Breaking ChatGPT’s Bitcoin FUD #4: Security Vulnerabilities…
In this next part of Vlad Costea’s “Breaking FUD” series, Vlad goes to work on the 4th “top threat” to Bitcoin according to ChatGPT. People mistakenly think Bitcoin can be hacked. Bitcoin is the most secure computer network and keeps getting more secure.
This excerpt is from the e-magazine issue “BTCTKVR 3: Breaking FUD”, released May 2023. I’ll keep posting the rest of this e-magazine over the coming days. We’ll have 8 more parts of this series to go.
“Breaking ChatGPT’s Bitcoin FUD #4:Security Vulnerabilities
BRUTE FORCE, SHA256
According to ChatGPT, the increasing popularity of Bitcoin attracts hackers and other malicious actors. But what can these hackers actually break?
Well, there are multiple layers of Bitcoin security. We can talk about mining and potential 51% attacks to reorganize the most recent blocks, we can look into the odds to brute force a wallet to find its private key, or we can take the easy way out and assume an increase in social attacks (malicious developer inserting harmful code, or individual Bitcoin users getting tricked into losing their coins).
First of all, the 51% attack is one of Bitcoin’s biggest security threats – and one which is part of the Proof of Work design. The idea that a simple majority of the miners’ hashrate can act in bad faith is a serious attack vector. However, the incentives of the so-called Nakamoto Consensus are designed in such a way that playing by the rules is more profitable than trying to attack the system. Buying and renting the mining equipment, then consuming a lot of electricity in order to double spend transactions and reorganize the most recent blocks is not cheap at all.
At more than 360 exahashes per second in hashrate, even the most resourceful governments and transnational corporations in the world would struggle to amass 51% of it. Furthermore, supercomputers are not optimized to run SHA-256 hashes like the Bitcoin ASICs – so if you put together all the supercomputers in the world, you only get the equivalent of a very tiny and insignificant mining pool.
Running a 51% attack on Bitcoin requires purchasing or renting scarce and highly specialized hardware which is currently being used to secure the network while earning rewards for playing by the rules. The financial incentives matter, and have so far kept the miners honest, focused on their goal, and efficient with their energy use.
Anyone pursuing this type of attack against Bitcoin requires lots of resources to sustain it. The greatest risk that the attacker faces is that the honest network participants fork off to a new chain which copies the UTXO set to retain the rightful coin ownership. Such an effort offers no guarantees of any profitability or success – which at its best can serve as political FUD against the network’s security. If the financial incentives remain constant, we’ll most likely never see any kind of serious 51% attack.
Even the large pools, which consist of multiple users who put their hashing power together in order to share the rewards, are subjected to a type of game theory that keeps them honest. Under governmental pressure, they could prefer to stop mining altogether to opt out from attacking the network. Turning off mining operations will cause disruptions for the remaining blocks of the cycle, but after every 2016 blocks (approximately 2 weeks) there’s a new difficulty readjustment and there’s always someone else on a different part of the world who is willing to start mining when the odds to successfully find the right hash become higher. Bitcoin is extremely well thought out, and there’s a reason why these attacks were never really successful – not in the early days when they were easier to pull off, not today when the number of highly-specialized mining machines that secure the network is higher than ever.
Furthermore, ChatGPT claims that malicious actors would emerge as a consequence of the increasing popularity. So, from the get-go, launching 51% attacks shouldn’t fall under this description – as more users joining will also result in more mining rigs being deployed. However, it was important to explain since the AI software doesn’t directly allude to the issue.
Secondly, let’s talk about brute forcing wallets in order to find the private key which allows hackers to steal the funds. It’s certainly a type of security vulnerability that theoretically should become more widespread as Bitcoin gets mass adoption. Every internet hacker ought to attempt to brute force wallet files, try to guess valid BIP39 seed phrases, and generate correct passphrases. Good luck with that, though – you have better odds of finding intelligent alien life on a distant planet or digging up a particular grain of sand in the desert.
