Author

Topic: How many Kilojoule will it take to calculate the private key from the public key (Read 1798 times)

full member
Activity: 121
Merit: 100
I just saw in the wiki it says:"If you were to intentionally try to make a collision, it would currently take 2^107 times longer to generate a colliding Bitcoin address than to generate a block"
So if it would take +- 30 megajoule to generate a block than one could say it will take 4,867778305×10³³ megajoule to create a collision.

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Instead of 10,000,000,000 years, it goes down an order of magnitude to 1,000,000,000 years. Still not worth it. Those star sized computers are most likely parallel 10,000,000 cores, each running at 10,000 gigahertz and they still can't store 256 hash rainbow tables.

It's a lot easier to threaten a living person with physical violence (or torture) to get them to give up their private key. It's even easier to just bug their house or computer to get their entire wallet.
hero member
Activity: 520
Merit: 500
Simple version:  it can't be done.  Not with a computer, not with a bunch of really fast "next gen" processors, not with a dyson sphere and a planetary sized super computer which operates at the thermodynamic limit until our star burns out.

I think this sums it up the best.
Quote
These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html


I don't think that's entirely correct. Because the private key is also hashed with RIPEMD160, the security of finding a private key that matches a public key is actually only 160 bits, not 256 bits. So, for someone trying a brute force attack against a private key, they have a much lower target because there are 2^96 private keys that correspond to each public key. However, given the assumptions in the linked article, the amount of energy is still ridiculous, something like all the energy that the earth gets from the sun continuously for an entire year just to go through those values. My calculations may be a little bit off though.
sr. member
Activity: 294
Merit: 250
You are a geek if you are too early to the party!
I've been around IT long enough to know that predictions are the funnies for the next generation!

Going on the history of cryptography, an algorithm has a lifespan of about 40 years before brute force is practical, so I would say that if you lose your private key, you are in for a good new year in 2050 or so! Wink

Lets at least keep the terminology correct.  A brute force on a 256 bit key is impossible by the thermodynamic limit.  It is impossible today, it will be impossible in fourty years, and in all likelihood baring some as of yet completely undiscovered energy breakthrough will still be impossible in 40,000 years. It isn't that we haven't yet built fast enough computers it is that even a perfect computer would take more energy than is available in our solar system.  If someone sent a 256 bit private key on a spaceship to the nearest star system it would take less energy to simply go retrieve it, then it would to try an brute force it.

Now it is possible that ECDSA has a cryptographic flaw, and in the coming years/decades this flaw will be discovered which will allow attacks FASTER THAN brute force attacks which render ECDSA vulnerable.  However even if that happens a brute force attack on 256 bit keys will still be impossible.  It is also possible no viable attack on ECDSA will be discovered in our lifetime.

The point I was trying to make is that technology moves the goalposts.  In 40 years time, cracking a 256 will be possible due to some other technological breakthrough such as a 256 hash rainbow table having been invented or because paralleled processing would have reached silly proportions. This will mean that you won't have to break the laws of physics to get your answer. 

The major downside of many of these predictions is that they always deal with the problem head on, and you don't tend to solve problems head on!

More importantly, the core element of bitcoin is not reliant on the crypto algorithm it uses - that can be changed  - and as such, future coins will still be safe as these new ways of cracking codes are discovered.


full member
Activity: 121
Merit: 103
depends on whether you've got a quantum computer or not Grin

also depends on how you're attacking the discrete logarithm problem. brute forcing the private key would take an enormous amount of energy.

i have heard of tricks to attack RSA keys but the trick doesn't apply to ECDSA.
legendary
Activity: 1064
Merit: 1001
donator
Activity: 1419
Merit: 1015
All right smart people. Now how about if we consider the block chain. So we are not crunching for a specific address but we are crunching for ANY address in the block chain. What is the probability for that to happen?

Still safe enough for you?

Yeah, for me anyway. The likelihood of finding a key at random is as likely as being struck by lightning while taking a crap every year for 17 years in a row.

