Topic: Bitcoin puzzle transaction ~32 BTC prize to who solves it - page 266. (Read 255462 times)

Well said .. i just showed the gentleman that when using pub key attack you would be 1 billion trillion times faster than mere sha256 cracking .. although the it's not even always the case unless you're using BSGS and even then my numbers are too optimistic.. also by calculating private key from pub key, you are basically using compute units to make complex operations other than simply iterating through hexadecimals then converting them to hash160 like the case with private key cracking .. and yet somehow my words aren't convincing.. But let's assume we are using Kangaroo to attack with pub keys, my last example was a VERY optimistic scenario that resulted in 23 million years of work to arrive at an address .. here is the same example in plain text for those reading this .. let's say you use a code that acts like JeanLuc's kangaroo on quantum computers after creating the quantum circuit correctly, all this means is that you are a few billion trillion times faster (again, absurdly optimistic numbers) than cracking using say a quantum code equivalent to bitcrack.. you're still left with more than a dozen million years because guess what, you have no idea where this pub key will eventually land ..

However, luck always scares me when it works in the favor of an attacker, a malicious attacker could run such code in a random mode and hope to land by coincidence on an address with balance .. at least they have an advantage of more speed .. say roughly a billion times faster than a powerful classic PC. Problem is, it's still bound to luck.. because without luck, a billion times faster in ECDSA is just peanuts. Actually No, even peanuts is an overstatement. But yet again, luck knows no laws. It's just it.

---

This is quoted from RESEARCHGATE website:
 

Someone enlighten me, if the above was true.. why isn't Qiskit or IBM a dozen billion dollars richer? According to the abstract above, they both clearly have the qubits necessary to attack ECDSA with Shor lol . Something is not right. This is either overrated estimation of the strength of quantum bits, or IBM/Qiskit are angels.

It's the opposite, FYI ECDSA and SHA-256 are entirely different, they just happened to operate in the same bit range. SHA-256 is used all around the world for many purposes and is more prone to fail from a collision attack.
In ECDSA, more specifically in bitcoin, you have a barrier called computation cost, whilst in SHA-256 you don't need to compute so much as you need to do in bitcoin.

I believe no one with a quantum computer would directly and publicly attack bitcoin addresses, not everyone is a criminal. As history is my witness, technology/ knowledge, is not given to a certain group of people, it's given to many in different parts of the world, that's why we have pyramid shape structures all over the world, that's why we usually hear different names when we talk about the greatest inventions, the knowledge is somewhat evenly distributed in a timely manner. Point being, if the bad guys have their weapons, the good guys also have their defense system.

I'm afraid you're confusing two separate things. It is one thing to break sha256 (which is probably quantum resistant) and another thing is to derive private key from the public key when ECDSA was used.

There is a Shor algorithm which, in theory, running on a suitable quantum computer will allow you to obtain
private keys from public keys (of course not from addresses). And that privatekeys don't need to be with leading many zeros - we are talking about keys generetaed using the whole availabe range.

This is the fundamental problem that people don't understand. The vulnerability is in ECDSA, not the SHA256 hash function.

No patronizing intended at all. Just stating a fact. Some research about qubits will reveal how extremely unlikely for it to act as a threat to current strong hashing algorithms (except for the media, which is using naiive headlines to gain attention through generating doubt). And i know for sure that you're not talking about individuals, because an individual cannot even afford a portable quantum computer let alone a 1mil qubit one. And I'm not seeing the advantage of concatenating several quantums into one coz if you can't create more noisy or stable qubits, then you're just creating a chain of server-like computers. Also don't let those revealed pub keys deceive you into thinking it's getting any easier to crack. Knowing a pub key of puzzle 120 is nothing like knowing a pub key of a well randomized pvt key for an address. Which is the case with all those rich addresses you see now. Never expect to find an address with 2 million bucks worth of bitcoin that uses a public key for a private key of more than 3 leading zeros. Good luck trying to calculate that using a pub key on a quantum device or any device for that matter. Sure, quantum is insanely faster than classic PCs, but most people don't know the fact that numbers will still beat the difference in performance between the two. If govs know that all it takes to break sha256 is spending a few billions, then this would have happened already. Lucky for Satoshi and us, it should cost way WAY more than that.

