Bitcoin greatest vulnerability

http://reifddd.wix.com/levent

[I'm a finite character space]

Levent Korkmaz

The finite space of the characters of Bitcoin's account number.

(I'm a cold wallet and all the cold wallets are warm.)

[I'm a finite character space]

We have prepared a new project to use Bitcoin with my team-mates: Anthony Boivin and
Takashi Ohno. I bought reifd.info for our project. I've done research about Bitcoin account
security for the protection of the people who will invest our new projects. My research
results show this frightening security flaw.

I've realized that Bitcoin, Ethereum, Ripple and Ethereum dao have affected by Assets
security flaw. Coin that designed with Chain and the others are being affected. So all of the
Chain technology are under affection of this security flaw. With this security flaw all of the
investors' money can be stolen. Despite of the investor that has performed every security
protection.

I've stopped my reifd.info project for the safety of my investor. I hope that updates will be
done as soon as possible for this security flaw and we present our project safely to the
investor. Honesty and security first, then trading.

*Firstly let's think what we have to do concerning Bitcoin account security like everybody
else does.

I should provide the security of the number of Private key to assure the security of my
Bitcoin and Ethereum accounts. I need to keep my account number's Private key
somewhere safe. I need to use cold wallet. I need to create Multi - Signature with
Electrum. I need to print Private Key and keep it somewhere safe. I need to protect my
wallet with a strong password. I need to transfer my money into several account numbers.
I need to back-
up my wallet.

Now let's ask the questions:

1)Do the security of Private Key's number and the other security precautions provide thesecurity of my money in my account numbers on Bitcoin, Ethereum, Ripple?

In fact, this question doesn't make sense for Ripple. But Ripple also experiences the
security problems that fall to it's share. And of course all the assets(Dao) that created by
Ethereum are also included.

And this question's answer is definetly "no", but why not?

The Bitcoin address with the total 33 characters:
1 “CbtYLQY4jdQhKs3WMweRFqe93MNtPnbPh”

The Ethereum address with the total 40 characters:

0x”Bb97dC9271B097E1568bB4d24BEa7C3a28b76d44”
1234567890A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z

Bitcoin, Ethereum, Rhesap numbers with the 26+26+10= 62 characters space.

The number of the private Key's security can't provide the security of the money in my
Bitcoin, Ethereum and Ripple account numbers because of that we create Bitcoin and
Ethereum account numbers with the infinite space characters( 62 character space).

So we can create account numbers with the finite characters space and this causes
coincidence. Alice and Bob may coincidentally create an exact same account number.

In this case Alice and Bob may have eachother's money without permission.

"All cold wallets in the outer character space are actually alone and warm. There are no
security and protection for money."

In that case Bitcoin and Ethereum that full of money are cold wallets, but the Ripple wallet
acount is warm.

Actually a wallet's being whether hot or cold doesn't make sense for this security flaw.
(All accounts wander in the 62 characters space)

So money in the accounts is idle in the character space because a wallet that created with
the finite characters space is also warm.

In this case Bitcoin that coincidentally belongs to someone else can create Ethereum and
Ripple addresses and the money might be transferred to another account.

"You can make your own special lottery without paying a red cent too. All you need to do is
to create million accounts quickly. Maybe you won't create a full account, but surely one
will be able to build a full account. If you're not a decent person you may hack someone
else's Bitcoin or Ethereum account and you are to ask for God's forgiveness."

In the banking system, IBAN is designed differently for every bank. A bank never gives an
IBAN that registered in it's own database to another bank customer, if that happens a fatal
mistake will be occurred. The bank solves this problem so easily.

2) Can we solve the security problem if we make the Bitcoin, Ethereum and Ripple's
account numbers' length about 1000-character-long?

This one's answer is also "no". But why not?

Ethereum made the generated account numbers' character length 40, too. Ethereum's all
account numbers' consist 40 characters, in that case Alice and Bob coincidentally create
an exact same account number.

(note: Ethereum made account number legth 40 characters for either "Private Key security
or "lack of coincidence".) In both cases 40 characters don't matter.

3)Does expanding the character space provide solution for our security problem?

This one's answer is also "no".

