Thoughts on Satoshis Holdings and Supercomputing

[Kryptowerk]

I am fully aware this is a highly spekulative topic. So I am not expecting clear answers, but hope to get some input from people that are very familiar with how the speed of super-computers is evolving and expected to evolve over the next 10 - 50 years.
And also hear the opinion of people that have some deeper insights into exploiting hashing algorithm vulnerabilities etc.

I am wondering, if at some point in time over the next decades, it will be profitable (and possible at all), to brute-force one or more of Satoshi private keys.

Here are my thoughts:
- It seems Satoshi is supposed to have 1148800 BTC unspent Bitcoin (are there any newer numbers than from 2013?).
Source: https://bitslog.com/2013/04/17/the-well-deserved-fortune-of-satoshi-nakamoto/
Now, I am not sure, what the largest balance is, that he is holding in one address. If anyone has some date here? This would be our first factor (1).

- Even though the acceleration of computational speed has slowed down due to the fact that lower-and-lower nm technology is physically not possible any more, processors have contunied to get faster over the last years.
The second relevant factor (2) would be, how the evolution of processing speed continues over the next decades to come.
Right now there are already a ton of incredibly fast super computer all around the globe. The thought of a continuing development and the possibility to combine their processing power, gives me the impression that it might not be totally unrealistic to be able to calculate private keys at some point in time. Source: https://en.wikipedia.org/wiki/TOP500

- Supercomputer and energy to keep them running costs resources / a lot of money. So the last relevant factor would be the price per Bitcoin (3).
We have seen an incredible price development within Bitcoin's first 10 years of existence, so a BTC price of $100k or more seems quite feasible for many, looking at a time span of the next 5, 10, 20 or more years to come.

Now, what I would like to know, if we experiment with different factors for (1), (2) and (3) what are still in a realistic realm (from our current point of view and the date we have today) is it possible to reach a point within the next 10 - 50 years, where brute forcing one or some of SNs private keys will happen, because it's A) possible and B) profitable.
Really interested to hear some reasonable opinions on that topic.

Of course there are things like quantum computers and the possibility of other discoveries that might accelerate the process - but let's neglegt these totally unpredictable factors for now, just to keep this already complex topic a little more realistic.

[1715140428]

1715140428

[YuginKadoya]

The possibility for a supercomputer on the future has a high possibility and if you would look around every update on the OS and windows and programs you can see that the technology is innovating and furthering as the day progresses so a high possibility can really be possible, But forcing your way on anyone else private key cannot be possible if that private key is lost, The security and encryption with the algorithm is very delicate so just brute force, And I never heard of a smart Supercomputer to be brute forcing any secured private key, But I guess if you are talking about mining the other block that is unmined yet Well a normal desktop cannot comprehend with the workload and even with a high GPU and UMD it is not still possible, but with a dedicated mining RIG can mining a block will be a possibility but I guess in accessing a highly Supercomputer like that we already mined the last block for Bitcoin.

[BrewMaster]

(1) if he was holding all his coins in one address then there wouldn't have been this much speculation! all these speculations are based on making a guess about how many people were mining in first years then guesstimating how many blocks from early years were mined by Satoshi then multiply that by 50 (the block reward of the time) to get his total guesstimated coins.
note that each block that is mined its reward goes to a newly generated address so if we assume 1 million is correct then there are 20000+ addresses involved.

(2) as far as i know the "acceleration of computational speed" has not slowed down, it has stopped a couple of years ago. what they are doing is that they are increasing the number of cores that do the calculation at the same speed as before.
as for the question i can't answer it because it relates to solving the discrete logarithm problem that relates to elliptic curve cryptography and my information is limited on that topic.

[CryptoBry]

I am intrigue with the possibility of supercomputers with the ability to brute force private keys of bitcoin wallets. I supported one project with deals with quantum computing but rather than destroy bitcoin they will use the technology to protect it (or something to that effect). Will it be a reality one day? Or will it just be another dream that remains a distant dream? Well, only time can tell. However, I am wondering if one day supercomputers can successfully do it, will it not cause chaos and eventually bitcoin will lose its value and its price can plummet? So in the end doing this can be counter productive?

[Adriano2010]

Well even if a supercomputer appears i think will be hard to crack a private key and get because the algorithm is strong enough so can't be cracked easy, but even if will appear some problems developer of bitcoin will find a solution and supercomputer will not affect blockchain and private keys.

[squatter]

I am fully aware this is a highly spekulative topic. So I am not expecting clear answers, but hope to get some input from people that are very familiar with how the speed of super-computers is evolving and expected to evolve over the next 10 - 50 years.
And also hear the opinion of people that have some deeper insights into exploiting hashing algorithm vulnerabilities etc.

I am wondering, if at some point in time over the next decades, it will be profitable (and possible at all), to brute-force one or more of Satoshi private keys.

Absolutely. It's a matter of time, but it's very difficult to know when the breakthrough will occur. Right now, it's still all theoretical. I read an insightful and well-sourced article about when ECDSA might be broken by QC, and therefore when the early Satoshi P2PK outputs might be stolen. Read up here. This is an interesting bit:

For Bulletproofs, what matters is the Shor RSA2048 line, which is predicted to be broken in 2022–23. In fact, ECC is more vulnerable than RSA in a post-quantum world, so our discrete logarithm assumption may be broken even sooner.

