How hard would it be to brute force an address. (Numerically)

[BlackHatCoiner]

All possible combinations of a base58 (p2sh) address are 60^33 (= 47751966659678405306351616000000000000000000000000000000000)

Why 60^33? There are 64 characters (letters plus numbers), but bitcoin addresses don't have zeros (0), capital omikrons (O), l (small L) and I (capital of i) so they wouldn't confuse the people. A base58 (p2sh) address has 34 total characters, minus the first letter that it's always "3", we have 33 characters.

Thus, 60^33.

I'm not gonna tell you that brute forcing an address and actually succeeding is a miracle, because, hehe, you already knew it. 

Although, I would like to show you what are the odds of succeeding with fewer characters, by taking a computer that makes 1M hashes per second.
This is the address I'm gonna focus: 3D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r. Now let's remove the first letter, because it will always be the same:

D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r

The first 3 letters of the address would take 120.000 hashes to make them, which is less than a second for the mentioned computer. Now, let the fun begin:

D2oe would take: 12 seconds (12960000 hashes)
D2oet would take: 13 minutes (777600000 hashes)
D2oetd would take: 13 hours (46656000000 hashes)
D2oetdN would take: 1 month (2799360000000 hashes)
D2oetdNu would take: 5.4 years (167961600000000 hashes)
D2oetdNuZ would take: 324 years (10077696000000000 hashes)
D2oetdNuZU would take: 19,440 years (604661760000000000 hashes)
D2oetdNuZUq would take: 1,166,400 years (36279705600000000000 hashes)
D2oetdNuZUqQ would take: 69,984,000 years (2176782336000000000000 hashes)
D2oetdNuZUqQH would take: 4,199,040,000 years (130606940160000000000000 hashes)
D2oetdNuZUqQHP would take: 251,942,400,000 years (7836416409600000000000000 hashes)
D2oetdNuZUqQHPJ would take: 15,116,544,000,000 years (470184984576000000000000000 hashes)
D2oetdNuZUqQHPJm would take: 906,992,640,000,000 years (28211099074560000000000000000 hashes)
D2oetdNuZUqQHPJmc would take: 54,419,558,400,000,000 years (1692665944473600000000000000000 hashes)
D2oetdNuZUqQHPJmcM would take: 3,265,173,504,000,000,000 years (101559956668416000000000000000000 hashes)
D2oetdNuZUqQHPJmcMD would take: 195,910,410,240,000,000,000 years (6093597400104960000000000000000000 hashes)
D2oetdNuZUqQHPJmcMDD would take: 11,754,624,614,400,000,000,000 years (365615844006297600000000000000000000 hashes)
D2oetdNuZUqQHPJmcMDDH would take: 705,277,476,864,000,000,000,000 years (21936950640377856000000000000000000000 hashes)
D2oetdNuZUqQHPJmcMDDHY would take: 42,316,648,611,840,000,000,000,000 years (1316217038422671360000000000000000000000 hashes)
D2oetdNuZUqQHPJmcMDDHYo would take: 2,538,998,916,710,400,000,000,000,000 years (78973022305360281600000000000000000000000 hashes)
D2oetdNuZUqQHPJmcMDDHYoq would take: 152,339,935,002,624,000,000,000,000,000 years (4738381338321616896000000000000000000000000 hashes)
D2oetdNuZUqQHPJmcMDDHYoqk would take: 9,140,396,100,157,440,000,000,000,000,000 years (284302880299297013760000000000000000000000000 hashes)
D2oetdNuZUqQHPJmcMDDHYoqky would take: 548,423,766,009,446,400,000,000,000,000,000 years (17058172817957820825600000000000000000000000000 hashes)
D2oetdNuZUqQHPJmcMDDHYoqkyN would take: 32,905,425,960,566,784,000,000,000,000,000,000 years (1023490369077469249536000000000000000000000000000 hashes)
D2oetdNuZUqQHPJmcMDDHYoqkyNV would take: 1,974,325,557,634,007,040,000,000,000,000,000,000 years (61409422144648154972160000000000000000000000000000 hashes)
D2oetdNuZUqQHPJmcMDDHYoqkyNVs would take: 118,459,533,458,040,422,400,000,000,000,000,000,000 years (3684565328678889298329600000000000000000000000000000 hashes)
D2oetdNuZUqQHPJmcMDDHYoqkyNVsF would take: 7,107,572,007,482,425,344,000,000,000,000,000,000,000 years (221073919720733357899776000000000000000000000000000000 hashes)
D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk would take: 426,454,320,448,945,520,640,000,000,000,000,000,000,000 years (13264435183244001473986560000000000000000000000000000000 hashes)
D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9 would take: 25,587,259,226,936,731,238,400,000,000,000,000,000,000,000 years (795866110994640088439193600000000000000000000000000000000 hashes)

