Security researchers from CWI and Google have achieved the first real-world collision attack against the SHA1 hash function, producing two different PDF files with the same SHA1 signature. It demonstrates this algorithm used for security-sensitive functions is vulnerable and has to be replaced as soon as possible.
According to Google, it was one of the largest computations ever completed:
– Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total,
– 6,500 years of CPU computation to complete the attack first phase,
– 110 years of GPU computation to complete the second phase.
After the news publication on the Shattered.it website, the 2.49 BTC reward of the collision challenge initiated by Peter Todd a cryptographer and bitcoin core developer has been claimed by a winner. The amount is more symbolic than incentive.
The same challenge exists on bitcointalk forum for SHA256 and perhaps some of you wish participating to increase the current reward by sending some bitcoins to the following bitcoin public key “35Snmmy3uhaer2gTboc81ayCip4m9DT4ko”.
Is Bitcoin SHA256 vulnerable?
Bitcoin protocol uses the SHA256 algorithm, which is stronger than SHA1 by conception. The illustration of the difference in output size between SHA1 vs SHA256 can be seen below:
- SHA1 – da39a3ee5e6b4b0d3255bfef95601890afd80709
- SHA256 – e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
According to a post on bitcointalk by Satoshi the creator of Bitcoin “SHA-256 is very strong. It’s not like the incremental step from MD5 to SHA1. It can last several decades unless there’s some massive breakthrough attack.”
Bitcoin would be considered unsecure if the same scenario occurs for SHA256. Indeed, all transactions could be compromised and the entire system would be affected before the execution of a fork to upgrade the protocol algorithm.
“If SHA-256 became completely broken, I think we could come to some agreement about what the honest block chain was before the trouble started, lock that in and continue from there with a new hash function.
If the hash breakdown came gradually, we could transition to a new hash in an orderly way. The software would be programmed to start using a new hash after a certain block number. Everyone would have to upgrade by that time. The software could save the new hash of all the old blocks to make sure a different block with the same old hash can’t be used. “
Feel free to share this article if you found it interesting! Follow BlockTech / FinTech news with us on social networks!