How to steal Satoshi's stash?

[brokedummy]

Step one: Find Chuck Norris
Step two: Get Chuck Norris to guess private keys on first try
.
.
.
Profit.

[Klestin]

I have an issue with this, why can that picture use a Dyson sphere which is theoretically doable if we have the technology, but it cant be bothered to add in a quantum computer which is being actively worked on right now by governments and corporations?

Quantum computers are not magical, and still must adhere to the physical laws of the universe.  The text explains that their calculation depends on us inventing a computer circuit that can flip a bit using the smallest possible energy. They're not stacking up pentiums here, they're talking silly, near-magical "perfect" devices. 

[lnternet]

I have made a list of possible private keys of Satoshi. I will email them to anyone, just send me a PM.

[Lauda]

I have an issue with this, why can that picture use a Dyson sphere which is theoretically doable if we have the technology, but it cant be bothered to add in a quantum computer which is being actively worked on right now by governments and corporations?

The picture is of the sun.  It is not known if a quantum computer capable of implementing shor's algorithm on 256 bit ECDSA keys will ever be possible.  Even with a quantum computer if the pubkey is unknown Shor's algorithm can't be used.

It won't.

[S4VV4S]

Step one: Find Chuck Norris
Step two: Get Chuck Norris to guess private keys on first try
.
.
.
Profit.

I already asked him and he said he won't do it.
When I asked why he said: Because I am Satoshi!!!!!

 

[pozmu]

Also, would mining pools be able to push to their clients a script to find those public and private keys? These pools have nowadays an enormous calculation power.

They could just fork Bitcoin code and add a rule that coins not moved for XX days/months/years are taken and put back to the pool of minable coins - I've seen some alt-coin proposing this.

[DeathAndTaxes]

Also, would mining pools be able to push to their clients a script to find those public and private keys? These pools have nowadays an enormous calculation power.

They could just fork Bitcoin code and add a rule that coins not moved for XX days/months/years are taken and put back to the pool of minable coins - I've seen some alt-coin proposing this.

Sure and 99.999999999999999999999999999999% of Bitcoin clients would simply see those as invalid blocks.  Miners which mine on that fork will end up with worthless coins and miners which remain on the real Bitcoin network will get more coins.

[DeathAndTaxes]

I have an issue with this, why can that picture use a Dyson sphere which is theoretically doable if we have the technology, but it cant be bothered to add in a quantum computer which is being actively worked on right now by governments and corporations?

Quantum computers are not magical, and still must adhere to the physical laws of the universe.  The text explains that their calculation depends on us inventing a computer circuit that can flip a bit using the smallest possible energy. They're not stacking up pentiums here, they're talking silly, near-magical "perfect" devices.  

That isn't exactly true.  As a simplistic answer the way QC work is they aren't "faster" they make the problem shorter/simpler.  So while thermodynamics can't be bypassed, finding a solution will require less "work" than in classical computing.   Still IIRC the larger number which has been factored using QC was something like 117 and it took nine days.  Wake me up when someone can factor 32 bit numbers much less 2048 bit ones.

[kuroman]

I don't understand how people claims that it will take thousands of year to crack the private key of a wallet. While yes with today computers or even clusters, it will take a thousands of years, I'm pretty sure that in a 20 years from now it will be a matter of days if not hours.

If we look at our computing power in the 60 and compare to the 80s, the whole computing power in a Saturn V rocket and the lunar module could fit in less than an Apple computer of the time, and if we compare the computing power of the 80s (Cray for example) with late 90s and easly 2000s, the power of supercomputer of the time could be assimilated to the power of a single chip, and between late 90s and nowadays is even more.... well lets put it this way, the faster supercomputer of 2000 in terms FLOPS was IBM ASCI White with it stagering 7.226 TFLOPS !! Well that's less than last year 7990 a Dual slot graphic card that you can set on your personnal desktop.

This without taking into consideration, alghorithms breakthrough or technological ones such as Quantum computing, hybrid system or even on the basic level, moving from Silicon to graphen would have a huge impact!

