The Large Bitcoin Collider Is Generating Trillions of Keys and Breaking Into Wallets
A quixotic, and slightly dubious, quest.
Update: Since we first published this article, major security flaws in the Large Bitcoin Collider client have come to light. Check out our follow-up reporting on these issues here.
For nearly a year, a group of cryptography enthusiasts has been pooling their resources on a quixotic quest to brute-force crack one of bitcoin's cryptographic algorithms for creating wallet addresses. This is thought to be impossible today, but if they succeed, at least one element of bitcoin's cryptography will be instantly obsolete.
It's probably due to the scope of the challenge that the project is called the Large Bitcoin Collider, after the Large Hadron Collider, the world's largest particle accelerator. But instead of new physics, the Large Bitcoin Collider is hunting cryptographic collisions—essentially proving that a supposedly unique and random string of numbers can be duplicated. More on collisions and their ramifications for bitcoin later, but along the way the LBC is using its computing power to try and bust open bitcoin wallets owned by other people, and potentially taking the coins inside.
Read More: The Great Physical Bitcoin Robbery
The basics are this: bitcoin addresses containing funds can be accessed by private keys, which are generated at the same time as the address. Technically, a number of private keys could work with any given address, but you'd need a huge amount of computing power to brute force your way through enough possibilities to find any of them. The LBC attempts to accomplish this by recruiting the computing power of anyone who's willing to download and run their software.
Finding a private key that works with an existing wallet is a fast-and-loose version of "cracking," and gives the attacker access to all the funds inside. But when someone in the LBC pool finds a working private key, do they get to keep the coins?
"In principle yes, although there is a process defined where—if someone appears with an alternate key—the pool members consider him the owner of the address," "Rico," the pseudonymous lead of LBC, told me in an email. He would only tell me that he's a computer programmer "past his 40s," who lives in Europe.
As for the legality of all this, LBC advises participants with a rather laissez-faire attitude.
"Depending on your jurisdiction, this may be considered theft and is therefore illegal," the site's FAQ states. "However, there are many jusrisdictions [sic] where you could perfectly legally claim 5-10% of the value found. So you should consider if you want 100% and become a criminal or if you get 10% and still be a law abiding citizen."
The LBC has been working for just under a year. So far, Rico claims, the project has generated over 3,000 trillion private keys and checked them against existing bitcoin addresses to see if they work, and has found three that do and contain bitcoin. They've found over 30 private keys in total, some of which are for so-called "puzzle" addresses that are suspected to have been generated as easy bait for crackers.
"This project has been called many things: Impossible, illegal, pointless, cool, etc."
Cracking wallets may seem malicious on the surface—and if an LBC participant knowingly steals funds, it might just be—but it also has research value. Bitcoin security researcher Ryan Castellucci has done work cracking wallets as a proof-of-concept in order to model attacker behaviour and defend against it.
"The thing that disappoints me about this is that they're only checking addresses that have a balance instead of all addresses that have ever been used," he said in an interview over the phone. "For research, it's much more interesting to check all addresses that have ever been used, because that will show you if there've been weak addresses created in the past and if they've been cleaned out by attackers."
But cracking wallets is just one part of the LBC's mission. The other is to find a genuine cryptographic collision, which would mean it's possible to generate inputs that, when put through the bitcoin address hashing algorithm, generate an identical pair. If it were ever to happen, bitcoin would have to use a new cryptographic algorithm for addresses. This would be similar to Google creating a collision with the once-popular SHA-1 cryptographic algorithm, which ended its usefulness for good.
Read More: I Broke Bitcoin
"Finding a P2PKH-collision [one cryptographic method of creating bitcoin addresses] would probably mean the end of P2PKH but not bitcoin," Rico explained, regarding the ramifications of finding a collision. "Bitcoin would evolve with new address types. Most certainly it wouldn't 'die' because of this."
Castellucci also urged caution when it comes to getting all riled up about the LBC's search for a cryptographic collision in bitcoin.
"To effectively find [a collision], you would have to find some way to generate [keys] much, much faster than is currently known to be possible," he said. "Unless they find some sort of breakthrough in cracking techniques, the brute force strategy they're using poses no threat to anybody's bitcoin."
"Someone could play the lottery three weeks in a row and win every time," he explained. "That theoretically could happen, but it's safe to assume it won't." Castellucci isn't alone in this belief. Others, on the /r/bitcoin subreddit for example, have been much less kind and called the LBC "pointless." But that hasn't deterred Rico.
"Since it's inception [around] 8 months ago, this project has been called many things: Impossible, illegal, pointless, cool, etc.," Rico wrote.
"I think there is more waiting to be uncovered by the LBC—including a collision," he continued. "So with that in mind we really do not care much about what 'someone on Reddit' said."