Re: Bitcoins hosted on Blockchain.info safe from government freezing of funds?
[...]I ran across something regarding this the other day and lost the tab. If we're talking about the same thing, that is. A BCT user was discussing his GPU implementation where he was demonstrating that different sections of the secp256k1 curve (and presumably similar curves) were more susceptible to some form of brute-force weakening. Is this what you're talking about? This is in the back of my mind as an issue to keep a close eye on.
[...]
[...]
Some threads relating to this with a lot of discussion:
https://bitcointalk.org/index.php?topic=421842.0
https://bitcointalk.org/index.php?topic=433522.0
https://bitcointalk.org/index.php?topic=440205.0
Basically it appears to have boiled down to this:
For Evil-Knievel's demonstration to work, you need to use his pseudorandom number generator (PRNG): https://bitcointalk.org/index.php?topic=421842.msg4746108#msg4746108
His PRNG only generates from a set of 2560000000 possible values: https://bitcointalk.org/index.php?topic=437220.msg4809894#msg4809894
Meanwhile, there are45231284858326638837332416019018714005014673546513634524455141852155 115792089237316195423570985008687907852837564279074904382605163141518161494337 possible Bitcoin keypairs.
The probably of his tool cracking a real public key, in the wild, is virtually zero. You are more likely to have a meteor land directly on your house, on the same day, four years in a row.
Evil-Knievel is insulting everyone's intelligence, wasting our time, and trying to con somebody out of 2 BTC.
https://bitcointalk.org/index.php?topic=421842.msg4875893#msg4875893His PRNG only generates from a set of 2560000000 possible values: https://bitcointalk.org/index.php?topic=437220.msg4809894#msg4809894
Meanwhile, there are
The probably of his tool cracking a real public key, in the wild, is virtually zero. You are more likely to have a meteor land directly on your house, on the same day, four years in a row.
Evil-Knievel is insulting everyone's intelligence, wasting our time, and trying to con somebody out of 2 BTC.
Yeah, there was another thread a couple weeks ago with a different approach. All I can find now is Evil-Knievel's threads, which are not interesting at all. Thanks though, for trying to point me to it. Maybe I'll find what I'm talking about eventually.
Whatever it was, I remember it being fairly insignificant -- like, sections that were 100x faster to brute force, potentially. That sounds bad, unless you consider how over-provisioned the keylength is, which was on purpose because crypto systems rarely break completely, but soft spots are nearly always found. 100x faster when 1x is many universes in length is not scary.