Let's see...
1234567890
A B C D E F G H I J K L M N O P Q R S T U V W X Y Za b c d e f g h i j k l m n o p q r s t u v w x y z

Let's add 1000 chinese kanji characters to this space and we'll have 1062 characters in
total.

You can access the 1000 Chines kanji I've found through the link below.
http://www.jaist.ac.jp/~sjittisa/kanji1000.pdf

4)Does creating Bitcoin and Ethereum account numbers With the total 1000, 5000 or
10.000 kanji characters space make our account number safe?

And this one's answer is also "no", but why not?

- We have a finite character space(10.062 kanji characters in total), and still two different
person can coincidentally create an exact same account number.

A Bitcoin account number that created with 1000 kanji and 62 latin characters space:
1 昼店道発物用 L 商圧誤委委投働 i 鈍毎何今 s 南西北外山雨聞 p 来読戻乱未


So what could be the solution to our security problem?

This kind of account number may slightly meets our requests if we think how this won't
create a confusion or a finite character space problem.

1 昼店道発物用 L 商圧誤委委投働 i 鈍毎何今 s 南西北外山雨聞 p 来読戻乱未

No matter what we do since we'll have a finite character space, the "random case" will be
valid for every character space we'll suggest.

So how can we maintain the security of a Bitcoin account?

"This suggestion is all about putting a checkpoint or creating a sequential account while
creating a Bitcoin account."A suggestion:

All account numbers are creating by The Miners. This stiuaton is not a centralist approach.

In the end, distributed miners will take over this process.

Miners' tasks in the new design are:

1)Confirming the accounts, security(their current task)2)Creating new accounts and adding
them into the chain

3)Maintaining the security of the account chain
4)
5)
6)
7)

"A suggestion"s key aspect is that how the miners will create the account numbers.

The process works like this:

User opens the wallet and clicks on the "create a new account" button and creates a
Bitcoin account or when he/she opens the wallet, the miners will create an account
automatically. The miners scan the account chain in order to know if the account number
that they are going create is already on the account chain and if there's no match to that
account number, they bring the account number into use to the owner of the wallet.


Or the miners create Bitcoin numbers in a sequential manner and they in retrospect don't
check which account numbers have been created.

Are the checkpoints necessary while sequential accounts are being created? "This should
be discussed."

First create six or seven free new accounts and even a little fee is requested from users for
the other Bitcoin accounts to be created. Thus prevents the excessive account number
creation.

An example for the sequential account number:

1MkhnXC6fkfQ3DvswfnuXXzpdwwP9KaMQD
1MkhnXC6fkfQ3DvswfnuXXzpdwwP9KaMQE
1MkhnXC6fkfQ3DvswfnuXXzpdwwP9KaMQF
0x3E3D07b8DFbb904ae63Eea9F30aedD099E484134
0x3E3D07b8DFbb904ae63Eea9F30aedD099E484135
0x3E3D07b8DFbb904ae63Eea9F30aedD099E484136

Of course there will be security aspects such kind of a road map.


Right below, you can see the account number that I've created by coincidence after a
research of mine.

Private key:
162Ks8Z4rFiAG8XbAG7Z5JMEP37suEPirr

Private key:
5K1y8cA3ewXgbUNXWGGZn2qCmJ1soQ29oc3uBgiUxwfkuDKFz6p

You can see the Bitcoin account number on Bitcoin forum through the link below
https://bitcointalk.org/index.php?topic=156609.450

Of course there's a wallet aspect of this plain. It has no importance of the created wallet
whether is cold or hot.

In order to coincidentally create a Bitcoin account in this way, we have two different
options.

1) We create a wallet and write "create account" command into the console.
2) We create the wallet and repeatedly create accounts using the new group of words.

I've created an account number that belongs to someone else by trying the first option.

Electrum and these kind of wallets create Bitcoin account numbers with a finite words
space too. (q)This stiuation causes coincidence since it can't go beyond the finite
characters space.

Electrum creates new account numbers with english words. English words are finite, so
this causes a coincidence
It'll be entered into another finite words space when it go beyond the english finite words
space. In this case read again starting from (q).

