Transaction

j"1LAnZuoQdcKCkpDBKQMCgziGMoPC4VQUckM‘<div class="post">Thanks Satoshi,<br/><br/>Here is what I sent him.<br/><br/>-----------<br/><br/><br/>Public key cryptography depends on the fact that it is hard to factor large prime numbers. Everyone knows that. If bitcoins were transfers were assigned to a well formed public key, and an associated private key signature was required for future transfer I would concede that bitcoins crypto transfers were completely secure.<br/><br/>However, bitcoin transactions don't seem to work that way (by my reading). Transactions assign coin amounts to a particular "bitcoin address". Where the address is a hash of the public key.<br/><br/>To validate a transaction, nodes take the public key from the signature and use that to verify the actual signature. If the signature is valid, it then hashes the public key to confirm it matches the bitcoin address assigned in the previous transaction. If both match, by definition, the transaction is good.<br/><br/><br/>The potential weakness is in associating the public key in the signature with the bitcoin address.<br/><br/>There is a many to one relationship between public keys and a given hash. Now, if finding a pair of prime numbers that creates a secure public/private key pair where the public key part hashes to a particular bitcoin address seems hard... it probably is.<br/><br/>However, that is not required.<br/><br/>All you need is ANYTHING representing a public key that hash collides with a know large bitcoin account. It does NOT have to be a secure key pair based on primes. It is simply has to work once and allow the transfer of the stolen money to another account. That is potentially much easier.<br/><br/>Some hashes are harder to collide than others. I'm not sure the strength of the hash being used. However, colliding any hash gets much easier if you don't have to care about the content being hashed.<br/><br/>Because of the nature of public keys they look like random data. As I understand them, you can't know if a public key is based upon secure math unless you succeed in factoring it. Therefore clients don't try. They normally just do the validation of the signature and presume the public key was generated in a secure fashion if it worked.<br/><br/>NOTE: The following analysis needs double checking by a real cryptohacker. IANACR<br/><br/>So depending on the hash, you could use one of the up-and-coming hash collision algorithms to generate a colliding block of data which represents a public key. Then by reversing the public/private key math, generate an associated (but hardly secure at all) private key that would generate valid signatures.<br/><br/>You then take your insecure, easily factorable, key pair and generate a signed transaction that matches the target bitcoin address.<br/><br/>Since the transaction log, can't validate the full public key the coins were intended for, it simple presumes it must have been the one presented.<br/><br/><br/>By recording the full public key of the transfer target in the block list you can regain the intended strength. However, you lose the ability to pass around 34 character addresses.<br/><br/><br/>If I'm off base, I apologize for wasting your time.<br/><br/>Cheers!<br/>Red<br/></div> text/html