Entries tagged with this topic. Spans across types and sources — explore connections between people, events, and themes.
18 entries
Which Bitcoin assets are at risk from a cryptographically relevant quantum computer, and what the timeline and migration debate around post-quantum cryptography looks like.
Blockstream CEO Adam Back stated Bitcoin faces no quantum computing threat for ~20–40 years, pointing to NIST post-quantum signatures like SLH-DSA that Bitcoin can adopt before threats materialize.
Pay-to-Merkle-Root (P2MR), a quantum-resistant output type. Like Taproot without the quantum-vulnerable key path spend — commits only to the Merkle root of a script tree. SegWit v2, soft fork.
Security researcher Dan Kaminsky tries to find vulnerabilities in Bitcoin and fails. "I came up with beautiful bugs. But every time I went after the code there was a line that addressed the problem."
On LessWrong, Wei Dai clarifies he did not create Bitcoin — "only described a similar idea more than a decade ago" — buys a Radeon 5870 to mine, and warns Bitcoin lacks cryptographer security review.
Jeff Garzik posts the first public alert of the value-overflow incident, sharing the raw block data for #74638 with two outputs of 92,233,720,368.54277039 BTC each.
An integer overflow bug (CVE-2010-5139) was exploited to create 184 billion BTC in Block 74638. Satoshi published a fix within 5 hours; the corrected chain overtook the invalid one within 15 hours.
Emergency release of Bitcoin v0.3.10 to fix a value overflow vulnerability exploited to create 184 billion bitcoins in a single transaction. Satoshi coordinated the rapid soft-fork deployment.
Structural reading of the 2010-08-15 overflow incident — soft-fork rescue mechanics, why a 5-hour response was only achievable then, transaction-shape forensics, and the centralization paradox.
Satoshi explains why SHA-256 collisions are not a practical concern for Bitcoin, describing the immense computational difficulty involved.
Satoshi corrects a SourceForge username mix-up, approves Malmi's FAQ draft, rewords the 'distribute under several keys' guidance, and reframes wallet-password as a security pitch against banks.
Satoshi explains that the chain must keep extending even without transactions, to prevent attackers from catching up.
Bill Frantz ironically observes botnet-controlled machines are 'among the most secure' because operators keep rivals out, speculating operators could become legitimate PoW-funded security firms.
Trammell argues Bitcoin addresses are more secure than IP-based sending since they verify through multiple channels. He proposes an address-advertisement toggle and reports an exit socket bug.
Satoshi responds to Trammell's MITM analysis by classifying attacks into two types (chain-of-communication vs. anyone on the Internet), proposes a combined IP+address fix, and notes wallet encryption.
Trammell's detailed security analysis of Bitcoin's send-to-IP feature, identifying MITM vulnerabilities including ARP poisoning and ISP-level interception. Recommends always using Bitcoin addresses.
Trammell's detailed security analysis of Bitcoin's send-to-IP feature, identifying MITM vulnerabilities including ARP poisoning and ISP-level interception. Recommends always using Bitcoin addresses.
John Levine dismisses Bitcoin's security assumption — botnet operators control 100,000+ machine zombie farms, and hashcash failed for the same reason: bad guys outweigh good guys computationally.