[cryptography] Bitcoin observation
Marsh Ray
marsh at extendedsubset.com
Thu Jul 7 17:27:47 EDT 2011
On 07/07/2011 04:10 PM, Nico Williams wrote:
>
> In some (most?) public key cryptosystems it's possible to prove that a
> valid public key has a corresponding private key (that is, there
> exists a valid private key for which the given public key *is* the
> public key). That's used for public key validation. It's not
> possible, however, to prove that the private key still exists.
But is it possible to sneak in invalid keys? What if, say, in an RSA
system you were to later reveal that modulus n was the product of more
than two primes? (I forget the name of this attack.)
What if you did this after a long dependency chain of cleared
transactions had built up on the security of this key?
Not saying that Bitcoin specifically is vulnerable here, just that there
are usually several ways to poison the well on these interdependent systems.
Often the crypto is meant to defend against attackers with the expected
motivations (e.g. double-spending the coins). The recent rise in
sophisticated "for the lulz"-motivated attacks is likely to catch some
systems off-guard.
- Marsh
More information about the cryptography
mailing list