryption is truly random, hence the term pseudorandom, hence the existence of keyphrases. you haven;t thought this through.

>say you have a 256 bit input and a 256 bit hash function that is proven not to generate the same output for different inputs... you can in theory get the input with a q computer.
or a quantum algorithm running on a turing computer of appropriate sophistication.

>sigscripts need to be bigger than 256 bit or have random dysfunctional data in the script and suddenly you get nowhere.
incorrect. the solution space is not necessarily the same size as the cipher space. it can be arbitrarily larger without appreciable cost penalty. also, placing random data in the script will not help you if it contains ANY nonrandom data AT ALL, which would make the reason for encrypting to be absent in the first place.

>>30189236
until someone copies or steals your ability

>wannacry

>>30189232
i still don't see how we are even talking about breaking bitcoin.
the most malicious attack i can imagine on bitcoin is trying to replace a transaction in a block. since blocks are organized as merkle trees the integrity of a leaf transaction is dependent on the impossibility to create an alternate tx with the same hash. but with transactions in blocks we would not want to put random data in them nor would it do much good as it is public.

so this type of attack would be the most disruptive. it's however not at all feasible.

>>30189232
>if they burn $1000 worth of electricity to get $100 worth of bitcoin, they will bankrupt themselves
this is a retarded premise, see >>30188984

>>30189391
>i still don't see how we are even talking about breaking bitcoin.
see >>30187149

>>30189341
>only physical-layer encryption is truly random
like i said ever since 2015 every crypto suit worth shit uses quantum based cpu rng instruction sets. before that user input and cryptographic hash functions in great many iterations was used to introduce true randomness to the pool.
talking about pseudo random is smooth brain shit.

Reeks of autism ITT

>>30189341
>or a quantum algorithm running on a turing computer of appropriate sophistication.
not possible. the sheer size of the required cpu power with current semi conductor tech would make the computer bigger than earth.
>incorrect. the solution space is not necessarily the same size as the cipher space. it can be arbitrarily larger without appreciable cost penalty.
lmao

>>30189444
>ever since 2015 every crypto suit worth shit
not BTC

>>30189443
i explained why it would never work multiple times. you keep ignoring it and moving the goalpost.

>>30189443
>>>30187149
This DOESN'T WORK you fucking retard! It only works, if the whale address SPENT from that address. And any whale worth his salt will send to a new, unused, never-sent-from-address as soon as any attack on ECC public-keys is even thought to be possible.

>>30189506
>not possible.
for you. just extend Moore's law by about two decades and factor in flawless semiconductor lattices

>>30189553
>i explained why it would never work multiple times. you keep ignoring it and moving the goalpost.
no you didn't.

>>30189559
>It only works, if the whale address SPENT from that address
of course.

> any whale worth his salt will send to a new, unused, never-sent-from-address
his key can be extracted even from new addresses. that's why his keys work.

>>30189559
cryptoexchanges arent safe they always reuse addresses for peoples withdrawals

>>30189540
lmao basically the crypto apis of all operating systems started to use it. you could even use it from javascript from a browser. when you generate a paper wallet it will check for this capability and use it if your pc has it.
a fucking website... getfo!

>>30189590
>for you. just extend Moore's law by about two decades and factor in flawless semiconductor lattices
even then it will be the size of the moon.

>>30189654
They won't, if it gets their funds stolen.

>>30189645
>his key can be extracted even from new addresses. that's why his keys work.
now this is some new level fud, and it's worth talking about.
old bitcoin wallets used random private keys. newer bitcoin wallets tend to use deterministic hierarchic key generation.
where a single private key even if spent can generate all others of the same hierarchy.

so all hardware wallets and other seed based wallets are not quantum secure as they are today even if you don't reuse addresses like a retard.

>>30189663
RSA, SHA256, and Elliptic Curve are NOT provably unbreakable from an information theoretic perspective, just because environmental randomness is used for key generation. That is not the same as physical layer encryption. You should know that.

>>30189559
>And any whale worth his salt will
I don't get it. i thought it already was part of the protocol.
At least that's how it works for me: when i send any BTC amount to an address, in the same transaction the remaining balance is move to another one of my public address.
I'm confused at how it works and why exactly though

>>30189795
weak fud and dumb

the HD wallets have 1 seed but generate many private-public key-pairs. breaking 1 public key does not reveal you the seed

>>30189795
>so all hardware wallets and other seed based wallets are not quantum secure as they are today even if you don't reuse addresses like a retard.
you are correct.

>>30189849
>breaking 1 public key does not reveal you the seed
you can generate one key if you crack the other.

