Bitcoin Forum

I am fully aware this is a highly spekulative topic. So I am not expecting clear answers, but hope to get some input from people that are very familiar with how the speed of super-computers is evolving and expected to evolve over the next 10 - 50 years.
And also hear the opinion of people that have some deeper insights into exploiting hashing algorithm vulnerabilities etc.

I am wondering, if at some point in time over the next decades, it will be profitable (and possible at all), to brute-force one or more of Satoshi private keys.

Here are my thoughts:
- It seems Satoshi is supposed to have 1148800 BTC unspent Bitcoin (are there any newer numbers than from 2013?).
Source: https://bitslog.com/2013/04/17/the-well-deserved-fortune-of-satoshi-nakamoto/
Now, I am not sure, what the largest balance is, that he is holding in one address. If anyone has some date here? This would be our first factor (1).

- Even though the acceleration of computational speed has slowed down due to the fact that lower-and-lower nm technology is physically not possible any more, processors have contunied to get faster over the last years.
The second relevant factor (2) would be, how the evolution of processing speed continues over the next decades to come.
Right now there are already a ton of incredibly fast super computer all around the globe. The thought of a continuing development and the possibility to combine their processing power, gives me the impression that it might not be totally unrealistic to be able to calculate private keys at some point in time. Source: https://en.wikipedia.org/wiki/TOP500

- Supercomputer and energy to keep them running costs resources / a lot of money. So the last relevant factor would be the price per Bitcoin (3).
We have seen an incredible price development within Bitcoin's first 10 years of existence, so a BTC price of $100k or more seems quite feasible for many, looking at a time span of the next 5, 10, 20 or more years to come.

Now, what I would like to know, if we experiment with different factors for (1), (2) and (3) what are still in a realistic realm (from our current point of view and the date we have today) is it possible to reach a point within the next 10 - 50 years, where brute forcing one or some of SNs private keys will happen, because it's A) possible and B) profitable.
Really interested to hear some reasonable opinions on that topic.

Of course there are things like quantum computers and the possibility of other discoveries that might accelerate the process - but let's neglegt these totally unpredictable factors for now, just to keep this already complex topic a little more realistic. ;)

The possibility for a supercomputer on the future has a high possibility and if you would look around every update on the OS and windows and programs you can see that the technology is innovating and furthering as the day progresses so a high possibility can really be possible, But forcing your way on anyone else private key cannot be possible if that private key is lost, The security and encryption with the algorithm is very delicate so just brute force, And I never heard of a smart Supercomputer to be brute forcing any secured private key, But I guess if you are talking about mining the other block that is unmined yet Well a normal desktop cannot comprehend with the workload and even with a high GPU and UMD it is not still possible, but with a dedicated mining RIG can mining a block will be a possibility but I guess in accessing a highly Supercomputer like that we already mined the last block for Bitcoin.

(1) if he was holding all his coins in one address then there wouldn't have been this much speculation! all these speculations are based on making a guess about how many people were mining in first years then guesstimating how many blocks from early years were mined by Satoshi then multiply that by 50 (the block reward of the time) to get his total guesstimated coins.
note that each block that is mined its reward goes to a newly generated address so if we assume 1 million is correct then there are 20000+ addresses involved.

(2) as far as i know the "acceleration of computational speed" has not slowed down, it has stopped a couple of years ago. what they are doing is that they are increasing the number of cores that do the calculation at the same speed as before.
as for the question i can't answer it because it relates to solving the discrete logarithm problem that relates to elliptic curve cryptography and my information is limited on that topic.

I am intrigue with the possibility of supercomputers with the ability to brute force private keys of bitcoin wallets. I supported one project with deals with quantum computing but rather than destroy bitcoin they will use the technology to protect it (or something to that effect). Will it be a reality one day? Or will it just be another dream that remains a distant dream? Well, only time can tell. However, I am wondering if one day supercomputers can successfully do it, will it not cause chaos and eventually bitcoin will lose its value and its price can plummet? So in the end doing this can be counter productive?

Well even if a supercomputer appears i think will be hard to crack a private key and get because the algorithm is strong enough so can't be cracked easy, but even if will appear some problems developer of bitcoin will find a solution and supercomputer will not affect blockchain and private keys.

Absolutely. It's a matter of time, but it's very difficult to know when the breakthrough will occur. Right now, it's still all theoretical. I read an insightful and well-sourced article about when ECDSA might be broken by QC, and therefore when the early Satoshi P2PK outputs might be stolen. Read up here (https://medium.com/@nopara73/stealing-satoshis-bitcoins-cc4d57919a2b). This is an interesting bit:


This only applies to exposed public keys (like many of the early "Satoshi coins") or addresses that have spent outputs before, but that's a significant number of coins.

