How Bitcoin is Hacker Proof


#1

I did some research on this a couple weeks back because I sure as heck wasn’t going to throw tons of money into this thing until I knew it was absolutely sound security wise. The first thing I started asking myself is, “how would I go about hacking this?” I already knew much about public/private keys and cryptology, but there was one emerging area I had a strong feeling would spell the end of Bitcoin overnight and that was the advent of quantum computing.

I’ve posted the articles I bookmarked below, but here’s the TL;DR version of it:

  1. Quantum computing was foreseen by the Bitcoin inventor and measures are already built into the protocol to make it resistant to quantum computing attacks.
  2. The encryption is one way. You can’t derive the input from the output. It’s kind of like encrypting something then losing the key.
  3. Bitcoin is designed to be upgraded and enhanced easily. If a threat looms, Bitcoin is simply adapted to counter.

[WIP] - EPIC Bitcoin Resource List! :rocket: :bomb: :fire:
The biggest flaws of cyptocurency that I think
#2

Looking forward to seeing more on this. What a great writeup!

Tweeted:


#3

Very interesting, thanks


#4

#5

The thing is Bitcoin is open source. Not controlled by a person or a corporate.
If a flow is found, it will be patched…
Just like what happened to openssl back in 2014… The flaw was there for years.
I would not be surprised if someone finds a vulnerability in the future but it will be fixed pretty quickly.


#6

My biggest worry is if a state sponsored attack happens by them controlling 51% of the hash rate. This would remove the trust factor from BTC.

https://en.bitcoin.it/wiki/Majority_attack


#7

This is actually a very important point, especially with Bitmain being based in Asia and their miners estimated to be providing 63% (forgot where I read that!) of the total hashing power of Bitcoin worldwide.

I’m not trying to create FUD here, but I do have to wonder what’s encoded in their hardware?

How do we verify there’s nothing nefarious happening there with these miners?

I suspect there are experts who have delved in and commented on this, so I’d definitely like to see some research/data on this topic here.

Anybody here already aware of such investigative efforts publicly documented?

Michael


#8

Bitcoin is quantum resistant if used as intended (that is, you never reuse the same address, after signing a transaction). This is entirely determined by the implementation of wallets, and as far as I know, things like Exodus and Ledger do not do this (it would be very inconvenient)!


#9

@mwlang

I use sites like https://blockchain.info/pools

Gives an idea of hash rate distribution.


#10

Bitcoin will never be “hacker proof”, but extremely resistant. I believe the term “antifragile” is thrown around a lot. It gets stronger as it is attacked.

What makes Bitcoin hacking resistant is the lack of a sufficiently large “honeypot” for hackers to go after. Applying $500,000 of resources to hack a $500 wallet is not profitable. With Bitcoin, if a user owns their private keys, the rewards from hacking is spread out ultra thin. It puts game theory to the test, as the rewards are worth less than the effort.

Another piece that makes Bitcoin hacking resistant is the accumulated proof of work. To compromise Bitcoin, you must compromise an absurdly strong wall of flipping bits.

Finally, if you want to try and attack Bitcoin via a 51% attack, you’re merely going to compromise a single transaction that you initiated. Instead of doing this, you could just mine at 40% of the hashrate to earn an insane amount of money. Again, game theory encourages you to play nice instead of naughty.

The only weakness Bitcoin has is social attacks at the moment. Forks, encouraging inefficient upgrades, tarnishing reputation, etc. are having a small effect on Bitcoin, but as people learn more and more about this, they are able to ignore the BS


#11

It’s February, 2018. (Welcome to the ‘future’.)

There are two major threats I observe regarding the “hacker proof” topic:

1. Software implementation

The implementation of popular third party applications (namely wallet) are a single point of failure. The implementation of key generation in particular is prone to cryptanalysis, meaning there are engineers, hackers, academics studying these implementation all day long to calculate the odds of guessing a legitimate wallet private key. A breakthrough on one popular wallet could be fatal. Here is a recent post on the speculation of a coin siphon.

A major incident is a matter of time.

2. Conflict of interests

An invested coder( or any code reader) might or might not report a ‘zero day’ grade vulnerability due to the conflict of interest or, worse, the greed to exploit for personal gains.

Objectivity is being tested by many 0s.


#12

You take this link totally out of context. This was a puzzle made to be solveable by someone by hiding information in a picture!
This has absolutely nothing to do with wallet security!!!
Stop posting bullshit and confusing people please!

Anyway, guessing or brute forcing a private is impossible (at least without quantum computers).


#13

Knowing the capability of the major nation states and the open source nature of the blockchain technology (all transactions are visible online), one shall not be surprised to receive a taxman at its door steps with its personal crypto currency trading details:

Since the all major exchange site are not anonymous, a nation state (USA, China and Russia for sure) shall know everyone’s trading recording, hence their public keys, hence their crypto spending records.

Anonymity shall no longer be a selling point of crypto currencies in 2018, which has a major impact on the overall pricing.


#14

I refer to the text about a ‘Bitcoin siphon’ in the article. If such bot exists, then random wallet of random people might get hit.

Attacks on the poor wallet implementation are what’s most fearful.


#15

a private key is in hexadecimal - 256 bits in hexadecimal is 32 bytes, or 64 characters in the range 0-9 or A-F.

for example

E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262

This private key does not exist by the way.
So you see, there are 64 characters, and each character is hexadecimal (can hold 16 different case insensitive values: {0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F} ), meaning there are 1.1579208923732E+77 possible private key combinations.

The current world population is roughly 7.6 billion. Assume everyone holds a wallet (meaning 7,600,000,000 7,600,000,000 private keys).

Even with this imaginary best case scenario, the success rate of randomly guessing a private key correctly is:
n1
=0.000000000000000000000000000000000000000000000000000000000000000007%

So even if you had the computing power of Sunway TaihuLight (a Chinese supercomputer which, as of November 2016, is ranked number one in the TOP500 list as the fastest supercomputer in the world) and can do 93,000,000,000,000,000 floating point operations per second (flops) , then giving there are 86,400 seconds a day and about 365 days a year, and (falsely) assuming it takes 1 flop to generate a private key and 0 time to check for its correctness, then a correct guess would probably occur once every-
n2
=5194882658574989737995779322992527357514014.0710380707 years.

Good Luck with that!


#16

Did you read this article?

Summary:

Some coder or bug exist in the wild that uses some known information of a transaction as a private key to generate a public key. By observing all transactions online at real time, the hacker (either the author of the bug or the discoverer of the bug) only harvests transactions with tiny amount.

E.g. if the hacker (or the bug) slips one rogue private key into the 20 keys generated in a software wallet, a payer would have 1/20 of chance of sending coins to this rogue wallet. The hacker only cash out if the amount is insignificant. This is not a theory, it is observed in the above article.

If a coder embedded this rogue logic in a library everyone is using, the threat is real.

Your wallet security is as good as the security review analyst in charge.


#17

Super computers are used to solve problems with a known execution time frame. Nobody would initiate a brute force knowing it won’t finish in the life time of the universe.


#18

Math. 46839873


#19

This may be a stupid question but wouldn’t a hardware wallet protect against a randomly guessed private key since you still have to sign the transaction with the device before the funds actually leave the wallet?


#20

I’m really not quite clear on what is meant by “hacking bitcoin”. Does that mean hacking a wallet’s private key or does it mean a 51% attack.
It seems to me that in either case, the damage done to the bitcoin blockchain/protocol would be minimal.
Am I correct or am I totally missing the point here?