Bitcoin Forum

Is not it possible that a same address is being generated by 2 clients ? Or 2 persons at 2 different parts of the world are creating brainwallet from same passphrase ?

read this thread! I argued that couple days ago.

https://bitcointalk.org/index.php?topic=557274.0

As long as the wallet is using a source of random numbers with significant entropy?  No.

If there is a bug in the computer such that the "random numbers" that the computer provides aren't "random enough", then yes, absolutely.


This is VERY LIKELY.

This is why people should not use brainwallets.  Most humans aren't capable of creating and memorizing a brainwallet passphrase that is random enough to reduce collision chances to acceptable levels.

That is correct, but I would just like to point out one thing.
It is possible that the wallets are indeed using a source of random numbers with significant entropy, but it can still generate the same address.
The chance is extremely low, so low it is like impossible, but extremely low chance does not equal impossible.

It is also possible that all the air in the room will spontaneously collect in one corner suffocating everyone in the room.  The chance is extremely low, so low it is like impossible, but extremely low chance does not equal impossible.

Now ask any lay person if they think that it is possible for all the air in the room to suddenly collect tightly in a corner leaving everyone to suffocate, and we'll see if "impossible" in general use means what you think it means.

Well, that is why I am pointing out most people are wrong.
Also, why would all the air in a room suddenly collect tightly in a corner?

I greet you Sir for your input, that's why I argued this point couple days ago.
Imagine you are walmart.com or amazon.com ..etc and you get 500 transaction a second/or minutes or whatever, then someone with that very extremely low possibility generated your business address. Oh well... imagine your loss!
But people are so excited and busy about the dream of being so rich one day when the coin hit million dollars and are forgetting the fact that until that day come there is an extremely small chance that someone may generate the same address and all your saving will be gone!

No, it is not possible. Don't argue about it, go read up on it.

You might say a chance of a person having a birthday on a given day is 1 in 365, and therefore the chances of two people having the same birthday are (1/365)*(1/365)= 1/133225

But...

http://en.wikipedia.org/wiki/Birthday_problem

So, while your individual chances of generating the same address as anyone else is very very very very very low, you may hear of such a case in the bitcoin community eventually.

Though, in multiple instances I have seen Danny is quite a knowledgeable person, but I dont understand why sometimes he argues like a kid !!! Why on earth all the air in the room will spontaneously collect in one corner suffocating everyone in the room ? That is against the second law of thermodynamics (http://en.wikipedia.org/wiki/Second_law_of_thermodynamics) !!!

Yah but the "laws" of thermodynamics are misnamed, they are the statistical principals of thermodynamics, so it's statistically unlikely that it will happen, and should be qualified by "should the system be left it it's own devices".... otherwise people start saying ridiculous things like airconditioning and refrigeration being impossible.

Most people who spout "Thermodynamics, BOOYAH!!!" haven't got the first freaking clue what it is and where it comes from.

Most humans have a very difficult time comprehending just how big some really big numbers are.


For the same reason that two people will randomly generate the same address.

Generation of addresses is random.

The motion of the air molecules in the room is random.

There is a "possibility" that two people will just happen to randomly generate the same address.

There is a "possibility" that all the air molecules will just happen to move in the same direction to the corner of the room.


2¹⁶⁰ is a very Very VERY big number.

500 transactions per second is not a very Very VERY big number.

Also, Walmart or Amazon or whatever should be using a new address for every transaction.  So even though they won't ever have the same address as anyone else, it wouldn't be a big problem if they did since that address will only have one transaction of bitcoins in it.


You don't seem to understand how "extremely small" that chance is.  There are things that are MUCH more likely to happen, that you don't every worry about and that are far more dangerous.


No you won't.  Not if both addresses were generated using random numbers with sufficient entropy.  2¹⁶⁰ is a very Very VERY big number. 365 is not a very Very VERY big number.

Keep in mind that no matter how many addresses are ever created, there can never be more than 2,099,999,997,690,000 addresses in use at a time, and will almost always be much less than that.


Because that is the only way to present a demonstration of "extremely unlikely equals impossible" that anyone seems to understand.


It wouldn't.  And no two people generating random addresses with sufficient entropy are going to generate the same address either.  They are both "mathematically possible", but in reality they are both impossible.


