How much computing power would be needed to crack one bitcoin adress?

[stakhanov]

I've been thinking, since all transactions are public, the balance associated with all public addresses is known. So an attacker could in theory concentrate all his computing power to try to find the private key associated to a single wealthy address.

How much computing power would be needed?

[MiningBuddy]

See this thread: http://forum.bitcoin.org/index.php?topic=26278

[bcearl]

You would have to break ECDSA with 256 bit keys. If you could do that, you could do a lot more than cracking Bitcoin addresses.

[stakhanov]

You would have to break ECDSA with 256 bit keys. If you could do that, you could do a lot more than cracking Bitcoin addresses.

Thanks for the answer. And it does seem like a lot http://en.wikipedia.org/wiki/Elliptic_Curve_DSA

[Gabi]

How much computing power would be needed?

Dunno, probably more than the total energy output of the sun for more than the age of the universe...

[bcearl]

How much computing power would be needed?

Dunno, probably more than the total energy output of the sun for more than the age of the universe...

That's a worthless statement, because it depends on current computing technology and ECDSA-attacking algoithms.

[Gabi]

Well do you have an algorithm that make such attack feasible with less energy and time? 

[natman3400]

I've been thinking, since all transactions are public, the balance associated with all public addresses is known. So an attacker could in theory concentrate all his computing power to try to find the private key associated to a single wealthy address.

How much computing power would be needed?

All of it.
Just had to say that.

[bcearl]

Well do you have an algorithm that make such attack feasible with less energy and time? 

I may have one before the universe ends. Or I may have a better computer that consumes less energy.

[Tronlet]

It's just insanity to even think of it.

http://www.wolframalpha.com/input/?i=2^160

In plain numbers, that first output under "Result:" is what 2^160 is. 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976.

Supposing that a quadrillion addresses have been generated (1,000,000,000,000,000), which is many magnitudes higher than the actual number generated, anyone trying to do this would have to try over 100 decillion addresses (100,000,000,000,000,000,000,000,000,000,000,000) on average before getting a single address, and the chances that that address would contain nothing because of vanity address mining are quite huge.

I understand not assuming anything about the future's capabilities, but surely a limit must be drawn at some point, by the time we could even think to have such computational power bitcoin and everything like it (the Internet as we know it, countries, governments, the human body even) would probably be obsolete.

Basically, not worth worrying about. ECDSA is the most trusted hashing algorithm, as well, because its methods mean it can't be cracked like other hashing algorithms can, so there won't be a back door. At least not before the death of the Sun/some other incredible happening that will change humanity forever.

[Gabi]

Well do you have an algorithm that make such attack feasible with less energy and time? 

I may have one before the universe ends. Or I may have a better computer that consumes less energy.

Good luck

[bcearl]

Well do you have an algorithm that make such attack feasible with less energy and time?  

I may have one before the universe ends. Or I may have a better computer that consumes less energy.

Good luck

ECDSA -- like all crypto based on the discrete logarithm -- lives from the fact that there is no algorithm known to calculate the discrete logarithm efficiently. It is not proven to be hard. (Same is true for factorization by the way.)

[Gabi]

It should resist quantum computers too right? Unlike factorization i mean

[bcearl]

It should resist quantum computers too right? Unlike factorization i mean

No.

http://arxiv.org/abs/quant-ph/9508027