Just for fun, because it's hard to appreciate how strong a 256bit ECDSA key is. Base Numbers: - 2*128 guesses on average - public state of the art for ECDSA on an FPGA is 1315tps [0] - retail price of said fpga $10,000 [1] - total net income for xilinx from advanced FPGAs FY2022 (936M * 0.74 + 879M * 0.72) = 1325M [2] Ballpark numbers, we'll assume that attacker can buy 10x every FPGA xilinx made in 2022 for a 50% discount and can run them non stop for zero cost. We'll also assume they have a bunch of secret math geniuses and have a faster ECDSA implementation that can do 1,000,000,000 tps ( or 1,000,000x SOTA) - (1325,000,000 / 5,000) * 10 = 2,650,000 FPGAs - 2,650,000 * 100,000,000,000 = 2,650,000,000,000,000tps - 2*128 / 2,650,000,000,000,000 = 1.28e+23s - 1.28e+24 / 60 / 60 / 24 / 365 = 4,080,000,000,000,000 years - ~4 quadrillion years - or 4x the time until every planet has been ejected from every star system and the sun has cooled to 5K [3] But why stop there, lets assume that the attacker can use the entire planets GDP to buy chips and has a 1,000,000,000,000,000x faster ECDSA implementation. - World GDP (2022): 101.3 trillion - (101,300,000,000,000 / 5000) = 20,260,000,000 - 100,000,000,000,000,000 * 20,260,000,000 = 2.66419e+28tps - 2*128 / 2.66419e+28 = 12,772,451,173s - 12,772,451,173 / 60 / 60 / 24 / 365 = 405 years So even then, we wouldn't see a single BTC key broken within our lifetime. (Unless you believe that 3 letter agencies have successfully built a quantum computer that practically implement shore's algorithm, in which case you should probably be more worried about the fact that they can break public key encryption globally) [0]: https://arxiv.org/pdf/2112.02229.pdf [1]: https://www.colfaxdirect.com/store/pc/viewPrd.asp?idproduct=... [2]: https://web.archive.org/web/20211203065624/https://investor.... [3]: https://en.wikipedia.org/wiki/Timeline_of_the_far_future