[DeathAndTaxes]

I don't understand how people claims that it will take thousands of year to crack the private key of a wallet. While yes with today computers or even clusters, it will take a thousands of years, I'm pretty sure that in a 20 years from now it will be a matter of days if not hours.

You (like most people) have difficulty grasping how large 2^256 is (or even 2^128 which is the effective security of 256 bit ECDSA keys).   The 128 bit or 256 bit seems deceptively small.   Nobody credible is saying classical computers could brute force keys in thousands of years..... it would be billions of years using all the energy of our sun.  That also assumes you have a perfect computer.

This without taking into consideration, alghorithms breakthrough or technological ones such as Quantum computing, hybrid system or even on the basic level, moving from Silicon to graphen would have a huge impact!

None of those (except QC) would do anything more than switching from a teaspoon to a bucket when trying to empty an ocean.  

The only way a ECDSA private key will be successfully attacked is:
a) The private key isn't random enough (insufficient entropy due to flaw in PRNG)
b) ECDSA is cryptographically weakened/broken.
c) It becomes possible to build a QC with the tens of thousands of qubits necessary to implement Shor's algorithm against a 256 bit ECDSA public key (and public key is known).

[AT101ET]

Do we actually know where his BTC are?
Its just a guess. What proof do we have that they are his/hers/theirs?
Regardless of that, why would you want to steal his stash.
Satoshi started it, and i'm sure he can finish it if he wanted to.
And anyway, stealing is wrong!

[jonald_fyookball]

I don't understand how people claims that it will take thousands of year to crack the private key of a wallet. While yes with today computers or even clusters, it will take a thousands of years, I'm pretty sure that in a 20 years from now it will be a matter of days if not hours.

You (like most people) have difficulty grasping how large 2^256 is (or even 2^128 which is the effective security of 256 bit ECDSA keys).   The 128 bit or 256 bit seems deceptively small.   Nobody credible is saying classical computers could brute force keys in thousands of years..... it would be billions of years using all the energy of our sun.  That also assumes you have a perfect computer.

This without taking into consideration, alghorithms breakthrough or technological ones such as Quantum computing, hybrid system or even on the basic level, moving from Silicon to graphen would have a huge impact!

None of those (except QC) would do anything more than switching from a teaspoon to a bucket when trying to empty an ocean.  

The only way a ECDSA private key will be successfully attacked is:
a) The private key isn't random enough (insufficient entropy due to flaw in PRNG)
b) ECDSA is cryptographically weakened/broken.
c) It becomes possible to build a QC with the tens of thousands of qubits necessary to implement Shor's algorithm against a 256 bit ECDSA public key (and public key is known).

Care to give us a layman's explanation of Shor's algorithm?  Also, I thought the public keys were the same as the bitcoin address?
thanks!

[kuroman]

You (like most people) have difficulty grasping how large 2^256 is (or even 2^128 which is the effective security of 256 bit ECDSA keys).   The 128 bit or 256 bit seems deceptively small.

 

As a math literate person I do gasp how huge 2^256 is.

Nobody credible is saying classical computers could brute force keys in thousands of years..... it would be billions of years using all the energy of our sun.  That also assumes you have a perfect computer.

And I do agree with this as in TODAY, the math is simple, our most powerfull supercomputers calculates in 30sh PFlops that's about 30x10^15 Flops Time in year = 3600x(24x365+6) = 31557600s and 2^256 ~ 1.14x10^77 so it will take to crack it with the usumption that it will require 100Flops per combination = 1.14x10^79/(31557600x30x10^15) =~ 1.20x10^55 years !

