Topic: Why are private keys safe? (Read 4947 times)

It's been a while since I looked at it... I'll try to revisit soon and will check back with questions. Thanks.

It depends on the format of the private key that you have, but generally most of the commonly used wallets provide some method to import private keys.

Most wallets treat it as advanced functionality, so importing the private key will take some effort and a bit of technical know-how.

Let us know what wallet are you trying to import the private key into, and we can describe the process for you.

Somewhat of a dumb question here, but if you have a private key but not a QR code or way to scan it how can you access the wallet? I am finding that different wallets only import certain formats, and I think Armory offline only gave me a private key and some file I cannot import to other wallets. I generally kinda suck with using wallets, so any input on this would be helpful...

The chances that someone could randomly generate your private key is so low, that its just not going to happen, at least with any kind of technology we can think of or comprehend at this point in time.

Thank you for your share.

Thanks, I didn't know that it was common to just convert the secret to base58 like that.  I got: 5JFsHfdCqMXmYAoQczHpg1eTCXNRsGjW7tSi3bauUmhTdqUY15z

Not what is absolutely safe.

It's a base58 encoded (without the checksum) 32 byte elliptic curve hex private key.  It corresponds to the WIF private key 5Jno1aCaRaBWS3DKf5DDB96A5xSTqCJC4GbjQXPBWr8edhWX3Cg

Here's a private key of the same format as the one starting with 9:
4ujvNgAQsPYyGYRes6FCTVXR5zhvotRnZGH2KF8BBov3

See if you can get it.  It's for the address 1ErkEFoAQYYNkP9GKk6MW9VyPMXe7EosQs

Fantastic write, this should be on the blog post somewhere or Wiki, not only to be buried in this thread.

They are only safe if you checksumed your wallet as well as verifying via PGP.

That is true however in DWAVE defense what is more interesting is scalability.  Simulated annealing has been an area of study to solve large complex problems long before DWAVE.  With simulated annealing the barrier isn't that you can't solve small problems it is that solution complexity grows exponentially which puts larger problems out of reach.

As an example in one paper I read they showed relative complexity (the computing power/time) for simulated annealing increased about 100x when the number of variables was tripled.  The DWAVE system showed a ~3x increase in complexity or runtime under the same conditions.   So 3x vs 100x increase in computing requirements as the problem scales out.  Another way to look at it is for each magnitude increase in the number of variables to keep the runtime the same the DWAVE would need a one magnitude increase in the number of qubits but the simulated annealing would need four magnitudes (10,000x) increase in computing power.

The major problem with simulated annealing is a couple hundred variables doesn't allow you to solve very "interesting" problems.  So today simulated annealing is faster for problems which aren't very useful and larger problems are uneconomical while the DWAVE is slower but in theory could be faster on larger problems but they are impossible (due to quantum decoherence).  Neither is particularly useful but the quantum approach at least in theory would allow larger problems in the future.


IIRC using a high end card like a NVidia Tesla the average solution time for a problem with a couple hundred variables in measured in hours.  That scales out as 10^4 increase for every 10x in problem size. 
A thousand variable scale problem would be about ten GPU years.  Maybe a rack of high end GPU servers running for a year.   Not too great but possible. 
A ten thousand variable scale problem would be about a hundred thousand GPU years.  The top super computer is roughly 10,000 GPUs so it would need to run ten years.  Feasible but not really realistic.
A hundred thousand variable scale problem would be about a billion GPU years.  Even assume a 32x performance gain from Moore's law for a decade and a hundred thousand future GPU super computer in 2024 you would be looking at a solution time measured in centuries.  Ok we just hit infeasible.

On the other hand due to quantum decoherence, a quantum annealing will either find a solution in a fraction of a second or it may never find one.
A thousand variable problem would require a chip with thousand of qubits.
A ten thousand variable problem would require a chip with tens of thousands of qubits.
A hundred thousand variable problem would require a chip with hundreds of thousands of qubits.

