If I am not mistaken you could in theory revert the entire blockchain, by producing nonces which probabilistically speaking required more work. So the (hypothetical) question is: if I wanted to steal Satoshi's Bitcoin, should I try to guess the private key or create a new chain with more work? Set aside the economic implications of the value of Bitcoin in either case, purely probabilistically speaking, how do the two compare?
Asked
Active
Viewed 69 times
1 Answers
1
By checking the chainwork, which shows the total hashes that are expected to be calculated. As of block 765365, it's 00000000000000000000000000000000000000003a8a576dba35308e77dc8446.
In decimal, that's 18,117,375,202,741,628,848,220,608,424.
Satoshi used P2PK back in 2009, so there is only one valid Bitcoin private key that can sign for the corresponded rewarded public key. Therefore, you have 1 in 2^256 - 2^32 - 977, which is far larger number.
In decimal, it's 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,908,834,671,663.
But, to be fair, calculating SHA256d hashes of block headers, and brute forcing private keys aren't the same computational processes, economically speaking.
Angelo
- 423
- 2
- 11
-
1Computing the private key for a given public key needs only ~2^128 group operations, roughly the square root of the number of valid private keys, using algorithms like Pollard's rho. Also, the number of valid private keys is 2^256 - 432420386565659656852420866394968145600, not 2^256 - 2^32 - 977 (which is the size of the field the secp256k1 group is defined over). – Pieter Wuille Nov 30 '22 at 22:29