Topic: What if somebody makes an ASIC to crack SHA-256 hashes with Brute force? (Read 8254 times)

By the same token, in an infinite number of universes, someone could theoretically guess a private key in one try every time.

So, there is hope for some of you! 

So lets do the math.  vanitygen can generate about 1 MKey/s with a few tweaks (e.g. try positive/negative, compressed and uncompressed keys at the same time) on today's computer.    Lets assume that using ASIC technology (which you have to build from scratch, since SHA-256 is not enough to generate private/public key pairs) you can get a speedup of a trillion (the current Bitcoin network has significantly less than a trillion times more computing power than Satoshi's computer).  Lets assume there are about 100 million addresses that currently have a non-zero balance (I think it's less).  There are only 2^160 addresses (since we hash to 160 bits).  So you need on average

This are around 465 trillion years to find a single key for a non-empty address, if I'm not mistaken.

Okay, if Moore's law will still hold for 75 years, then this method might become feasible -- if you want to invest as much money as all miners together and let the computer work for half a year to find a fraction of a Bitcoin in some random address.

BTW, there are faster ways than brute-forcing all addresses. You could take an address with lot of funds where the public key is known (e.g. Bitstamp's cold wallet) and use the big-step, baby-step algorithm that "only" has complexity 2^128.  That may be 100 times faster.

And since you asked for quantum computers:  The current quantum computers can probably not be used, but if you have a real 65000-qbit quantum computer that can do complex computations without decoherence for a few seconds, then you can probably crack a public key in a few seconds.

Currently, the fastest transistor can operate at 856 GHz, so in theory that is the fastest that any counter can count -- 856 billion private keys per second or 2.7x10¹⁹ private keys per year.

At that rate it will take about 5.4x10²⁸ years for one counter to generate private keys for all possible 2¹⁶⁰ addresses.

Now, you don't have to find all private keys, just the ones in use. There are a few hundred thousand in use currently, but let's plan for the future and assume there are 1 trillion (10¹²) in use. Then on average, it will take only 5.4x10¹⁶ years to find a private key that is in use.

Let's say that that Dr. Evil is willing to invest a lot of money in trying to crack private keys, and assume that he builds 1 million ASICs that each can check 856 billion private keys per second. With 1 million ASICs, it will take take him on average only 5.4x10¹⁰ years to find a private key.

Now let's put that into perspective. The universe is 14 billion years old -- that's 1.4x10¹⁰ years. If Dr. Evil started looking for private keys at the beginning of the universe, he would only be 1/4 of the way to his first key by now.

Somebody please check my math.


Edit: 2¹⁶⁰ unique addresses, not 2²⁵⁶

My guess is trolling - the "sun picture" with the explanation about even counting to 2^256 should have been enough for anyone that can understand the very basics of physics (and yes a Bitcoin private address is slightly smaller than 2^256 but that is hardly relevant).

If he can't even grok that then why bother explaining that you actually need to do 1000's of times more work to actually find funds with your already impossible to ever obtain complete set of the 2^256 numbers.

He is basically worried about "how easy it might be to work out the size of a teacup" that is orbiting around the solar system (never minding the fact that you'll never find the teacup in the first place).

Sorry, I never saw anything about ECDSA or private keys in your original post.

You can generate all the private keys in a moment.  They are the numbers between 0 and 2^255 (actually a bit less than that but close).

If you want to actually do something with these private keys, that will of course take more time.  For example, you might wish to calculate the corresponding public key, by performing a ECDSA modular multiplication with the generator.  You might wish to calculate the bitcoin address by hashing this public key a couple times and adding a checksum.  You might wish to query the blockchain to see if this address has a positive balance.  You can calculate the speed of these things ad nauseum, plenty have done so in this forum.  In the end you will find that the chances are astronomically larger that a palate of fresh hundreds drops out of a CIA plane into your backyard than for you to guess a private key of a loaded wallet.   

 

you both made me laugh and understand a bit more... thanks

But you don't need to say so many times that I don't know what I'm talking about, because I really don't.

So I need to ask the stupid questions the best way I know, it's part of the learning process

Getting back to the main question, If I didn't miss anything in the posts its not clear yet the answer to this question:

With current available technology (Considering ASICs and Current Quantum Computing), whats the max Bitcoin Private keys mankind is able to generate per second with ONE central unit of processing working at 100%?

