Are bitcoins indestructible?

[DeathAndTaxes]

How do people know somebody doesn't have the private key to that [1BitcoinEaterAddressDontSendf59kuE] address all along and they're just sitting on the coins?

Because the person that created the address 1BitcoinEaterAddressDontSendf59kuE never had the private key.  They simply started with the string "1BitcoinEaterAddressDontSend" and then added the correct checksum "f59kuE" onto the end of the string (it is a bit more complicated than that but you get the point).

Since they never had the private key no one will ever have the private key so any coins sent to that address are lost forever.

My question is how do you know what to add to the end?

Compute the checksum of the pubkeyhash. 

https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses
Take a look at steps #4 to #7.

[1713403345]

1713403345

[1713403345]

1713403345

[1713403345]

1713403345

[kazzy]

I'm pretty sure someone will figure bitcoin's cryptograhy in the future. Maybe the second coming of Jesus would? 

[CoinGeneral]

It's impossible to send them to an invalid address, BUT it's entirely possible to send them to an address for which no one has the key.

Take for example: 1BitcoinEaterAddressDontSendf59kuE

Check it out on blockchain. If you can brute force the private key, the coins are yours. Is it impossible? Theoretically, no, but practically...

Let's say you had a super computer that was guessing 999 trillion keys per second. It would take you 3.5 billion years to exhaust just 10% of the keyspace, which means in 3.5 billion years you would have a 10% chance of having guessed the key. Good luck with those odds!

Actually - given enough time - is it theoretically possible to crack the private key to that address?

I mean in the future computers will be 1000x more powerful than they are today.

Will our brains be blown out of our bodies?

[Syke]

Actually - given enough time - is it theoretically possible to crack the private key to that address?

No.

[Dabs]

I think the answer is yes. Theoretically. Enough time means a few billion years using the latest computer technology a million years in the future, that is a trillion times faster than all the fastest super computers combined in existence.

Practically, No.

But we're being pedantic here.

[kjj]

It's impossible to send them to an invalid address, BUT it's entirely possible to send them to an address for which no one has the key.

Take for example: 1BitcoinEaterAddressDontSendf59kuE

Check it out on blockchain. If you can brute force the private key, the coins are yours. Is it impossible? Theoretically, no, but practically...

Let's say you had a super computer that was guessing 999 trillion keys per second. It would take you 3.5 billion years to exhaust just 10% of the keyspace, which means in 3.5 billion years you would have a 10% chance of having guessed the key. Good luck with those odds!

Actually - given enough time - is it theoretically possible to crack the private key to that address?

I mean in the future computers will be 1000x more powerful than they are today.

Will our brains be blown out of our bodies?

See Syke's answer.

Also:

private key is a 256 bit integer.
public key is a pair of 256 bit integers giving the (x,y) coordinates of a point, or a single 256 bit x coordinate and a parity bit used to reconstruct y.
address is a hash of the public key.

The bitcoin eater was made at step 3.  Because it was made at step 3, we don't know if there are any points on our curve that can be hashed to give that address.  This point isn't well understood around here.

[cczarek123]

i don't see how you could say they are indestructible.. the blockchain relies on the users who download them. it could go FUBAR with a 51% attack, no?

[pand70]

Actually - given enough time - is it theoretically possible to crack the private key to that address?

I mean in the future computers will be 1000x more powerful than they are today.

Will our brains be blown out of our bodies?

This is something that is addressed many times before. While the obvious answer is yes there are some physical limitations that don't allow something like it to happen. In quantum physics though seems possible.

[BurtW]

I think the answer is yes. Theoretically. Enough time means a few billion years using the latest computer technology a million years in the future, that is a trillion times faster than all the fastest super computers combined in existence.

Practically, No.

But we're being pedantic here.

Physics says NO.  READ the post right above yours.

private key is a 256 bit integer.
public key is a pair of 256 bit integers giving the (x,y) coordinates of a point, or a single 256 bit x coordinate and a parity bit used to reconstruct y.
address is a hash of the public key.