People buying DWAVE computers know simulated annealing doesn't work at the variable scale they are interested in.  Today DWAVE simply can't solve those problems even given an infinite amount of time.  That will require much larger chips but DWAVE went from 128 qubits to 512 qubits in two years.  That is roughly double Moore's law.  Now nobody knows if DWAVE can continue to scale the chips larger at the same rate, and even if they do nobody knows if the solution time will also scale linearly.  Still it is interesting to just imagine both will happen.  A ten thousand variable scale problem would be solvable in 2-3 years.  A hundred thousand variable scale problem would be solvable around the end of the decade.  If you are a major corporation it is worth paying millions of dollars to get up to speed on a potential breakthrough like that.

This.

On edit:In hindsight it might looks like I am trying to educate you kjj.  That wasn't my intention just expanding on what I believe is a similar view on the threat of quantum computing which may be useful to others reading the thread.  Then again I haven't had caffeine yet so no promises.

To expand upon what kjj said and to put it in simplified terms, Quantum Annealing is some pretty "interesting" stuff, but it isn't particularly well suited to breaking most forms of cryptography.  Even if it was repurposed it can't be used to implement Shor's algorithm.  Quantum Computing isn't the magical kill all crypto in the world instantly nonsense that the media makes it out to be.  Quantum Computers can implement Quantum Algorithms.  For the purpose of breaking public key cryptography the interesting one is Shor's algorithm because it provides a massive reduction in the complexity of the problem bring what otherwise would be an impossible to brute force scenario to one which can be completed in polynomial time.  However using Shor's algorithm requires three things.  The first is a general purpose quantum computer (which DWave isn't and never will be).  The second is a public key to be attacked (and until spent the PubKey in bitcoin is unknown, you actually "send coins" to the PubKeyHash), and the third is the ability to construct said QC using a large enough number of qubits to implement the algorithm against keys of that size (and we are nowhere near the material science necessary to build a computer with tens of thousands of qubits).

So if an articles talks about "quantum computing being a threat to public key cryptography (and thus Bitcoin among thousands of other systems including TLS/SSL) it is paraphrased for a general purpose quantum computer with a sufficient number of qubits capable of implementing Shor's algorithm to break a particularly sized public key.  DWAVE's processors may end up being used for solving a lot of unique and interest problems and I am sure they will get larger and cheaper but it will never implement Shor's algorithm anymore than making an internal combustion engine more efficient will allow you to go faster than the speed of light.  Quantum Annealing and general purpose Quantum Computing are two divergent areas of study that sadly are very "nerdy" and share similar names so the media won't ever be accurate enough in their articles.  They use "Quantum Computing" to vaguely cover both fields.

So what about those fabled general purpose quantum computers?  Do they exist?  
Well we have two very public and very reviewed milestones in general purpose quantum computers.  General purpose means a design that is programmable or one which could someday lead to a programmable design.  Much like your PC is an example of a general purpose classical computer.  It can run various classical computing algorithms.  A general purpose (or programmable) quantum computer would be one that could implement Shor's algorithm (a quantum algorithm which requires a quantum computer to execute in real time).

The first major milestone was in 2001 a general purpose quantum computer with 4 qubits was able to factor the number 15 (into 5 & 3).  The next breakthrough came a decade later in 2011.  Keep in mind this is a decade later.  During that timeframe Moore's law improved the transistor density of "classical" computers by a factor of 32x.  That means generally speaking computing power per watt and computing power per dollar also increased by roughly the same magnitude.  So weaker encryption became even more weak by a factor of 32x.  Quantum computer is in its infancy so the rate of improvement should be much higher right?   So 4 bit number factored in 2001, for those playing along at home, how large of a number do you think was broken after a decade of improvement?  18 bits? 40 bits? 64 bits?  Even 64 bit would be decades away from factoring 3,076 bit numbers.  Don't use google or wikipedia just try to guestimate how much progress was made.  From 4 bit to ____ bit after a decade.

Got your guess?  Highlight the blue to reveal the answer.


