Note that I made a mistake on the size of the secp256k1 key space - it is greater than 2
255, not approximately 2
128.
Bitcoin also need to note an attacker maybe doesent need to brute the entire keyspace if shooting for one key ie rich wallet. What are the odds of hitting a key before the entire key space is bruteforced ?
"entire key space is bruteforced" --> It's difficult to give a good metaphor for how huge the secp256k1 keyspace is... it's effectively infinite.
The
birthday paradox tells us that the average time to collision for an n-bit hash function is 2
n/2, in our case, 2
128. Fortunately, 2
128 is large enough that it can also be treated as "effectively infinite". At this writing, the hash rate is 8.4x10
18 hashes per second. The average time to collision if you could test public keys at this rate (you can't) would be 585 billion years.
Then theres cluster bruteforce - obviously nobody did that in a really madass large scale, at least not publicly yet. Are there even bencharks wha twould be possible?
See above. If you owned all the hashing equipment in the entire Bitcoin network and could somehow use that equipment to test keys at the same rate as the hashrate, it would take 585 billion years to brute force any key. Clusters are powerful systems for computation but their compute power only grows linearly with cluster-size - a cluster of 10,000 nodes is only 10x as powerful as a cluster of 1,000 nodes. The difficulty of breaking cryptosystems grows exponentially in the number of bits of security (assuming there are no mathematical breaks).
For example a botnet of really large server, 30x raids in a huge cluster. Since one of those boxes costs 50K plus, yeah one has to be serious - for that to happen the loot just has to be big enough and somebody will try.
I think your arithmetic is off by more than you realize.