Editorial 8 October 2018Erik Gibbs
Dr. Craig Wright on why smart contracts aren’t so smart
Dr. Craig Wright, an expert in blockchain technology and dedicated Bitcoin BCH supporter, took to Medium over the weekend to pen a thoughtful piece on smart contracts. The insightful article provides valuable information on the topic and some of the underlying flaws in the system, and is a further example of how breaking away from the core essence of Bitcoin BCH would undermine the progress the world’s leading retail digital currency has already made.
Wright was responding to another post that asserted, “Electronic contracts do not have to be re-read when they are returned because there’s generally no mechanism (unless it’s built into the electronic process) to alter the contract terms, scratch out a line, insert text, etc. What you send is what is being signed.”
However, this assertion is flawed and shows the danger of not having enough information to reach a full and qualified conclusion. Wright points out that collisions on a blockchain have proven that a hash signature has certain inherent vulnerabilities. He states, “[T]he collision allows two versions of the document to be created with the same hash and thus same electronic signature. For now, SHA256 is considered secure, but, not all hash functions are.”
He uses an example of someone generating two documents—one with an order to sell at $500,000, which Wright calls Order 1, and the other with an order to sell at $1 million, or Order 2. The individual wants Order 2 to be the document that signed, which would result in the sale contract being increased by $500,000. That person can use Confoo or Stripwire to create an MD5 hash—or collision—that is exactly the same for both documents.
Confoo has already been shown to be able to create two web pages that look completely different, but which have the same MD5 hash. This is a concern, as it would allow someone to easily create a fake MD5 hash signature that mimics a different contract.
Wright explains, “This attack works due to the nature of hashing algorithms (in this case, a flaw in the now depreciated algorithm MD5). If you have 2 documents, x and y that have the same hash (i.e. a collision) then by appending an additional block of information — q to the documents will also result in a collision. This is (x+q) will have the same hash as (y+q).”
He concludes, “This is why SV Pool and CoinGeek (and Bitcoin SV) plan to start processing non-standard scripts. To us, your long term security matters. Non-standard scripts are processed in P2SH. The myth was that this is bad for nodes, but, this is again the myth of the Raspberry Pi. Miners are competitive. The fight to be paid. [They] are paid more for larger scripts, so this is not an attack, it is the market at work.”
Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.
Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.
Editorial 15 May 2019
Continued Bitcoin Cash developer infighting shows a problematic future
There is already a certain degree of harmonic dissonance among BCH developers, as witnessed by the discussion between Amaury Séchet and Jonathan Toomim.
Editorial 8 May 2019
BSV is ready for the world’s business. Are you?
Because Bitcoin SV offers unlimited possibilities, it's created a Cambrian explosion of creativity and innovation.
Editorial 7 May 2019
Bitcoin SV could surge as Bitfinex and Tether scandal unravels
All the information coming out around Bitfinex seems to suggest that the price of BTC is being artificially pumped, while BSV is being held back. That might soon change.