Topic: Thoughts on Satoshis Holdings and Supercomputing (Read 412 times)
The problem really exists. Technical progress will inevitably develop and fast supercomputers will appear. Their capabilities will pose a real threat to private cryptocurrency keys, including from the expected appearance of such capabilities of quantum computers. It is expected that there will also appear technologies that will protect the cryptocurrency from such vulnerabilities, but so far it is difficult to say something more specifically.
The Satoshi coins will probably remain sitting on exposed public keys until eventually stolen. The only way to prevent that would be to implement a fork that censors the outputs...
I doubt that Satoshi exposed any of his public keys, as far as I know it happens under 2 scenarios: first when you send a transaction and it's not yet confirmed - then there's a short window of opportunity to crack the key while the transactions is still in mempool and publish a contentious transaction, so overall it's extremely hard and can happen to anyone, not only Satoshi; the second is if we reused the address that he previously used to send transactions, but if I remember correctly, he was speaking against the address reuse in early days, and with his expertise in cryptography we can assume that he wouldn't make such a mistake.
In the early days, P2PK (pay to pubkey) outputs were common because of the Pay-to-IP feature which was removed in 0.8.0. Many of the early coins are sitting on exposed public keys for this reason.
The Satoshi coins will probably remain sitting on exposed public keys until eventually stolen. The only way to prevent that would be to implement a fork that censors the outputs...
I doubt that Satoshi exposed any of his public keys, as far as I know it happens under 2 scenarios: first when you send a transaction and it's not yet confirmed - then there's a short window of opportunity to crack the key while the transactions is still in mempool and publish a contentious transaction, so overall it's extremely hard and can happen to anyone, not only Satoshi; the second is if we reused the address that he previously used to send transactions, but if I remember correctly, he was speaking against the address reuse in early days, and with his expertise in cryptography we can assume that he wouldn't make such a mistake.
as others have said. satoshi's stash is not stored on a single private key, its split up as 50coins over thousands of keys.
also by the time d-wave sort themselves out a protocol on how they are going to control their non-binary transistors the circulation of bitcoin should be diluted around a population where no one should have huge hoards in a single address to be a visual target.
Notionally, that would make it potentially more profitable also by the time d-wave sort themselves out a protocol on how they are going to control their non-binary transistors the circulation of bitcoin should be diluted around a population where no one should have huge hoards in a single address to be a visual target.
firstly d-wave (quantum) is not about counting faster than binary. its about vector math of 3 dimensions(3 choices) instead of 2
so i know your thinking with binary, brute forcing ANY key by simply starting at 0 and counting up until you find a key with something on it.. if there are morekeys used and becomes more populated.. then chances are higher
BUT quantum wont help with that. quantum is only slightly better at counting from 0 up than binary is
quantum would be better than binary at having known vector/data and solving the solution to that vector faster than binary.
EG quantum can break a specific ecdsa key faster than binary.. but cant brute force from 0 to whatever number to get to the same key much faster.
to brute a private key is like asking your descendants multiple generations in the future to continue your project using current binary or quantum.
but cracking a specific key, knowing part of the vectors involved and trying to find the missing piece. doing it with quantum would be faster than binary
thus my point, imagine it can be done in a year.
as long as people dont store a years worth of costs on a private key they wont be a target
As for quantum computers, they can be good at cracking keys when public keys are known, but they aren't known in Bitcoin protocol by default - they only get exposed when someone spends coins.
Indeed, not all keys on the network are vulnerable. Bitcoin already has some built-in quantum resistance since we use pubkey hashes.
That doesn't apply to the Satoshi coins, though, so I can understand why people are nervous about millions of "lost" coins entering circulation again. The Satoshi coins will probably remain sitting on exposed public keys until eventually stolen. The only way to prevent that would be to implement a fork that censors the outputs...
First, if someone will have the technology to brute-force private keys, it would mean that they can crack all keys of the network, not just Satoshi's keys. They'll be just guessing all possible keys and draining coins when they find those with balance. It's not anywhere near feasible now, not looking to be feasible in the near future, and maybe it will never be possible.