BUT THAT'S NOT THE POINT! My point is if you consider only classical computing in the last 30 years we've moved from KiloFlops to PentaFlops or 10^15Flops in terms of processing power, it is easy to assume that in the next few decades, we can easly achieve 10^30 / 10^40 (we've already gone past the point of cracking 2^128 or 128bits in a few seconds) and it will reach eventually 10^70+. In the 80/90s people (like you) were claiming 56 bit encryption was impossible to crack, and you know what, it takes like 3s and less to break with our current supercomputers!
And this doesn't take into consideration Alghorithm break trought as I mentioned, even the current classic computer with the proper alghorithms can simulate Quantum computers and have similar results in some areas for example......... Now if you add in the mix Quantum computing which will bring computing to a whole other level as the potentiel from a dozen of Qubit and the impact they have is already being proven.

None of those (except QC) would do anything more than switching from a teaspoon to a bucket when trying to empty an ocean.  

Wrong as proven above.

a) The private key isn't random enough (insufficient entropy due to flaw in PRNG)
b) ECDSA is cryptographically weakened/broken.
c) It becomes possible to build a QC with the tens of thousands of qubits necessary to implement Shor's algorithm against a 256 bit ECDSA public key (and public key is known).

It's not limited to this as proven above but :
a = Possible as proven with AES thanks to NSA Middeling
b = Possible
c = it will happen in the next decade or the one folowing, considering we've moved from 4 Qubits to 128 in a very short laps of time heck Dwave just released a 512 Qbits Processor and they claim to have a 1000 Qubits in their lab ready to roll
http://www.washingtonpost.com/blogs/the-switch/wp/2014/01/10/this-company-sold-google-a-quantum-computer-heres-how-it-works/

Also the Shor Alghorithm is not the most efficient Alghrorithm beyond 600 Qubits in comparaison to Fourier Transform
On one hand factoring and calculation logs and the other the usual linear transform that can be decomposed to I or Unitary Matrix, which Qubits likes.

[tkbx]

Hello!

This is just for educational purposes. We know that Satoshi has an enormous amount of bitcoins and that he has not moved them for a long time. I think we also know the bitcoin addresses containing those bitcoins.

What if someone wanted to steal those bitcoins? They would need both the public key and private key of the address. I know that it would take an enormous amount of time but is this technically doable?

Also, would mining pools be able to push to their clients a script to find those public and private keys? These pools have nowadays an enormous calculation power.

Good luck. If I recall correctly, there are more possible private keys than atoms on earth. If everyone on Earth had a copy of the world's most powerful supercomputer for free, and they were all trying to crack the same address 24/7 with their supercomputer, it would still take too long for anyone who started the process to ever live to see the address be cracked.

[jonald_fyookball]

it is easy to assume that in the next few decades, we can easly achieve 10^30 / 10^40 (we've already gone past the point of cracking 2^128 or 128bits in a few seconds) and it will reach eventually 10^70+.

Are you sure?  don't we start to hit the limits of the speed of light and how many atoms thin we can go on a chip, etc...
we can't just keep adding zeros like that... we hit physical limitations

[kuroman]

it is easy to assume that in the next few decades, we can easly achieve 10^30 / 10^40 (we've already gone past the point of cracking 2^128 or 128bits in a few seconds) and it will reach eventually 10^70+.

Are you sure?  don't we start to hit the limits of the speed of light and how many atoms thin we can go on a chip, etc...
we can't just keep adding zeros like that... we hit physical limitations

Actually we can thanks to technological breaktrought, In classical computing , moving from Silicon to Graphen will help to keep us in the moor law for the two decades at least, the problem when will reach the point where quantum mechanics effect will start to manifest in terms of die shrink and this is one of the reason we are moving to Quantum computing where todays issue is the opposite

[Remember remember the 5th of November]

Hello!

This is just for educational purposes. We know that Satoshi has an enormous amount of bitcoins and that he has not moved them for a long time. I think we also know the bitcoin addresses containing those bitcoins.

What if someone wanted to steal those bitcoins? They would need both the public key and private key of the address. I know that it would take an enormous amount of time but is this technically doable?

Also, would mining pools be able to push to their clients a script to find those public and private keys? These pools have nowadays an enormous calculation power.