Now let's talk numbers to put things in perspective:

- a typical quantum device is 158 million times faster than the strongest computer on earth
- say you have a supercomputer that goes through 1000 TRILLION private keys per sec.
- you would need 3671743063080802746815416825491118336290905145409708398 years to crack every bitcoin address.
- with quantum device you would need less than that... Only  23238880146081030043135549528424799596777880667 years lol.
- say you did something to quantum tech and moved it up so fast .. like insanely fast that it gave you a critical advantage and shortened this period down and you're 1000 TRILLION times faster, then, and only then, you'll be able to do the cracking job in just under 23238880146081030043135549528425 years
- Say that when using a pub key calc. Instead of private key cracking, you are now saving time and you're 1 BILLION TRILLION times faster, awesome! Now you can easily calculate the keys in only 23 Million years.

Fun fact: If one day you find out that any bitcoin burn addresses got emptied, you can be 100% sure someone found a way to break sha256 😃 Because you know, obviously no one is supposed to know the private key for a burn address.. even Satoshi.

Keep your patronizing tone for yourself.

Reserach is currently underway on a way to scale quantum computers through connecting them. So everything points rather into direction of connecting many smaller quantum machines into one than building giant quantum computer.

I can only agree that we don't know when it will occur - but im sure at some point IT WILL OCCUR.

BTW I never said  such machines will be available for average person soon. I meant more about government agencies or military where cost isn't such a big problem (the same way you can't buy and any private corporation dosen't have nuclear weapon despite it clearly exists).

I can also agree that we are still far away from a machine that could crack private keys from public keys getting them from unconfirmed txs (there is a small time limit to make it) - but there is a ton of loaded addresses with available public key which you can try to crack for as long as you need (exactly the same way you crack bitcoin puzzles now).

Your response clearly shows a lack of Qubit-related knowledge. Quantum computers are not magical beings. They consist of qubits which are different from classical bits. However, you CAN estimate how much bits in a bitcoin pvt key would be cracked by counting how many qubits you have .. you need 1 million Qubits to crack a full sha256 private key. So again, neither time nor resources are enough to make one such computer with that gigantic amount of qubits. Hence, from 3k qubits to 1mil qubits, there will be a huge time difference to close the gap between those two numbers. You basically can start worrying at 500k qubits. As for resources, checkout how much a small portable quantum computer costs and you might get a feel of how much resources you need to even start creating a quantum device with such amount of qubits.

They can steal some bitcoins first  and then make profit of selling quantum computers. Double money 

You will, because the people who make quantum computers will eventually want to make (guaranteed) money out of it, so they will sell them to normal people and normal businesses, who will then take a shot at trying to break cryptography for a few crypto addresses. And because normal people are terrible at keeping secrets, it will be easy for reporters to latch on.

This is what we officially know. It hasn't to be true.

Quantum computer is kinda like weapon. It's smarter not to tell how far you are with that technology.

It will not be announced in media like: " Attention ! We have a quantum computer powerful enough to crack your cryptography. Please move everything into post quantum cryptography and stay safe. Thank you."

Nobody would tell you if such possibility would exist.

BTW... I bet in that case it will be not used to simply steal bitcoins. I guess it can be used to DESTROY bitcoin by slowly destroy trust into bitcoin by cracking some addresses in a way you cant be sure if it was a quantum computer or something else.

So , no ... you will not have enough time to move everything into post quantum cryptography cause you simply don't know the REAL progress in that area. Additionally it's much easier to move banking and other FULLY CENTRALIZED systems into PQ cryptography than moving something decentralized like bitcoin.

