Bitcoin Forum
May 21, 2019, 02:17:10 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: What if bitcoin addresses can be hacked  (Read 5843 times)
pieppiep
Hero Member
*****
Offline Offline

Activity: 1148
Merit: 500



View Profile
September 29, 2012, 06:21:56 PM
 #1

Culculations how much faster the hardware needs to be to proof I can't just crack a bitcoin address :

I've found at https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses how an address is calculated.
To generate a specific address that already has bitcoins I need to calculate at average 2^160 keys.

At http://www.bitcointrading.com/forum/bitcoin-software/vanitygen-vanity-bitcoin-address-generator-%28v0-17%29/ how quick addresses can be generated.
The fastest graphics card for this has a rate of 23.5 Mkeys/second.

So lets round the generating speed to the nearest 2^x speed, we get 2^24 keys/second.
On average we need 2^160 / 2^24 = 2^136 seconds, or more understandeble human language, more time than the universe exists.

If I want to be able to crack an address in less than a day, for example a little over 18 hours (to get a nice 2^x seconds), I have 2^16 seconds to do it so I need to be 2^136 / 2^16 = 2^120 times faster than with the current hardware.

If I take into account that at the moment hardware still get 2 times faster each 1.5 yeah, I need to wait 180 years for hardware capable of breaking a bitcoins address within one day.
So technically it is not (yet) possible to do this kind of thing.

My actual question
What if someone or something is able to do this kind of calculations, and thus can spent every coin mined today, or is just very very very lucky and finds someone elses keys without hacking into other computers.
Will it be legal to spend the coins?



▄▄                                  ▄▄
 ███▄                            ▄███
  ██████                      ██████
   ███████                  ███████
    ███████                ███████
     ███████              ███████
      ███████            ███████
       ███████▄▄      ▄▄███████
        ██████████████████████
         ████████████████████
          ██████████████████
           ████████████████
            ██████████████
             ███████████
              █████████
               ███████
                █████
                 ██
                  █
veil|     PRIVACY    
     WITHOUT COMPROMISE.      
▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂
|   NO ICO. NO PREMINE. 
   X16RT GPU Mining. Fair distribution.  
|      The first Zerocoin-based Cryptocurrency      
   WITH ALWAYS-ON PRIVACY.  
|



                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌




   ▄███████
   ████████
   ███▀
   ███
██████████
██████████
   ███
   ███
   ███
   ███
   ███
   ███




     ▄▄█▀▀ ▄▄▄▄▄▄▄▄ ▀▀█▄▄
   ▐██▄▄██████████████▄▄██▌
   ████████████████████████
  ▐████████████████████████▌
  ███████▀▀▀██████▀▀▀███████
 ▐██████     ████     ██████▌
 ███████     ████     ███████
▐████████▄▄▄██████▄▄▄████████▌
▐████████████████████████████▌
 █████▄▄▀▀▀▀██████▀▀▀▀▄▄█████
  ▀▀██████          ██████▀▀
      ▀▀▀            ▀▀▀
Get alert of price pumps/dumps beforehand 74% average Win Rate
reported by our users
TRY NOW!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1558448230
Hero Member
*
Offline Offline

Posts: 1558448230

View Profile Personal Message (Offline)

Ignore
1558448230
Reply with quote  #2

1558448230
Report to moderator
1558448230
Hero Member
*
Offline Offline

Posts: 1558448230

View Profile Personal Message (Offline)

Ignore
1558448230
Reply with quote  #2

1558448230
Report to moderator
1558448230
Hero Member
*
Offline Offline

Posts: 1558448230

View Profile Personal Message (Offline)

Ignore
1558448230
Reply with quote  #2

1558448230
Report to moderator
Math Man
Full Member
***
Offline Offline

Activity: 150
Merit: 100


View Profile
September 29, 2012, 07:17:14 PM
 #2

Finding someone's private key to take their bitcoins is hacking with the intent of theft.
hamdi
Hero Member
*****
Offline Offline

Activity: 784
Merit: 500



View Profile
September 29, 2012, 07:57:38 PM
 #3

second this!

Jutarul
Donator
Legendary
*
Offline Offline

Activity: 994
Merit: 1000



View Profile
September 29, 2012, 08:12:13 PM
 #4

If I take into account that at the moment hardware still get 2 times faster each 1.5 yeah, I need to wait 180 years for hardware capable of breaking a bitcoins address within one day.
There are physical limits to computational power. One, which we already experience a lot, is the lack of power scaling. We already hit the limits. Thus any doubling of transistors usually doubles the energy requirements. I don't think conventional computers will ever be able to crack bitcoin keys.
However, DNA based computers may. They are much more parallel and have a better power efficiency.

