Bitcoin and Cryptocurrency 1)Is H(x) = x mod 256 collision resistant? Find a col
ID: 3745940 • Letter: B
Question
Bitcoin and Cryptocurrency
1)Is H(x) = x mod 256 collision resistant? Find a collision if it is not.
2)Which of the following is true of SHA-256 (circle all that apply):
-It has been proven not to have a collision
-We hope that there are no collisions
-No collision has ever been publicly found
-It has been proven that there is no fast way to find collisions
3)Which of the following types of modifications of a block chain data structure can be detected by someone who holds a hash pointer to the latest block? (circle all that apply)
-Insertion of a block
-Deletion of a block
-Tampering of data in a block
-Re-ordering of blocks
4)We are playing the coin-flipping game described in class. As the coinflipper, we choose a random 256 bit nonce value (shown as r in the slides) and our coin flip comes up as heads. We calculate H( nonce || “heads”) = 47B87A6D9805C5BDDA4319ECB168F6CE7C1C4D0710CAAEA3856D9A8CC63EB8F5 and then broadcast this value.
Due to the hiding property of the hash function, the attacker can only guess the outcome of the coin flip. We then broadcast the nonce value and reveal the flip was indeed “heads”.
We decide to play the game a second time, however we forget to choose a new nonce (r value) and instead use the same nonce from the first game. The attacker is aware of this nonce reuse.
The coin flip comes up as tails, so we calculate
H( nonce || “tails”) = 0E8D17B36A14C4FFA80FA43841E1C25F9D1C3A3E3681D67374B984ED8A847840 and then broadcast this value.
The attacker immediately correctly asserts that tails was flipped. How does the attacker know this?
What would happen if we had remembered to choose a new nonce for the second game?
Explanation / Answer
1. No because 0 and 256 both map to the same block 0.
2. 2, 3, 4 we just hope that there are no collisions because that would make the hashing irrelevant because hashing functions have a property of being collision resistant. None have been found yet and the only way currently is bruteforcing it.
3. Any kind of change in the data structure will be reflected in the top level hash pointer hence the person will know that we have changed the block chain but he might not know what change has been made because that would be not so apparent as hashing would hide it.
4. Since there is no salt being used so one hash value of nonce || heads will always give the same value over and over again. There needs to change something for the value of hash to change as well. Since nonce has not change the only change that was possible was the heads to tails and that is why attacker knows it was tails. If a new nonce was taken even a one that is very slightly changed as compared to the original one the change would be drastic in the hash function so the attacker would be able to guess the answer if new nonce is taken.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.