To secure an online account, the most popular choice is to use a password and username combo. The service where the account is hosted maintains all the username/password combinations in a database and serves as a central authority to allow or deny access. In the context of Bitcoin (or cryptocurrencies in general) a private key is used to achieve security in the absence of a central institution. A private key is essentially a secret number that proves ownership of a blockchain address. If someone has access to your private key, they can spend the contents of your wallet.

Private Key

Consider the following example private key:

FEF9CD8E97DBB9C7B6F4DF69B77371ED7D8CB86EBBBDCFCA53CDFE6A4EF0F526

This is a 64 digit number in the hexadecimal format. For Bitcoin specifically, this is encoded into a standardized Wallet Import Format (WIF). For the purposes of this post, we can continue with the hex format. Converting this to more human "readable" decimal format yields:

115,328,827,161,585,545,099,490,838,371,714,620,288,121,874,312,392,613,209,743,194,804,860,088,284,454

Just to cover all bases, in Binary, this number is:

1111111011111001110011011000111010010111110110111011100111000111
1011011011110100110111110110100110110111011100110111000111101101
0111110110001100101110000110111010111011101111011100111111001010
0101001111001101111111100110101001001110111100001111010100100110

The associated public key is generated using elliptic curve multiplication (one-way), sha256 (one-way) and some other encoding. The public key can always be generated from the private key but never the other way around. In essence, all we need is the private key to access the associated funds. It is being suggested here that 256 coin flips (heads - 1, tails - 0) result in a more secure system than what banks can provide. In fact, this is how some people actually generate their private keys.

This is certainly very unsettling the first time you hear about this. In theory, if you start to brute force numbers from 1 to 2^256, you will be able to unlock each and every cryptocurrency wallet there is. Doesn't sound very secure, does it? Well, with the resources we have today, only a moron would attempt to brute force this many possibilities. Part of the reason why this still feels preposterous is that human brains can't really comprehend how big a number 2^256 really is. It is so far removed from reality that even calling it astronomical is giving astronomy too much credit.

Attempting to visualize 2^256

Since we are dealing with cryptocurrencies, the most apt analogy is to imagine a locker. Let's say you've kept your money inside a locker for safekeeping but the thing is, this locker can be opened by anyone. How secure can this possibly be? Not much.

Now imagine filling up the Empire State Building full of lockers and your funds are kept in one of them. You can begin to see this getting a little more tedious but someone who is motivated by money will eventually be able to find it. Let's quantify this a little bit more.

Since we are trying to visualize 2^256, let's assume that we have stashed in our money in one of those lockers. Our hacker is able to build a robot that can scan through 4 billion (~2^32) lockers per second. They further build an app that can control 4 billion such robots through an app. They are also somehow able to convince over half the world's population (2^32) to download this app. If we equate locker scanned per second to the computational power, we are already well beyond the available computational power in the world.

All of those robots keep scanning 2^96 lockers per second. To be able to brute force 2^256 possibilities, they would need to run for 2^160 seconds. The age of the Universe is estimated to be 13.8 billion years which is less than 2^60 seconds. They would still only have a 1 in 2^100 chance of finding the correct locker if they were running this entire time.

Another simple way of visualizing the vastness of this number is to consider the grains of sand on Earth. Imagine that you picked a grain of sand anywhere on the planet. The probability that someone else can find that exact grain of sand is very roughly 1 / (7.5e18) which is 1 / 2^64. This number is nowhere close to the scale of 2 ^ 256.