Distributed wallet attack using Bitcoin's own design

[andyd00d]

What if a new coin came to exist but its goal was to attack Bitcoin wallets?

Perhaps on some interval a bloom filter is created where the inputs are the top N least-recently-spent Bitcoin addresses with a substantial positive balance. Miners do work by creating a random ECDSA key pair. Then they convert the public key to the Bitcoin address format and test the filter for membership -- essentially a distributed brute-force attack.

Yes, the odds of brute-force cracking one of these keys are astronomically small. In the interest of improving the odds, maybe the design is modified to specifically attack brain wallets. The miner could choose to sweep the balance or not should they ever actually be successful but the by-product of this work could also serve as a new altcoin.

So, how would you tune difficulty and award these new altcoins themselves? The bloom filter could be made to only use some number of significant bits from the address space -- perhaps the first N bits. You get a mining reward if you find an address which tests positively in the filter but negatively in a filter containing addresses previously associated with a reward. The latter filter would use all address bits. Difficulty could be handled identically to Bitcoin. The block header would be signed with the private key associated with the address which satisfies the difficulty -- presumably the miner would check if this actually collides with one of the full addresses used to populate the bloom filter prior to broadcasting their new block.

Thoughts?

[BurtW]

There are 2¹⁶⁰ possible Bitcoin addresses.

/thread (please)

[andyd00d]

There are 2²⁵⁶ private key possibilities -- which is what's relevant. I'm not claiming successful collision is likely.

[BurtW]

There are 2²⁵⁶ private key possibilities -- which is what's relevant. I'm not claiming successful collision is likely.

2¹⁶⁰ is the correct number as you only need for the address to collide in order to move/spend the coins.  Any of the 2⁹⁶ key pairs that hash to a given address will do.

There have been dozens and dozens of threads on this subject (address collision).

If you pay your miners on address hits then you will never pay them.

If you pay your miners on being "close" to an address that has coins then you are paying them for worthless "close but no cigar" addresses.

Darn, my attempt to kill this thread has failed

[andyd00d]

Would it function as a viable altcoin?