I can understand you and you have the logic
But you have to consider that if you use supercomputers to crack something, the same supercomputers probably will be at BTC side, protecting the blockchain

Devs and community will keep preserving BTC integrity, no matter what, and they will use the same technology hackers probably will, so...it keeps the same as today

It's not that simple. There's no way to "protect" vulnerable keys. Once ECDSA is broken, all exposed Bitcoin public keys are at risk. The only fix is to move vulnerable coins to new addresses and implement a new signature scheme like Lamport one-time signatures.

Since the early "Satoshi coins" are unlikely to be moved to safety, some people have suggested forking Bitcoin to make those outputs unspendable, or to recirculate them as mining rewards. Forks like this are unlikely to happen because they are so contentious, so we should be prepared for coins like this to be eventually moved and sold on the market someday.

as others have said. satoshi's stash is not stored on a single private key, its split up as 50coins over thousands of keys.

also by the time d-wave sort themselves out a protocol on how they are going to control their non-binary transistors the circulation of bitcoin should be diluted around a population where no one should have huge hoards in a single address to be a visual target.

Notionally, that would make it potentially more profitable as you could find more private keys that have some coins in them, as opposed to hoping for the lottery ticket key that everyone else is also gunning for. Plus it would let people finance their operations longer as they'd be getting money in small increments as opposed to just hoping that they get the single private key that has everything in it. Kind of like mining, in a way. Do you think so many people would be mining right now if they only had the possibility of getting the remaining ~4m coins in one big sweep, with only a single winner? I think not. The time value of money is important here too.

1. No one knows how the numbers pile up exactly, but it has been long speculated that for the first year of mining bitcoin, it was only Satoshi and Hal finney, among the first few testers, were mining, and so puts their coins into such numbers.

2. Moore's law has since been broken upon the introduction of 10nm CPUs in the market. If we continue to shrink down the 7nm processors we have right now into smaller ones successfully, perhaps can bring us closer to quantum computing. By closer, I mean just a few baby steps, but not actually closer into reality.

3. I don't think anyone in their sane minds would want to run a supercomputer just to brute-force a highly speculative asset, not now, not never. It's just isn't worth it, or perhaps not really meaningful at all.

Now it's almost impossible to bruteforce an address but in near future it will be possible but very expensive and time consuming. If bitcoin by that time is worth less than it is today people won't be interested in combining the most powerful computers to bruteforce satoshi's coins. If it keeps growing in value in 10 years it could be worth 100 thousand dollars. In that case it will be worth it to invest a lot of money and computing power to do it and people will try.

The reward must be worth the risk.

It is possible and it would not take as long as people think with the right gear and multibruteforce2.0 (trillions of bruteforces running at the same time putting used keys in a database so they do not check the same one)

Granted Satoshi probably has a private key mixer so the chances of this working is almost 0% but you could be the lucky .00000000000000000000000000000000000000000000000000000000000000000000000021% roller even when someone has a key mixer.

There is ways to even stop people from brute forcing.
https://bitcointalk.org/index.php?topic=5141142.60 see the 2nd last post here by me.

Well lets lets super /quantum computers bruteforcing cracking Nakamotos wallet is pretty possible in the future.But will consume alot of time/resources running super computers just like what you mentioned.This will take a long time depending on how long the key was and the combinations.If bitcoin will continue to rise to more than $100k and if someone would invest on supercomputers to crack nakamotos wallet it is profitable,but bigger chance to lose too if you cant sustain your machine 24/7.
Even computers with high processing process takes days cracking a single password,how about a private key with unique and abundance of letters and patterns to scan.

it is also a matter of cost versus reward. if someone in the future attempts this and succeeds then they would be breaking the security of the coin they receive and they become worthless because people either won't pay for it anymore or the network will prevent spending those outputs.

There's no way to "protect" vulnerable keys yet
Things works for both sides, devs can do something we never think to protect this vulnerable keys, like you said

i don't think it would become worthless. this is already a well known problem and the market is pricing it in. when the current signature algorithm is broken, the developers are going to implement a new quantum resistant signature scheme.

there's no saving satoshi's coins though. if somebody had the means to crack many of the early coins, why wouldn't they quickly sell some while prices are high? it'll happen eventually.

movement of those coins will cause a ton of drama and drama causes panic and that causes a drop. and since from the time those coins move until the time they reach exchanges and confirm (usually 6+) it takes enough time to affect the market. and that is if we assume the exchange is not going to block that account that tried selling those coins for further investigation.

most exchanges credit deposits after 1-3 confirmations. and i don't see a legit reason why they should be blocking deposits of old mined coins.

sure, satoshi coins moving would affect the market and cause some panic. that doesn't mean the market would hit $0 in 15 minutes and stay there.

if your choice is between "nothing" and "owning/selling satoshi coins" i'm sure someone with the means will choose to take the satoshi coins, even if the price crashes afterwards. it's better than nothing, and a rational assessment says that if they don't take them, someone else will.