Is there some mathematical formula to calculate this?

Ok.

I said it a couple of times, but I guess 3 times IS the charm

1. A hash (sha256) operation not the same as an ECDSA operation. Private key generation (ECDSA) is much slower. You'd get about 1-10 / sec on todays' CPUs
2. Computers do NOT get 1 trillion times faster each 6 years. It's more like 2x each 1.5 years, or 16x in 6 years
3. Didn't recheck your math, looks about right. It's just that your assumptions are considerably exaggerated.

You are using a lot of words that you clearly don't understand.  Therefore much of what you are asking doesn't even make sense. I'll do what I can to address each of your points.




Then they would be wasting their money.  They aren't going to be able to "destroy Bitcoin from the inside" with an ASIC.


No.  Blocks are secured with a proof-of-work. All the Bitcoin ASICs that exist are already applied to hash cracking.  That's the "specific application" that is being described in the ASIC (Application Specific Integrated Circuit).  It is not dangerous, the work required for hash cracking is the reason that the blockchain is secure against any attacker that has less than 50% of the global bitcoin hash power.


Yes, we all know how much a tera hash is (unless you are easily confused by the metric system).


My thoughts?  I'm trying to decide if you are a troll or just overly worked up about something that has been discussed a few hundred times on this forum already.


It is very clear that you don't know what you're talking about. You're just assuming that your imagination about how bitcoin works is accurate rather than taking the time to learn a bit about the protocol before getting all panicked.



Private keys are not hashed.  Private keys are simply a random number between 0 and 1.1579X10⁷⁷ (2²⁵⁶).  That is a VERY BIG number.  So big, in fact, that most humans have a very difficult time comprehending just how big it is (as you have clearly demonstarted with this thread).

Public keys are not calcualted by hashing.  They are calculated with the ECDSA algorithm using the secp256k1 curve.

A bitcoin address is a RIPEMD-160 hash of a SHA256 hash of the public key (with a version number prepended and a checksum appended).

Therefore, "hashing" won't help you brute force guess the private key to a bitcoin address.  Instead, you would have to:

• Generate the next private key in your brute force sequence
• Calculate the public key via ECDSA (this is NOT a hash)
• Calculate the SHA256 hash of the public key
• Calcualte the RIPEMS-160 hash of the SHA256 hash
• Compare the result to EVERY bitcoin address that has any balance on it at all

Now, it might be possible to create an ASIC to handle much of this process, but it would be a waste of time and money.


There hasn't been enough time in the existence of the universe to unlock all addresses out there using current technology.  You aren't going to have enough time, energy, or storage space to "unlock all addresses".


Clearly.  You don't understand how bitcoin works at all.  And yet you've manage to get yourself concerned about Bitcoin's security without any knowledge about what to be concerned about.  I don't understand how the earth's orbit works, OMG what if the sun's gravity sucks us in tomorrow and kills us all!


Correct.  It generates SHA256 hashes to provide a proof-of-work.


You are correct that you cannot use a miner to crack private keys, but you are wrong about the reason.  You cannot use a miner to crack private keys because miners use an Application Specific Integrated Circuit that is designed specifically for the application of hashing bitcoin block headers, and bitcoin private keys, public keys, and addresses are not hashed bitcoin block headers.


Wrong.

Miners have an input (block header) that changes over iterations until it finds an iteration that results in a hash value that is less than a target value.


Then they would be wasting a lot of time, energy, and money on a task that they will never accomplish.


Possible to create an ASIC that assists in the calculation of bitcoin addresses from private keys?  Yes.  Possible to find private keys that will allow the spending of bitcoins? No.


TH/s (tera hashes per second) aren't going to help.  There is no reason at this time to believe that a quantum computer will have the ability to "crack" a properly secured bitcoin address.


They cannot.


Falls apart?  How?


What sort of proof are you looking for.  That "big picture" and those "soft sentences" already describe the mathematical  facts that demonstrate your inability to comprehend how big of a nuber you are dealing with here.
 

When compared to 2²⁵⁶ (or even 2¹⁶⁰), there really isn't much of a difference between 10 hashes or 10 terahashes. 


