A lot of people trust that bitcoin is secure.
The general type of cryptography used to generate keys in bitcoin, public key cryptography, is also used to secure the internet, banks, etc. A lot of money and other things are supposedly 'protected' by this cryptography.
This page will have sections that explain
Section 1) The basic flaw behind public key cryptography.
Section 2) The reasons why public key cryptography is presented as secure even though it is not.
Section 3) The solution.
Scroll down to ***Shortcut*** if you are fair at math, can write scripts and want to break bitcoin yourself without waiting for somebody in some government agency to leak the solution.
This page describes a superficial weakness in public key cryptography, if you want a much more ‘timeless’ reason why cryptography in general does not work unless it ‘evolves’, go to the paradigms page.
Some material on this page has been copied, with minor edits, from other sources without attribution or quotes. It should be pointed out that almost nobody, among cryptographers, supports the idea that sha2, for example, is broken. The strongest 'usual' argument is that there is a loss of data in generating a public key from a private key i.e., a public key does not contain all of the data from the private key.
The basic answer to that though is simply that once a pattern is found that reliably correlates the 'relative position' of private keys to public keys then any private key can be found. If you can reliably say private key 'a' has a public key that is higher or lower than private key 'b' then you have broken the algorithm in a practical useful way.
The simple fact that the progression of the keys is not random means that a pattern does exist.
The fact that the algorithms were approved by agencies that are in the habit of promoting cryptography that they have broken suggests that the pattern is easily findable.
Here is the TLDR versions of the three sections
1) Public key cryptography uses a number or key from one set to generate a number or key from a second set.
~Even though bitcoin keys have letters and numbers, they are referred to here as numbers because the function that converts the keys is operating on both letters and numbers as if they were numbers.~
In any public key cryptography, the security of the system is derived from several variables, including
a) the size of the two sets, more numbers in a set = harder to brute force, but actually less security
~'Cracking' a code using patterns in the output, i.e., finding 'non randomness' in the encrypted product, is easier when there are more numbers to check.
b) the complexity of the algorithm
~Complexity is subjective. What is complex, and what is simple, are not always the same for different groups because of cognitive differences across groups, similar to how some individuals in a group might excel at one science, others at another science.
c) and other factors.
The basic premise is that the hashing function, used to create bitcoin keys for example, is 'one way' i.e., there is no way to work backwards from the endpoint.
In a very small set of numbers, for example if bitcoin had only 50 public/private key combinations, a pattern or relationship between public and private keys would be difficult to find, but a brute force attack would be easy.
Bitcoin wallets though have a set of numbers that is extremely high. For practical purposes there are enough combinations of public/private keys, and the 'expense' of calculating keys i.e., figuring a public key from a private key, is so small, that a person could easily test millions of key pairs for a pattern.
The full section 1 below, not finished yet, will explain in more detail why it is 100% certain that bitcoin, and any public key cryptography system not only is 'broken', but is easily broken by any person or group with certain resources.
2) Public key cryptography was started during the Cold War as a project which developed a highly specialized use of math in such a way that almost all of the 'participants' either had a vested interest in using it or, if they knew it was broken, a vested interest in keeping that fact secret.
In other words, in the early days of modern cryptography it was 'east against west', the USSR vs the USA. When the Soviets figured out some U.S. cryptography was flawed they were then closer to being on par with the U.S. and vice versa. Neither would announce cracks of opposing code of course, everybody benefited locally from continuing to pretend that the codes were secure, so the game got trickier and trickier.
In modern days the ruse has changed.
Today the government's cryptographers, anywhere in the industrial world, at the highest levels, all know that public key cryptography is a sham. But today there is no 'Soviet vs USA'. Instead, the pretext is fighting terrorism or child pornography or drug dealers or whatever. Nobody supports these crimes, of course. So telling people that 'we need to keep this secret to fight bad people' is an effective way to get people to not speak truthfully about public key cryptography. Unfortunately, the 'crime fighting' function of the ruse is largely fictional. Some crimes are solved, but the crimes committed by the ruse have become more extensive than those solved.
