Topic: How to steal Satoshi's stash? - page 5. (Read 12779 times)

You. You bring your logic. And your facts. And your basic understanding of cryptography, computing, and the current state of quantum computing development. Did you stop to consider that you were derailing this community's gnashing of teeth over the suuper scaaarey magical quantum computer that's gunna steal all our coins? 

I'm pretty sure some folks were all ready to set their hair on fire and run around screaming.

*Shakes tiny fist*

To allay their dismay at the loss of a good panic,

Yup. Until we colonize the universe.

The easiest way would be to pretend to be Satoshis long lost brother and ask him for a couple quick millions. Should be as simple as that.

The odds are almost infinitely better playing the lottery. But if you can do it, be sure to give them back, so that you can live with yourself.

well yeah the question in billions of dollars, although I have an idea, but the problem needs to be transformed into a matricial problem or at least Vectorial one, then you can relatively easly solve P = NP with Matrix triangulation or diagonalisation if that works but again meh lol

Shortcut: solve P = NP and get all the bitcoins you want.   

  

oops, yeah i mistook a comma for a period on my calculator.

Yes, its 359,676,102,360,200 years with today's entire bitcoin network
trying to crack one private key, and that's assuming the network
could try a key at the same rate it can try a hash, and also assuming
the public key is known.

Brute force, definitely out even with all the fancy lasers and vapors
and hexagonal layer thingies.

What about breaking the encryption itself... this is a whole new
conversation ...how close do you think anyone is to cracking SHA-256 ?  

FYI, here's a javascript implementation of SHA-256.  its more clear
than the white paper version if you can read a bit of code.
Not suggesting read every line, but you see the overall complexity.

http://www.movable-type.co.uk/scripts/sha256.html

You definitely be kidding wait you are not  then what makes you think anyone will bruteforce the keys or maybe someone will for his 10th generation to enjoy the money makes real sense 

Good logic, but you have a math error I believe.  The network is 30 PH/s which is 30*10^15.  Simple trick is to just count the metric prefixes (each one is a factor of 1000).  So kilohash, megahash, gigahash, terrahash, petahash is 1,2,3,4,5 so 1000^5. The time required with the assumptions you have would be  359,676,102,360,200 years.  If we assume a network one trillion times more powerful it would still be 360 years.  

However even that is unlikely.  A couple points to consider:
1) The network can't do anything but compute hashes but if we assume it could be repurposed to brute force EDSA keys it would take more computing cycles to perform one ECC attempt than it does to perform one SHA-2 hash.  It would be something on the order of 80x as long (although that is some crude estimate on my hardware).  So 30 PH/s wouldn't be 30 PK/s but maybe 1 PK/s (peta keys attempted per second) but his is minor compared to #2 below.

2) The security of ECDSA is 128 bit if the PubKey is known.  If it the PubKey is unknown the only fastest attack is to attempt a preimage of the PubKeyHash.  That has a complexity of 2^160 which is 2^32 larger or ~ 4 billion.  Even if you could break a known PubKey in one year it would take 4 billion years to break the hash of an unknown pubkey.

Keys with 128 bit security are infeasible to break by brute force using classical computing.  However this doesn't mean that they can't be broken by cryptanalysis or quantum computing (which "go around" the problem rather than try to beat it by the pure expenditure of computing power).

if the network hashrate is 30,000,000 Gh/S,
isn't that 30 million billion hashes per second?  would be the
same as enough computing power to try 30 million billion private
keys per second?

At that rate, it would only take the entire network 359,676 years,
not the billions of years said...

I am curious, this doesn't mean I will understand even one word from that paper there. A bit too advanced for me.

Jesus m8, you need to read previous comments, point that was previously discussed, if you have a counter argument even if I stated facts and not speculations please feel free to lay it down instead of repeating what you are told or heard without a minimum of thinking.

jesus m8. you dont get the point.... it has nothing to do with computers. it has to do with physics limitations. you need energy to calculate whatever and even if you had a 100% efficient computer you would need more energy than the sun will give in its lifetime...

if anyone curious whats under the hood of SHA256 :

http://www-ma2.upc.es/~cripto/Q2-06-07/SHA256english.pdf

You resume the situation perfectly, unless there is a major flaw or a NSA backdoor and co in the encryption protocol, but that's another story I guess.

i think we all agree, best case scenario, we are decades away from even being close
to crack 128 bit security, and by then , bitcoin could be updated... so its completely
unfeasible to steal Satoshi's stash with supercomputers using brute force.

Actually I've already answered this question, there are many ways to extend the moors law, such as 3D transistors and nanomaterials breaktrough such as Graphen and these aren't vaporware, they already exist, it's just that the manufacturing process needs to be generalised and it will not happen till we start hitting Silicon/Copper limits (as it will require to review the whole fab industry from technics to equipement which requires $$$$) http://e2e.ti.com/blogs_/b/thinkinnovate/archive/2013/03/01/graphene-s-potential-to-extend-moore-s-law.aspx
http://phys.org/news/2014-02-team-aims-graphene-nanoribbon-wires.html

Eventually we will reach the point of quantum mechanics interference, and where the lasers won't be able to keep up, but by that time which is at least a couple of decades ahead of us Quantum computer would operational, todays Quantum computer are still far from it

The fastest known algorithms to derive a private ECC key from the public key are O ( 2^(n/2) ) where n is key length.  Now if the attacker ignores this faster solution and simply tried random (or sequential) private keys until a match was found then it would take much longer (2^256 not 2^128) however security is based on the fastest possible solution.

It is important to point out that the fastest algorithms require the PubKey to be known.  If the PubKey is not known then the only method would be an exhaustive attack on the private key and computing the PubKey.  This is another good reason to not reuse addresses (and thus the pubkey remains unknown).

Key size doesn't necessarily equal security.

All of these key/digest sizes have 128 bit security
128 bit AES (symmetric encryption)
128 bit SHA-2 (hashing algorithm)
256 bit ECC (public key cryptography - elliptical curve)
3,072 bit RSA (public key cryptography - Integer factorization)

Generally hashing algorithms and symmetric key systems have a security equal to their key length (unless they have vulnerabilities or weaknesses).  However due to the nature of public key systems (the public key has a mathematical relationship to the private key) this not true for public key systems.  The key size will always be larger than the effective security (or key strength).  How much larger depends on how difficult it is to derive the private key from the public key.  If you look at RSA and ECC you can see that to achieve the same security RSA requires much larger keys (and signatures).  This makes ECC based systems more useful in decentralized systems like Bitcoin.

Look harder in the website. Do you see a search button? Figured.

But of course if you call simply look it up the act of traversing 2^256 keys manually, page by page, then you need to visit a mental hospital.