Which property of hash functions make them suitable for password management?
Why is this property important?
One-wayness. This way
an attacker who gains access to the hashes can’t easily find the passwords themselves.
Salted Hashes
(True/False) A slow hash function is a secure replacement for using password salts
False. A slow
hash function helps, but doesn’t change the fact that an attacker can
precompute the passwords before even leaking the database.
What is Bitcoin?
Designing Bitcoin: Identity
(True/False) In Bitcoin each user has a symmetric key associated with their
identity.
False. They
have a public, asymmetric key.
Designing Bitcoin: Transactions
In Bitcoin, how do we make sure a user can only spend money they have?
We make use of
the public ledger. Everytime a transaction is made, a user will publish it to
the ledger. Then, anyone can verify how much money a person has by tracing back
the transaction history.
Designing Bitcoin: Blockchain
(True/False) If instead of hashing the entire previous block in our blockchain, we
just hashed part of it, this would still be secure since an attacker can’t
break collision resistance.
False. The
attacker can modify the parts of the block that aren’t hashed
Designing Bitcoin: Motivating Consensus
Consider a version of the protocol we’ve seen thus far, which requires
two individuals working together to add a block to the hashchain.
Assume there is only a single adversary, Mallory, in the network - can she
double-spend via a fork?
No. To do this
she would need to generate an alternate, valid blockchain from a point in the
past. Since this requires two people, Mallory will be unable to create this
alternate chain herself. This concept is similar to what Bitcoin attempts to do
via it’s Proof-of-Work consensus mechanism we’ll see next lecture
Bitcoin Review
Proof of Work
(True/False) In Bitcoin Proof-of-Work, if the hash function isn’t one-way then an
attacker can always win by bruteforcing a valid pre-image.
False. Recall
that part of the input is determined by the block being added which also has
dependence on previous blocks. While an attacker would be able to find a
pre-image which hashes to the correct number of zeroes, there’s no guarantee that
pre-image will form a valid hash chain.
Proof of Work Example
Proof of Work Security
In Bitcoin, Proof-of-Work (PoW) requires miners to find some random number n
such that Hash(block || n) has a certain number of zeroes in it. What would
happen if instead, miners had to find Hash(n) for which this held?
This would
compromise security as once a single n was found, this could be to valid any
block going forward. Even if you made a condition that this n had to be unique,
you still allow an adversary to precompute a large number of valid ns since
there is no dependence on the actual block being added.
For example, PoW protects against double-spend attacks since on every new
block, the entire network ‘starts-over’ on their goal of solving the hashing
puzzle (since part of the input to the hash function changes). This enforces
the invariant that an attacker has to compromise 51% of the network to consistently
solve the puzzle first. If you get rid of that dependence, the attacker no
longer needs to compromise 51% of the network since they can simply precompute
2-3 valid ns at any time and then execute their attack.
Consensus & Mining
(True/False) Even if the network eventually switches to an alternate, longer
chain, a miner will still receive a mining award
No. The
mining award is part of the block they mine, so if the network switches to
an alternate chain and loses their block, their award is also lost.
Mining pools
Why might having large mining pools be worrysome?
Because it’s a
big centralization of power in the network. If only a few mining pools decided
to team up, they could hold 51% of the mining power and launch an attack
Anonymity and Conclusions
If someone bought something from you over Bitcoin, how could you track their
future transactions?
You can simply
scan through the blockchain looking for anything involving their public key