I've been following the development of Cointree for a long time. Peercoin brought a great
innovation with Proof-of-Stake. I believe the big problems will be solved by adding Proof-
of-Stake to Bitcoin.

Example: It can provide solution to 51 attacks and also Peercoin wallet mining can be
done.

Comments

  • greenusergreenuser 50.8862°N 4.5537°WMember Posts: 439 ✭✭
    Ok, so lets say i have 20btc.

    I use 40 individual Electrum portable wallets and keep only 500mbtc on each.
    I put 4 wallets on 10 usb sticks in a striped parity fashion like in RAID 5.

    or

    I use 80 individual Electrum portable wallets and keep only 250mbtc on each.
    I put 8 wallets on 10 usb sticks in a striped parity fashion like in RAID 5.

    Ok so I carry my 20btc on maybe 10 usb sticks on a key ring.

    At what point in this do I make your efforts economically unviable?

    Also, is your system not theft? The Dao was not hacked or stolen. The Dao worked as it should.

    Ok so PoS is your answer, but I will not hold a coin in a PoS currency. There are also people like me that will not invest.
    I believe PoW redistributes wealth more effectively and since there are more poor people, you're rather out of luck my friend.
  • ethereumfanaticethereumfanatic Member Posts: 27
    God I wish I could understand more then 25% of this above ^ I don't speak computer jargin atm :/ working on it!
  • greenusergreenuser 50.8862°N 4.5537°WMember Posts: 439 ✭✭

    God I wish I could understand more then 25% of this above ^ I don't speak computer jargin atm :/ working on it!

    @ethereumfanatic go google "the development of quantum computer technology and cryptographic currencies". ;)
  • lllDMDllllllDMDlll OhioMember Posts: 33
    Correct me if I'm wrong (not the most knowledgeable on this subject), but does the blockchain even allow two of the same addresses? And if I somehow created a duplicate address, wouldn't the transfers just take place on the original address? I suppose if you somehow managed to create an identical private key AND public address you could potentially control an account... but the odds of that happening are very slim. Either way just always do test transfers when messing around with new accounts. ;)
  • greenusergreenuser 50.8862°N 4.5537°WMember Posts: 439 ✭✭
    lllDMDlll said:

    Correct me if I'm wrong (not the most knowledgeable on this subject), but does the blockchain even allow two of the same addresses? And if I somehow created a duplicate address, wouldn't the transfers just take place on the original address? I suppose if you somehow managed to create an identical private key AND public address you could potentially control an account... but the odds of that happening are very slim. Either way just always do test transfers when messing around with new accounts. ;)

    I'm not sure, but it looks like the NSA are currently working on quantum-resistant algorithms http://arstechnica.co.uk/security/2015/08/nsa-preps-quantum-resistant-algorithms-to-head-off-crypto-apocolypse/
  • greenusergreenuser 50.8862°N 4.5537°WMember Posts: 439 ✭✭
    edited June 2016
    @levent Maybe you are a representative of the intelligence services fishing for new recruits? Most people do not apply, they just get a tap on the shoulder.

    Anyhow, i found this on the Pakistan Defence Forum, it made me laugh.
    Russian Robot ESCAPES Again ; for the SECOND time

    Source: http://defence.pk/threads/russian-robot-escapes-again-for-the-second-time.436718/#ixzz4CmLDGOYh

    Lets hope the NSA or GCHQ quantum-robot does not make a run for it and try to defect to Russia. :D

  • greenusergreenuser 50.8862°N 4.5537°WMember Posts: 439 ✭✭
  • lllDMDllllllDMDlll OhioMember Posts: 33
    greenuser said:

    @levent Maybe you are a representative of the intelligence services fishing for new recruits? Most people do not apply, they just get a tap on the shoulder.

    Anyhow, i found this on the Pakistan Defence Forum, it made me laugh.
    Russian Robot ESCAPES Again ; for the SECOND time

    Source: http://defence.pk/threads/russian-robot-escapes-again-for-the-second-time.436718/#ixzz4CmLDGOYh

    Lets hope the NSA or GCHQ quantum-robot does not make a run for it and try to defect to Russia. :D

    They threatened to turn the robot off if it happened a third time :D
Sign In or Register to comment.