As for quantum computers, they can be good at cracking keys when public keys are known, but they aren't known in Bitcoin protocol by default - they only get exposed when someone spends coins.
As for quantum computers, they can be good at cracking keys when public keys are known, but they aren't known in Bitcoin protocol by default - they only get exposed when someone spends coins.
It’s not only Bitcoin that could be potentially "at risk" in the future, but most of the current encryption based security used in industries such as banking and internet.
Most articles you find online state that quantum computers may have enough power in a decade to be able to derive private keys on an individual level, or even pose a global threat to the network due to their hash power. These estimations nevertheless are considering BTC as is, with disregard to whatever technical evolutions it may have in the coming years.
BTC is not immutable, and as development goes on, and one can only presume that the threat is being measured, and that counter measures (change of protocol or whatever) can be developed and deployed, making it “quantum proof” at some point if the threat should pose to be a near reality.
Most articles you find online state that quantum computers may have enough power in a decade to be able to derive private keys on an individual level, or even pose a global threat to the network due to their hash power. These estimations nevertheless are considering BTC as is, with disregard to whatever technical evolutions it may have in the coming years.
BTC is not immutable, and as development goes on, and one can only presume that the threat is being measured, and that counter measures (change of protocol or whatever) can be developed and deployed, making it “quantum proof” at some point if the threat should pose to be a near reality.
My scenario is as follows :
Let's say someone created this super computer and they manage to brute for ANY private key for a Bitcoin address, then all of us are f$#^ed!
The moment when this is announced and verified, people will dump their coins and the price of Bitcoin would drop dramatically. The effort and time and electricity spend to brute force these addresses, will not even pay for the coins that they gain.
Do you still think it is worth their while and what is stopping developers to use stronger algorithms.
Let's say someone created this super computer
The moment when this is announced and verified, people will dump their coins and the price of Bitcoin would drop dramatically. The effort and time and electricity spend to brute force these addresses, will not even pay for the coins that they gain.
Do you still think it is worth their while and what is stopping developers to use stronger algorithms.
It's not that simple. There's no way to "protect" vulnerable keys. Once ECDSA is broken, all exposed Bitcoin public keys are at risk. The only fix is to move vulnerable coins to new addresses and implement a new signature scheme like Lamport one-time signatures.
Since the early "Satoshi coins" are unlikely to be moved to safety, some people have suggested forking Bitcoin to make those outputs unspendable, or to recirculate them as mining rewards. Forks like this are unlikely to happen because they are so contentious, so we should be prepared for coins like this to be eventually moved and sold on the market someday.
Since the early "Satoshi coins" are unlikely to be moved to safety, some people have suggested forking Bitcoin to make those outputs unspendable, or to recirculate them as mining rewards. Forks like this are unlikely to happen because they are so contentious, so we should be prepared for coins like this to be eventually moved and sold on the market someday.
There's no way to "protect" vulnerable keys yet
Things works for both sides, devs can do something we never think to protect this vulnerable keys, like you said
We can fork the protocol to make the outputs unspendable, but that's a very slippery slope. Such a move ultimately destroys Bitcoin's "censorship resistance." What if those were your coins, and the network essentially stole your money?
We can't even say for sure which coins were Satoshi's. It's a guessing game. We'd essentially be punishing people who saved their coins and didn't move them. That doesn't seem right. They should still be able to access their own coins, even if that means leaving them vulnerable to attack.
i don't think it would become worthless. this is already a well known problem and the market is pricing it in. when the current signature algorithm is broken, the developers are going to implement a new quantum resistant signature scheme.
there's no saving satoshi's coins though. if somebody had the means to crack many of the early coins, why wouldn't they quickly sell some while prices are high? it'll happen eventually.
there's no saving satoshi's coins though. if somebody had the means to crack many of the early coins, why wouldn't they quickly sell some while prices are high? it'll happen eventually.
movement of those coins will cause a ton of drama and drama causes panic and that causes a drop. and since from the time those coins move until the time they reach exchanges and confirm (usually 6+) it takes enough time to affect the market. and that is if we assume the exchange is not going to block that account that tried selling those coins for further investigation.
most exchanges credit deposits after 1-3 confirmations. and i don't see a legit reason why they should be blocking deposits of old mined coins.
sure, satoshi coins moving would affect the market and cause some panic. that doesn't mean the market would hit $0 in 15 minutes and stay there.
if your choice is between "nothing" and "owning/selling satoshi coins" i'm sure someone with the means will choose to take the satoshi coins, even if the price crashes afterwards. it's better than nothing, and a rational assessment says that if they don't take them, someone else will.
