Let me sum it up how Bitcoin's security works in easy to understand language. In my previous article I was talking about the HD wallet's vulnerabilities, that's that, but I saw that many people in the comments still didn't understood how Bitcoin's security works. So let me explain it to you in simple terms how it works.
I've known about this for at least 2 years, this was the first thing I was interested in: security of my money, I can't believe most people don't educate themselves about this, because this should be the first thing to do when you are investing in something.
Bitcoin's Security
The security of a cryptographic system is called Entropy, it measures how much information there is in a system, in other words how complex something is. When we are talking about passwords and private keys, the complexity matters very much since the more complex something is, the harder it is to crack. The measurement unit is called bits
.
In Bitcoin you have 2 layers of separation between your money and a thief. If these 2 layers were weak, then the thief could easily steal your money. You have 3 items:
- Private Key = The actual secret key that spends the money on your address, it grants full access to the money on that address.
- Public Key = Derived from the private key, it is used in the signing operations.
- Bitcoin Address = Derived from the public key, it is used to transfer money.
So the public key adds 1 layer of protection of 128 bits, and the address adds another layer of protection of total 160 bits. The ECDSA generates the public key from the private key, and the ripemd160 generates the address from the public key. Roughly it works like this, if you want a more detailed explanation you can check out the Bitcoin Wiki.
A security of 128 bits is impossible to crack with normal computers, so normally a public key is enough distance from your money and the thief, however it is not quantum computer resistant. Quantum computers don't exist yet, but when they will, it will be able to crack a public key and reverse engineer the private key from it.
Therefore ECDSA is not enough to protect you against a quantum hacker, that is why the Bitcoin address adds another layer of security to your money. It adds 32 more bits of security and key stretching to that it will become quantum resistant.
The maximum security you can have is 160 bits, which is enough to protect your money against a quantum computer, and all other computer cracking.
How to Maintain the Security
You can lose the 160 bit security easily if the public key gets revealed, which can happen in the following ways:
- You create an outgoing transaction from an address
- You sign your address with the signing mechanism implemented in various wallets
- You give out your public key voluntarily
This is why I emphasized that Bitcoin addresses should not be reused. If you have a big stack of Bitcoins, send it to an address of yours that was not used before, and whenever you spend money from it, you should send back the remaining change to a new address of yours. Or just use Electrum Wallet, that does this automatically when you spend.
If you expose the public key
in any way, your coins are only 128-bit secure, which is secure for now, but it won't be once quantum computers will be invented. Of course all this security falls apart if you generated your private key in an insecure way, so before all this, make sure of the following:
- You don't have malware/virus on your computer: Why bother cracking the public key, when a hacker can just put a trojan virus on your PC and steal the private key itself? So make sure you are protected.
- You have generated the private key in a secure way:
- A good random number generator
- In offline mode. Generating keys online in a web-browser is very very bad.
Interesting! But how can you know that 160 bit is secure enough while quantum computers are not invented yet? Is it already known how much computing power they will deliver?
Many cryptographic experts agree that it's impossible to crack it with quantum computers. It has to do something with the alhogithm they work with, since qc can only crack certain algorithms faster, while on others they are not better than normal computers. So quantum computers are not that dangerous as they sound, they were hyped up too much by silly documentary movies.
This is interesting, and a bit reassuring. I always just assumed that quantum computers would be able to brute force pretty much any kind of encryption that we have right now, but I've never researched the subject. Can you provide any sources for this that would be easy for someone without much knowledge of the subject to understand?
Nah, its just those stupid documentary films on television that exxagerate this phenomena, it's nowhere near the threat they hype it up to. Quantum computers are only better for certain algorithms but for others its quite slower. It doesnt crack passwords instantaneously, it just finds more efficient ways to crack them, and for some algos there aren't.
I dont know about resources you might want to check out stackexchange.com questions on encryption, there are people there who quote research papers that are easy to read.
Thanks, I can see this is a subject that I should get to know more about. I used to really be into science reading but haven't had much time for it lately. This would be a good way to get back in the habit.
For some quality crypto-related content, Steemit beats everything else by a mile.
Thanks, steemit is really good place for talking about this. Facebook is just too low quality content, and Twitter is usually full of bots.
Thank you for the explanation. I was always wondering why people said never reuse an address but know I understand.
Glad that I could help you understand bitcoin better!
Thanks for all these details! Cristal clear!
This post has been ranked within the top 50 most undervalued posts in the first half of Nov 15. We estimate that this post is undervalued by $4.03 as compared to a scenario in which every voter had an equal say.
See the full rankings and details in The Daily Tribune: Nov 15 - Part I. You can also read about some of our methodology, data analysis and technical details in our initial post.
If you are the author and would prefer not to receive these comments, simply reply "Stop" to this comment.
Great write-up, thanks for expanding on this point from your previous article. Now I finally know a compelling reason to avoid re-using Bitcoin addresses, always kind of wondered what the big deal was about that. I wonder how far away quantum computers are from actually becoming practical? You're making me start to feel a bit paranoid. ;-)
I am not sure if they are going to build one that is practical, because it would be pretty hard to do it.
But even if they do, probably not in the next 15 years to give you are rough estimation.
My gut feeling is also that it's quite a long ways off. Will be quite exciting and revolutionary when it happens though! Been a while since we've seen a radical paradigm shift in computing technology.
Mainframes -> desktop PCs -> laptops -> tablets -> quantum computers?
I dont think tablets are an evolution, besides qc is not good for personal computing.
As I told above, a QC doesnt speed up calculations, it just finds efficient ways to do them, so a QC would be horrible for browsing and watching videos on internet like what most people do.
(Not to mention it needs liquid nitrogen to cool it down 24/7, so how are you going to miniaturize that?)
I can hardly imagine QC being used by mainstream people.
I see. Well, I bet early users of massive mainframe systems in the previous century never imagined computers would become a household technology either. Who knows how things will change in 20 or 30 years?
Regarding tablets, you could make a case either way. Maybe it's more accurate to call them a supplementary technology. But I suspect the average non-techie person (like my wife) uses some tablet device (iPad, smartphone) a lot more frequently than the desktop PC gathering dust on their desk. So in that sense, tablets are an evolution in terms of market share and how much they have proliferated into mainstream society & culture.
There will always be a place for the venerable old desktop, however. I personally can't imagine how I would survive without one.
Yes I agree, miniaturized gadgets probably appeal more to women, whereas men like traditional old school stuff. I personally like laptops and PC's, but I dont own a tablet, nor do I want to, I see no use in them.
As for a quantum PC, I highly doubt it, this is not a question of efficiency, but a question of physical limits. A QC requires too much energy just to maintain the quantum state, not to mention the calculation part itself. I think it will only be used for large scale research projects, and by governments, but hardly by mainstream.
I think most of those documentary films are wishful thinking, they like to assume things in the future that just wont be true.
But who knows maybe I'm wrong.
So much to learn..... I am trying!
This post has been linked to from another place on Steem.
Advanced Steem Metrics Report for 15th November 2016 by @ontofractal
Steem Faucet #8 - ReSteem & Earn 0.15 STEEM! by @earnsteem
Learn more about and upvote to support linkback bot v0.5. Flag this comment if you don't want the bot to continue posting linkbacks for your posts.
Built by @ontofractal