And finally, the entire address would take: 1,535,235,553,616,203,874,304,000,000,000,000,000,000,000,000 years to be brute forced successfully, which is equal with: 47751966659678405306351616000000000000000000000000000000000 hashes.

Technically, I think it would be easier to add 1000 new blocks to the blockchain within 3 seconds than succeeding on something that big.

Please correct me if I've made a big mistake. This post is a bit useless, because you already knew how hard is to guess/brute force an address, but I would like to show you how impossible it is with numbers.

[odolvlobo]

All possible combinations of a base58 (p2sh) address are 60^33 (= 47751966659678405306351616000000000000000000000000000000000)

Why 60^33? There are 64 characters (letters plus numbers), but bitcoin addresses don't have zeros (0), capital omikrons (O), l (small L) and I (capital of i) so they wouldn't confuse the people. A base58 (p2sh) address has 34 total characters, minus the first letter that it's always "3", we have 33 characters.

Thus, 60^33.

There are a few issues with your premises.

First, there are 58 characters, not 60. That's why it's called base-58.
Second, not all combinations of characters is possible. Note that several of the characters encode the checksum and so are dependent on the other characters.
Third, the precise number of addresses is 2¹⁶⁰ because an address is an encoding of a 160-bit number (plus the metadata).

Given all that, your character by character analysis is valid, though the numbers are not accurate.

[BlackHatCoiner]

Why 58? What are the 2 characters that get skipped?

[odolvlobo]

Why 58? What are the 2 characters that get skipped?

26 (a-z) + 26 (A-Z) + 10 (0-9) - 4 (0OlI) = 58

[BlackHatCoiner]

Why 58? What are the 2 characters that get skipped?

26 (a-z) + 26 (A-Z) + 10 (0-9) - 4 (0OlI) = 58

Oh damn, so the whole post is wrong 

[BitcoinFX]

This sounds like one of those P versus NP kinda problem's ?

- https://en.wikipedia.org/wiki/P_versus_NP_problem

Hard math is hard!   

...

Base58Check encoding ...

- https://en.bitcoin.it/wiki/Base58Check_encoding

"The original Bitcoin client source code explains the reasoning behind base58 encoding:

base58.h:

// Why base-58 instead of standard base-64 encoding?
// - Don't want 0OIl characters that look the same in some fonts and
//      could be used to create visually identical looking account numbers.
// - A string with non-alphanumeric characters is not as easily accepted as an account number.
// - E-mail usually won't line-break if there's no punctuation to break at.
// - Doubleclicking selects the whole number as one word if it's all alphanumeric."

[OcTradism]

Maybe the chapter of Mastering Bitcoin book can help you: https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch04.asciidoc

Table 6. The frequency of a vanity pattern (1KidsCharity) and average search time on a desktop PC
Length    Pattern    Frequency    Average search time

1              1K             1 in 58 keys         < 1 milliseconds

2              1Ki            1 in 3,364             50 milliseconds

3              1Kid          1 in 195,000         < 2 seconds

....

11             1KidsCharity 1 in 23 quintillion   2.5 million years

[vaultman]

In my opinion, sooner or later computers will be so efficient that they will perform these calculations so quickly that the whole process will take no more than 30 minutes, instead of an infinite number of years, as indicated in the author's post.