The bitcoin eater was made at step 3.  Because it was made at step 3, we don't know if there are any points on our curve that can be hashed to give that address.  This point isn't well understood around here.

I believe that given there will be on average 2⁹⁶ public keys per Bitcoin address we can be fairly certain there is at least one public key that hashes to any given address, including this one.

[kjj]

I believe that given there will be on average 2⁹⁶ public keys per Bitcoin address we can be fairly certain there is at least one public key that hashes to any given address, including this one.

You are assuming a uniform distribution in the output of the hash functions.  This is something that we hope is true, but don't really know.

[BurtW]

I believe that given there will be on average 2⁹⁶ public keys per Bitcoin address we can be fairly certain there is at least one public key that hashes to any given address, including this one.

You are assuming a uniform distribution in the output of the hash functions.  This is something that we hope is true, but don't really know.

That is why I said on average and fairly certain.

[DeathAndTaxes]

Actually - given enough time - is it theoretically possible to crack the private key to that address?

I mean in the future computers will be 1000x more powerful than they are today.

Will our brains be blown out of our bodies?

This is something that is addressed many times before. While the obvious answer is yes there are some physical limitations that don't allow something like it to happen. In quantum physics though seems possible.

Exactly.  As the quote in the "star image" was mine, I want to avoid it being taken out of context.  As you point out if you can't go through the wall there may be other ways around it.   The quote only deals with brute forcing a 256 bit key (and subsequently to writing that quote I have learned that a 256 bit ECDSA key only has 128 bit strength against brute force attack although that doesn't materially change the scenario in the quote).  It only deals with a brute force attack and I wrote it because I got tired of all the "what if computers get faster can someone hack Bitcoin questions".  Still it is important to keep in mind that there are other attack vectors which don't deal with a classical brute force (and the physics problems that accompany it).

If you wanted to gain access to coins at a random Bitcoin address there are three attack vectors:

• Brute force attack on all the private keys used in the Bitcoin network = infeasible given the time and energy requirements (the "star quote").
• Exploit a cryptographic flaw in ECDSA, RIPEMD-160, and/or SHA-256 = no such known flaw exists at this time and may not exist in our lifetime.
• Use a general Purpose quantum computer capable of implementing Shor's algorithm = may not ever be possible or if possible the time until a GPQC with 40,000+ qubits is indeterminable.

All three are infeasible right now, only the first one is beyond the limits of physics the other two simply don't exist right now.  Maybe they will exist next year, maybe not for a thousand years but we do know that they are possible on a long enough timeline.  The good news is that Bitcoin is extensible and long before either cryptoanalysis or quantum computing make an attack economical or practical Bitcoin can be extended to new stronger address types including ones which are quantum computing resistant.  People can transfer funds to the new addresses and avoid the attack vector (for another century or so).  Of course funds for which there is no known private key ("lost coins") could at least in theory be reclaimed because they won't be moved to the stronger address scheme but it won't be as some incorrectly believe "because computers get faster".

[DeathAndTaxes]

I believe that given there will be on average 2⁹⁶ public keys per Bitcoin address we can be fairly certain there is at least one public key that hashes to any given address, including this one.

You are assuming a uniform distribution in the output of the hash functions.  This is something that we hope is true, but don't really know.

That is why I said on average and fairly certain.

Agreed.  

It is possible that SHA-256 or RIPEMD-160 have undesirable characteristics which result in a non uniform distribution of messages to digests but at this time both algorithms are seen as a good approximation of the random oracle so there is no reason to assume that until facts suggest otherwise.  Even if future cryptanalysis shows that they have a non-uniform distribution it would have to be incredibly non-uniform to affect the probability that at least one valid PubKey hashes to that PubKeyHash in any meaningful way.  You corrected me on a similar statement I on reflection I agree.