Bulletproofs is a nice to have quantum vulnerable feature, although we do have other quantum vulnerable features in Bitcoin: Quantum attacks on Bitcoin, and how to protect against them.[7]

"The elliptic curve signature scheme used by Bitcoin is much more at risk and could be completely broken by a quantum computer as early as 2027, by the most optimistic estimates."

This only applies to exposed public keys (like many of the early "Satoshi coins") or addresses that have spent outputs before, but that's a significant number of coins.

[rdluffy]

I can understand you and you have the logic
But you have to consider that if you use supercomputers to crack something, the same supercomputers probably will be at BTC side, protecting the blockchain

Devs and community will keep preserving BTC integrity, no matter what, and they will use the same technology hackers probably will, so...it keeps the same as today

[squatter]

I can understand you and you have the logic
But you have to consider that if you use supercomputers to crack something, the same supercomputers probably will be at BTC side, protecting the blockchain

Devs and community will keep preserving BTC integrity, no matter what, and they will use the same technology hackers probably will, so...it keeps the same as today

It's not that simple. There's no way to "protect" vulnerable keys. Once ECDSA is broken, all exposed Bitcoin public keys are at risk. The only fix is to move vulnerable coins to new addresses and implement a new signature scheme like Lamport one-time signatures.

Since the early "Satoshi coins" are unlikely to be moved to safety, some people have suggested forking Bitcoin to make those outputs unspendable, or to recirculate them as mining rewards. Forks like this are unlikely to happen because they are so contentious, so we should be prepared for coins like this to be eventually moved and sold on the market someday.

[franky1]

as others have said. satoshi's stash is not stored on a single private key, its split up as 50coins over thousands of keys.

also by the time d-wave sort themselves out a protocol on how they are going to control their non-binary transistors the circulation of bitcoin should be diluted around a population where no one should have huge hoards in a single address to be a visual target.

[Yakamoto]

as others have said. satoshi's stash is not stored on a single private key, its split up as 50coins over thousands of keys.

also by the time d-wave sort themselves out a protocol on how they are going to control their non-binary transistors the circulation of bitcoin should be diluted around a population where no one should have huge hoards in a single address to be a visual target.

Notionally, that would make it potentially more profitable as you could find more private keys that have some coins in them, as opposed to hoping for the lottery ticket key that everyone else is also gunning for. Plus it would let people finance their operations longer as they'd be getting money in small increments as opposed to just hoping that they get the single private key that has everything in it. Kind of like mining, in a way. Do you think so many people would be mining right now if they only had the possibility of getting the remaining ~4m coins in one big sweep, with only a single winner? I think not. The time value of money is important here too.

[dothebeats]

1. No one knows how the numbers pile up exactly, but it has been long speculated that for the first year of mining bitcoin, it was only Satoshi and Hal finney, among the first few testers, were mining, and so puts their coins into such numbers.

2. Moore's law has since been broken upon the introduction of 10nm CPUs in the market. If we continue to shrink down the 7nm processors we have right now into smaller ones successfully, perhaps can bring us closer to quantum computing. By closer, I mean just a few baby steps, but not actually closer into reality.

3. I don't think anyone in their sane minds would want to run a supercomputer just to brute-force a highly speculative asset, not now, not never. It's just isn't worth it, or perhaps not really meaningful at all.

[pixie85]

Now it's almost impossible to bruteforce an address but in near future it will be possible but very expensive and time consuming. If bitcoin by that time is worth less than it is today people won't be interested in combining the most powerful computers to bruteforce satoshi's coins. If it keeps growing in value in 10 years it could be worth 100 thousand dollars. In that case it will be worth it to invest a lot of money and computing power to do it and people will try.

The reward must be worth the risk.

[TimeBits]

It is possible and it would not take as long as people think with the right gear and multibruteforce2.0 (trillions of bruteforces running at the same time putting used keys in a database so they do not check the same one)

Granted Satoshi probably has a private key mixer so the chances of this working is almost 0% but you could be the lucky .00000000000000000000000000000000000000000000000000000000000000000000000021% roller even when someone has a key mixer.

There is ways to even stop people from brute forcing.
https://bitcointalk.org/index.php?topic=5141142.60 see the 2nd last post here by me.

[Astvile]

Well lets lets super /quantum computers bruteforcing cracking Nakamotos wallet is pretty possible in the future.But will consume alot of time/resources running super computers just like what you mentioned.This will take a long time depending on how long the key was and the combinations.If bitcoin will continue to rise to more than $100k and if someone would invest on supercomputers to crack nakamotos wallet it is profitable,but bigger chance to lose too if you cant sustain your machine 24/7.
Even computers with high processing process takes days cracking a single password,how about a private key with unique and abundance of letters and patterns to scan.

