bitcoin-dev

hashcash-newhash

hashcash-newhash

Posted on: May 25, 2020 07:03 UTC

In this email conversation, Karl asks Ariel about the need to plan for a future algorithm change in case of any public mathematical breaking of the current SHA-256 algorithm used in Bitcoin mining.

Ariel explains that cryptographic algorithms don't usually break completely but rather may have their security reduced through an exploit. He suggests that if such an exploit can be deployed as a software patch to most ASICs, the issue will sort itself out on the next difficulty adjustment. If not, GPUs and FPGAs can still compete with the less adaptive ASICs until new ASICs that use the exploit start getting produced and shipped. Ariel also notes that there's never any official "public breaking" of a hash function. The function will just lose security over time until it's deemed to not be "secure enough" for certain applications. He mentions that if the entire world can consistently find 256 zero bits of SHA-256 in under 10 minutes, then definitely the hash function needs to be changed, although he believes that won't happen in a day. Karl agrees with Ariel and suggests making plans to migrate to a new hash function when needed, even if it could take decades before having a new hash is actually needed to protect financial security. He expresses concern about ongoing cryptanalysis research, new things like quantum computers, conventional computer hardware always advancing, and suggests improving the security of the blockchain.