Yes, and trillions is a very small number, so we really haven't made any progress towards your imaginary threat at all.


No.  It really isn't.  Please stop spreading such ridiculous FUD.


No.


We are not "running out of time".  This isn't "bad news". Bitcoin developers don't have to "update the Bitcoin hashing very soon".  Please stop saying such silly things.


I think you have a typo there.  You meant to say "we may have to think about this in a few centuries", right?


Good thing nobody will be "cracking his addresses".  Although, bitcoin wouldn't necessarily "die the next day" anyhow.  It would mostly depend on how the "cracking" was accomplished, and whether or not the method resulted in an overall weakness for the entire system.


I suspect he's dead.  It doesn't really concern me at all.

You are confused what private keys are, and that's the reason you are asking the wrong questions in the loop which can't be answered. First you have to know what bitcoin private key is: It's any number between 1 and 1852673427797059126777135760139006525645401028465198470121682610264290583909392 . Nothing else. That number your computer chooses for you with random number generator can have many representations, decimal, hexadecimal or WIF, WIF being the one most commonly used because it has recognizable format, uniform length and checksum in the end to prevent typing or copy/paste mistakes. Problem is humans are vary bad at representing themselves how big 1852673427797059126777135760139006525645401028465198470121682610264290583909392 number really is. Illustration I've posted clearly explains that all computers which will ever be built can not collectively count to 1852673427797059126777135760139006525645401028465198470121682610264290583909392 before the universe colds up billions of years from now. So the simplest answer to your question is that we have so much time before anyone stumbles to your private key by accident that it can not be expressed in meaningful way humans can imagine. You have all the time in the world, planet Earth will probably turn into frozen rock before anyone finds anybodies else's private key.

We are talking about Private Key generations... Can some guru out there have a look at my posts and give some scientific answer to my concerns?

I think not only me, but the Bitcoin community would appreciate that.

https://bitcointalksearch.org/topic/m.10511395

Satoshi, you there?

Miners are doing exactly what you describe.  They are hash cracking. 

Lately it has become a fad to hack the word "hack" and completely misuse it so let's call it "hash hacking". 

Miners hack bitcoin, and if they succeed, they can claim 25 BTC.

1. So the average CPU is able to generate 1-10 MILLION Mining hashes per second, is this the same rate for Private Key generations?

2. Good.

3. Maybe not.

4. I don't like to keep calm.

5. Are you aware that in the 80s the cyber gurus at the time got to the conclusion that it wouldn't be possible to generate a crypto based money? Look what came up 30 years later... Read about Cypherpunks...

So don't expect that the unthinkable won't happen one day.

Ah... so miners cannot use their miners for private key generation. That gives us more time

Great, but let us consider this:

Lets say someone makes a device able to generate 1 TH/s of Bitcoin Private keys, is this possible with current technology?

How much different are ECDSA operations from the Mining operations in terms of CPU power?

assuming that this is currently possible, it leverages the basic Private Key generation by TRILLIONS, then to crack all Bitcoin Private Keys in 1 second (Yes in one second) it would just required 4 evolution at the same rate of 1 Trillion times.

Lets assume, currently there is the possibility to generate 1 Private Key TeraHashes per second (ECDSA operations)

This is an evolution of 1 Trillion times since Bitcoin is out there.

If we follow the same rate of evolution:

2009 to 2015... Hash Generation evolution / Second: +1 Trillion Times (1000000000000)
2015 to 2021... Hash Generation evolution / Second: +1 Trillion Times (1000000000000 x 1000000000000)
2021 to 2027... Hash Generation evolution / Second: +1 Trillion Times (1000000000000 x 1000000000000 x 1000000000000)
2027 to 2033... Hash Generation evolution / Second: +1 Trillion Times (1000000000000 x 1000000000000 x 1000000000000 x 1000000000000)

According to this thread here, there are 2^160 possible addresses:

https://bitcointalksearch.org/topic/how-many-possibly-bitcoin-addresses-are-there-exactly-and-how-long-does-it-24268

So if we divide 2^160 with 1000000000000^4 we get about 1 second... (if I'm not messing up the calculations somehow )

So, you see my concern? and this is to generate all possible private keys in 1 SECOND.