[pooya87]

another thing that you are missing about "base58 addresses" is that they are not necessarily fixed length. due to the way base-58 works, the final string length after the encoding can be different. in case of address this length can be between 26 and 35 characters.

[davis196]

In my opinion, sooner or later computers will be so efficient that they will perform these calculations so quickly that the whole process will take no more than 30 minutes, instead of an infinite number of years, as indicated in the author's post.

The hypothesis that the next generation computers (so called quantum computers) will make cryptography useless is yet to be proven.
And yeah,OP's post is useless and it doesn't belong to the Bitcoin discussion forum.It should be moved to Technical discussion,I guess.

[BlackHatCoiner]

All possible combinations are not the same with all possible checksumed combinations.

Do we know how many are the all possible checksumed combinations for an address? It must be a number below 2^160.

[odolvlobo]

All possible combinations are not the same with all possible checksumed combinations.

Do we know how many are the all possible checksumed combinations for an address? It must be a number below 2^160.

A "base58check" address encodes a 8-bit prefix, followed by the 160-bit hash, followed by a 32-bit checksum. The checksum is completely dependent on the prefix and hash, so for each prefix, there are exactly 2¹⁶⁰ possible addresses.

[seoincorporation]

Great post and more for those who love the math, is just awesome to see how the years grows up with each character we have.

But to be honest the estimation is based in 'X' hardware and software, what if you try it with quantum computers and the most efficient software... Think about it 

[NavI_027]

In my opinion, sooner or later computers will be so efficient that they will perform these calculations so quickly that the whole process will take no more than 30 minutes, instead of an infinite number of years, as indicated in the author's post.

Maybe, I am somehow confident that quantum computers can do that. However, I don't think hackers could affort to have one just for brute forcing wallet addresses . Now I know why they use other efficient means of hacking and set this as their last resort lol.

And yeah,OP's post is useless and it doesn't belong to the Bitcoin discussion forum.It should be moved to Technical discussion,I guess.

How ironic that you find his post useless but suggest him to move it into a board with lots of sophisticated discussions. Don't be so mean dude . Actually, I find it cool because it gives us awareness of how hard to brute force (and somehow encourage us to not attempt doing such bad thing). Still a nice piece of knowledge.

[GreatArkansas]

In my opinion, sooner or later computers will be so efficient that they will perform these calculations so quickly that the whole process will take no more than 30 minutes, instead of an infinite number of years, as indicated in the author's post.

Maybe, I am somehow confident that quantum computers can do that. However, I don't think hackers could affort to have one just for brute forcing wallet addresses . Now I know why they use other efficient means of hacking and set this as their last resort lol.

Quantum computers with connection on Bitcoin started to pop again, I also heard before about these quantum computers will make Bitcoin disappear or cryptocurrency itself. I still don't believe it, it's kinda a myth, lol.
For sure, if people will let this happen, I don't think cryptocurrency will only be in danger here.

[BitcoinFX]

In my opinion, sooner or later computers will be so efficient that they will perform these calculations so quickly that the whole process will take no more than 30 minutes, instead of an infinite number of years, as indicated in the author's post.

Maybe, I am somehow confident that quantum computers can do that. However, I don't think hackers could affort to have one just for brute forcing wallet addresses . Now I know why they use other efficient means of hacking and set this as their last resort lol.

Quantum computers with connection on Bitcoin started to pop again, I also heard before about these quantum computers will make Bitcoin disappear or cryptocurrency itself. I still don't believe it, it's kinda a myth, lol.
For sure, if people will let this happen, I don't think cryptocurrency will only be in danger here.

Quantum computers are not a myth. Lots of companies already exist in the field of quantum simulation, both software and hardware development.

- https://www.rigetti.com/
- https://www.zapatacomputing.com/
- https://strangeworks.com/
- https://www.riverlane.com
- https://qcware.com/
- https://otilumionics.com/quantum-computing/
- http://horizonquantum.com/
- https://quantumsimulations.de/
- https://entropicalabs.com/
- https://1qbit.com/
- https://www.dwavesys.com/

...

