Author: OneKey Chinese source: X, @OneKeyCN
Recently, a tweet like this has been a hot topic in overseas encryption circles: "First practical SHA-256 collision for 31 steps. (The first 31-step feasible collision attack of SHA-256)"< /strong>, the accompanying picture is a PPT from an academic conference.
Solana Lianchuang Toly forwarded "We are so back", seeming to want to say that only in such a bull market will there be such news.
Indeed, this breakthrough is particularly dazzling at a time when the total market value of cryptocurrency is about to return to its previous high of $3 trillion. You know, if SHA-256 is really cracked, all kinds of cryptocurrencies will be destroyed together, and we will lose nothing.
Is this breakthrough real?
Direct answer: It is true, it has indeed broken the new record of SHA-256 collision attack.
This paper has been accepted by EUROCRYPT 2024, one of the three flagship conferences in cryptography. You can go to the EUROCRYPT official website (https://eurocrypt.iacr. org/2024/acceptedpapers.php…) found. and can be found here (https://eprint.iacr.org /2024/349) View the original text of the paper, titled "New Records in Collision Attacks on SHA-2 (New Records of SHA-2 Collision Attacks)".
How to understand this breakthrough?
Although it involves a lot of cryptography knowledge, the following will help you understand it in the simplest language, and it will not involve too deep principles.
You first need to know what SHA-256 is.
SHA-256 is an encryption algorithm that is a subdivision of the SHA-2 family of algorithms in the title of the paper. It is widely used in cryptography, digital signatures, data integrity verification and other fields, and is the cornerstone of modern digital security.
In the blockchain industry, it can be said to be the "backbone", including mining, private key security, L2 data release (DA), etc., almost It can be found everywhere.
This algorithm is simply to convert an input of any length into a fixed-length output (hash value). That is, no matter how long or short the input content is, the hash value output by the algorithm is always 256 bits (32 bytes). Moreover, it is input-sensitive, and small changes in the input will produce completely different hash values. At the same time, it is an irreversible function, which means that it is easy to get the output based on the input, but it is not possible to get the input efficiently based on the output.
For example, the text "OneKey Popular Science: Encryption and Security is Easy", after SHA-256 encryption, you will get "C612FD61C200F9C7DC16565A53C0F96A4DEBD64C21EB40AE5283D4D36433A24A".
Suppose I secretly change some content, such as "TwoKey Popular Science: Two Points to Encryption Security". If it is encrypted again at this time, it becomes "C3C0E108AD1417259E97E8E913459B9CECD67C3BD20D8DFE938214567FB4EB08", which is a completely different result.
This relationship is like a person’s fingerprint or iris. Everyone has unique fingerprints and irises, so we can use them to verify identity and as passwords. The SHA-256 hash value here is the "fingerprint" of the data.
The significance of the collision attack SHA-256 is to use the "fingerprint" of a certain data to find another attack data so that it can generate the same "Fingerprint" to achieve data forgery.
In SHA-256, the encryption process requires a 64-step cyclic encryption calculation. This is the number of steps chosen by the algorithm designer after balancing security and efficiency.
When we say that a collision was found in the first 31 steps of SHA-256, we are saying that the author of the paper found two different collisions through a special method. Inputs, these inputs produce the same value in the internal intermediate state after being processed in the first 31 steps, so that there is a greater probability of producing the same hash value output after the remaining 33 steps.
Of course, as the number of attack steps increases, the difficulty of finding an input pair that satisfies the collision condition usually increases exponentially. This is because with each additional step, more internal state changes and propagation effects need to be considered in the attack collision analysis, which greatly increases the complexity of calculation and analysis. So you may think that we are only half way away from being cracked, but in fact there is still a long way to go.
What's more, the hash value of the Bitcoin block is obtained by performing two SHA-256 operations on the block header information. The private key generates the public key and The address process also uses the Elliptic Curve Digital Signature Algorithm (ECDSA) and RIPEMD-160 algorithm. Therefore, there is still a long way to go before we can tamper with Bitcoin block information and attack private keys at will.
For Bitcoin mining, the mining process is essentially looking for a hash value that meets specific conditions. This process requires repeatedly trying different nonce values. to fulfill. Only by making it easier to find eligible hash value collisions can it theoretically be possible to reduce the mining difficulty, thus affecting Bitcoin's proof-of-work (PoW) mechanism.
SHA-256's successful collision attack does not mean that it can directly affect the difficulty of mining, unless the collision attack can somehow speed up the search for such a specific hash value process, otherwise the direct impact on mining will be limited.
What if it is really cracked?
This will inevitably trigger a crisis of trust in global digital security.
The entire Web2 security will collapse first, and various banking systems and government agencies may stop urgently. Cryptocurrency’s $3 trillion market cap may seem insignificant here.
Of course, fortunately, the cryptocurrency is forked and upgraded. For Bitcoin, this terrible situation will definitely require upgrading the core encryption algorithm of the algorithm through Bitcoin Improvement Proposal (BIP) and hard fork. These issues have been discussed extensively within the community and there are many alternatives. Even if there is a breakthrough in quantum computing, there will be corresponding quantum-resistant algorithms to be upgraded.
All in all
A breakthrough, but not much.
We have just gone a little further on previous research. This is certainly a breakthrough from an academic perspective and is very worthy of attention.
Nonetheless, there is still a long way to go before a destructive crack, and the short-term impact on cryptocurrencies may be limited. Bitcoin and various cryptocurrencies remain safe, and our pants are saved.
For any security-sensitive digital system, it is crucial to remain alert to new cryptographic research results. If any discovery is made that proves that the SHA-256 algorithm has serious weaknesses in practice, it could have significant consequences for Bitcoin, including but not limited to a loss of trust and changes to security protocols. We trust that Bitcoin developers and everyone in the community will monitor the situation closely and prepare for security upgrades if necessary.
JinseFinance
Bitcoinist
Others
Beincrypto
Cointelegraph