Editorial 8 October 2018

Erik Gibbs

Dr. Craig Wright on why smart contracts aren’t so smart

Dr. Craig Wright, an expert in blockchain technology and dedicated Bitcoin BCH supporter, took to Medium over the weekend to pen a thoughtful piece on smart contracts. The insightful article provides valuable information on the topic and some of the underlying flaws in the system, and is a further example of how breaking away from the core essence of Bitcoin BCH would undermine the progress the world’s leading retail digital currency has already made.

Wright was responding to another post that asserted, “Electronic contracts do not have to be re-read when they are returned because there’s generally no mechanism (unless it’s built into the electronic process) to alter the contract terms, scratch out a line, insert text, etc. What you send is what is being signed.”

However, this assertion is flawed and shows the danger of not having enough information to reach a full and qualified conclusion. Wright points out that collisions on a blockchain have proven that a hash signature has certain inherent vulnerabilities. He states, “[T]he collision allows two versions of the document to be created with the same hash and thus same electronic signature. For now, SHA256 is considered secure, but, not all hash functions are.”

He uses an example of someone generating two documents—one with an order to sell at $500,000, which Wright calls Order 1, and the other with an order to sell at $1 million, or Order 2. The individual wants Order 2 to be the document that signed, which would result in the sale contract being increased by $500,000. That person can use Confoo or Stripwire to create an MD5 hash—or collision—that is exactly the same for both documents.

Confoo has already been shown to be able to create two web pages that look completely different, but which have the same MD5 hash. This is a concern, as it would allow someone to easily create a fake MD5 hash signature that mimics a different contract.

Wright explains, “This attack works due to the nature of hashing algorithms (in this case, a flaw in the now depreciated algorithm MD5). If you have 2 documents, x and y that have the same hash (i.e. a collision) then by appending an additional block of information — q to the documents will also result in a collision. This is (x+q) will have the same hash as (y+q).”

He concludes, “This is why SV Pool and CoinGeek (and Bitcoin SV) plan to start processing non-standard scripts. To us, your long term security matters. Non-standard scripts are processed in P2SH. The myth was that this is bad for nodes, but, this is again the myth of the Raspberry Pi. Miners are competitive. The fight to be paid. [They] are paid more for larger scripts, so this is not an attack, it is the market at work.”

Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.

Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.

COMMENT

latest news

Dr. Craig Wright on the hypocrisy of anonymity

Editorial 22 March 2019

Dr. Craig Wright on the hypocrisy of anonymity

Dr. Craig Wright has addressed the difference between privacy and anonymity and elaborates on the subject in a recent Medium post. 

Read More
Blockchain fights corrupt African regimes. The bitter war for integrity

Editorial 20 March 2019

Blockchain fights corrupt African regimes. The bitter war for integrity

Africa has some of the worst corruption problems in the world. Blockchain technology provides the best hope to clean the continent up.

Read More
Bitcoin and Crony Capitalism

Editorial 19 March 2019

Bitcoin and Crony Capitalism

Bitcoin in its intended stable form is powerful enough to revolutionise the entire world for the better. Sound global money, that, with an intact protocol, cannot be corrupted by any single government, company or individual.

Read More