📅 Original date posted:2016-01-11
📝 Original message:Gavin Andresen via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> writes:
> How many years until we think a 2^84 attack where the work is an ECDSA
> private->public key derivation will take a reasonable amount of time?
vanitygen can generate keypairs pretty fast (on my CPU it's comparable
with hashing time), and there are ways to make it faster. Since you can
generate multiple script variations, too, I think hashing is the
bottleneck.
Antminer S7 can do 4.73 Terahash per second for $1.2k. (Double SHA, but
let's assume RIPEMD160(SHA256()) is the same speed).
766,760,562,123 seconds to do 3*2^80, so you'd need over 200 million
S7s to do it in an hour.[1] If you want to do that for $1M, wait 27
years and hope Moore's Law holds?
Also, a colleague points out you could use this attack against a site
like bitrated.com which publishes one side's pubkey, giving you a much
longer attack window.
Cheers,
Rusty.
[1] Weirdly, the bitcoin network is doing this much work every 57
days, for about $92M. If that's all the attack costs, it's under
1M in 10 years.
Rusty Russell [ARCHIVE] /
npub1zw…hkhpx
2023-06-07 17:47:46
in reply to nevent1q…pqca
Author Public Key
npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpxPublished at
2023-06-07 17:47:46Event JSON
{
"id": "e8bd3095b809119b3d05eed75081876aa1e1385872df56ab0229570bbb425c1a",
"pubkey": "13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425",
"created_at": 1686160066,
"kind": 1,
"tags": [
[
"e",
"e1f46f49861d474f81d81bf43d690af02c9b35e1c9c4fe5cc415112a34c1c041",
"",
"root"
],
[
"e",
"7cfff1940a79229a314e13bc4f3d1516beca48a0f0bd5730ba4968fc0b965f97",
"",
"reply"
],
[
"p",
"857f2f78dc1639e711f5ea703a9fc978e22ebd279abdea1861b7daa833512ee4"
]
],
"content": "📅 Original date posted:2016-01-11\n📝 Original message:Gavin Andresen via bitcoin-dev \u003cbitcoin-dev at lists.linuxfoundation.org\u003e writes:\n\u003e How many years until we think a 2^84 attack where the work is an ECDSA\n\u003e private-\u003epublic key derivation will take a reasonable amount of time?\n\nvanitygen can generate keypairs pretty fast (on my CPU it's comparable\nwith hashing time), and there are ways to make it faster. Since you can\ngenerate multiple script variations, too, I think hashing is the\nbottleneck.\n\nAntminer S7 can do 4.73 Terahash per second for $1.2k. (Double SHA, but\nlet's assume RIPEMD160(SHA256()) is the same speed).\n\n766,760,562,123 seconds to do 3*2^80, so you'd need over 200 million\nS7s to do it in an hour.[1] If you want to do that for $1M, wait 27\nyears and hope Moore's Law holds?\n\nAlso, a colleague points out you could use this attack against a site\nlike bitrated.com which publishes one side's pubkey, giving you a much\nlonger attack window.\n \nCheers,\nRusty.\n[1] Weirdly, the bitcoin network is doing this much work every 57\n days, for about $92M. If that's all the attack costs, it's under\n 1M in 10 years.",
"sig": "c3b3934228c92f9793678ee3d67b7444988f304875860515ea745f3fd8229cb1b81c111c81775316d30d55b9a95d266656149bcc76936cca149063de49c86226"
}