public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Rusty Russell <rusty@rustcorp•com.au>
To: Gavin Andresen <gavinandresen@gmail•com>,
	Anthony Towns <aj@erisian•com.au>
Cc: Bitcoin Dev <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Time to worry about 80-bit collision attacks or	not?
Date: Mon, 11 Jan 2016 14:27:15 +1030	[thread overview]
Message-ID: <87fuy4hip0.fsf@rustcorp.com.au> (raw)
In-Reply-To: <CABsx9T3MfndREm9icE-TUF58zsRZ5YsBMvUAMy4E-MmYWxWV=A@mail.gmail.com>

Gavin Andresen via bitcoin-dev <bitcoin-dev@lists•linuxfoundation.org> writes:
> How many years until we think a 2^84 attack where the work is an ECDSA
> private->public key derivation will take a reasonable amount of time?

vanitygen can generate keypairs pretty fast (on my CPU it's comparable
with hashing time), and there are ways to make it faster.  Since you can
generate multiple script variations, too, I think hashing is the
bottleneck.

Antminer S7 can do 4.73 Terahash per second for $1.2k.  (Double SHA, but
let's assume RIPEMD160(SHA256()) is the same speed).

766,760,562,123 seconds to do 3*2^80, so you'd need over 200 million
S7s to do it in an hour.[1] If you want to do that for $1M, wait 27
years and hope Moore's Law holds?

Also, a colleague points out you could use this attack against a site
like bitrated.com which publishes one side's pubkey, giving you a much
longer attack window.
     
Cheers,
Rusty.
[1] Weirdly, the bitcoin network is doing this much work every 57
    days, for about $92M.  If that's all the attack costs, it's under
    1M in 10 years.


  parent reply	other threads:[~2016-01-11  4:31 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-01-07 19:02 Gavin Andresen
2016-01-07 19:13 ` Matt Corallo
2016-01-07 19:19 ` Adam Back
2016-01-07 20:56   ` Dave Scotese
2016-01-07 21:06     ` Gavin Andresen
2016-01-07 22:56       ` Ethan Heilman
2016-01-07 23:39         ` Gavin Andresen
2016-01-08  1:26           ` Matt Corallo
2016-01-08  1:54             ` Gavin Andresen
2016-01-08 17:38               ` Pieter Wuille
2016-01-08 18:41               ` Peter Todd
2016-01-07 20:40 ` Ethan Heilman
2016-01-07 23:52 ` Pieter Wuille
2016-01-08  1:00   ` Gavin Andresen
2016-01-08  1:27     ` Watson Ladd
2016-01-08  3:30   ` Rusty Russell
2016-01-08  3:41     ` Matt Corallo
2016-01-08 12:02       ` Rusty Russell
2016-01-08 12:38         ` Gavin Andresen
2016-01-08 14:34           ` Watson Ladd
2016-01-08 15:26             ` Adam Back
2016-01-08 15:33           ` Anthony Towns
2016-01-08 15:46             ` Gavin Andresen
2016-01-08 15:50               ` Gavin Andresen
2016-01-08 15:59                 ` Gavin Andresen
2016-01-11 20:32                 ` Jorge Timón
2016-01-08 16:06               ` Gavin Andresen
2016-01-11  3:57               ` Rusty Russell [this message]
2016-01-11  6:57                 ` Peter Todd
2016-01-11 23:57               ` Tier Nolan
2016-01-12  0:00                 ` Tier Nolan
2016-01-12 12:08                   ` Gavin Andresen
2016-01-12 23:22                     ` Zooko Wilcox-O'Hearn
2016-01-08 18:52     ` Peter Todd

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87fuy4hip0.fsf@rustcorp.com.au \
    --to=rusty@rustcorp$(echo .)com.au \
    --cc=aj@erisian$(echo .)com.au \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    --cc=gavinandresen@gmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox