Topic: If ECDSA is ever cracked/exploited/quantum computed ? (Read 3717 times)

I'll be honest if people are able to figure out how to crack today's asymmetric crypto (elliptic curve, discrete log, or otherwise), the least of your issues will be the price of BTC.  You'll probably be more concerned with your online traffic being captured and pretty much every login to online banking systems or other exploitable secret information being exposed.

You're right in pointing out that it probably would destroy BTC, but that wouldn't seem so bad compared to all the other issues

This is not true.  Only the hashes of his public keys are in plain view, so there's nothing to attack.  Even if ECDS were completely cracked, nobody could do anything with the hashes of these keys.

Basically I think if ECDSA gets cracked then most likely any active addresses won't be targetted to attract attention. If people's cold storage all of a sudden gets stolen, people would start complaining and eventually a conclusion might be drawn that ECDSA is broken due to re-used addresses using public keys.

Most likely someone would target those large 50-100 BTC addresses with unspent outputs since 2010 and assume that its a lost key.

That might even be happening right now but we don't know it.

It would be stupid to hack every public key which is 50% of all the coins in existence and crash the price to $0 and get nothing.

None of Satoshi's mined coin transactions used P2SH. Therefore all of his public keys for about 1 million coins are in plain view. They have not been cracked and generating a private key from its public key is theory.

None of Satoshi's mined coin transactions used P2SH. Therefore all of his public keys for about 1 million coins are in plain view. They have not been cracked and generating a private key from its public key is theory.

As long as you use each of the default receiving addresses only once then you are not reusing the addresses.  I am not sure how that can be made more clear.  If you send, or have people send, Bitcoins to the same address more than once then you are reusing the address.

Also, if you spend the Bitcoins from an address, then send Bitcoins to that same address again, then spend them from that address again you are reusing the address.

Ideally there should only be one single transaction to send Bitcoins to the address and then one single transaction to spend the Bitcoins from the address and then the address should never be used again.

I can't understand if my addresses are re-used. Example:

I create a wallet with Electrum and it generates by default some receiving addresses (A, B, C...)
then if I receive one incoming transaction in A and another in B, I have re-used my addresses or both are safe?

Basically I think if ECDSA gets cracked then most likely any active addresses won't be targetted to attract attention. If people's cold storage all of a sudden gets stolen, people would start complaining and eventually a conclusion might be drawn that ECDSA is broken due to re-used addresses using public keys.

Most likely someone would target those large 50-100 BTC addresses with unspent outputs since 2010 and assume that its a lost key.

That might even be happening right now but we don't know it.

However, lets imagine for a moment that ECDSA is broken in such a way that the time to crack a private key from a public key is reduced to 6 months.

If I always use a new address for every transaction, then all of my bitcoins are protected by SHA256 and RIPEMD160.

If you have an address that you've re-used, then you might have bitcoins sitting out there on the blockchain with their public key exposed.  An attacker can spend the next 6 months working out your private key and then steal your bitcoins.

If I send a transaction, the attacker has (on average) 10 minutes to figure out the private key, craft a replacement transaction that pays the bitcoins to him, and then convince a miner to mine his transaction instead of mine.

Which is safer?  Your bitcoins sitting on the blockchain with an exposed public key allowing the attacker to continuously try to craft a transaction that takes your bitcoins until you get around to sending them to a new address?  Or my bitcoins that have a window of 10 minutes on average to try to both crack the key AND convince a miner to accept a double-spend transaction in place of the existing one?

The increase in security from using a new address for every transaction is quite small, but it is still better than re-using addresses.

Using a new address for every transaction can also increase your privacy a bit.

What hardware wallet do you use?

Why do you do this?  Most modern hardware wallets are designed to not do this.  Why do you do this again?

I always use the same addresses from my hardware wallet.

The fundamental assumption is that the address only gets one payment.

- snip -
Hey Danny , very nice explanation and I understand it well until now but a question comes naturally to me because I always use the same addresses from my hardware wallet.
- snip -

If you screw with the fundamental assumption and hand out an address for multiple payments then I am not sure.  I have never done that with my Trezor.
- snip -

That depends on the wallet you are using, and whether that 2 BTC was received as a single payment or multiple payments to the same address.