[pooya87]

3. I don't think anyone in their sane minds would want to run a supercomputer just to brute-force a highly speculative asset, not now, not never. It's just isn't worth it, or perhaps not really meaningful at all.

it is also a matter of cost versus reward. if someone in the future attempts this and succeeds then they would be breaking the security of the coin they receive and they become worthless because people either won't pay for it anymore or the network will prevent spending those outputs.

[rdluffy]

I can understand you and you have the logic
But you have to consider that if you use supercomputers to crack something, the same supercomputers probably will be at BTC side, protecting the blockchain

Devs and community will keep preserving BTC integrity, no matter what, and they will use the same technology hackers probably will, so...it keeps the same as today

It's not that simple. There's no way to "protect" vulnerable keys. Once ECDSA is broken, all exposed Bitcoin public keys are at risk. The only fix is to move vulnerable coins to new addresses and implement a new signature scheme like Lamport one-time signatures.

Since the early "Satoshi coins" are unlikely to be moved to safety, some people have suggested forking Bitcoin to make those outputs unspendable, or to recirculate them as mining rewards. Forks like this are unlikely to happen because they are so contentious, so we should be prepared for coins like this to be eventually moved and sold on the market someday.

There's no way to "protect" vulnerable keys yet
Things works for both sides, devs can do something we never think to protect this vulnerable keys, like you said

[figmentofmyass]

3. I don't think anyone in their sane minds would want to run a supercomputer just to brute-force a highly speculative asset, not now, not never. It's just isn't worth it, or perhaps not really meaningful at all.

it is also a matter of cost versus reward. if someone in the future attempts this and succeeds then they would be breaking the security of the coin they receive and they become worthless because people either won't pay for it anymore or the network will prevent spending those outputs.

i don't think it would become worthless. this is already a well known problem and the market is pricing it in. when the current signature algorithm is broken, the developers are going to implement a new quantum resistant signature scheme.

there's no saving satoshi's coins though. if somebody had the means to crack many of the early coins, why wouldn't they quickly sell some while prices are high? it'll happen eventually.

[pooya87]

3. I don't think anyone in their sane minds would want to run a supercomputer just to brute-force a highly speculative asset, not now, not never. It's just isn't worth it, or perhaps not really meaningful at all.

it is also a matter of cost versus reward. if someone in the future attempts this and succeeds then they would be breaking the security of the coin they receive and they become worthless because people either won't pay for it anymore or the network will prevent spending those outputs.

i don't think it would become worthless. this is already a well known problem and the market is pricing it in. when the current signature algorithm is broken, the developers are going to implement a new quantum resistant signature scheme.

there's no saving satoshi's coins though. if somebody had the means to crack many of the early coins, why wouldn't they quickly sell some while prices are high? it'll happen eventually.

movement of those coins will cause a ton of drama and drama causes panic and that causes a drop. and since from the time those coins move until the time they reach exchanges and confirm (usually 6+) it takes enough time to affect the market. and that is if we assume the exchange is not going to block that account that tried selling those coins for further investigation.

[figmentofmyass]

i don't think it would become worthless. this is already a well known problem and the market is pricing it in. when the current signature algorithm is broken, the developers are going to implement a new quantum resistant signature scheme.

there's no saving satoshi's coins though. if somebody had the means to crack many of the early coins, why wouldn't they quickly sell some while prices are high? it'll happen eventually.

movement of those coins will cause a ton of drama and drama causes panic and that causes a drop. and since from the time those coins move until the time they reach exchanges and confirm (usually 6+) it takes enough time to affect the market. and that is if we assume the exchange is not going to block that account that tried selling those coins for further investigation.

most exchanges credit deposits after 1-3 confirmations. and i don't see a legit reason why they should be blocking deposits of old mined coins.

sure, satoshi coins moving would affect the market and cause some panic. that doesn't mean the market would hit $0 in 15 minutes and stay there.

if your choice is between "nothing" and "owning/selling satoshi coins" i'm sure someone with the means will choose to take the satoshi coins, even if the price crashes afterwards. it's better than nothing, and a rational assessment says that if they don't take them, someone else will.

[squatter]

It's not that simple. There's no way to "protect" vulnerable keys. Once ECDSA is broken, all exposed Bitcoin public keys are at risk. The only fix is to move vulnerable coins to new addresses and implement a new signature scheme like Lamport one-time signatures.

Since the early "Satoshi coins" are unlikely to be moved to safety, some people have suggested forking Bitcoin to make those outputs unspendable, or to recirculate them as mining rewards. Forks like this are unlikely to happen because they are so contentious, so we should be prepared for coins like this to be eventually moved and sold on the market someday.

There's no way to "protect" vulnerable keys yet
Things works for both sides, devs can do something we never think to protect this vulnerable keys, like you said

We can fork the protocol to make the outputs unspendable, but that's a very slippery slope. Such a move ultimately destroys Bitcoin's "censorship resistance." What if those were your coins, and the network essentially stole your money?

We can't even say for sure which coins were Satoshi's. It's a guessing game. We'd essentially be punishing people who saved their coins and didn't move them. That doesn't seem right. They should still be able to access their own coins, even if that means leaving them vulnerable to attack.