|
Title: Quick question regarding valid private keys per address Post by: ChetnotAtkins on June 17, 2015, 12:22:32 PM Since the private key space is 2^256 and the address space is 2^160 each address can be created from 2^96 private keys on average.
Now you can either use the uncompressed or the compressed public key to compute an address. Does this imply that each address corresponds to 2 * 2^96 private keys? (2^96 private keys with a valid uncompressed public key and 2^96 private keys with a valid compressed public key) Title: Re: Quick question regarding valid private keys per address Post by: amaclin on June 17, 2015, 12:40:41 PM yes.
may be slightly less, may be slightly more Title: Re: Quick question regarding valid private keys per address Post by: grau on June 17, 2015, 03:31:03 PM If you like playing with those numbers also consider that private keys in modern wallets are generated from word lists of length 12.
If those words were used as an alphabet then they would define a 2048^12 or 132 bit key space. The word lists are instead hashed (see BIP39) which gives an approximate entropy of 2.62*4.5*12 = 141 bits. Therefore the attainable private key set in modern wallets is smaller than the 160 bit range of addresses. Using entropy estimates from here: http://people.seas.harvard.edu/~jones/cscie129/papers/stanford_info_paper/entropy_of_english_9.htm Title: Re: Quick question regarding valid private keys per address Post by: btchris on June 18, 2015, 11:41:07 AM If those words were used as an alphabet then they would define a 2048^12 or 132 bit key space. The word lists are instead hashed (see BIP39) which gives an approximate entropy of 2.62*4.5*12 = 141 bits. FYI BIP-39 (and Electrum 2.x) starts with a specific amount of entropy, and then derives the words from that entropy (https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#generating-the-mnemonic), not the other way around as you implied. Typically, this is 128, 192, or 256 bits for 12, 18, or 24-word long mnemonics. (and of course the hashing which follows does nothing to increase that initial entropy) Title: Re: Quick question regarding valid private keys per address Post by: grau on June 18, 2015, 12:07:25 PM If those words were used as an alphabet then they would define a 2048^12 or 132 bit key space. The word lists are instead hashed (see BIP39) which gives an approximate entropy of 2.62*4.5*12 = 141 bits. FYI BIP-39 (and Electrum 2.x) starts with a specific amount of entropy, and then derives the words from that entropy (https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#generating-the-mnemonic), not the other way around as you implied. Typically, this is 128, 192, or 256 bits for 12, 18, or 24-word long mnemonics. (and of course the hashing which follows does nothing to increase that initial entropy) Yes, the user would be a worse source of entropy if he was to chose the words directly. My point is, that if you are able to encode entropy into 12 words then it can not be more than entropy represented by 12 words, no matter of its source. You are right, that there are options generating a longer list, but I think default is 12 in popular wallets. Title: Re: Quick question regarding valid private keys per address Post by: grau on June 18, 2015, 12:55:48 PM Actually the generation of the word lists from a given entropy does not increase it, if the dictionary is known and fixed, just like hashing does not.
Therefore the key set is size is determined by the entropy generator. I was overestimating the entropy using the stats of the language. |