How can be sure the BTC private key collisions won't start occurring?

[kulboi123]

I'm trying to get familiar with the inner working of bitcoin (I have a CS background but don't know a lot about cryptography)

Anyways, I was watching the following video by 3blue1brown on Youtube:

https://www.youtube.com/watch?v=S9JGmA5_unY

He explains that it's practically impossible with today's computer power to find any specific bitcoin private key given the public key.

While that's true, in reality, that's not the approach a hacker would take. The hacker would be happy to find ANY address with money. So a more sensible approach would be to generate a random Private Key, derive the Public key (which is trivial), and check if there are funds on it. Do this a million times increasing the Private key number every time. (and you can start from at a random point in the private keyspace)

As more people adopt bitcoin, it should get just a little easier to get lucky and pick a private key with money in it, no? So my questions are:

- While this might be hard to pull off right now because of the ratio of:

(accounts with money) / (total accounts)

is low, this ratio will only increase with time. How do we know when the address space is saturated and it's time to increase `total-accounts`?

- Was this "saturation" considered in the original Bitcoin implementation and there should be no need to increase the total account number? I find this very unlikely as it's hard to predict how bitcoin will be used by companies and individuals (people can create as many wallets as they please)

Thanks from a btc newby!

[TravelMug]

This discussion is as old as this forum: Bitcoin Address Collisions.

Or recently, you can read it here: Example of BTC collision (2 different priv key to the same BTC address).

Or this one: Large Bitcoin Collider (Collision Finders Pool).

[hatshepsut93]

While that's true, in reality, that's not the approach a hacker would take. The hacker would be happy to find ANY address with money. So a more sensible approach would be to generate a random Private Key, derive the Public key (which is trivial), and check if there are funds on it. Do this a million times increasing the Private key number every time. (and you can start from at a random point in the private keyspace)

This will have a complexity of 2^160 divided by the number of UTXO. Right not there are 70 million of UTXO so it would remove ~4 bits of complexity. Even if there would be billions of UTXO, it would still only reduce the complexity by a few more bits. Until the available processing power would be able to challenge close to 150 bits of security, this won't be a problem.

And then think about the profitability of such attack. Average UTXO right now is worth $11,000 so even if it would be possible to amass enough power to crack a few addresses, you would spend astronomically more money on electricity and hardware than you can expect to gain.

Or this one: Large Bitcoin Collider (Collision Finders Pool).

AFAIK that's some malware or scam project. Better avoid.

[ranochigo]

He explains that it's practically impossible with today's computer power to find any specific bitcoin private key given the public key.

While that's true, in reality, that's not the approach a hacker would take.

No. Quantum computers can be good at factoring which would result in the private keys to be derived from the public keys in about 128^3 operations as compared to the 2^128 in classical computers.

As more people adopt bitcoin, it should get just a little easier to get lucky and pick a private key with money in it, no? So my questions are:

- While this might be hard to pull off right now because of the ratio of:

(accounts with money) / (total accounts)

is low, this ratio will only increase with time. How do we know when the address space is saturated and it's time to increase `total-accounts`?

- Was this "saturation" considered in the original Bitcoin implementation and there should be no need to increase the total account number? I find this very unlikely as it's hard to predict how bitcoin will be used by companies and individuals (people can create as many wallets as they please)

Thanks from a btc newby!

Most people cannot accurately determine the sheer range of addresses there is. Even if you consider the birthday paradox, your chances are still very low, 1 in 2^80, to be exact. The cost and the time wouldn't be worth it, earth would probably not exist by the time you find a funded address.

[o_e_l_e_o]

How do we know when the address space is saturated and it's time to increase `total-accounts`?

The video you linked explains it. Lets say that humans spread out and colonize a trillion planets. On each planet, there are a trillion people. Each person owns a trillion computers. Each computer generates a trillion private keys a second. All this goes on for a trillion years. In total, we will have generated 3.15*10⁶⁷ private keys. This is approximately 0.0000000003% of all private keys.

By the time that a collision is anything even close to possible in a few trillion trillion years' time (let alone the address space being "saturated"), I'm pretty confident the human race (if we still exist or can even be recognized as "human") will have moved on to something other than bitcoin.

Consider, for comparison, that a 15 digit credit card number "only" has 10¹⁵ possible combinations. No one is ever concerned about credit card collisions, even though the credit card number space is a minuscule fraction of the private key space. For reference, the different between the credit card space and the private key space is several orders of magnitude larger than the difference between a single atom and the number of atoms in the entire solar system.