Both 4,096 bit RSA and 256 bit ECDSA provide 128 bit security.  128 bit security is considered beyond brute force when using classical computers (although keys can be weakened through cryptanalysis).  Key strength is a way to roughly measure the time/energy required to break various different cryptographic systems by providing the equivalent symmetric key security.  4,096 bit RSA (public key - integer factorization), 256 bit ECDSA (public key - elliptical curve), 256 bit SHA-2 (cryptographic hash), and 128 bit AES (symmetric key) all have 128 bit key strength.  Since 128 bit is beyond brute force for any convceivable amount of time the only way these systems will be broken is through cryptanalysis which weakens the key not just using brute force.  So if that quantum computer had factored a 4,096 bit number it would have done something that no classical computing system could do.  In reality it did something, which millions of children have to do each year using pen and paper.


I have said it in other threads, wake me up when a general purpose quantum computer of sufficient size is able to factor 32 bit (or larger) number using Shor's algorithm faster and cheaper than a classical computer. To put it into perspective

For the record in hexadecimal this is a 5 bit number (what was actually broken):

This is a 32 bit number (my "wake me up milestone"):

This is a 128 bit number (a random symmetric key this size is considered beyond brute force for producing a collision):

This is a 4096 bit number (a QC would need to be able factor numbers this large to break 4,096 bit RSA which is the equivalent strength of 256 bit ECDSA):


Quantum Computing is a possible attack vector, it isn't an instant Bitcoin killer.  There is no evidence that anyone is anywhere close to building a general purpose quantum computer of the size needed to be anywhere close to breaking 256 bit ECDSA.  Even if/when that happens there are mitigating factors to consider.

The first is that if the PubKey is unknown Shor's algorithm can't be used, so don't reuse keys.  It gives you options to transistion safely to stronger addresses/keys.
The second is that Bitcoin can as an interim step use larger/stronger keys.  512 bit or even 1,024 bit ECDSA.  If quantum computing can break smaller keys it would provide a cushion of time/cost.
The third is that there are Post Quantum Cryptography (PQC).  Bitcoin in theory could be extended to use addresses based on PQC.

Note despite the similar names Post Quantum Cryptography (PQC) shouldn't be confused with Quantum Computing or Quantum Cryptography.  They are three distinct fields.  Quantum Computing is the study of implementing quantum algorithms to solve problems (like breaking Bitcoin public keys).  Quantum Cryptography is a system is key exchange which uses photons to ensure a key can not be intercepted by an eavesdropper (observing the photon will alter the photon).   PQC are classical computing algorithms for which there is no known polynomial time solution even when using quantum computing.  To date the major concerns with PQC are the need for much larger key and signatures sizes (easily 100x that of ECDSA), a lack of extensive testing, and in some cases weaker strength against classical computing.

And, while it may actually be quantum, it quite possibly offers no significant speed improvement over carefully designed software on a classical computer for the types of problems that it's specifically designed to handle.

A guy that I talk to on IRC (friend of a friend) does quantum computing research at Caltech.  He says that the "mood" in the community is that D-Wave is actually quantum.  It wasn't so early on and they needed a lot of convincing.  I've seen similar statements online (but don't have any references handy).

But people need to keep in mind that D-wave does quantum annealing, which is different from "general" quantum computing.

Wikipedia quotes penned by a competing manufacturer (IBM). lol

Quotes from the same competitor (IBM). lol

A quote from Scott Aaronson (uh, who the hell is this guy? lemme guess...works for IBM). He points to a simulation running on a classical machine optimized to exploit quirks in the "d-wave problem" to gain an advantage and says "look d-wave's slower", ridiculous. lol

Superconducting hardware walks the walk and theory-crafting talks the talk. Keep on talking IBM... and hurry up with that Bitcoin wallet, it's going to be a full implementation of the bitcoin protocol right?

Or it could just be really expensive snake oil.

http://en.wikipedia.org/wiki/Dwave_1


http://arxiv.org/abs/1401.7087


http://www.scottaaronson.com/blog/?p=1400

We've got a quantum computer store here called D-Wave. They've got quantum computers in stock and for sale.

http://arxiv.org/pdf/1403.4228v1.pdf

Because the quantum computer has not yet been invented. Give it a few more decades.

I'd too would like an answer to this question.

Side note, when sending a shared transaction from a blockchain.info wallet the change always goes to a band new freshly created change address and I don't see a way to specify any other address.  As stated above for a non shared transaction the blockchain.info wallet sends the change back to the address the unspent output(s) came from.