Let’s take the most obvious example: Satoshi Nakamoto’s coins. The fabled million, as described by Sergio Demian Lerner in his Patoshi research project, is the ultimate bounty. There’s no proof that this theory about what Satoshi might own is correct – it’s a mere analysis which assumes that Satoshi constantly mined. But the resulting coins, to whomever they may belong, are in plain sight and haven’t moved since 2009. Everyone knows about their existence and can track them on the public ledger. However, nobody can brute force the private keys in order to claim ownership of them.
To put everything into numbers, Bitcoin has a total number of 22⁵⁶ possible private keys and only 21⁶⁰ combinations of addresses that can exist (assuming that they’re all 160 bits). Yet brute forcing must start from an existing and valid public key. Which in and of itself requires extra effort.
A more efficient way to brute force wallets involves trying to find one of the 2⁹⁶ private keys that collide with the same address. The number of possibilities is 79,228,162,514,264,337,593,543,950,335 – about 79,228 times more than the estimated number of stars in the universe. On the other hand, if you want to brute force a specific wallet (like Satoshi’s), you must deal with the entirety of 22⁵⁶ private key combinations. Assuming that you possess the processing power to try 1,000 trillion keys per second, going through ever key will take you an amount of time which is equal to 2.7×10⁴⁴ × the age of the universe (as pointed out by developer Raghav Sood on the Bitcoin Stack Exchange). This number exceeds anything that’s measurable to man – including the amount of atoms surrounding our observable world.
As for BIP39 seed phrases, there are 2,048 words and 12/24 combinations of them. For the sake of convenience, let’s assume a basic 12-word setup. In order to guess a random one, you have 204812 (or 2132) possibilities. To quote Reddit moderator BashCo, that number is one in 115 quattuorvigintillion, 792 trevigintiilion, 89 duovigintillion, 237 unvigintillion, 316 vigintillion, 195 novemdecillion, 423 octodecillion, 570 septendecillion, 985 sexdecillion, 8 quindecillion, 687 quattuordecillion, 907 tredecillion, 853 duodecillion, 269 undecillion, 984 decillion, 665 nonillion, 640 octillion, 564 septillion, 39 sextillion, 457 quintillion, 584 quadrillion, 7 trillion, 913 billion, 129 million, 639 thousand and 936.
If you’re certain that one of the 2,048 words must be the first one, then your odds turn into 204811 – because in BIP39, you can have words getting repeated in the same setup. And if you have the first 10 words in the correct order and only need your 11th and 12th one, you only have 20,482 possibilities – which already makes it brute forceable today with a regular computer processor. So take good care of your seed phrase and, if you feel comfortable about it, add a passphrase on top from outside of the BIP39 dictionary. This will greatly improve your security, but might only become problematic if you forget/ lose your passphrase.
But generally, as Peter Todd and BIP39 co-creator Pavol “Stick” Rusnak pointed out, it’s very impractical and akin to stating that you can park 500 cars on a football pitch. Peter’s suggestion was to delete it altogether, as the efficient type to attack BIP39 seed phrases is to brute force the private key it generates.
Yes, quantum computing might become a threat in the future. But this future is very distant: as of March 2023, the most powerful quantum computer in the world is IBM’s Osprey – a machine that touts 433 physical qubits. As pointed out by a 2022 research paper which got published in the AVS Quantum Science journal, a computer that aims to break Bitcoin‘s elliptic curve public key cryptography within 24 hours requires 13 × 10⁶ qubits. In other words, quantum computers need to become thousands of times more powerful to break Bitcoin.
So far, the technological leap in quantum computing slightly exceeds Moore’s Law. For prediction purposes, let’s use this model to assume that the pattern continues and the amount of qubits keeps on doubling every 2 years. In order to get from 433 to 13 × 10⁶, quantum computers need to become 30,023 times more powerful. That’s at least 20 more years before we should seriously start to get worried.