We can fork the protocol to make the outputs unspendable, but that's a very slippery slope. Such a move ultimately destroys Bitcoin's "censorship resistance." What if those were your coins, and the network essentially stole your money?

We can't even say for sure which coins were Satoshi's. It's a guessing game. We'd essentially be punishing people who saved their coins and didn't move them. That doesn't seem right. They should still be able to access their own coins, even if that means leaving them vulnerable to attack.

My scenario is as follows :

Let's say someone created this super computer <quantum technology> and they manage to brute for ANY private key for a Bitcoin address, then all of us are f$#^ed!

The moment when this is announced and verified, people will dump their coins and the price of Bitcoin would drop dramatically. The effort and time and electricity spend to brute force these addresses, will not even pay for the coins that they gain.

Do you still think it is worth their while and what is stopping developers to use stronger algorithms.  :P

It’s not only Bitcoin that could be potentially "at risk" in the future, but most of the current encryption based security used in industries such as banking and internet.

Most articles you find online state that quantum computers may have enough power in a decade to be able to derive private keys on an individual level, or even pose a global threat to the network due to their hash power. These estimations nevertheless are considering BTC as is, with disregard to whatever technical evolutions it may have in the coming years.

BTC is not immutable, and as development goes on, and one can only presume that the threat is being measured, and that counter measures (change of protocol or whatever) can be developed and deployed, making it “quantum proof” at some point if the threat should pose to be a near reality.

First, if someone will have the technology to brute-force private keys, it would mean that they can crack all keys of the network, not just Satoshi's keys. They'll be just guessing all possible keys and draining coins when they find those with balance. It's not anywhere near feasible now, not looking to be feasible in the near future, and maybe it will never be possible.
As for quantum computers, they can be good at cracking keys when public keys are known, but they aren't known in Bitcoin protocol by default - they only get exposed when someone spends coins.

Indeed, not all keys on the network are vulnerable. Bitcoin already has some built-in quantum resistance since we use pubkey hashes.

That doesn't apply to the Satoshi coins, though, so I can understand why people are nervous about millions of "lost" coins entering circulation again. The Satoshi coins will probably remain sitting on exposed public keys until eventually stolen. The only way to prevent that would be to implement a fork that censors the outputs...

nope. the opposite.
firstly d-wave (quantum) is not about counting faster than binary. its about vector math of 3 dimensions(3 choices) instead of 2

so i know your thinking with binary, brute forcing ANY key by simply starting at 0 and counting up until you find a key with something on it.. if there are morekeys used and becomes more populated.. then chances are higher
BUT quantum wont help with that. quantum is only slightly better at counting from 0 up than binary is

quantum would be better than binary at having known vector/data and solving the solution to that vector faster than binary.
EG quantum can break a specific ecdsa key faster than binary.. but cant brute force from 0 to whatever number to get to the same key much faster.

to brute a private key is like asking your descendants multiple generations in the future to continue your project using current binary or quantum.

but cracking a specific key, knowing part of the vectors involved and trying to find the missing piece. doing it with quantum would be faster than binary

thus my point, imagine it can be done in a year.
as long as people dont store a years worth of costs on a private key they wont be a target

I doubt that Satoshi exposed any of his public keys, as far as I know it happens under 2 scenarios: first when you send a transaction and it's not yet confirmed - then there's a short window of opportunity to crack the key while the transactions is still in mempool and publish a contentious transaction, so overall it's extremely hard and can happen to anyone, not only Satoshi; the second is if we reused the address that he previously used to send transactions, but if I remember correctly, he was speaking against the address reuse in early days, and with his expertise in cryptography we can assume that he wouldn't make such a mistake.

In the early days, P2PK (pay to pubkey) outputs were common (https://bitcoin.stackexchange.com/a/73568) because of the Pay-to-IP feature which was removed in 0.8.0. Many of the early coins are sitting on exposed public keys for this reason.

The problem really exists. Technical progress will inevitably develop and fast supercomputers will appear. Their capabilities will pose a real threat to private cryptocurrency keys, including from the expected appearance of such capabilities of quantum computers. It is expected that there will also appear technologies that will protect the cryptocurrency from such vulnerabilities, but so far it is difficult to say something more specifically.