Good luck. If I recall correctly, there are more possible private keys than atoms on earth. If everyone on Earth had a copy of the world's most powerful supercomputer for free, and they were all trying to crack the same address 24/7 with their supercomputer, it would still take too long for anyone who started the process to ever live to see the address be cracked.

Actually, nearly as many atoms in the entire universe if I remember correctly. So earth is just a small number of atoms compared to the priv keys.

[vinipoars]

I'm renting my quantum miner. Please, deposit 10000 BTC to the adress below and we'll do the job.
 

[kuroman]

I'm renting my quantum miner. Please, deposit 10000 BTC to the adress below and we'll do the job.
 

Hello borther from the future, if you can go back in time why don't you just start mining with Nakamoto when he released the code, you'll probably be riched if you just want bitcoins

[DeathAndTaxes]

BUT THAT'S NOT THE POINT! My point is if you consider only classical computing in the last 30 years we've moved from KiloFlops to PentaFlops  ..  it is easy to assume that in the next few decades, we can easly achieve 10^30 / 10^40

Which is still essentially nothing.  For classical computing you move the timescale from quadrillions of years down to only millions of years.  Congratulations.  

(we've already gone past the point of cracking 2^128 or 128bits in a few seconds)

No we haven't, no key with 128 bit strength has been brute forced. You can't simply compare key size.  A 256 bit ECC key has equivalent strength to a 3,072 bit RSA key and a 128 bit symmetric key/hash.  You may be talking about some individual algorithms being cryptographically broken, it is hard to tell because you are all over the place.  I already pointed out that is possible but it has nothing to do with

In the 80/90s people (like you) were claiming 56 bit encryption was impossible to crack, and you know what, it takes like 3s and less to break with our current supercomputers!

No people like me would have been warning that 56 bits was insufficient due to the fact that it was within 1000x of what current computing power was capable of.  That is a far cry from saying 128 bit key strength is secure because it uses energy on a scale that would make brute infeasible.   If we pretend the entire Bitcoin network (30 PH/s) "could" brute force symmetric keys at the same speed instead it would be able to brute force an 80 bit symmetric key in about one year.  If it was 1000x more powerful it could brute force a 96 bit symmetric key in about a century.  If it was a million times powerful it would still take on average a millennium to brute force a 128 bit symmetric key.  To do it in a year would require a system which is a billion times more powerful.

None of those (except QC) would do anything more than switching from a teaspoon to a bucket when trying to empty an ocean.  

Wrong as proven above.

Proven doesn't mean what you think it means.  Proven doesn't mean spouting out false statements, gibberish, and strawmen.

[regarding 40,000 qubit computer] it will happen in the next decade or the one folowing, considering we've moved from 4 Qubits to 128 in a very short laps of time heck Dwave just released a 512 Qbits Processor and they claim to have a 1000 Qubits in their lab ready to roll

Dwave's system is not capable of implementing Shor's algorithm.  It uses a process called quantum annealing.  Quantum Computing isn't some super duper magical bullet which solves all problems all the time.   Quantum annealing is a pretty cool concept for solving certain types of problems like pathfinding, simulating organic processes, network optimization, etc.   It is completely useless for the purposes of breaking cryptographic keys.

On the progress of building a true general purpose quantum computer capable of implementing shor's algorithm the progress has been very slow.  15 was factored in 2001 using Shor's algorithm and a 4 qubits QC.  By 2012 that had progressed to factoring 21 in using 5 qubits.  One estimate for the total physical qubits (including circuits for error control and correction) necessary for breaking 256 bit ECC is on the order of 40,000 qubits.  We went from 4 to 5 in the space of a decade and the "finish line" is 40,000 qubits.  That could be doubled by switching to a 512 bit curve.  Quantum Decoherence is a bitch.  

The problem becomes increasingly difficult as the size of the computer grows.  It may not be possible to accomplish that in our lifetimes.  Wake me up when someone factors 32 bit number using quantum computing.  If QC becomes a credible threat Bitcoin can evolve to addresses which use post-quantum cryptography.