No, it really isn't.  It is however so unlikely that we can say it is impossible (just like generating identical addresses from completely random sources with sufficient entropy).

There have been so many cases reported where people logged on to their accounts and their BTC were gone, how can you know for sure that it wasn't because of address collision?

A lot of people don't take the flue vaccine because they are worried of the side effect of it, even though the percentage is low but it happened

https://www.youtube.com/watch?v=5ztiAN9k584

Now I understand that this address collision is extremely ^160 low, but that doesn't stop the fact that is still possible.

And the more Amazon and Walmart use a new wallet for each transaction, the more possible it might happen, as the more wallets you generate the more you increase the chance for collision.

Math and probability.  Extraordinary claims require extraordinary evidence.

Anything is possible but the odds make it so incredibly improbable that in the absence of extraordinary evidence it is far more likely that there is another possibility.

Nothing in life is certain. Quantum mechanics tells us there is a chance that you could just walk through a wall.  As Danny example points out, by random chance all the air molecules may move away from your head and cause you to suffocate and die before you finish reading this post.  All these things are possible yet we generally consider them impossible because the odds are so incredibly small.  We aren't talking about winning the lottery small, or getting stuck by lightning small, or getting eaten by a shark small.  We aren't even talking about winning the lottery while getting struck by lightning just after getting attacked by a shark small.  

We are talking about probabilities on a scale so unlikely that they are essentially zero.  The odds of an address collision are 2^160.  That is something on the order of the number of atoms in our solar system.  Imagine each key is a single atom somewhere in the solar system picked at random.  The odds that the same atom would be picked again at random is essentially zero.  It doesn't matter if billions or even quadrillions of addresses are in use.  It doesn't matter if you tried millions of billions of key.  The odds are so small that ~0% * a quadrillion * a billion =~ 0%.

Of course these same odds apply to other public key cryptographic systems.  Lets say your gmail account is hacked.  How do you know a hacker didn't just randomly slam a bunch of keys on his keyboard and produce a private key which could decode all your communications with google.  It could happen.  Maybe the reason you got hacked is because a hacker has been doing this for years?  Of course probability tells us the odds of that happening as so low that in normal conversation it can be considered to be zero.  Baring some extraordinary evidence it is far more likely you got hacked by another method.

I agree, and I understand that.
But let's take a minutes and look at the future of BTC if we are going to consider it the world currency.
Let's say 50 Billion addresses are generated each year. in a hundred year that's 5 Trillions Wallets and each year the collision become close to be possible.
Well probably at that time we will have to change the coin.
What about if a hacker came up with a wallet generator software? just use the software to generate a desktop wallets, and then you will have probably half a billion using it to make more and more wallets and increase the possibility of collision.
The point the guy who started the thread is: it is possible to happen because even though it is 2^160 at the end it is LIMITED to a number and the more wallets you generate the more you come closer and closer to the end.
In real life, people die and others are born, there is usually balance in every single physic law.
But for Math there is no infinity as long as you put "=" at the end of the equation.

Tell me about this extremely low collision again when a hacker come up with a wallet generator software!
If the software generate 1 wallet a min
1*60 = 60 an hour
60 * 24 = 1440 a day
1440 * 365 = 525600 a year
Now let's say there is only a million using the software
That's 525,600,000,000
and this is not adding what normal people are generating!

No.  Clearly you don't.  You say you do, and yet you immediately follow that up by demonstrating that you don't.


No, it doesn't.

5 Trillion is not a big number.  You feel like its a big number because it's bigger than you can comprehend.  Then you compare a number that is bigger than you can comprehend to another number that is bigger than you can comprehend and you feel like they aren't very far apart.  You are mistaken in that feeling.


Perhaps.  Perhaps not.  Either way, it doesn't matter.


It already exists.  There are already people who are bad at mathematics who are running it continuously.  It doesn't matter.


And they still aren't going to have a collision.  2¹⁶⁰ is bigger than you are realizing.


And if every single human being on earth does nothing else except generate addresses as fast as they can continuously until the sun burns out 6 billion years from now, they still won't reach the point where an address collision has any chance of happening.


There is not infinity, but there is realistic impossibility.


See my examples above.  The numbers you are typing are not big.  They don't change the odds in any significant way.

Let's go back to school.

It is not possible. Not even in theory. Probability forbids it. The only way it could happen is through faulty code.

