Pages:
Author

Topic: Are bitcoins indestructible? - page 2. (Read 7664 times)

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
December 16, 2013, 08:58:56 PM
#81
Why do we even talk about the bitcoineaterblablabla address? It's an address without the private key like so many others that people lost their keys already  Roll Eyes

The difference is, this bitcoineater address quite possibly does not have an equivalent private key. The ones that people lost, they once had private keys. They just lost them.
full member
Activity: 196
Merit: 100
December 16, 2013, 07:54:33 PM
#80
I don't understand what destructibility has to do with the tulip bulb bubble. That was simply a case of a fashion item based bubble.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
December 16, 2013, 07:45:36 PM
#79
Why do we even talk about the bitcoineaterblablabla address? It's an address without the private key like so many others that people lost their keys already  Roll Eyes
Because these addresses pertain to the question of the thread.
sr. member
Activity: 476
Merit: 250
December 16, 2013, 07:36:35 PM
#78
Why do we even talk about the bitcoineaterblablabla address? It's an address without the private key like so many others that people lost their keys already  Roll Eyes
kjj
legendary
Activity: 1302
Merit: 1026
December 16, 2013, 04:52:25 PM
#77
How about the key to 1111111111111111111114oLvT2 or 1QLbz7JHiBTspS962RLKV8GndWFwi5j6Qr?  No one knows.

Those last two should make you pause, and that is why I consider coins sent to them to have a higher level of destroyedness than bitcoins sent to addresses for which the key has merely been lost.
I totally agree, but those addresses are special corner cases.  They are in a class all by themselves and it would be pretty hard to argue that 1BitcoinEaterAddressDontSendf59kuE belongs to the same class as those two addresses, right?

If you go by Kolmogorov complexity, all zeroes and all ones are the two minima, but the bitcoin eater is much closer to them than it is to "normal" addresses, or even to the best vanity addresses found so far.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
December 16, 2013, 03:48:58 PM
#76
How about the key to 1111111111111111111114oLvT2 or 1QLbz7JHiBTspS962RLKV8GndWFwi5j6Qr?  No one knows.

Those last two should make you pause, and that is why I consider coins sent to them to have a higher level of destroyedness than bitcoins sent to addresses for which the key has merely been lost.
I totally agree, but those addresses are special corner cases.  They are in a class all by themselves and it would be pretty hard to argue that 1BitcoinEaterAddressDontSendf59kuE belongs to the same class as those two addresses, right?
kjj
legendary
Activity: 1302
Merit: 1026
December 16, 2013, 03:40:22 PM
#75
Saying we "hope" is exaggerated; it is like saying Bitcoin users are just hoping nobody generates their private key and steals their coins thus the whole Bitcoin network runs on "hope".  Cryptography is always based on probabilities however we use really really reallly really really large numbers so the probability of certain events approaches 1 or approaches 0 but never is known to be 1 or 0 before the event.    In theory I could randomly bang on my keyboard right now and produce a private key which allows me to impersonate Google's SSL cert on the first attempt.  It "could" happen but Google doesn't really need to "hope" it doesn't happen because while the odds are not 0 they are for all practical purposes ~0.

The difference is that an address derived from a key is known to have a matching pubkey and a matching privkey.  If we ignore physics and math, someone searching all possible private keys will find at least one that matches the address in my signature, eventually.  Will they also find a key that can spend the bitcoin eater?  How about the key to 1111111111111111111114oLvT2 or 1QLbz7JHiBTspS962RLKV8GndWFwi5j6Qr?  No one knows.

Those last two should make you pause, and that is why I consider coins sent to them to have a higher level of destroyedness than bitcoins sent to addresses for which the key has merely been lost.

Of course I think the best way to sum it up is that if I ever notice funds are transferred out of the "Bitcoin Eater" address I am selling coins first and asking questions second. It is a good canary in the Bitcoin mine. Smiley

Indeed.
hero member
Activity: 490
Merit: 501
December 16, 2013, 02:24:35 PM
#74
Yes, Bitcoins can be destroyed. The release of a world wide Electro-Magtnetic Pulse could destroy them all, but bitcoin would be the least of our worries.  Tongue
donator
Activity: 1218
Merit: 1079
Gerald Davis
December 16, 2013, 10:27:19 AM
#73
I believe that given there will be on average 296 public keys per Bitcoin address we can be fairly certain there is at least one public key that hashes to any given address, including this one.