Saying we "hope" is exaggerated; it is like saying Bitcoin users are just hoping nobody generates their private key and steals their coins thus the whole Bitcoin network runs on "hope".  Cryptography is always based on probabilities however we use really really reallly really really large numbers so the probability of certain events approaches 1 or approaches 0 but never is known to be 1 or 0 before the event.    In theory I could randomly bang on my keyboard right now and produce a private key which allows me to impersonate Google's SSL cert on the first attempt.  It "could" happen but Google doesn't really need to "hope" it doesn't happen because while the odds are not 0 they are for all practical purposes ~0.

Of course I think the best way to sum it up is that if I ever notice funds are transferred out of the "Bitcoin Eater" address I am selling coins first and asking questions second. It is a good canary in the Bitcoin mine.

[Trongersoll]

Yes, Bitcoins can be destroyed. The release of a world wide Electro-Magtnetic Pulse could destroy them all, but bitcoin would be the least of our worries. 

[kjj]

Saying we "hope" is exaggerated; it is like saying Bitcoin users are just hoping nobody generates their private key and steals their coins thus the whole Bitcoin network runs on "hope".  Cryptography is always based on probabilities however we use really really reallly really really large numbers so the probability of certain events approaches 1 or approaches 0 but never is known to be 1 or 0 before the event.    In theory I could randomly bang on my keyboard right now and produce a private key which allows me to impersonate Google's SSL cert on the first attempt.  It "could" happen but Google doesn't really need to "hope" it doesn't happen because while the odds are not 0 they are for all practical purposes ~0.

The difference is that an address derived from a key is known to have a matching pubkey and a matching privkey.  If we ignore physics and math, someone searching all possible private keys will find at least one that matches the address in my signature, eventually.  Will they also find a key that can spend the bitcoin eater?  How about the key to 1111111111111111111114oLvT2 or 1QLbz7JHiBTspS962RLKV8GndWFwi5j6Qr?  No one knows.

Those last two should make you pause, and that is why I consider coins sent to them to have a higher level of destroyedness than bitcoins sent to addresses for which the key has merely been lost.

Of course I think the best way to sum it up is that if I ever notice funds are transferred out of the "Bitcoin Eater" address I am selling coins first and asking questions second. It is a good canary in the Bitcoin mine.

Indeed.

[BurtW]

How about the key to 1111111111111111111114oLvT2 or 1QLbz7JHiBTspS962RLKV8GndWFwi5j6Qr?  No one knows.

Those last two should make you pause, and that is why I consider coins sent to them to have a higher level of destroyedness than bitcoins sent to addresses for which the key has merely been lost.

I totally agree, but those addresses are special corner cases.  They are in a class all by themselves and it would be pretty hard to argue that 1BitcoinEaterAddressDontSendf59kuE belongs to the same class as those two addresses, right?

[kjj]

How about the key to 1111111111111111111114oLvT2 or 1QLbz7JHiBTspS962RLKV8GndWFwi5j6Qr?  No one knows.

Those last two should make you pause, and that is why I consider coins sent to them to have a higher level of destroyedness than bitcoins sent to addresses for which the key has merely been lost.

I totally agree, but those addresses are special corner cases.  They are in a class all by themselves and it would be pretty hard to argue that 1BitcoinEaterAddressDontSendf59kuE belongs to the same class as those two addresses, right?

If you go by Kolmogorov complexity, all zeroes and all ones are the two minima, but the bitcoin eater is much closer to them than it is to "normal" addresses, or even to the best vanity addresses found so far.

[pand70]

Why do we even talk about the bitcoineaterblablabla address? It's an address without the private key like so many others that people lost their keys already 

[BurtW]

Why do we even talk about the bitcoineaterblablabla address? It's an address without the private key like so many others that people lost their keys already 

Because these addresses pertain to the question of the thread.

[taltamir]

I don't understand what destructibility has to do with the tulip bulb bubble. That was simply a case of a fashion item based bubble.