3. I don't think anyone in their sane minds would want to run a supercomputer just to brute-force a highly speculative asset, not now, not never. It's just isn't worth it, or perhaps not really meaningful at all.
it is also a matter of cost versus reward. if someone in the future attempts this and succeeds then they would be breaking the security of the coin they receive and they become worthless because people either won't pay for it anymore or the network will prevent spending those outputs.
i don't think it would become worthless. this is already a well known problem and the market is pricing it in. when the current signature algorithm is broken, the developers are going to implement a new quantum resistant signature scheme.
there's no saving satoshi's coins though. if somebody had the means to crack many of the early coins, why wouldn't they quickly sell some while prices are high? it'll happen eventually.
movement of those coins will cause a ton of drama and drama causes panic and that causes a drop. and since from the time those coins move until the time they reach exchanges and confirm (usually 6+) it takes enough time to affect the market. and that is if we assume the exchange is not going to block that account that tried selling those coins for further investigation.
3. I don't think anyone in their sane minds would want to run a supercomputer just to brute-force a highly speculative asset, not now, not never. It's just isn't worth it, or perhaps not really meaningful at all.
it is also a matter of cost versus reward. if someone in the future attempts this and succeeds then they would be breaking the security of the coin they receive and they become worthless because people either won't pay for it anymore or the network will prevent spending those outputs.
i don't think it would become worthless. this is already a well known problem and the market is pricing it in. when the current signature algorithm is broken, the developers are going to implement a new quantum resistant signature scheme.
there's no saving satoshi's coins though. if somebody had the means to crack many of the early coins, why wouldn't they quickly sell some while prices are high? it'll happen eventually.
I can understand you and you have the logic
But you have to consider that if you use supercomputers to crack something, the same supercomputers probably will be at BTC side, protecting the blockchain
Devs and community will keep preserving BTC integrity, no matter what, and they will use the same technology hackers probably will, so...it keeps the same as today
But you have to consider that if you use supercomputers to crack something, the same supercomputers probably will be at BTC side, protecting the blockchain
Devs and community will keep preserving BTC integrity, no matter what, and they will use the same technology hackers probably will, so...it keeps the same as today
It's not that simple. There's no way to "protect" vulnerable keys. Once ECDSA is broken, all exposed Bitcoin public keys are at risk. The only fix is to move vulnerable coins to new addresses and implement a new signature scheme like Lamport one-time signatures.
Since the early "Satoshi coins" are unlikely to be moved to safety, some people have suggested forking Bitcoin to make those outputs unspendable, or to recirculate them as mining rewards. Forks like this are unlikely to happen because they are so contentious, so we should be prepared for coins like this to be eventually moved and sold on the market someday.
There's no way to "protect" vulnerable keys yet
Things works for both sides, devs can do something we never think to protect this vulnerable keys, like you said
3. I don't think anyone in their sane minds would want to run a supercomputer just to brute-force a highly speculative asset, not now, not never. It's just isn't worth it, or perhaps not really meaningful at all.
it is also a matter of cost versus reward. if someone in the future attempts this and succeeds then they would be breaking the security of the coin they receive and they become worthless because people either won't pay for it anymore or the network will prevent spending those outputs.
Well lets lets super /quantum computers bruteforcing cracking Nakamotos wallet is pretty possible in the future.But will consume alot of time/resources running super computers just like what you mentioned.This will take a long time depending on how long the key was and the combinations.If bitcoin will continue to rise to more than $100k and if someone would invest on supercomputers to crack nakamotos wallet it is profitable,but bigger chance to lose too if you cant sustain your machine 24/7.