>>30189828
>RSA, SHA256, and Elliptic Curve are NOT provably unbreakable from an information theoretic perspective
that is true but it does not make anything else you say true.
>just because environmental randomness is used for key generation
that has nothing to do with it. you either attack the crypto algo or the random pool don't mix the two together because it just murks up the water.
>That is not the same as physical layer encryption.
that doesn't mean anything as you try use it. you are throwing around a meaningless concept. all "psychical encryption" whatever the fuck that means in your head can be emulated by a computer. of this i'm 100% sure.

>>30189849
each private key generates all others.

>>30189854
i have been telling people about this for a long time even tho this should be widespread knowledge its not a secret or anything...

>>30180610
Fast Factoring integers, seems like they work on cracking encryption

>>30189899
of the same hierarchy
there are known ways to mitigate this issue.

>>30182523
>>30183823
I've been saying this forever!
Finally someone with sense around here

>>30180610
sell before hackers steal your coins
can be as soon as 2 weeks from now

>>30190015
You never told me about it and I'm your best friend STEVE, YOU FUCK.

>>30190194
i posted this in almost every trezor/ledger thread over the past years.

>>30189837
Most wallets work exactly like that. You have an unspent output in address A. You send a fraction of that to address B and the remainder to a new address of yours, A'. This is mainly done to enhance pseudonymity on the network, to make it harder to determine who owns what.

But many exchanges don't care about pseudonymity much, they care more about security. So they create a highly secure multi-sig-setup and reuse the same address, sending change-outputs back to the initial address, i.e. address A in the above example.

Of course it's trivial to change that behavior into something consumers do automatically, by having either deterministic derivation from an initial entropy seed or a pool of unrelated unused addresses.

>>30189837
not the protocol the protocol allows you to spend to an input or any change address of your choosing. wallets generate new change address for every tx as "standard"

>>30189899
>you can generate one key if you crack the other.
In a non-hardened HD wallet, you can recreate the master private key, if you have ONE child private key and the master public key. The master public key becomes as important as the seed, if an attack on ECC is possible.

Hardened HD wallets, like Bitcoin Core uses, are not affected.

>>30180739
>RSA
>Used in blockchain
faggot

We will simply take a snapshot of the chain and create a more secure blockchain if this happens and reward everyone address their coins back. It will cause a price dump tho

>>30180536
Bitcoin uses ECDSA not RSA, bitcoin is safe glownigger

>>30190625
>Hardened HD wallets, like Bitcoin Core uses, are not affected.
that's not categorically true imo. just because it allows you to generate hardened child private keys a lot depends on how the wallet actually uses these keys. will it generate a new hardened child private key for every new address? or just when you want to give out a child private key? (ie a key management scenario)
i haven't checked this to be honest.

>>30191541
well technically it's called "hardened extended parent private key" but it's not clear to me if this is generated as default or on demand. whatever it can be done right quantum resistance is an other matter. but it uses hmac with sha512 so... should be fine.

>>30185055
>basically a dick sucking faggot

Fascinating

Can someone explain to a retard what's happening in this thread?

>>30191541
lets us postulate that this Schnorr paper reveals a new method of solving previously really hard problems, even the discrete log problem.
let us postulate now that this does break both rsa and ecdsa and libsecp256k1 the bitcoin curve.

now the only safe coins are those on not-previously sent from addresses, and where these addresses are not made by the HD wallets

big deal

>>30191783
Get out only autists ITT allowed

>>30191783
as turbo normfag i only understanded that there is possible with some hi-tech new-tech tier shit GPU which can crack any wallets passwords or international banks etc bullshit crap fud fuck off

>>30183429
>Oh, and Chainlink won't even be affected. Oracles work inherently off-chain, and can simply be applied to whatever blockchain has the best encryption.
That's a pretty compelling way to say token not needed.

>>30184098
>>30183866
please reply :(

>>30180536
If algo was fast enough, they'd have claimed Satoshi's coins.
Or even better, broken RSA and broken the internet (https, ssh)

But I don't expect /biz/, to understand crypto

>>30181595
>>30182214
so it's a pajeet shill nothinburger trying to shill me their niggercoin. got it

>>30193509
nervos is not worth my time to read it through.
skimming was enough to put it in pile of scam trash can

>>30192003
that's the worst case but add to it that all p2pk addresses are fucked. and there is a lot of coin on them still.

>>30193539
no you can't use this to solve the discrete logarithm problem and the prime module is not even a secret in ecdsa. your secret is a point on a well defined curve.

>>30180536
Fake and gay.

>>30194235
https://eprint.iacr.org/2021/232.pdf

>>30182598
I have 105 years of experience and worked on the team that decripted Enigma. I agree, bitcoin is done for.

>>30195395
faggot

integer factorization does not translate to ecdsa
finding a more efficient factorization method does not mean the rsa is broken as it was always based on the difficulty of integer factorization and nothing changes that in the paper.
increasing key sizes costs barely nothing (linear cost) while scaling algorithms in the NP is exponential.
so nothing really changed. and it does not affect bitcoin in any ways.