It took 24 years of research and development to go from 2 qubits to 433 qubits. How long until we reach 10,000 qubits? Probably a few more decades. At 10,000 qubits and some very specific physical conditions (a code cycle time of 1 μs = 1 microsecond = one millionth of a second), a reaction time of 10 μs, and a physical gate error of 10-3), a quantum computer will be able to steal the coins from an arbitrary Bitcoin wallet in 10 days. However, cryptography will also improve tremendously by then and Bitcoin might migrate towards a better model that makes brute forcing so difficult that quantum computers need a lot more time to catch up.
Upgrading to quantum-resistant keys only requires a soft fork which can be activated by a majority of nodes or miners. So this whole discussion might just turn out to be a paper tiger – or an unworthy piece of FUD.
Now that we have got these two very complex and extremely expensive attacks out of the way, it is time to focus on the most probable ones: the social attacks. In Bitcoin, we like to say “don’t trust, verify”. However, establishing trust systems which remove doubt about potential maliciousness from developers is one very serious attack vector.
The easiest way to mitigate any kind of attack is to remain conservative about code: don’t update to the latest version unless you verify it beforehand or pay someone else to do it for you. And if you do neither, at least make sure that enough people with adversarial incentives have verified the new code. When the stakes are so high that the global financial system is under threat, it’s safe to assume that developers are under a lot of pressure and might make mistakes or get compromised.
This is not an argument for ossification, though: Bitcoin is not complete as a project and refinements are still necessary. From adding privacy to making transactions smaller and all the way to providing resistance against quantum computing attacks, there’s still a lot to do. My argument is against being reckless with untested technology whose consequences are not entirely understood, but not against innovation.
Nonetheless, while pursuing innovation, we should not surrender verification to urgency. As a community, we should encourage Bitcoin developers to prepare options before the threat becomes imminent: models for quantum-resistant elliptic curve cryptography, scalable privacy, and so on. Some of these solutions are already being tested with market incentives on other networks – what matters the most is that Bitcoin developers pay attention to the legitimate technological improvements, refine what’s already out there, and bring out proposals that everyone must debate. Also, we should never neglect our roles as sovereign node operators and miners – we are the ones who choose which code we run and Bitcoin clients can work with some minimalistic specs. Not everything that’s been added to Core is necessary, but the well-tested features provide useful optimizations.
Last but not least, we must talk about the security of every individual Bitcoin user. This, most likely, is the primary type of FUD that ChatGPT expressed when it mentioned hackers and malicious actors. Anything between keyloggers that register and broadcast your computer keyboard inputs (which may contain your Bitcoin Core passphrases or BIP39 seed phrase) to affinity scams and physical attacks is increasingly more likely to happen as the price of BTC gets higher.
The bad news is that no developer, protocol change, governmental or non-governmental entity is able to protect you from making mistakes. The good news is that there are some general good practices that you can follow in order to improve your security. They include:
– using a dedicated device to sign and broadcast Bitcoin transactions (a Linux laptop or phone that runs Bitcoin full node software while being used, BIP39 hardware wallets with strong passphrases);
– creating setups which eliminate single points of failure (multisig and SLIP39 Shamir backups);
– using cold storage (metal plates, paper wallets, physical bitcoins);
– protecting yourself through good operational security and privacy (don’t reveal to random strangers where you live, what your Bitcoin setup is, and how much money you have
– this also includes living a materially normal life for your neighborhood/community without showing off). Remember: leak as little information about your Bitcoin activity as you can, or at least mislead your spies to have a distorted image of what you’re really doing and how wealthy you are.
Bitcoin is a currency which enforces absolute ownership. Which means that, once a transaction has been broadcast and confirmed into a block, it has become irreversible. Therefore, every user is responsible for protecting their wealth to the best of their knowledge and ability, according to a real threat model. Before you create any kind of setup, you must ask yourself “who is the most dangerous adversary that’s likely to try to steal my coins?”.