You are assuming a uniform distribution in the output of the hash functions.  This is something that we hope is true, but don't really know.
That is why I said on average and fairly certain.

Agreed.  

It is possible that SHA-256 or RIPEMD-160 have undesirable characteristics which result in a non uniform distribution of messages to digests but at this time both algorithms are seen as a good approximation of the random oracle so there is no reason to assume that until facts suggest otherwise.  Even if future cryptanalysis shows that they have a non-uniform distribution it would have to be incredibly non-uniform to affect the probability that at least one valid PubKey hashes to that PubKeyHash in any meaningful way.  You corrected me on a similar statement I on reflection I agree.

Saying we "hope" is exaggerated; it is like saying Bitcoin users are just hoping nobody generates their private key and steals their coins thus the whole Bitcoin network runs on "hope".  Cryptography is always based on probabilities however we use really really reallly really really large numbers so the probability of certain events approaches 1 or approaches 0 but never is known to be 1 or 0 before the event.    In theory I could randomly bang on my keyboard right now and produce a private key which allows me to impersonate Google's SSL cert on the first attempt.  It "could" happen but Google doesn't really need to "hope" it doesn't happen because while the odds are not 0 they are for all practical purposes ~0.

Of course I think the best way to sum it up is that if I ever notice funds are transferred out of the "Bitcoin Eater" address I am selling coins first and asking questions second. It is a good canary in the Bitcoin mine. Smiley
donator
Activity: 1218
Merit: 1079
Gerald Davis
December 16, 2013, 09:58:15 AM
#72
Actually - given enough time - is it theoretically possible to crack the private key to that address?

I mean in the future computers will be 1000x more powerful than they are today.

Will our brains be blown out of our bodies?

This is something that is addressed many times before. While the obvious answer is yes there are some physical limitations that don't allow something like it to happen. In quantum physics though seems possible.


Exactly.  As the quote in the "star image" was mine, I want to avoid it being taken out of context.  As you point out if you can't go through the wall there may be other ways around it.   The quote only deals with brute forcing a 256 bit key (and subsequently to writing that quote I have learned that a 256 bit ECDSA key only has 128 bit strength against brute force attack although that doesn't materially change the scenario in the quote).  It only deals with a brute force attack and I wrote it because I got tired of all the "what if computers get faster can someone hack Bitcoin questions".  Still it is important to keep in mind that there are other attack vectors which don't deal with a classical brute force (and the physics problems that accompany it).

If you wanted to gain access to coins at a random Bitcoin address there are three attack vectors:
  • Brute force attack on all the private keys used in the Bitcoin network = infeasible given the time and energy requirements (the "star quote").
  • Exploit a cryptographic flaw in ECDSA, RIPEMD-160, and/or SHA-256 = no such known flaw exists at this time and may not exist in our lifetime.
  • Use a general Purpose quantum computer capable of implementing Shor's algorithm = may not ever be possible or if possible the time until a GPQC with 40,000+ qubits is indeterminable.

All three are infeasible right now, only the first one is beyond the limits of physics the other two simply don't exist right now.  Maybe they will exist next year, maybe not for a thousand years but we do know that they are possible on a long enough timeline.  The good news is that Bitcoin is extensible and long before either cryptoanalysis or quantum computing make an attack economical or practical Bitcoin can be extended to new stronger address types including ones which are quantum computing resistant.  People can transfer funds to the new addresses and avoid the attack vector (for another century or so).  Of course funds for which there is no known private key ("lost coins") could at least in theory be reclaimed because they won't be moved to the stronger address scheme but it won't be as some incorrectly believe "because computers get faster".
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
December 16, 2013, 09:19:14 AM
#71
I believe that given there will be on average 296 public keys per Bitcoin address we can be fairly certain there is at least one public key that hashes to any given address, including this one.

You are assuming a uniform distribution in the output of the hash functions.  This is something that we hope is true, but don't really know.
That is why I said on average and fairly certain.
kjj
legendary
Activity: 1302
Merit: 1026
December 16, 2013, 09:05:20 AM
#70
I believe that given there will be on average 296 public keys per Bitcoin address we can be fairly certain there is at least one public key that hashes to any given address, including this one.

