[Cryptography] Is there a better way to discuss/publish new attacks?

Bill Cox waywardgeek at gmail.com
Wed Jul 8 02:53:38 EDT 2015

If I am correct (and I am often mistaken), I've broken 3 would-be
memory-hard PoW systems this week.  Momentum and I believe Cuckoo Cycle can
be sped up with parallel processing to arbitrarily reduce memory*time cost
with practical hardware.  Ramhog is so flawed that I did not bother posting
attacks to this list, and just left a warning on a bitcoin related forum
instead.  Momentum and Ramhog were even used in their own crypto-currencies
(BitShare and ShinyCoin).

I do not know anyone who I can discuss these algorithms with, so I have no
choice but to post attacks without any review by anyone else before hand,
or not post my security concerns at all.  That, plus my lack of experience
in this field lead to most of my posts being half-baked and ignorant of
prior work.  If you say "go research the prior work first", go suck an
egg.  I do that all the time.  You can't absorb this whole field in a few

Is there a better way to discuss new attacks?  I really enjoy them.  My son
told me, "Dad, I didn't know you liked being evil."  I responded, "But only
evil for good."  :-)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150707/73ec676e/attachment.html>

More information about the cryptography mailing list