Elaborate deceptions have evolved to distract people from the flaws in public key cryptography. If you look at any public discussion on the matter the conversation is always guided into silliness about 'collisions' and 'pre image attacks' etc.
The basic common sense attack on any public key cryptographic system involves finding patterns, non randomness, in the output. It makes no sense to steer the conversation into complex trivial cracks of public key cryptography when the obvious complete crack is much simpler. It's like getting a gang together to break into a bank and then stealing the paperclips from a teller booth. It's silly.
The limited security of public key cryptography is based on estimating the capability of those who would crack it and using complexity in such a way that the balance between 'the difficulty of brute forcing' and 'the easiness of finding a pattern' are balanced. At this point there is such wide capability among governments to solve the 'complexity' side of any public key algorithm that there is no longer a 'government vs government' dynamic involved. Public key cryptography has become strictly 'people who know the secret and work within a bureaucracy vs their public, their citizens'.
The full section 2 below, not finished yet, will explain how several small groups of transnational 'rogue actors' with awareness of the flaws in public key cryptography have held numerous countries hostage.
3) The only reliable type of encryption which cannot be broken involves the use of one time cyphers. The only way to create a secure currency using encryption that will withstand hostile attacks is using one time cyphers. At some point melting pot digital currencies, like bitcoin, that are prone to hostile attack will require users to have access to a cypher pad, maybe in the form of a thumb drive or perhaps using biometrics.
In broader terms security of financial networks must be based on affiliations and language. There is no way to make a secure melting pot currency, which is both usable by hostile entities and secure from them, without an ever increasing level of security protocols which ultimately end in social chaos.
The full section 3 below, not finished yet, will explain why economies and their currencies must be built first around language and tribal affiliation, and why bitcoin will be far more harmful to non melting pot entities i.e,, tribal groups, than fiat has been.
Section 1, the basic flaw of public key cryptography.
Suppose you developed a simple encryption that involved 'adding 3, multiplying by 2, and subtracting 1'.
You would take your raw data, convert it to a number, then perform the steps.
For example if your raw data was simply the number 5, you would
add 3 = 8
multiply by 2 = 16
subtract 1 = 15
So '5 would encrypt to '15'.
If your raw data was the number 10, you would
add 3 = 13
multiply by 2 = 26
subtract 1 = 25
So '10' would encrypt to '25'.
If this encryption were used in a digital currency whose total number of available wallets was 100 then a hacker would simply create a wallet with all 100 possible keys and own all of the coins.
But bitcoin has over 1,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 possible private keys so a brute force attacker would need trillions of years to even load all of the addresses.
So what would happen if you used the 'simple algorithm' above to encrypt a currency with that many addresses?
It would be highly resistant to brute force attack, nobody has trillions of years to spend brute forcing.
But if a person took the simple algorithm and plotted a chart with several hundred random public/private key combinations a pattern would be obvious. Then, if he or she wanted to crack a specific address it would only be a matter of finding where the address, the public key, falls on the chart and then using the private key that corresponds to that position.
So for a very simple algorithm, like the 'add 3 x2 -1' used above, no math is necessary to crack it. You just need to draw the chart and eyeball it.
More complex algorithms can also be solved using visually apparent patterns, but that involves first analyzing the algorithm, something which might be difficult.
A much easier way to solve a complex algorithm is to make a script that looks for certain patterns.
For example do numbers created by lower value private keys tend to have a higher probability of being divisible by a certain number? There are countless possible patterns you could look for.
If the algorithm were closed source and not available for examination, any possible algorithm that had such a large field as bitcoin could still be broken easily just by testing for patterns until you found a slight correlation, then refining it until the correlation was precise enough for your use.
Here is a general step by step to crack bitcoin.
A person who is great at math, very good at writing scripts i.e., simple software, and good at finding patterns might be able to finish each step within a few weeks. For most people, each step might take several months or longer.