You are assuming a uniform distribution in the output of the hash functions.  This is something that we hope is true, but don't really know.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
December 16, 2013, 08:12:00 AM
#69
I think the answer is yes. Theoretically. Enough time means a few billion years using the latest computer technology a million years in the future, that is a trillion times faster than all the fastest super computers combined in existence.

Practically, No.

But we're being pedantic here.
Physics says NO.  READ the post right above yours.

private key is a 256 bit integer.
public key is a pair of 256 bit integers giving the (x,y) coordinates of a point, or a single 256 bit x coordinate and a parity bit used to reconstruct y.
address is a hash of the public key.

The bitcoin eater was made at step 3.  Because it was made at step 3, we don't know if there are any points on our curve that can be hashed to give that address.  This point isn't well understood around here.
I believe that given there will be on average 296 public keys per Bitcoin address we can be fairly certain there is at least one public key that hashes to any given address, including this one.
sr. member
Activity: 476
Merit: 250
December 16, 2013, 04:44:51 AM
#68
Actually - given enough time - is it theoretically possible to crack the private key to that address?

I mean in the future computers will be 1000x more powerful than they are today.

Will our brains be blown out of our bodies?

This is something that is addressed many times before. While the obvious answer is yes there are some physical limitations that don't allow something like it to happen. In quantum physics though seems possible.
newbie
Activity: 42
Merit: 0
December 16, 2013, 02:01:23 AM
#67
i don't see how you could say they are indestructible.. the blockchain relies on the users who download them. it could go FUBAR with a 51% attack, no?
kjj
legendary
Activity: 1302
Merit: 1026
December 16, 2013, 01:43:43 AM
#66
It's impossible to send them to an invalid address, BUT it's entirely possible to send them to an address for which no one has the key.

Take for example: 1BitcoinEaterAddressDontSendf59kuE

Check it out on blockchain. If you can brute force the private key, the coins are yours. Is it impossible? Theoretically, no, but practically...

Let's say you had a super computer that was guessing 999 trillion keys per second. It would take you 3.5 billion years to exhaust just 10% of the keyspace, which means in 3.5 billion years you would have a 10% chance of having guessed the key. Good luck with those odds!

Actually - given enough time - is it theoretically possible to crack the private key to that address?

I mean in the future computers will be 1000x more powerful than they are today.

Will our brains be blown out of our bodies?

See Syke's answer.

Also:

private key is a 256 bit integer.
public key is a pair of 256 bit integers giving the (x,y) coordinates of a point, or a single 256 bit x coordinate and a parity bit used to reconstruct y.
address is a hash of the public key.

The bitcoin eater was made at step 3.  Because it was made at step 3, we don't know if there are any points on our curve that can be hashed to give that address.  This point isn't well understood around here.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
December 16, 2013, 12:31:10 AM
#65
I think the answer is yes. Theoretically. Enough time means a few billion years using the latest computer technology a million years in the future, that is a trillion times faster than all the fastest super computers combined in existence.

Practically, No.

But we're being pedantic here.
legendary
Activity: 3878
Merit: 1193
December 15, 2013, 11:39:26 PM
#64
Actually - given enough time - is it theoretically possible to crack the private key to that address?

No.

full member
Activity: 182
Merit: 100
The General
December 15, 2013, 11:06:56 PM
#63
It's impossible to send them to an invalid address, BUT it's entirely possible to send them to an address for which no one has the key.

Take for example: 1BitcoinEaterAddressDontSendf59kuE

Check it out on blockchain. If you can brute force the private key, the coins are yours. Is it impossible? Theoretically, no, but practically...

Let's say you had a super computer that was guessing 999 trillion keys per second. It would take you 3.5 billion years to exhaust just 10% of the keyspace, which means in 3.5 billion years you would have a 10% chance of having guessed the key. Good luck with those odds!

Actually - given enough time - is it theoretically possible to crack the private key to that address?

I mean in the future computers will be 1000x more powerful than they are today.

Will our brains be blown out of our bodies?
member
Activity: 150
Merit: 10
December 15, 2013, 10:14:02 PM
#62
I'm pretty sure someone will figure bitcoin's cryptograhy in the future. Maybe the second coming of Jesus would?  Tongue
Pages:
Jump to: