Score:2

Crypto

Provably secure cryptography in blockchains

Dimitri Koshelev

5/3/24, 12:04 PM

Do you know a blockchain that does not use at all cryptographic primitives standardized by USA or other countries? It is strange to me that the security of many cryptocurrencies is based on ciphers, hash functions, elliptic curves, etc. from American standards.

It is normal when a cryptographic product contains standardized primitives of a certain country to be sold in this country. However, cryptocurrencies are considered an international tool completely independent of governments.

There is a small, but non-zero chance that a backdoor was included in one of the standard primitives. That is why it is desirable for cryptocurrency developers to avoid such primitives. At the same time, I understand that developers may fear to provide their own primitives, because they may be broken by accident.

Therefore, the only solution is to use provably secure cryptography. I wonder why the cryptocurrency society ignores provably secure primitives. Of course, they are slower. However, they don't seem to be a bottleneck in comparison with complicated (pairing-based) protocols often deployed in blockchains. If some of the cryptocurrencies are completely free of American origin, then this may be their advantage with respect to others. Thereby, their cost should be greater other things being equal.

143

1 + 4

provable-security

symmetric

standards

nist

cryptocurrency

Morrolan

5/3/24, 1:56 PM

What are you thinking of as examples of "provable secure cryptography"? Usually this would mean systems where security can be reduced to an underlying "hard" problem such as the discrete logarithm in some groups - but there is still the looming sword of the assumption that the underlying problem actually is hard. That tends to also include assumptions about the capabilities of the adversary (cf cryptographically-relevant quantum computers). It naturally also ignores implementation issues such as side-channels. Not to mention that the reductions can be wrong.

Dimitri Koshelev

5/3/24, 2:02 PM

Yes, I mean primitives based on the discrete logarithm problem, for example.

Maarten Bodewes

5/3/24, 9:43 PM

" I understand that developers may fear to provide their own primitives, because they may be broken by accident" Usually they are broken by sheer incompetence, a cryptographer overlooking an attack and in rare circumstances by new attacks. I'd say that the number of primitives broken "by accident" are next to zero, but I guess you were talking figuratively. Still, that's an odd choice of words.

Sergio A. Figueroa

5/8/24, 7:49 PM

There are so many wrong premises in this question. Cryptographic primitives are not trivially exchangeable (you cannot replace a hash function with an asymmetric function without giving it serious thought). Symmetric algorithms tend to have more solid mathematical proofs than asymmetric ones. To wit: algorithms based on DLog are poised to be broken by quantum computers. Cryptocurrencies are not always independent from governments, and many would contend their classification as "a tool". The implication that standardized algorithms are _less_ secure than another vague category doesn't hold.

Score:-1

Crypto

Floran

5/4/24, 7:22 AM

Your reasoning is good, for example Bitcoin use elliptic curve secp256k1 that is not USA standardized and and has extremely little chance of having a backdoor concerning its parameters.

Secp256r1 has been defined by USA and was used a lot.

I think Satoshi was cryptography expert for being thought to avoid a government standard in code Bitcoin.

+ 8

kodlu

5/4/24, 7:42 AM

fair enough on being different than standardized curves, but is the elliptic curve discrete logarithm problem provably hard? OP was asking about that.

Dimitri Koshelev

5/4/24, 9:27 AM

Concerning curves the situation is much better in contrast to hash functions. Even Ethereum uses SHA3 according to https://www.linkedin.com/pulse/understanding-keccak256-cryptographic-hash-function-soares-m-sc-/ A lot of modern cryptographic solutions were included in Ethereum, but at the heart of it is still an anachronism.

Dimitri Koshelev

5/4/24, 9:54 AM

"but is the elliptic curve discrete logarithm problem provably hard?" Of course no, but, at the moment, the elliptic curve discrete logarithm underlies public key cryptography in blockchains. Therefore, if DLP is broken, then all the cryptosystem is broken. By contrast, if a hash function or cipher currently used is compromised, this does not affect DLP at all.

Maarten Bodewes

5/4/24, 10:09 AM

This would assume that the US government didn't have any influence in CertiCom. NIST certainly was member and SECG was certainly US-centered. That said, it's advisory board included members like Dan Boneh, Phil Rogaway and Bruce Schneier, of which I'm pretty sure that they are well-regarded in the community. As the FIPS was basically a standard build upon SEC1 & SEC2 I don't see why there would be a difference between the prime and Koblitz curves.

Maarten Bodewes

5/4/24, 10:12 AM

I'm also not agreeing with this answer because the "extremely little chance of having a backdoor" is unsubstantiated, and - moreover - if it applies to this algorithm then it must also be true for most other algorithms standardized by NIST. We also have no indication that Satoshi was trying to avoid government standards. BitCoin certainly uses SHA-256 **a lot**.

Maarten Bodewes

5/4/24, 10:15 AM

PS if somebody has a full member list of SECG I would be interested. The wayback machine shows some members for sure, but their logo's just flash by and it doesn't say anywhere that it is complete. Official submissions seem to get published publicly though.

Floran

5/4/24, 1:05 PM

"I'm also not agreeing with this answer because the "extremely little chance of having a backdoor" is unsubstantiated" It is substantiated because the formula of the elliptic curve is y^2=x^3+ax+b and secp256k1 has as parameter a=0 and b=7, so b is so small that the chances that there is a backdoor are almost non-existent.

Maarten Bodewes

5/5/24, 10:57 AM

Super, now if you'd copy that in your answer then you've substantiated it in there; I'll do the comment cleanup :)

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Provably secure cryptography in blockchains

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.