At some point this page might add further refinements but the algorithm is already cracked, and has been used by 'authorities' who already have access to the full crack, to steal large numbers of coins.
Create a simplified sha2
Start with the algorithm used for bitcoin but create a 'simplified version that mimics each function but is too simple to be considered secure.
An analogy, 1+7-6x2+5 would simplify to 1+1-1x1+1 though you would use primes
Create 'addresses' using the simplified algorithm, with all 5 digit private keys from 10,000 to 99,999.
A person could use shorter keys if they think they are smart.
Create a 'map' or 'list' or database with all the key pairs.
Then add to the database a) the corresponding 5 prime numbers that are the highest primes less than each private key, b) the same for each public key.
This is the pattern finding step. A person has to experiment to find a useful pattern, but as long as both public and private keys are given as a relationship to a prime, a pattern will be present.
Some people will solve this step quickly, some not.
Lather, rinse repeat, using sha2 in the number range within which bitcoin keys are taken, but sample the data until you can recreate the pattern that appears in the simplified sha2 from step 1.
For example use the first and last private key with its corresponding public key. Then the intermediate key pair.
Then the two intermediate key pairs from those three.
Then the four intermediate key pairs from those five.
Then the eight intermediate key pairs from those none.
Etc until you have a few thousand at least to test.
Then test for the same pattern that existed in the 'simplified sha2'.
Once you know what the pattern is you can reduce the number of private keys that pertain to an address down to the range between two prime numbers.
So instead of brute forcing an astronomical number of keys you only have to test a number of keys that will always be less than the highest prime gap under the private key, usually much less.
The database of primes up to 50 base ten digits might require some computing power to work with, but those are much smaller than 'big' primes.
Some suggestions that would be obvious to some people, but are added for others.
1) An alternative to make the numbers easier to work with would be to factor each key as high as possible e.g. /3 /5 /7 etc as high as can be done easily on the computer a person is working with, then consider the first 'prime' to be the highest factor, or remainder after factoring. This would have to be adapted by the person cracking the key.
2) Looking for patterns will be easier by changing the base. Some patterns are more visible in base 2, others in a higher base.
3) Patterns refer only to 'non randomness'. Once you can say a progression is non random, then you have to look for a way to describe the 'non randomness' as a mathematic function, or create a map/chart that follows the progression.
4) One of the most important things to realize is that there does not have to be a relationship between the progression of the public keys and the progression of the private keys. If you have 5 keypairs, 1,a 2,b 3,c 4,d and 5,f where the number is the private key and the letter is the public key, and the progression is sequential, you do not look for the 'same' rules for the two separate progressions. The first progression i,e., private keys, is easy to arrange, just pick a group of keys in order. The second part, the a,b,c,d,e,f etc, is the part where the pattern will appear.
5) One thing that would simplify finding patterns for a specific algorithm is combining keys. For example add 5 consecutive private keys together, plus add their corresponding 5 public keys together. Then use that as 'sample 1' e.g. '1a'. Then jump ahead and get 5 more for sample 2, add them together or otherwise 'combine' them, and use that as '2b', etc.
~The sections below are in progress~
In WWII Germany used the Enigma machine, which had been broken by allied cryptographers.
This was before any modern computers had been built. The Enigma was like a very simple computer making a simple cryptographic function.
"Before the mid-1970s, all cipher systems were using symmetric key algorithms, in which the same cryptographic key is used with the underlying algorithm by both the sender and the recipient, who must both keep it secret."
"In 1970, James H. Ellis, a British cryptographer at the UK Government Communications Headquarters (GCHQ), conceived of the possibility of "non-secret encryption", (now called public key cryptography), but could see no way to implement it. In 1973, his colleague Clifford Cocks implemented what has become known as the RSA encryption algorithm, giving a practical method of "non-secret encryption", and in 1974, another GCHQ mathematician and cryptographer, Malcolm J. Williamson, developed what is now known as Diffie–Hellman key exchange. The scheme was also passed to the USA's National Security Agency."