Difference between revisions of "Bitcoin"

From MgmtWiki
Jump to: navigation, search
(Problems)
(Cryptography)
Line 23: Line 23:
  
 
I.e. which to prefer is somewhat subjective. If you don't like Koblitz curves but are afraid secp256r1 is backdoored, there's always the option to use some other curve designed according to criteria you like. (Though you cannot, of course, change what BTC uses.)
 
I.e. which to prefer is somewhat subjective. If you don't like Koblitz curves but are afraid secp256r1 is backdoored, there's always the option to use some other curve designed according to criteria you like. (Though you cannot, of course, change what BTC uses.)
 +
 +
Comments clipped from [https://crypto.stackexchange.com/questions/18965/is-secp256r1-more-secure-than-secp256k1 this site].
  
 
===Testnet===
 
===Testnet===

Revision as of 13:45, 24 August 2020

Full Title

Bitcoin was the first successful demonstration of the value of Distributed Ledger Technology (DLT) often referenced as Blockchain which has been around for decades.

Problems

  • Bitcoin and its offshoots, like Decentralized ID have been focused on using non-standard crypto under a mistaken assumption that they will thus not be the first crypto to be cracked in the near future. Unfortunately that also means that these non-standard cryptos are not implemented in hardware modules, like the one inside of Android Smartphones. That means that they must be used in less secure execution environments. Not a good choice for modern computers.

Implementation

Terminology

  • You can set any values you want for rpcuser and rpcpassword in bitcoin.conf. Those values will be your username and password when you will be connecting to your bitcoind through HTTP JSON RPC. Also be sure to set other important values in .conf file, like server, rpcallowip and a few others to ensure your server is running correctly and securely.
  • A Data Directory is included in the Bitcoin wiki.

Cryptography

  • Is secp256r1 more secure than secp256k1?

It is said that "Satoshi picked non-standard crypto (secp256k1) which conventional wisdom says will be cracked in 5-10 years."

The main difference is that secp256k1 is a Koblitz curve, while secp256r1 is not. Koblitz curves are known to be a few bits weaker than other curves, but since we are talking about 256-bit curves, neither is broken in "5-10 years" unless there's a breakthrough.

The other difference is how the parameters have been chosen. In secp256r1 they are supposedly from random numbers, however, it is impossible to prove that's really the case. See e.g. these slides from Bernstein and Lange for an easily understandable treatment.

The Koblitz curve, on the other hand, has had its parameters chosen relatively rigidly. The post runeks linked in the comments has an explanation for why they were chosen.

So rather than saying one is more secure, I would say that the risks are different. If neither curve has backdoors or accidental weaknesses, both are secure. The few extra bits of security secp256r1 has won't matter unless you happen to own e.g. a moderately sized quantum computer that can just manage one but not the other. It would have been easier to backdoor the secp256r1 curve, but on the other hand, Koblitz curves as a class could be completely weak in some way not currently known.

I.e. which to prefer is somewhat subjective. If you don't like Koblitz curves but are afraid secp256r1 is backdoored, there's always the option to use some other curve designed according to criteria you like. (Though you cannot, of course, change what BTC uses.)

Comments clipped from this site.

Testnet

"Coins" and transferred on Testnet they same way that they are on Mainnet, but they have no value.

References