If you’re sharing the computer with other people, then you shouldn’t leave behind unencrypted wallet files. If you’re traveling, then it’s a bad idea to carry around devices which reveal that you’re carrying bitcoin (usually, a hardware wallet is easier to recognize and more suspect than a laptop or piece of paper). If you have children or a nosy spouse who might meddle with your file cabinets and drawers, then it’s better to not keep your backup within reach. If you live in a bad neighborhood with high crime rates, then you should probably avoid keeping any bitcoin backups in your house. And if your area is under the threat of floods, fire, volcano eruptions, or earthquakes, then you need to figure out a system with good geographic distribution that simultaneously makes it impossible to lose everything and easy for you to access the other keys/parts of your backup.
However, the most common threat consists of internet hackers. You can find these criminals under the form of individuals who illegally try to break into your computer, as well as suit-wearing businessmen who design systems that essentially steal your coins within a legal framework. From the first category, you can distinguish people who code malware or else befriend you to later ask for money (whether it’s a Nigerian prince or an Only Fans model who desperately needs help). The second category consists of exchanges and banks, who promise to custody your coins in a safe environment but will restrict you from withdrawing whenever their business model is under water. You should avoid both of these hackers at all costs, as they are the most likely to steal your bitcoin.
While it’s convenient to deposit your coins in some bank account, this type of action defeats the purpose of the Bitcoin project and greatly diminishes your own financial sovereignty. Trusted third parties are security holes and you should never trust an individual or company who promises to hold your BTC in exchange for security and/ or yield.
Of course, there are other types of social attacks: fake exchange e-mails asking you to verify your seed phrase in a reply, callers impersonating a wallet service which asks you to confirm your data (sometimes even a home address) hardware wallet deliveries getting intercepted and compromised via BIP39 seed phrase insertion (the attackers leave their own seed phrase in the box, hoping that newbie users will send their coins there), $5 wrench attacks, and impersonators who pretend to be friends or family members who urgently need a money delivery. These are the ones that become more common as the price and adoption go up. Which is why you need to be aware of them and protect yourself by minimizing the amount of data you provide about the services that you use, the place where you live, and the amount of bitcoin you have.
Getting back to ChatGPT‘s argument, it’s disingenuous to assume that people getting scammed is a serious threat to Bitcoin. The network will exist and continue to function in spite of the thieves. Sure, a large number of people might feel scared and deterred by the idea of responsibility. But we shouldn’t forget that self-custody solutions also get more secure and user-friendly over time. Bitcoin’s layers also get more developed and new ways to use and store your money get unlocked.
For example, the Fedimint project plans to enable community banks in which users can unlock their funds with nothing but a selfie. Also the Wizardsardine recently launched their Liana to make it simple to lock your bitcoin until a future block height of your choice. This makes long-term holding and inheritance easy and free even for technical users who don’t understand Bitcoin’s script. You could have done it in Bitcoin Core and Electrum all-along, but now it’s even more user-friendly. Hackers and malicious actors exist in every money system and human organization. What matters the most is to build a culture of fairness, accountability, good practices, and truth.
As long as these are in place, ChatGPT is gonna be taking a big L for being so wrong with its FUD.
SCOREVlad C. 4
ChatGPT 0″
Vlad has shown how secure Bitcoin is. Look at those huge, crazy numbers like “115 quattuorvigintillion” used to describe Bitcoin’s security! Bitcoin has math and energy on its side and has survived all types of attacks over the past 15 years.
I’m Charles Polanski and I seek to turn the Bitcoin-curious into Bitcoin investors and enthusiasts.
Thanks to Vlad for making this excerpt available to freely spread.Find him on Twitter: @TheVladCostea
“Your Bitcoin influencer’s influencer.”
Host of the Bitcoin Takeover Podcast
Writer of the open source @btctkvr mag.
Check out his work: http://linktr.ee/btctkvr