Performance of FPGA vs GPU?

[Jufri]

Hello,

I have a question regarding FPGA performance vs GPU and I'm sure someone here will certainly be able to give me a good answer to this

I’m trying to recover lost bitcoins that I mined in the early days. I knew it was important to keep the private key but in the end I somehow managed to lose my private key but I still have 24 out of 32 bytes of my private key, found on half a piece of paper when I printed that private key back in 2012.

So I have 24 bytes out of the total 32 bytes of my private key. I can only recover this by brute forcing. But I’m not familiar with FPGA and I’m totally unsure how fast they would be able to do these calculations.

The required calculations would be incrementing a 256 bit number (starting at the lower boundary of the 24 bytes out of the 32 I have), doing the elliptic curve calculation in order to get a public key and then ripemd160(sha256(publicKey)) and compare the resulting hash160 with my address hash160. If they are equal I found my private key and I can recover my bitcoins.

Do you think an FPGA like this could do this in a reasonable time? I don't mind if it takes a year for example but there is no point in doing this if it takes > 100 years... 

I’m trying to figure out if it’s worth going with an FPGA for this in order to recover +- 110 BTC. Maybe I need too many FPGA’s and it might not be worth it… 

Or do you think high end GPU’s like an nvidia 1080TI will be better suited for the job?

If you think an FPGA can certainly be used for this. What kind of FPGA am I looking at, how much do they cost and how many would I need?

Thanks for your time. Looking forward for your reply.

Kind regards

Jufri

[Gau_Veldt]

Just to put in perspective 2^256 is a base ten number with around 77 zeros.  Let's divide this by 1000 THz for an imaginary design running at 1 PHz (petahertz which has 15 zeros) that can do the entire elliptic curve, ripemd160 and comparison to your target hash in one clock cycle (this pure fantasy is to simplify things by starting from a whopper hyperbole of a best possible design that cannot be achieved in practice).  Now we're at a number with around 62 zeros ~= 10^62 or so seconds.

60 seconds is one minute, 3600 seconds is an hour, 86400 a day, 3.162*10^7 is a year (around 31.6 million).

If we divide this into 10^62 we get around 3.66 * 10^54 years on an imaginary device that does a complete crack attempt for one 256-bit guess on a 1 petahertz clock.  If you had 1000 of these devices you'd only cut the exponent by around 3 (10^51) ideally and a million devices (10^6) only lowers the exponent by 6 to get 10^48.  Ten billion (one of these ultra fast rigs for every man woman and child on the planet) only lowers the exponent by 10 to get 10^44.

3.66 * 10^44 YEARS.

By then our sun will no longer be lit thus you likely won't be around to see the bitcoins when the key is cracked even with ten billion of these hypothetical 1 PHz devices that cannot be built with any of today's existing technology.

 

A 64-bit number, which is the keyspace you actually need to attack, is marginally more doable: 5.834*10^11 years so if every man woman and child on the Earth had one of these 1 PHz rigs (a botnet of pure fantasy) it would take 5.834 years.  A minimal FPGA board at around $100 runs at about 500 MHz so you'd need two million of them just to match one single 1 PHz fantasy device, multiplied by still another 10 billion to cut the time down more reasonably to 5.834 years (roughly 5 years, 10 months) for a cost of $200 * 10^16 (one trillion dollars is only 10^12).

 

Conclusion: It's not really practical to attempt a crack.

 

[DarkScyther]

On 1/15/2018 at 7:19 AM, Jufri said:

I have 24 bytes out of the total 32 bytes of my private key

Perfect! That makes this orders of magnitude easier! If you are still around shoot me a PM, let's get you your coins back!

[xc6lx45]

11 hours ago, DarkScyther said:

Perfect! That makes this orders of magnitude easier! ...

This is the worst good news I've heard in a while ?

pow(2, 64) is an impractically large number. The NSA might pull it off but even so, chances are good that by then the bitcoin price has gone below zero.

[DarkScyther]

4 hours ago, xc6lx45 said:

This is the worst good news I've heard in a while ?

pow(2, 64) is an impractically large number. The NSA might pull it off but even so, chances are good that by then the bitcoin price has gone below zero.

I can pull off a 2^64 crack, actually right now I'm building a machine that can do 2^80. It's actually not as impossibly large as you might think, 2^256 however I wouldn't dare try, that is huge.

Quote LBC, which has passed the 2^55 barrier in under 3 years with the tech that was available to the average consumer at the time.

[xc6lx45]

well, impossibility is a matter of scale... yes, with Terahash rates from ASIC miners this may make sense.