Even computers with high processing process takes days cracking a single password,how about a private key with unique and abundance of letters and patterns to scan.
Even computers with high processing process takes days cracking a single password,how about a private key with unique and abundance of letters and patterns to scan.
It is possible and it would not take as long as people think with the right gear and multibruteforce2.0 (trillions of bruteforces running at the same time putting used keys in a database so they do not check the same one)
Granted Satoshi probably has a private key mixer so the chances of this working is almost 0% but you could be the lucky .00000000000000000000000000000000000000000000000000000000000000000000000021% roller even when someone has a key mixer.
There is ways to even stop people from brute forcing.
https://bitcointalk.org/index.php?topic=5141142.60 see the 2nd last post here by me.
Granted Satoshi probably has a private key mixer so the chances of this working is almost 0% but you could be the lucky .00000000000000000000000000000000000000000000000000000000000000000000000021% roller even when someone has a key mixer.
There is ways to even stop people from brute forcing.
https://bitcointalk.org/index.php?topic=5141142.60 see the 2nd last post here by me.
Now it's almost impossible to bruteforce an address but in near future it will be possible but very expensive and time consuming. If bitcoin by that time is worth less than it is today people won't be interested in combining the most powerful computers to bruteforce satoshi's coins. If it keeps growing in value in 10 years it could be worth 100 thousand dollars. In that case it will be worth it to invest a lot of money and computing power to do it and people will try.
The reward must be worth the risk.
The reward must be worth the risk.
1. No one knows how the numbers pile up exactly, but it has been long speculated that for the first year of mining bitcoin, it was only Satoshi and Hal finney, among the first few testers, were mining, and so puts their coins into such numbers.
2. Moore's law has since been broken upon the introduction of 10nm CPUs in the market. If we continue to shrink down the 7nm processors we have right now into smaller ones successfully, perhaps can bring us closer to quantum computing. By closer, I mean just a few baby steps, but not actually closer into reality.
3. I don't think anyone in their sane minds would want to run a supercomputer just to brute-force a highly speculative asset, not now, not never. It's just isn't worth it, or perhaps not really meaningful at all.
2. Moore's law has since been broken upon the introduction of 10nm CPUs in the market. If we continue to shrink down the 7nm processors we have right now into smaller ones successfully, perhaps can bring us closer to quantum computing. By closer, I mean just a few baby steps, but not actually closer into reality.
3. I don't think anyone in their sane minds would want to run a supercomputer just to brute-force a highly speculative asset, not now, not never. It's just isn't worth it, or perhaps not really meaningful at all.
as others have said. satoshi's stash is not stored on a single private key, its split up as 50coins over thousands of keys.
also by the time d-wave sort themselves out a protocol on how they are going to control their non-binary transistors the circulation of bitcoin should be diluted around a population where no one should have huge hoards in a single address to be a visual target.
Notionally, that would make it potentially more profitable as you could find more private keys that have some coins in them, as opposed to hoping for the lottery ticket key that everyone else is also gunning for. Plus it would let people finance their operations longer as they'd be getting money in small increments as opposed to just hoping that they get the single private key that has everything in it. Kind of like mining, in a way. Do you think so many people would be mining right now if they only had the possibility of getting the remaining ~4m coins in one big sweep, with only a single winner? I think not. The time value of money is important here too. also by the time d-wave sort themselves out a protocol on how they are going to control their non-binary transistors the circulation of bitcoin should be diluted around a population where no one should have huge hoards in a single address to be a visual target.
as others have said. satoshi's stash is not stored on a single private key, its split up as 50coins over thousands of keys.
also by the time d-wave sort themselves out a protocol on how they are going to control their non-binary transistors the circulation of bitcoin should be diluted around a population where no one should have huge hoards in a single address to be a visual target.
also by the time d-wave sort themselves out a protocol on how they are going to control their non-binary transistors the circulation of bitcoin should be diluted around a population where no one should have huge hoards in a single address to be a visual target.
Jump to: