Tuesday, April 18, 2017

"The Large Bitcoin Collider Is Generating Trillions of Keys and Breaking Into Wallets"

From Motherboard:

A quixotic, and slightly dubious, quest. 

Update: Since we first published this article, major security flaws in the Large Bitcoin Collider client have come to light. Check out our follow-up reporting on these issues here.
For nearly a year, a group of cryptography enthusiasts has been pooling their resources on a quixotic quest to brute-force crack one of bitcoin's cryptographic algorithms for creating wallet addresses. This is thought to be impossible today, but if they succeed, at least one element of bitcoin's cryptography will be instantly obsolete.

It's probably due to the scope of the challenge that the project is called the Large Bitcoin Collider, after the Large Hadron Collider, the world's largest particle accelerator. But instead of new physics, the Large Bitcoin Collider is hunting cryptographic collisions—essentially proving that a supposedly unique and random string of numbers can be duplicated. More on collisions and their ramifications for bitcoin later, but along the way the LBC is using its computing power to try and bust open bitcoin wallets owned by other people, and potentially taking the coins inside.

The basics are this: bitcoin addresses containing funds can be accessed by private keys, which are generated at the same time as the address. Technically, a number of private keys could work with any given address, but you'd need a huge amount of computing power to brute force your way through enough possibilities to find any of them. The LBC attempts to accomplish this by recruiting the computing power of anyone who's willing to download and run their software.

Finding a private key that works with an existing wallet is a fast-and-loose version of "cracking," and gives the attacker access to all the funds inside. But when someone in the LBC pool finds a working private key, do they get to keep the coins?

"In principle yes, although there is a process defined where—if someone appears with an alternate key—the pool members consider him the owner of the address," "Rico," the pseudonymous lead of LBC, told me in an email. He would only tell me that he's a computer programmer "past his 40s," who lives in Europe.

As for the legality of all this, LBC advises participants with a rather laissez-faire attitude.

"Depending on your jurisdiction, this may be considered theft and is therefore illegal," the site's FAQ states. "However, there are many jusrisdictions [sic] where you could perfectly legally claim 5-10% of the value found. So you should consider if you want 100% and become a criminal or if you get 10% and still be a law abiding citizen."

The LBC has been working for just under a year. So far, Rico claims, the project has generated over 3,000 trillion private keys and checked them against existing bitcoin addresses to see if they work, and has found three that do and contain bitcoin. They've found over 30 private keys in total, some of which are for so-called "puzzle" addresses that are suspected to have been generated as easy bait for crackers....MORE
HT: naked capitalism, Apr. 15