Post-quantum cryptography, Bitcoin can move the with times when necessary, both the signing algorithm and the hashing algorithm can be upgraded to be quantum-proof, quantum-safe, quantum-resistant and quantum-enabled.

Post-quantum cryptography
- https://en.wikipedia.org/wiki/Post-quantum_cryptography

Bitcoin Q&A: Migrating to post-quantum cryptography
- https://youtu.be/dkXKpMku5QY

Bitcoin Q&A: Is Quantum Computing a Threat?
- https://youtu.be/wlzJyp3Qm7s

Christian Schaffner: Quantum Cryptography
- https://youtu.be/Lh8OGDNJZQk?t=1238

...

Quantum supremacy
- https://en.wikipedia.org/wiki/Quantum_supremacy

Bitcoin Q&A: "Quantum Supremacy"
- https://youtu.be/eo7mwcsUbdo


EDIT: See: "Topic: I don't believe Quantum Computing will ever threaten Bitcoin"
- https://bitcointalk.org/index.php?topic=5157696.0

[Cnut237]

Quantum computers with connection on Bitcoin started to pop again, I also heard before about these quantum computers will make Bitcoin disappear or cryptocurrency itself. I still don't believe it, it's kinda a myth, lol.
For sure, if people will let this happen, I don't think cryptocurrency will only be in danger here.

With a normal classical computer, it takes 2^128 operations to derive a bitcoin private key from a public key. That's: 340,282,366,920,938,463,463,374,607,431,768,211,456
For a quantum computer running Shor's algorithm, that drops to 128^3, a much more manageable: 2,097,152

Normal asymmetric cryptography is utterly insecure against a sufficiently powerful quantum computer.
The question is how long it would take to build such a quantum computer. Media reports often focus on number of qubits, but this is only part of the story. Signal decoherence is the biggest problem to overcome.

As an aside, the reason that quantum computers are vastly more powerful than classical computers (for certain problems) is due to superposition and entanglement.
A normal classical bit can be 0 or 1. A quantum bit, or qubit, resolves to 0 or 1 when measured, but prior to measurement the value is a superposition of 0 and 1, it is a probability distribution that covers both at the same time. A quantum computer can effectively 'explore both paths' at the same time.
The second point is that multiple qubits can be entangled into a combined state. An entangled 2 qubit system is in a superposition of 00, 01, 10 and 11. For 3 qubits, this becomes 000, 001, 010, 011, 100, 101, 110 and 111. This is why QCs can scale up in power so dramatically. Processing power increases 2^n. For an n-qubit entangled system, a QC can explore 2^n potential outcomes simultaneously.

As for the safety of bitcoin, there are many potentially 'quantum-safe' approaches under development. However, this creates a new problem. If bitcoin adopts a quantum-safe defence, then everyone will have to move their coins to new, quantum-safe addresses. Any coins that aren't moved (and this includes all 'lost' or currently irretrievable coins) can be stolen quite easily by a QC.

[BlackHatCoiner]

And how long can it be a quantum-safe address?

[Cnut237]

And how long can it be a quantum-safe address?

It's different to how we think of traditional computers increasing in power.

It's not the case that a quantum-safe approach would be safe against current and near-future QCs, but some future orders-of-magnitude-more-powerful QC could then break it. Post-quantum cryptography devises solutions that are secure not against the processing power of a QC, but against the nature of a QC.

A quantum computer is superior to a classical computer only for certain use cases. They excel at solving the sort of cryptography that is based on integer factorization, discrete logs, or elliptic curve discrete logs.
As an example, Shor's algorithm is no threat to symmetric cryptography. The best QC attack on symmetric cryptography is Grover's algorithm, which offers only a very small improvement on the best classical attacks.

[NVZNtoken]

That's a really long time  It proves that the technology itself is extremely secure and virtually unpenetrable in the forseeable future. Most of the security vulnerabilities related to crypto are based on human error and simple stuff such as people still keeping all their funds on exchanges or not having a proper control over their private keys