How Hard Is It to Brute Force a Bitcoin Private Key?
A brute force attack on a Bitcoin private key is, in theory, much like a brute force attack on any regular password. An exhaustive search of possible combinations is carried out before a private key combination is identified.
In reality, brute force attacks on a Bitcoin private key are as close to mathematically impossible as it gets.
A private key is a number between one, and 2^256. That means a brute force attack has to search for the right number between one and 115 quattuorvigintillion. For perspective, that’s a 78-digit number that’s estimated to be greater than the total number of atoms in the universe.
If a brute force attack on that scale sounds impractical to you, that's because it is. However, there may be some new technology around the corner that makes the challenge less daunting—a worrying prospect for holders of cryptocurrency.
Could quantum computing break Bitcoin?
The crypto world has been eyeing quantum computing nervously for some time now. The development of the technology is proceeding at a pace, with tech giants like Google and IBM competing with nascent start-ups like PsiQuantum. The likes of Goldman Sachs and JP Morgan have invested in researching the technology, too; no surprise, then, that the market for quantum computing is expected to hit $64 billion by 2030.
Quantum computing involves using quantum phenomena like superpositions to perform computer tasks; in other words, quantum computers can perform calculations based on probabilities. Therefore, instead of working with 1s and 0s like regular computers, quantum computers can process exponentially more data.
So, do crypto holders have to worry? Can quantum computers speed up the time needed to pry open our crypto keys?
Ethereum co-founder Vitalik Buterin tweeted about quantum computing in October 2019. He was not convinced that the crypto industry has to worry about it—yet. “My one-sentence impression of recent quantum supremacy stuff so far is that it is to real quantum computing what hydrogen bombs are to nuclear fusion,” he said.
My one-sentence impression of recent quantum supremacy stuff so far is that it is to real quantum computing what hydrogen bombs are to nuclear fusion. Proof that a phenomenon and the capability to extract power from it exist, but still far from directed use toward useful things.
— vitalik.eth (@VitalikButerin) October 24, 2019
With that said, there are some quantum computing minds that can unpack exactly what threats the crypto industry faces.
Andersen Cheng, CEO of Post Quantum, a company providing information solutions against current and future threats, told Decrypt: “The general consensus for a commercially viable quantum computer is 10-20 years away. However, we are talking about a functional rather than a commercially available quantum computer. They are two entirely different things.”
A functional quantum computer, which Cheng described as “a Frankenstein monster created in a lab,” is five to 10 years away.
That begs the question: With the right means, are we set to watch private key secrecy fade away in the next decade?
Replacing private keys with a quantum computer
One potential way that a quantum computer can harm the security of cryptocurrency private keys is through replacing them directly, without needing to steal them from anyone’s wallet.
Cheng told Decrypt that some in the cryptocurrency community believe signatures are already post-quantum computing. Yet, even if it is, “until a block is truly confirmed by ensuring previous blocks are truly immutable, there is still an ephemeral period that one can replicate the private key to start signing unauthorized transactions,” Cheng added.
Once that happens, Cheng said, the trust is gone. “You can no longer tell if that Bitcoin transfer done just now came from your true private key or a private key duplicated by a quantum computer without even needing to disturb your wallet,” he said.
Of course, it’s also worth asking why anyone would actually want to do this en-masse. The second that private keys succumb to quantum computing, the industry will no longer be able to claim it is secured by impenetrable blockchain technology, and the value of crypto assets will plummet as a result.
Who would want that? Likely no one, but that doesn’t mean the risk posed by quantum computing just goes away.
For the doubters, said Cheng, the acid test is very simple. “I have asked them if they are willing to convert all their real fiat assets such as USD, GBP or even their house into Bitcoin or Ether and sit through the quantum timeline,” he said. “To date, no one has yet told me they would.”
Cyber threats tend to sneak up on the world. Before Stuxnet, not a lot of attention was given to supply chain vulnerabilities, until—for Iran, at least—it was too late.
It might not be time to worry about quantum computers coming after your private keys, but it makes sense to get ahead of tomorrow’s risks today.