On 07/07/2011 04:10 PM, Nico Williams wrote:
In some (most?) public key cryptosystems it's possible to prove that a valid public key has a corresponding private key (that is, there exists a valid private key for which the given public key *is* the public key). That's used for public key validation. It's not possible, however, to prove that the private key still exists.
But is it possible to sneak in invalid keys? What if, say, in an RSA system you were to later reveal that modulus n was the product of more than two primes? (I forget the name of this attack.)
What if you did this after a long dependency chain of cleared transactions had built up on the security of this key?
Not saying that Bitcoin specifically is vulnerable here, just that there are usually several ways to poison the well on these interdependent systems.
Often the crypto is meant to defend against attackers with the expected motivations (e.g. double-spending the coins). The recent rise in sophisticated "for the lulz"-motivated attacks is likely to catch some systems off-guard.
- Marsh _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
