Factoring may be easier than we think (2016)

[heimatau]

Cracking RSA isn't cracking SHA-256. Bitcoin and other coins are based on SHA-256. If someone were able to crack SHA-256, the exploit would be better served (of the hacker) to slowly steal coins, so that value within the network is maintained and the exploit is overlooked and missed by the majority. In addition to stealing national secrets.

But all you'd need to do is steal from one early adopter (it's in their financial interest to be savvy enough) and the adopter could alarm the community that an exploit is in existence.

In addition, there are various cryptographic algorithms used. So, one could accept Litecoin, if SHA-256 was exploited. Or accept Vertcoin if both Script and SHA-256 was exploited. Etc.

So, it's an interesting situation based on game theory of an exploit. There is no hard and fast answer.

[rocqua]

The moment you have spent from an address, you have revealed the un-hashed key, which you could break. Best practice is never to re-use address, but I'd wager there are many deviuations from that. I'm not sure how much bitcoin that has moved in e.g. the last year is in addresses for which the private key is known. Would be a cool thing to check out.

[anyfoo]

It’s not about the hashes, i.e. the proof of work part, it’s about the fact that bitcoin addresses are public/private key cryptography, like RSA.

Now I think bitcoin actually uses es elliptic curve cryptography (I don’t know, I really don’t care about bitcoin), but the hypothetical was more along the lines of “what if you could break public/private key cryptography”, and less about factorization in specific, anyway.

[heimatau]

Hmm. SHA-256 will be sunsetting probably within our lifetime due to the exponential nature of our computers. Which is probably why I assumed you'd be speaking about that function.

But a break in ECC would be...something extreme IMHO and according to multiple researchers, I believe, would happen after SHA-256 because ECC is more settled mathematics.