Blog

Are you accidentally paying for BitCoins?

It was recently discovered that more than one business were surreptitiously using computing power of visitors to their web sites to mine bitcoins. Maybe they did this as an alternative way of paying for their costs instead of using advertising. Maybe they did this for other reasons. But this should not be too surprising. The cost of electric power is the single biggest cost in solving hard cryptographic problems these days, and that’s true whether you’re trying to crack a key or just to mine bitcoins. And that means that there’s a strong incentive to get someone else to pay for that power. But exactly how much power does it take to do cryptographic calculations?

Back in 2012, at DARPA’s “The Impending End of RSA” workshop, Dan Bernstein gave a talk in which he described how much electric power it would take to crack various RSA keys. He assumed that an attacker would spend a fairly modest amount on hardware, say just a few million dollars or so, and would then use that hardware to crack a key, with the goal being to crack a key within one year.

Dan claimed (but I’ve never checked his calculations) that for a 1,024-bit RSA key, it would take about the entire output of a typical power plant to do this. He also claimed that to do this with a 2,048-bit RSA, it would take roughly the amount of energy that the Earth receives from the sun in that year. He then suggested that DARPA really should have called their event “The Impending End of RSA-1,024” because the energy requirements for cracking an RSA-2,048 key makes doing it pretty much out of the question. Dan’s scenario for cracking a 1,024-bit key is right on the outer edges of plausibility. Doing it for a 2,048-bit key is really well into the realm of science-fiction.

But the idea of measuring the cost of cryptographic attacks in terms of energy instead of other factors like time or money is an interesting one. A typical power plant might put out about 1 gigawatt, which ends up being about 30 petaJoules (3 x 1016 J) over a year if it’s operated at full capacity. (The massive Three Gorges Dam in China has a maximum capacity of about 22.5 gigawatts!) That’s an unwieldy number to deal with, but there’s a handy yardstick to use for measuring energies that are roughly that big, and that’s the megaton.

A megaton is how much energy a million tons of TNT releases when it explodes, and is equal to about 4 petaJoules (4 x 1015 J). The American B41, a typical Cold War strategic nuclear weapon, had a yield of about 1.2 megatons. The crack of RSA-1,024 that Dan proposed would use about 7.5 megatons of energy, or more energy than several Cold War era strategic nuclear weapons.

That’s a lot.

Is the amount of energy needed to mine bitcoins more than that or less than that?

It looks like bitcoin miners spend about 18 terawatt-hours of energy, or about 65 petaJoules (6.5 x 1016 J) per year mining bitcoins. That’s roughly the energy from two power plants. Or it’s roughly enough energy to crack two RSA-1,024 keys. Or it’s about 16 megatons of energy. Or it’s about the energy of a couple of young programmers at Silicon Valley start-ups.

No matter how you measure it, that’s still a lot of energy.