The ASICMINER Project https://bitcointalk.org/index.php?topic=99497.0
"The way you solve things is by making it politically profitable for the wrong people to do the right thing.", Milton Friedman
MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1000



View Profile
September 29, 2012, 08:30:42 PM
 #5

In addition to the present impracticality of brute forcing key collisions, Bitcoin's internal design is modular and is thus capable of swapping in an alternative crypto algo and later deprecating the existing one without a hiccup.  In fact, the current method of block hashing (just as an example) requires the use of SHA256 (secure hasing algorithum 256 bit) twice to produce a validatable block hash.  One of these two algos are likely to be replaced with another similar algo yet to be created, without removing the second use of SHA256.  This results in strengthing of the blockchain brute force security without the risk of accidentally exposing it temporarily during the transition to another algo.  Very likely, the second instance of SHA256 will not be replaced until yet another, better, algo is developed or SHA256 is shown to have a flaw.

In a similar manner, wallet.dat keys are created using elliptic curve public/private cryptography; but once a better algo is developed in the future, both the present form of creating addresses and the new form of creating addresses could coexist for a time, permitting users to migrate over time.  Eventually, once the present (older) algo is no longer considered safe enough for the common hardware available, the old transactions long unspent on the blockchain using the old algo would likely only be "lost" coins, and thus be salvage by natural law.  I.E. ten years after the new algo came online there are still hundreds of old transactions on the blockchain decades old, those who can brute force those private keys first get to move them to a new algo address of their own.  In the long run, even bitcoins are never lost.

EDIT:  This modularity was an orginal design consideration.  Present bitcoin address all begin with a [ 1 ] for this reason, (testnet coin addresses all begin with a letter, IIRC) and thus future address algos can identify the algo used to produce them by the leading character.  Yes, this too was on purpose.  Satoshi was a far thinking genius.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
pieppiep
Hero Member
*****
Offline Offline

Activity: 1148
Merit: 500



View Profile
September 30, 2012, 02:04:12 PM
 #6

Finding someone's private key to take their bitcoins is hacking with the intent of theft.
I didn't think of this simple answer, thanks! Smiley

In addition to the present impracticality of brute forcing key collisions, Bitcoin's internal design is modular and is thus capable of swapping in an alternative crypto algo and later deprecating the existing one without a hiccup.  In fact, the current method of block hashing (just as an example) requires the use of SHA256 (secure hasing algorithum 256 bit) twice to produce a validatable block hash.  One of these two algos are likely to be replaced with another similar algo yet to be created, without removing the second use of SHA256.  This results in strengthing of the blockchain brute force security without the risk of accidentally exposing it temporarily during the transition to another algo.  Very likely, the second instance of SHA256 will not be replaced until yet another, better, algo is developed or SHA256 is shown to have a flaw.

In a similar manner, wallet.dat keys are created using elliptic curve public/private cryptography; but once a better algo is developed in the future, both the present form of creating addresses and the new form of creating addresses could coexist for a time, permitting users to migrate over time.  Eventually, once the present (older) algo is no longer considered safe enough for the common hardware available, the old transactions long unspent on the blockchain using the old algo would likely only be "lost" coins, and thus be salvage by natural law.  I.E. ten years after the new algo came online there are still hundreds of old transactions on the blockchain decades old, those who can brute force those private keys first get to move them to a new algo address of their own.  In the long run, even bitcoins are never lost.

EDIT:  This modularity was an orginal design consideration.  Present bitcoin address all begin with a [ 1 ] for this reason, (testnet coin addresses all begin with a letter, IIRC) and thus future address algos can identify the algo used to produce them by the leading character.  Yes, this too was on purpose.  Satoshi was a far thinking genius.
If it would be legal to salvage old coins after a change in the key algorithm, when will it be legal?
If for example, I save some coins on a wallet on an old usbstick for when I retire, why would it be legal for someone to salvage those keys.
So, legal after 10 years? or 100 years?

Another thing I just thought about, how can you ever find out who got you keys with the anonymity of bitcoin.



▄▄                                  ▄▄
 ███▄                            ▄███
  ██████                      ██████
   ███████                  ███████
    ███████                ███████
     ███████              ███████
      ███████            ███████
       ███████▄▄      ▄▄███████
        ██████████████████████
         ████████████████████
          ██████████████████
           ████████████████
            ██████████████
             ███████████
              █████████
               ███████
                █████
                 ██
                  █
veil|     PRIVACY    
     WITHOUT COMPROMISE.      
▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂
|   NO ICO. NO PREMINE. 
   X16RT GPU Mining. Fair distribution.  
|      The first Zerocoin-based Cryptocurrency      
   WITH ALWAYS-ON PRIVACY.  
|



                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌




   ▄███████
   ████████
   ███▀
   ███
██████████
██████████
   ███
   ███
   ███
   ███
   ███
   ███




     ▄▄█▀▀ ▄▄▄▄▄▄▄▄ ▀▀█▄▄
   ▐██▄▄██████████████▄▄██▌
   ████████████████████████
  ▐████████████████████████▌
  ███████▀▀▀██████▀▀▀███████
 ▐██████     ████     ██████▌
 ███████     ████     ███████
▐████████▄▄▄██████▄▄▄████████▌
▐████████████████████████████▌
 █████▄▄▀▀▀▀██████▀▀▀▀▄▄█████
  ▀▀██████          ██████▀▀
      ▀▀▀            ▀▀▀
vokain
Legendary
*
Offline Offline

Activity: 1736
Merit: 1000

★YoBit.Net★ 1400+ Coins Exchange


View Profile
September 30, 2012, 07:41:01 PM
 #7

...

EDIT:  This modularity was an orginal design consideration.  Present bitcoin address all begin with a [ 1 ] for this reason, (testnet coin addresses all begin with a letter, IIRC) and thus future address algos can identify the algo used to produce them by the leading character.  Yes, this too was on purpose.  Satoshi was a far thinking genius.

This is fascinating, I was looking through the Bitcoin Paper and was wondering where someone could find more information like you had.

Am I spamming? Report me!
MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1000



View Profile
September 30, 2012, 09:19:34 PM
 #8

Finding someone's private key to take their bitcoins is hacking with the intent of theft.
I didn't think of this simple answer, thanks! Smiley

In addition to the present impracticality of brute forcing key collisions, Bitcoin's internal design is modular and is thus capable of swapping in an alternative crypto algo and later deprecating the existing one without a hiccup.  In fact, the current method of block hashing (just as an example) requires the use of SHA256 (secure hasing algorithum 256 bit) twice to produce a validatable block hash.  One of these two algos are likely to be replaced with another similar algo yet to be created, without removing the second use of SHA256.  This results in strengthing of the blockchain brute force security without the risk of accidentally exposing it temporarily during the transition to another algo.  Very likely, the second instance of SHA256 will not be replaced until yet another, better, algo is developed or SHA256 is shown to have a flaw.

In a similar manner, wallet.dat keys are created using elliptic curve public/private cryptography; but once a better algo is developed in the future, both the present form of creating addresses and the new form of creating addresses could coexist for a time, permitting users to migrate over time.  Eventually, once the present (older) algo is no longer considered safe enough for the common hardware available, the old transactions long unspent on the blockchain using the old algo would likely only be "lost" coins, and thus be salvage by natural law.  I.E. ten years after the new algo came online there are still hundreds of old transactions on the blockchain decades old, those who can brute force those private keys first get to move them to a new algo address of their own.  In the long run, even bitcoins are never lost.

EDIT:  This modularity was an orginal design consideration.  Present bitcoin address all begin with a [ 1 ] for this reason, (testnet coin addresses all begin with a letter, IIRC) and thus future address algos can identify the algo used to produce them by the leading character.  Yes, this too was on purpose.  Satoshi was a far thinking genius.
If it would be legal to salvage old coins after a change in the key algorithm, when will it be legal?
If for example, I save some coins on a wallet on an old usbstick for when I retire, why would it be legal for someone to salvage those keys.
So, legal after 10 years? or 100 years?

Another thing I just thought about, how can you ever find out who got you keys with the anonymity of bitcoin.

Legality in the context of the Bitcoin system is differnet than legality in greater society.  Whether or not it was legal, from the perspectives of the bitcoin network design, if it's possible it will happen.  But don't jump to the conclusion that this will ever be a risk within the lifetimes of our grandchildren.  This is sometihng for furute generations to solve.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1000



View Profile
September 30, 2012, 09:42:29 PM
 #9

...

EDIT:  This modularity was an orginal design consideration.  Present bitcoin address all begin with a [ 1 ] for this reason, (testnet coin addresses all begin with a letter, IIRC) and thus future address algos can identify the algo used to produce them by the leading character.  Yes, this too was on purpose.  Satoshi was a far thinking genius.

This is fascinating, I was looking through the Bitcoin Paper and was wondering where someone could find more information like you had.

The bitcoin white paper is really just a technical primer, and does not cover some of the more subtle details of the network.  Most of this info I've gleaned from resources & forum members over the past couple years, many of whom are the actual developers.  I don't recall from whom I received this particular piece of data.

An additional little tibit, with regard to the brute force defensive security of the blockchain, is "checkpointing".  Basicly, this is a hardcoded list of hash values for particular blocks that are included with the official (and likely the others) client, which is added to with each minor release.  The list cannot be altered except at the source code, and when a fresh client is "bootstrapping" it will check this list as it encounters each of those blocks from the network, in addition to not considering itself up-to-date unless both the peers it's connected to AND the last of the checkpoints on it's list has been encountered.  What this does is it prohibits a malicious set of peers from colluding to feed a new client a completely false blockchain (for what gain to the attackers,  I don't know) without the fresh client knowing something was wrong, for even if an attacker were capable of finding a single hash for a fake block (perhaps granting the attacker an arbitrary amount of bitcoins, in the view of the client being attacked, even if temporarily) the odds of being able to do such a thing for all of the blocks on the checkpoint list (and still not get made on the interconnecting weave of transaction connections and other security measures regarding actual transaction data integrity) goes up exponentially.  No attack vector has even been demonstrated in this fashion, but the sheer level of difficulty that this checkpoint list adds to the issue all but promises that it never will.  And authors of alternative clients can use completely differnet checkpoint lists, further complicating the issue as the complexity of the blockchain grows.  For that matter, a developer could completely randomize the checkpoint list for each minor release, so the attacker would 1) have to know both the exact checkpoint list included in that release and 2) be able to fake substitutable blocks on the fly while 3) preventing the client under attack from makng even one connection to an honest node with a complete copy of the real blockchain.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
odolvlobo
Legendary
*
Offline Offline

Activity: 2492
Merit: 1313



View Profile
October 01, 2012, 01:49:41 AM
 #10

As long as it is more profitable to mine BTC than it is to find private keys, then there is no incentive to find private keys.

Buy bitcoins with cash from somebody near you: LocalBitcoins
Buy stuff on Amazon at a discount with bitcoins or convert Amazon points to bitcoins: Purse.io
Join an anti-signature campaign: Click ignore on the members of signature campaigns.
mrb
Legendary
*
Offline Offline

Activity: 1526
Merit: 1013


View Profile WWW
October 02, 2012, 05:10:38 AM
 #11

Culculations how much faster the hardware needs to be to proof I can't just crack a bitcoin address :

I've found at https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses how an address is calculated.
To generate a specific address that already has bitcoins I need to calculate at average 2^160 keys.

At http://www.bitcointrading.com/forum/bitcoin-software/vanitygen-vanity-bitcoin-address-generator-%28v0-17%29/ how quick addresses can be generated.
The fastest graphics card for this has a rate of 23.5 Mkeys/second.

So lets round the generating speed to the nearest 2^x speed, we get 2^24 keys/second.
On average we need 2^160 / 2^24 = 2^136 seconds, or more understandeble human language, more time than the universe exists.

If I want to be able to crack an address in less than a day, for example a little over 18 hours (to get a nice 2^x seconds), I have 2^16 seconds to do it so I need to be 2^136 / 2^16 = 2^120 times faster than with the current hardware.

If I take into account that at the moment hardware still get 2 times faster each 1.5 yeah, I need to wait 180 years for hardware capable of breaking a bitcoins address within one day.
So technically it is not (yet) possible to do this kind of thing.

My actual question
What if someone or something is able to do this kind of calculations, and thus can spent every coin mined today, or is just very very very lucky and finds someone elses keys without hacking into other computers.
Will it be legal to spend the coins?

This topic comes every once in a while.

If someone can calculate key collisions quickly, then he can also calculate SHA256() quickly (or cryptographically break it), as this hash function is used to calculate Bitcoin addresses. But if he can calculate SHA256() quickly, he can also mine quickly, as mining is based on SHA256().

Therefore, what do you think is more profitable: running a GPU for "more time than the universe exists" to perhaps collide with a single address, or running it to mine and earn Bitcoins every day?

Obviously, address collision is computationally a non-issue.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!