Maybe I should ask like this: with current available technology (Considering ASICs and Current Quantum Computing), whats the max Bitcoin Private keys mankind is able to generate per second with ONE central unit of processing?

If we know this number, we may know exactly how much time we have left.

These calculations and time estimates fail to take one factor into consideration, luck.

If I need to guess a number between 1 and 1000, it could take 1000 guesses or just 1 guess.

The premise of the OP is theoretically feasible. A system built exclusively for guessing private keys could theoretically find a private key fairly quickly or never. I can't find it now, but read a post here on bitcointalk where a guy is offering .1 BTC per day for people to run his software that attempts to do something like this.

TT

1. The average CPU can do 1-10 MILLION hashes per second. So an ASIC is only a million times better. But anyway you cannot compare a general purpose CPU to an ASIC. It is still same generation hardware. Computers did not get a million times better in 6 years.
2. A hashing ASIC cannot do private key checks.
3. I don't think you understood the text around the picture
4. Keep calm and don't worry about brute force.
5. If it were possible it would already be done. It takes a smart guy to make an ASIC and they all know a private key brute force is not worth the effort

If this were possible somebody would have already done it and Bitcoin would be dead. So you probably want to know why it's not possible. And by not possible I mean extremely extremely unlikely.

Mining (sha256 hash operation) has nothing to do with private/public keys calculations (an ECDSA operation). So 1THs miners cannot try 1 trillion private keys each second. But even if they could it would take him literally from the beginning of time until now (since the Big Bang) to crack one single Bitcoin address.

http://bitcoin.stackexchange.com/questions/2847/how-long-would-it-take-a-large-computer-to-crack-a-private-key

So even if you had a million of these machine (that by the way do not exist yet) it would still take you a dozen or so million years.

nice pic.

However, I'm not influenced by soft sentences and big pictures, I need to have solid proofs to feel safe.

A normal CPU out there, running at 10% its max speed is able to generate between 1 to 10 Hashes per second. (at least it was so with some tests I made some time ago, but it can take a bit more with some performance enhancements)

If you consider an available miner on the market, they are already able to generate 1 TeraHashes PER Second, that already counting with all calculations and everything.

Basically multiplies a basic computer power by TRILLIONS of times and all of this in just 6 years.

So I think its time for us (bitcoiners) to start worrying about the security of our addresses.

Thats why I'm asking these questions, can the TH/s capabilities used by ASIC miners be used to generate Bitcoin private Keys?

If yes, we may be running out of time and Bitcoin developers will probably have to update the Bitcoin hashing very soon and this would probably be bad news for the market.

If no, we may have a bit more time, but with quantum computing on the rise we may have to think about this in few years.

Just consider that Satoshi lost his private keys and has no access to this addresses and someone is able to crack his addresses, Bitcoin will die the next day.

I hope he still has access to his addresses and is alive when the Bitcoin developers have to update the Bitcoin hashing.... so he can still transfer his bitcoins to a new generation address.

Since you are new here, maybe you haven't seen this:

Maybe I was not clear enough.

By "cracking hashes" or "destroying Bitcoin from the inside" I mean... guessing all or as many as possible Bitcoin private keys out there. (And therefore unlocking all addresses out there, including, for example, hacking into Satoshi addresses)

I don't understand exactly how mining works but I assume it generates something different than private keys?

You cannot use a miner to crack Private Keys, because to crack private keys you have to have an input string that changes over iterations, but mining ASICs are not designed in this way... right?

So based on this, my question is, what if someone designs an ASIC specifically to crack Bitcoin Private Keys? Is this even possible?

We have a new trend rising, of quantum computing, if someone is able to combine quantum computing in an ASIC way, this may generate much much more than 1 TH/s... like 1 Million TH/s or even more.

But if you are telling that people can use miners to crack Bitcoin Private Keys, then my question is different: How long until everything falls apart?

Well that's what mining is all about. It's a search for a hash that is lower that the current target using brute force. And you have to compete with the entire mining network. That's why it would be very bad if a single miner/pool had more than 50% of the hashing power (51% attack).

This is the basis of why the proof of work (hashing) secures the blockchain.

Not sure what you mean by destroying Bitcoin from the inside...