
Is Bitcoin mining compromising the security of SHA256? - nighthawk
http://bitcoin.stackexchange.com/questions/17132/is-bitcoin-mining-itself-compromising-the-security-of-sha256
======
SwellJoe
I believe this question exhibits a lack of understanding of what "mining"
Bitcoins means. Or possibly how Bitcoin works. Or both.

Mining Bitcoins is simply a search for an SHA256 hash matching a certain set
of criteria. The mining hardware could theoretically be used to search for
hash collisions faster than previously existing hardware, but that is of
limited utility in the scenario of trying to find a specific hash collision
(i.e. one that allows you to decrypt a file or login to a system) rather than
one that meets certain qualifications (but doesn't have to be an exact match
for one unique hash).

The set of possible values is _so large_ that even the next generation of ASIC
mining hardware (which will continue the exponential growth of worldwide
hashing power) would require hundred or thousands of years (I don't know the
specifics and can't be bothered to find the numbers with specificity), on
average, to find a specific hash. SHA256 is still strong, even assuming a
vastly larger pool of searching machines.

In short: Bitcoin mining is not "cracking" SHA256. It's gambling on finding a
hash that has one specific (rare, but not even close to unique)
characteristic. Finding one, just like winning at poker or at the roulette
wheel, does not make the next round easier.

~~~
dnautics
What if someone is collecting everything, including the misses, from bitcoin
mining and running some sort of statistical analysis on it to determine if
there are patterns in the noise.

~~~
gibybo
Bitcoin mining generates 160 quadrillion bytes (160 Petabytes) of misses per
second. The limit would be the amount of data that you could reasonably store
and analyze, and we were at that limit long before Bitcoin came around.

(Although you can't actually collect the misses from other miners, because
they never publish them).

~~~
dnautics
true. It is however, possible that some statistical analysis can be run on the
hits, although interpretation would be convoluted since the initial value is
SHA'd twice.

------
herbig
Normally with questions such as these you don't come up with a ridiculous
claim and ask others to prove it for you.

------
pmiller2
Slightly. Bitcoin mining encourages people to build SHA256 crackers. It's not
inconceivable that these things could be repurposed to attack other types of
SHA256 attacks besides those relevant to the BTC block chain.

~~~
lucb1e
When "other SHA256 purposes" are implemented correctly, this is no issue at
all. For example hashing passwords should use bcrypt or something similar, and
HMACs should use long enough keys. While you may increase the search speed
with ten orders of magnitude, it's still well beyond our current capabilities
to successfully crack any SHA-2 hash.

See also the answer I just posted on the SE question.

~~~
interstitial
Since the hypothetical brokenness of SHA256 is unknown, can we be sure there
is a "correct" way to implement "other purposes"? Surely, it's conceivable a
new attack could exploit an unforeseen weakness in all those uses.

------
interstitial
I usually find stackexchange's discussions more than ample. There are many
sites whose comment system and content could use a re-hashing by HN's nerdery,
but stackexchange isn't one of them. (Unless we are playing the wayback game
of re-posting a question from several years ago).

------
adrianwaj
Anyone had experience mining litecoin and bitcoin simultaneously? Does it make
sense to do so on the same hardware?

~~~
quarterto
Nothing you can build has any hope mining Bitcoin anymore. On the other hand,
my pathetic GTX460 rig (~150kh/s) nets about 2LTC/month.

~~~
adrianwaj
If it's lying around, would you want to do that? Litecoin is criticized for
minimal infrastructure... ahh okay you are.. it's not hypothetical.

.. I've read extra memory really helps.

------
drakaal
Yes. Sorta. Depends if you believe that the NSA is responsible for creating
bitcoin as a means to get millions of CPU resources for free, which could be
used to crack SHA and to track the comings and goings of criminals.

It is not so far fetched. Since we don't know who really created it, and we
know that for something that the government should have been very "anti" and
yet seem to have left it alone.

I am not one for conspiracies, but if it walks like a duck, and you haven't
heard it make a noise who is to say it isn't a duck?

~~~
Tarang
The hashes that come out of bitcoin mining aren't just any ordinary hash you
could use to crack passwords, though. The hashes have to begin with a number
of 0s corresponding to the difficulty.

Most password hashes (including the salt) hardly have these 0s so even as a
lookup table the blockchain isn't very good.

~~~
drakaal
You don't attack Sha with the miner, you generate prime factors. Those can
then be used to attack any encryption.

Not convinced this is what is being done. Just saying it doesn't matter about
the salt for this to be worth while.

~~~
gibybo
SHA has nothing to do with prime numbers. Bitcoin also has nothing to do with
prime numbers.

Further, prime numbers are only useful in a very specific case of
cryptography, nowhere near 'all encryption'.

~~~
drakaal
Nothing to do with prime numbers?

[http://www.femto-
second.com/papers/SHA256LimitedStatisticalA...](http://www.femto-
second.com/papers/SHA256LimitedStatisticalAnalysis.pdf)

[http://www.ietf.org/rfc/rfc4634.txt](http://www.ietf.org/rfc/rfc4634.txt)

[http://eprint.iacr.org/2010/548.pdf](http://eprint.iacr.org/2010/548.pdf)

[http://eprint.iacr.org/2010/548.pdf](http://eprint.iacr.org/2010/548.pdf)

~~~
gibybo
Yes, nothing to do with prime numbers. SHA-2 uses some constants. A lot of
cryptography needs constants for various reasons. There is always some concern
that the creator chose specific constants that weaken or give them a backdoor
to the crypto scheme. To reduce this concern, they often choose constants from
some simple mathematical basis, perhaps the numbers '1234567890', or digits of
pi, etc. In SHA-2's case, they used the first 32 bits of the fractional parts
of the square roots of the first n primes.

The numbers they use are not primes, nor are primes useful in any way for
attacking SHA. The algorithm still has nothing to do with prime numbers.