The biggest quantum computer ever exists is merely 3k qubits .. find me a quantum computer with at least 500k qubits and then we could talk about Bitcoin vulnerability 👍 and it's not a matter of time until it gets broken because that time is more than enough for all algorithms in the world to migrate to quantum-safe tech. Bitcoin will not be an exception then.

---

JeanLuc is a God. He doesn't die.

Yeah, imagine that, a super fast quantum computer sitting and waiting for a large amount in a transaction to compute it's private key in a 256 bit range to do what, steal them? There is a solution for that, connect your node directly to honest miners and broadcast your tx to them, they will mine your large sum tx. However there is a problem with that, the thieves could double spend the txs before the block reaches maturity, there is a solution for that, turn off RBF. Now go and see what are they doing about turning off RBF. The problem is not with bitcoin.

I can see it in completely different way ... It shows how UNSAFE Bitcoin really is.

The whole Bitcoin security lies in the fact that currently it is quite hard to bruteforce the whole range used for creating HEX private key.

So i could assume that Bitcoins security lies in currently used hardware weakness.

But that state will not last forever. In the end quantum computers will be able to crack all private keys where the public key is known (and there are many of such addresses).

Bitcoin security in its current form is TEMPORARY ... It's a matter of time.

Don't forget that every transaction you put into mempool means revealing public key ... so with quantum computer powerful enough to crack the private key from the public key in time-window when the transaction isn't confirmed  shows that bitcoin is CURRENTLY safe ... but in long term its security will definitelly be cracked.

Seeing how hard is to acheive any change in BTC code now  i would say that migrating BTC into quantum secure signatures can take too long to consider bitcoin safe.

Good insight thanks 👍 .. i still don't think we'll ever be able to gather 25000 GPUs in a group of people as guess what.. not so many people are searching that enthusiastically for puzzles. Large BTC collider was a massive pool and yet couldn't make it far enough and ppl quickly abandoned it.. and even with nowadays faster techniques, nobody seems to trust or willing to try and help grow a huge pool.. it makes you wonder if human nature is greedy: "i" wanna be the winner .. not "Us"

most likely the only scenario for finding 66 is that one guy in boxers will wake up in the morning one day only to find out that he was a lucky bastard. Such range can't be deliberately scanned.

I don't think so. Cobras is well known for lying and trolling people.

I think it was cobras that cracked 120, a few month ago I found him asking for help cracking the public key . I assume it is the public key for puzzle number 120 which has been subtracted to a smaller range.
https://bitcointalksearch.org/topic/m.57868189

Of course this requires trial and error, with the kangaroo method it will take us less time if we find the right public key in a smaller range.

Easier to look for the priv key "characters". There are only 17 of those.

And honestly, if people were to pool resources, it would not take that long to find #66. I have a 6 card rig (plain 3070s) that can go through a complete 53 bit range in about 10 days.

If we assume the worst case scenario and it takes searching the entire range (2^65) ... if a mining farm really wanted to attack these challenges, it could be done rather quickly.
Or if people would pool resources, take your novice miners, gamers, etc. around 25,000 GPUs could solve in less than 10 days.

As for #125, #130, #66, comparing or estimating which one would be found first; in theory, #125 would take less computations than #66, but #130 would take more than #66. And that is based on program (theory, Kangaroo vs brute) run times, not speculation.

JeanLucPons is alive.
I received information from him that he does not currently have time to deal with this project.
It remains to believe that when he has this time - he will improve his priceless tools.

Now that's a practical thinking.

You would simply search the range of 66 with a brute forcer along your entire life and not even land on the same first 18 prefix characters let alone the entire address of that puzzle.

Let this be an indication of how secure Bitcoin really is .. as small as 120 bits out of  the entire 160 bits range, 120 is still merely hackable by only 1 person on the planet with either unbelievable luck or rediculous resources. And that with the public key revealed. Imagine not knowing the public key. Imagine 121 bits or 122 up to 160 bits of difficulty. Satoshi really did think this whole Bitcoin security concept through. Hats off to the legend.

Maybe he/she is taking the time to do that and that's why he/she haven't revealed the privet key