It’s interesting how cryptocurrency advocacy makes otherwise intelligent people discard all principles of engineering with forceful statements like “it’s impossible,” when the only thing realistically standing between someone and as much Bitcoin as they want is SHA-2 compromise. I’m amazed with the money in play that it hasn’t happened yet. It speaks to the strength of the SHA-2 suite (and, complicatedly for me, the NSA) that it’s survived this well with a giant target on its back thanks to cryptocurrency.
Even here, you’ve assumed such an event would be a hack. Sure, one is not going to introduce trillions of coins, but a fast way to design a desired SHA-2 solution is a lot of cryptocurrencies’ factorization heel and played correctly could slowly make one incredibly wealthy (played poorly, it’d just collapse the entire currency and probably the whole idea).
You know how we’re all terrified of fast factorization and its implications for cryptography? Do you really think with the basically five minutes of research the industry has into quantum computing that SHA-2 is good enough for the entire life of a currency? We’ve already shown that coins can’t fork to change stupid shit, so I mean, good luck with an owned hash. So, hard, not impossible. Just don’t forget: once upon a time we thought MD5 was awesome and you’ve never heard of MD4.
“It’s impossible” - I agree it’s almost always too strong.
However, remember we’re discussing the creation of trillions of bitcoin. Even if it occurred, do you really believe the chain would remain? It would be forked. I just can’t imagine a chain being totally compromised and its users being okay with it - both would need to be true.
A smart attacker wouldn't create trillions of bitcoin, they would create a steady trickle of bitcoin indistinguishable from a medium-sized private mining operation that is too small to be noticed for a good while but large enough to make the attacker very very rich. It won't be noticed for months or even years and you cannot erase years of history. There will be no fix, only damage control.
That said, SHA-2 being broken is not very high up on my list of cryptocurrency failure modes if only because there are much more immediate concerns... and I suspect most other people implicitly feel the same way.
That not how bitcoins are created. You don't just make a few extra. The block reward is fixed, if someone made a block with more than the block award it'd be rejected by the network.
No need to create net new coins, if you can crack SHA you can start moving around somebody else's existing bitcoins. Choose your target carefully (lots of dormant and/or hacked BTC out there) and nobody will twig on for a long, long time.
The transference of Bitcoin still relies on digital signatures so the only way to forge transfers would be if ECC (or bitcoin’s implementation of ECC) was broken).
You are agreeing with me. An attacker that has broken sha-2 would pretend to be a miner, not mint trillions of bitcoin (which is not possible as you say).
Even here, you’ve assumed such an event would be a hack. Sure, one is not going to introduce trillions of coins, but a fast way to design a desired SHA-2 solution is a lot of cryptocurrencies’ factorization heel and played correctly could slowly make one incredibly wealthy (played poorly, it’d just collapse the entire currency and probably the whole idea).
You know how we’re all terrified of fast factorization and its implications for cryptography? Do you really think with the basically five minutes of research the industry has into quantum computing that SHA-2 is good enough for the entire life of a currency? We’ve already shown that coins can’t fork to change stupid shit, so I mean, good luck with an owned hash. So, hard, not impossible. Just don’t forget: once upon a time we thought MD5 was awesome and you’ve never heard of MD4.