Has someone compared the cost of mining vs. that of brute-forcing addresses?

It is known that the type of computing power required for mining is the same used to generate addresses, and it is known that "in general" it is much more profitable to simply mine, rather than try to generate addresses hoping to stole their content.

But AFAIK there are some addresses out there which contain a huge amount of bitcoins: successfully generating their private key would award you a lot more bitcoins than those you would get generating a new block.

Has someone actually made some figures comparing the average revenue of mining vs. the chance of generating the key of a very rich address?

o0'.

Posted 2012-05-15T09:41:51.460

Reputation: 5 180

possible duplicate of Is it possible to brute force bitcoin address creation in order to steal money?

– Chris Moore – 2012-05-15T20:24:02.497

Not a duplicate, as I explained in my comments to @ChrisMoore's answer. – o0'. – 2012-05-16T07:17:46.030

Answers

The chance of generating the key of a very rich address is effectively zero. That is, in the entire history of humanity, nobody has come anywhere close to accomplishing such a feat.

Let's consider 1 Bitcoin a score. Since there can never be more than 21 million bitcoins or so, you need to hit on one of at most 21 million accounts. Let's say you could try 2 trillion accounts per second. Your odds of matching an account in a hundred years are approximately one in 11 billion billion.

Good luck.

David Schwartz

Posted 2012-05-15T09:41:51.460

Reputation: 46 931

5You're thinking that you need to find the same private key to steal funds, but you don't. You only need to find a private key that hashes to the same (160 bit) bitcoin address. So it's 2^(256-160) times easier than you thought, and so your odds are really approximately one in 11 billion billion - a much safer bet! – Chris Moore – 2012-05-15T20:30:08.260

To get David's number, "pow(2,256) / (21pow(10,6) 2pow(10,12) 60 60 24 365.25 100 pow(pow(10,9), 5))". To get mine: "pow(2,160) / (21pow(10,6) 2pow(10,12) 60 60 24 365.25 100 pow(pow(10,9), 2))". Both typed at a Python prompt. – Chris Moore – 2012-05-15T20:31:09.930

@Chris We can currently have up to 2100 trillion accounts since there's 2100 trillion units. So instead of 1 in 11 billion billion, we now have 1 in 110k. – Pacerier – 2012-06-18T03:57:45.803

@Pacerier if you could test all 2100 trillion accounts in the time it took David to test one account (ie. one 2 trillionth of a second) then OK. If your computer gets 2100 trillion times faster, your odds get about 2100 trillion times better. – Chris Moore – 2012-06-18T05:09:44.477

@Chris Right, I'm just pointing out the cap of 21 million accounts is wrong. – Pacerier – 2012-06-18T05:12:39.303

@Pacerier Fair enough, but I think the original point was that it's not worth spending so many billions of years if you're not going to be able to steal at least one bitcoin. – Chris Moore – 2012-06-18T07:51:10.890

Is it possible to brute force bitcoin address creation in order to steal money? is the same question, and has an argument about what "possible" means in which a majority of people seem to think that something can have a greater than zero probability and also be impossible at the same time. Check it out!

Chris Moore

Posted 2012-05-15T09:41:51.460

Reputation: 13 952

I was aware of that question, thanks :) Here I was asking specifically if its profitability could change due to some addresses containing a substantial amount of money. – o0'. – 2012-05-15T20:27:28.023

Oh, I see. So are you happy with your answer? It's "not really, no", because the substantial reward is offset by the much-more-than-substantial difficulty in stealing money the way you describe. – Chris Moore – 2012-05-15T23:55:02.297

Incidentally, you can also have something with zero probability that is possible. See http://en.wikipedia.org/wiki/Almost_surely.

– Meni Rosenfeld – 2012-05-16T06:39:10.253

@ChrisMoore yes I'm totally satisfied, in fact I accepted it. – o0'. – 2012-05-16T07:17:03.350