Bitcoin Institute

Major Meltdown

3 messages llama, Satoshi Nakamoto June 22, 2010 — July 10, 2010
llama June 22, 2010 Source · Permalink

What if a major flaw is discovered in BC’s cryptographic soundness? Is there any way to prevent the complete dissolution of the system and of everybody’s wealth?

Perhaps one way to do it would be to create a voluntary registry of non-anonymous addresses, to be shared and verified publicly. Then, if a major flaw arose (maybe someone solved the factoring problem ), then there would still be a record of everybody’s wealth that could be used in a new system (supposing everybody could agree on the latest time that no fraudulent transactions could have taken place). Of course, people who chose to stay anonymous (and therefore did not include their address in the registry) would see their wealth disappear, but alas that risk would prove the price of anonymity.

Satoshi Nakamoto June 27, 2010 Source · Permalink

Here’s an answer to a similar question about how to recover from a major meltdown. https://www.bitcoin.org/smf/index.php?topic=191.msg1585#msg1585

Quote from: satoshi on June 14, 2010, 08:39:50 PMIf SHA-256 became completely broken, I think we could come to some agreement about what the honest block chain was before the trouble started, lock that in and continue from there with a new hash function.

If the hash breakdown came gradually, we could transition to a new hash in an orderly way.  The software would be programmed to start using a new hash after a certain block number.  Everyone would have to upgrade by that time.  The software could save the new hash of all the old blocks to make sure a different block with the same old hash can’t be used.

Satoshi Nakamoto July 10, 2010 Source · Permalink

Quote from: llama on July 01, 2010, 10:21:47 PMHowever, if something happened and the signatures were compromised (perhaps integer factorization is solved, quantum computers?), then even agreeing upon the last valid block would be worthless. True, if it happened suddenly.  If it happens gradually, we can still transition to something stronger.  When you run the upgraded software for the first time, it would re-sign all your money with the new stronger signature algorithm.  (by creating a transaction sending the money to yourself with the stronger sig)