Also relevant:
hero member
Activity: 924
Merit: 1001
Unlimited Free Crypto
All right smart people. Now how about if we consider the block chain. So we are not crunching for a specific address but we are crunching for ANY address in the block chain. What is the probability for that to happen?

Still safe enough for you?
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Fermat's Last Theorem took a while to be proven, about 358 years. Start cracking a private key now, and let me know your progress in 3 centuries. Don't forget to save often.

My employees always complain about the occasional power failure that causes them to lose a day's work. I've since gotten UPS devices, but those things also fail after a couple of years and need replacements.
donator
Activity: 1218
Merit: 1079
Gerald Davis
I've been around IT long enough to know that predictions are the funnies for the next generation!

Going on the history of cryptography, an algorithm has a lifespan of about 40 years before brute force is practical, so I would say that if you lose your private key, you are in for a good new year in 2050 or so! Wink

Lets at least keep the terminology correct.  A brute force on a 256 bit key is impossible by the thermodynamic limit.  It is impossible today, it will be impossible in fourty years, and in all likelihood baring some as of yet completely undiscovered energy breakthrough will still be impossible in 40,000 years. It isn't that we haven't yet built fast enough computers it is that even a perfect computer would take more energy than is available in our solar system.  If someone sent a 256 bit private key on a spaceship to the nearest star system it would take less energy to simply go retrieve it, then it would to try an brute force it.

Now it is possible that ECDSA has a cryptographic flaw, and in the coming years/decades this flaw will be discovered which will allow attacks FASTER THAN brute force attacks which render ECDSA vulnerable.  However even if that happens a brute force attack on 256 bit keys will still be impossible.  It is also possible no viable attack on ECDSA will be discovered in our lifetime.
legendary
Activity: 1736
Merit: 1006
I've been around IT long enough to know that predictions are the funnies for the next generation!

Going on the history of cryptography, an algorithm has a lifespan of about 40 years before brute force is practical, so I would say that if you lose your private key, you are in for a good new year in 2050 or so! Wink

The history of technology-assisted cryptography is really short. I wouldn't bet on the 40 year cycle becoming any kind of rule of thumb.
sr. member
Activity: 294
Merit: 250
You are a geek if you are too early to the party!
I've been around IT long enough to know that predictions are the funnies for the next generation!

Going on the history of cryptography, an algorithm has a lifespan of about 40 years before brute force is practical, so I would say that if you lose your private key, you are in for a good new year in 2050 or so! Wink
newbie
Activity: 10
Merit: 0
How many Kilojoule will it take to calculate the private key from the public key?

At least four. Probably more.
legendary
Activity: 1222
Merit: 1016
Live and Let Live
in-fact the amount of energy required is quite a calculable problem.  The problem lies in the answer, where the energy is greater than all the energy in the universe.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Does having the public key even give you any information at all other than "nope, that's not the correct answer"?

Edit: also, to answer your question OP, never.

In classical computing knowing the public key removes the need to perform the address computation still given the amount of time/energy needed it is a negligible improvement (i.e. "only" need the energy output of 19 supernovas not 20 Smiley ).


Having the public key is important in some quantum computing attacks so either Satoshi was really lucky (on a lot of things) or he is a time traveler from the future.  Not re-using an address after you spend from it, means the public key is never publicly known.  That provides a level of quantum resistance for cold storage addresses.
hero member
Activity: 793
Merit: 1026
Does having the public key even give you any information at all other than "nope, that's not the correct answer"?

Edit: also, to answer your question OP, never.
legendary
Activity: 1078
Merit: 1006
100 satoshis -> ISO code
And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

LOL
a threadkiller answer
newbie
Activity: 14
Merit: 0
donator
Activity: 1218
Merit: 1079
Gerald Davis
Simple version:  it can't be done.  Not with a computer, not with a bunch of really fast "next gen" processors, not with a dyson sphere and a planetary sized super computer which operates at the thermodynamic limit until our star burns out.

I think this sums it up the best.
Quote
These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html
full member
Activity: 121
Merit: 100
How many Kilojoule will it take to calculate the private key from the public key?
Is must be possible only with a lot of efford?
Jump to: