|
timeshareafrica (OP)
|
 |
March 11, 2013, 05:00:10 AM |
|
How many Kilojoule will it take to calculate the private key from the public key?
Is must be possible only with a lot of efford?
|
|
|
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
DeathAndTaxes
Donator
Legendary
 Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
March 11, 2013, 05:03:43 AM
Last edit: March 11, 2013, 05:22:42 AM by DeathAndTaxes |
|
Simple version: it can't be done. Not with a computer, not with a bunch of really fast "next gen" processors, not with a dyson sphere and a planetary sized super computer which operates at the thermodynamic limit until our star burns out. I think this sums it up the best. These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space. http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html |
|
|
|
|
bitlybit
Newbie
Offline
Activity: 14
Merit: 0
|
|
March 11, 2013, 05:14:34 AM
Last edit: March 11, 2013, 08:32:46 PM by bitlybit |
|
start guessing  |
|
|
|
|
solex
Legendary
Offline
Activity: 1078
Merit: 1002
100 satoshis -> ISO code
|
|
March 11, 2013, 05:19:49 AM |
|
And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space. LOL a threadkiller answer |
|
|
|
|
luv2drnkbr
|
|
March 11, 2013, 10:28:02 AM |
|
Does having the public key even give you any information at all other than "nope, that's not the correct answer"?
Edit: also, to answer your question OP, never.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
March 11, 2013, 12:44:02 PM |
|
Does having the public key even give you any information at all other than "nope, that's not the correct answer"?
Edit: also, to answer your question OP, never.
In classical computing knowing the public key removes the need to perform the address computation still given the amount of time/energy needed it is a negligible improvement (i.e. "only" need the energy output of 19 supernovas not 20  ). Having the public key is important in some quantum computing attacks so either Satoshi was really lucky (on a lot of things) or he is a time traveler from the future. Not re-using an address after you spend from it, means the public key is never publicly known. That provides a level of quantum resistance for cold storage addresses. |
|
|
|
|
da2ce7
Legendary
Offline
Activity: 1222
Merit: 1016
Live and Let Live
|
|
March 11, 2013, 12:54:47 PM |
|
in-fact the amount of energy required is quite a calculable problem. The problem lies in the answer, where the energy is greater than all the energy in the universe.
|
One off NP-Hard.
|
|
|
tehmwak
Newbie
Offline
Activity: 10
Merit: 0
|
|
March 12, 2013, 12:10:29 AM |
|
How many Kilojoule will it take to calculate the private key from the public key?
At least four. Probably more. |
|
|
|
|
|
nwbitcoin
|
|
March 12, 2013, 12:14:51 AM |
|
I've been around IT long enough to know that predictions are the funnies for the next generation! Going on the history of cryptography, an algorithm has a lifespan of about 40 years before brute force is practical, so I would say that if you lose your private key, you are in for a good new year in 2050 or so!  |
*Image Removed* I use Localbitcoins to sell bitcoins for GBP by bank transfer!
|
|
|
foggyb
Legendary
Offline
Activity: 1666
Merit: 1006
|
|
March 12, 2013, 12:27:38 AM |
|
I've been around IT long enough to know that predictions are the funnies for the next generation! Going on the history of cryptography, an algorithm has a lifespan of about 40 years before brute force is practical, so I would say that if you lose your private key, you are in for a good new year in 2050 or so! The history of technology-assisted cryptography is really short. I wouldn't bet on the 40 year cycle becoming any kind of rule of thumb. |
I just registered for the $PLOTS presale! Thank you @plotsfinance for allowing me to purchase tokens at the discounted valuation of only $0.015 per token, a special offer for anyone who participated in the airdrop. Tier II round is for the public at $0.025 per token. Allocation is very limited and you need to register first using the official Part III link found on their twitter. Register using my referral code CPB5 to receive 2,500 points.
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
March 12, 2013, 12:37:17 AM |
|
I've been around IT long enough to know that predictions are the funnies for the next generation! Going on the history of cryptography, an algorithm has a lifespan of about 40 years before brute force is practical, so I would say that if you lose your private key, you are in for a good new year in 2050 or so! Lets at least keep the terminology correct. A brute force on a 256 bit key is impossible by the thermodynamic limit. It is impossible today, it will be impossible in fourty years, and in all likelihood baring some as of yet completely undiscovered energy breakthrough will still be impossible in 40,000 years. It isn't that we haven't yet built fast enough computers it is that even a perfect computer would take more energy than is available in our solar system. If someone sent a 256 bit private key on a spaceship to the nearest star system it would take less energy to simply go retrieve it, then it would to try an brute force it. Now it is possible that ECDSA has a cryptographic flaw, and in the coming years/decades this flaw will be discovered which will allow attacks FASTER THAN brute force attacks which render ECDSA vulnerable. However even if that happens a brute force attack on 256 bit keys will still be impossible. It is also possible no viable attack on ECDSA will be discovered in our lifetime. |
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
March 12, 2013, 01:35:41 AM |
|
Fermat's Last Theorem took a while to be proven, about 358 years. Start cracking a private key now, and let me know your progress in 3 centuries. Don't forget to save often.
My employees always complain about the occasional power failure that causes them to lose a day's work. I've since gotten UPS devices, but those things also fail after a couple of years and need replacements.
|
|
|
|
|
lophie
|
|
March 12, 2013, 02:30:13 AM |
|
All right smart people. Now how about if we consider the block chain. So we are not crunching for a specific address but we are crunching for ANY address in the block chain. What is the probability for that to happen?
Still safe enough for you?
|
Will take me a while to climb up again, But where is a will, there is a way...
|
|
|
Raize
Donator
Legendary
Offline
Activity: 1419
Merit: 1015
|
|
March 12, 2013, 02:55:09 AM |
|
All right smart people. Now how about if we consider the block chain. So we are not crunching for a specific address but we are crunching for ANY address in the block chain. What is the probability for that to happen?
Still safe enough for you?
Yeah, for me anyway. The likelihood of finding a key at random is as likely as being struck by lightning while taking a crap every year for 17 years in a row. Also relevant: |
|
|
|
|
misterbigg
Legendary
Offline
Activity: 1064
Merit: 1001
|
|
March 12, 2013, 02:56:07 AM |
|
1.21 Jiggawatts!
|
|
|
|
|
|
behindtext
|
|
March 12, 2013, 04:00:19 AM |
|
depends on whether you've got a quantum computer or not also depends on how you're attacking the discrete logarithm problem. brute forcing the private key would take an enormous amount of energy. i have heard of tricks to attack RSA keys but the trick doesn't apply to ECDSA. |
|
|
|
|
nwbitcoin
|
|
March 12, 2013, 08:54:28 AM |
|
I've been around IT long enough to know that predictions are the funnies for the next generation! Going on the history of cryptography, an algorithm has a lifespan of about 40 years before brute force is practical, so I would say that if you lose your private key, you are in for a good new year in 2050 or so! Lets at least keep the terminology correct. A brute force on a 256 bit key is impossible by the thermodynamic limit. It is impossible today, it will be impossible in fourty years, and in all likelihood baring some as of yet completely undiscovered energy breakthrough will still be impossible in 40,000 years. It isn't that we haven't yet built fast enough computers it is that even a perfect computer would take more energy than is available in our solar system. If someone sent a 256 bit private key on a spaceship to the nearest star system it would take less energy to simply go retrieve it, then it would to try an brute force it. Now it is possible that ECDSA has a cryptographic flaw, and in the coming years/decades this flaw will be discovered which will allow attacks FASTER THAN brute force attacks which render ECDSA vulnerable. However even if that happens a brute force attack on 256 bit keys will still be impossible. It is also possible no viable attack on ECDSA will be discovered in our lifetime. The point I was trying to make is that technology moves the goalposts. In 40 years time, cracking a 256 will be possible due to some other technological breakthrough such as a 256 hash rainbow table having been invented or because paralleled processing would have reached silly proportions. This will mean that you won't have to break the laws of physics to get your answer. The major downside of many of these predictions is that they always deal with the problem head on, and you don't tend to solve problems head on! More importantly, the core element of bitcoin is not reliant on the crypto algorithm it uses - that can be changed - and as such, future coins will still be safe as these new ways of cracking codes are discovered. |
*Image Removed* I use Localbitcoins to sell bitcoins for GBP by bank transfer!
|
|
|
|
Rygon
|
|
March 12, 2013, 12:06:12 PM |
|
Simple version: it can't be done. Not with a computer, not with a bunch of really fast "next gen" processors, not with a dyson sphere and a planetary sized super computer which operates at the thermodynamic limit until our star burns out. I think this sums it up the best. These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space. http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.htmlI don't think that's entirely correct. Because the private key is also hashed with RIPEMD160, the security of finding a private key that matches a public key is actually only 160 bits, not 256 bits. So, for someone trying a brute force attack against a private key, they have a much lower target because there are 2^96 private keys that correspond to each public key. However, given the assumptions in the linked article, the amount of energy is still ridiculous, something like all the energy that the earth gets from the sun continuously for an entire year just to go through those values. My calculations may be a little bit off though. |
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
March 12, 2013, 03:47:59 PM |
|
Instead of 10,000,000,000 years, it goes down an order of magnitude to 1,000,000,000 years. Still not worth it. Those star sized computers are most likely parallel 10,000,000 cores, each running at 10,000 gigahertz and they still can't store 256 hash rainbow tables.
It's a lot easier to threaten a living person with physical violence (or torture) to get them to give up their private key. It's even easier to just bug their house or computer to get their entire wallet.
|
|
|
|
|
timeshareafrica (OP)
|
|
March 15, 2013, 03:23:48 PM |
|
I just saw in the wiki it says:"If you were to intentionally try to make a collision, it would currently take 2^107 times longer to generate a colliding Bitcoin address than to generate a block"
So if it would take +- 30 megajoule to generate a block than one could say it will take 4,867778305×10³³ megajoule to create a collision.
|
|
|
|
|
|