Yes, there is a probability in theory.
Prove that there isn't.

Also, the point is not about whether we should care about this possibility, it is not about if we should think about things that have a higher probability to occur.

The point is that 0.01^ ∞% ≠ 0%.

You are bad at math, and wrong. There is no possibility of it happening. It has been discussed, and mathed out, a number of times before. Use the search feature and read instead of arguing on the internet.

It would be a RIPEMD-160 collision.
Highly not possible but not impossible ;)

If you think that 0.01^ ∞% ≠ 0% is incorrect, you seriously need some mathematical help.
How is it not possible? It is a thing with a chance so slim it cannot be described, but that is not impossible.
Like Danny said, it's possible for all the air in a room to move to one corner so that you suffocate. It is possible.
You are simply arguing without a valid point, "search on the internet" is not a point. Also, saying that someone is bad at math directly without knowing a person is simply stupid.
Please reconsider before giving opinions.

This really is the final word on this topic. There is nothing to discuss past this point. It is not going to happen and those of you who like to argue for arguments sake are going to have to prove otherwise. Which you can't, so you will continue to dodge the issue and set up strawmen. Have fun with that.

Time and again I am getting this clause completely random sources with sufficient entropy. I feel secured with the no. 2^160. But to reach that I need to make sure I am protected by sufficient entropy. How do I make sure that my lappy has sufficient entropy to make the Bitcoin-QT happy ? Or how do I know the coinbase or blockchain.info server have sufficient entropy to avoid address collission ?

Danny,

Again, I do understand what you are saying. My ignorance in how Bitcoin works can limit my ability to process everything, which is why I use simple examples, and my bad english can make that worse. I haven't looked into math long time ago since my college needed no math.

However, the math and 0% ...etc is not the real question here.
https://en.bitcoin.it/wiki/Address  this link explains a lot.
Also the link says that offline addresses can be generated and " The network starts tracking an address when it is first seen in a valid payment transaction."

Don't be upset with me just because I am trying to learn something here, after all it is a beginner forum!

Let's say I build an offline software where I can type in the address manually (not sure if this is possible)
Then I come to this forum and see all those people who type in their Bitcoin address under their names. I copy one of them and paste it in my software and create a wallet.
What's going to happen?

Well, you could trust the creators of your operating system (which is what most people do).

Or you could provide your own entropy.  There are several threads in this forum on how to do exactly that.

Just a few of the methods of generating a private key from your own source of entropy that have been discussed here at bitcointalk:

• Roll dice
• Flip coins
• Measure radioactive decay

Blockchain.info servers don't generate private keys.  They just store them.  Blockchain.info uses javascript running in the browser on your computer to generate your private keys and encrypt them with your password.  Then they send the encrypted private keys to their servers to be stored.  They don't have access to your password, and they don't have access to your decrypted private keys (which is why they can't help you if you forget your password).

As for coinbase?  You don't know.  They could just be running a huge scam.  For some reason, a lot of people have chosen to trust them.  I don't know why.  It appears to be some sort of mass mental illness.[/list][/list]

You cannot type in an address in your software and create a wallet. But u can type in your private key to create an address. In this forum everyone is sharing the address and not the private key. So again your chance of getting their private key becomes 1/(2^160) :)

Sorry to reply a question meant for Danny ;)

It is impossible to generate a key from an address.  If that wasn't true, we could all generate keys that would work for everyone else's addresses.

The private key is just a random number between 1 and 1.1579209e+77.

Then the private key is used to calculate the bitcoin address:

https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses

• Use point multiplication on the Secp256k1 curve to calculate the ECDSA public key
• Perform SHA-256 hashing on the public key
• Perform RIPEMD-160 hashing on the result of SHA-256
• Add version byte in front of RIPEMD-160 hash
• Perform SHA-256 hash on the extended RIPEMD-160 result
• Perform SHA-256 hash on the result of the previous SHA-256 hash
• Take the first 4 bytes of the second SHA-256 hash. This is the address checksum
• Add the 4 checksum bytes from stage 7 to the end of extended RIPEMD-160 hash from stage 4. This is the 25-byte binary Bitcoin Address
• Convert the result from a byte string into a base58 string using Base58Check encoding. This is the most commonly used Bitcoin Address format

If you type in an address (without the private key), you will be able to see all of the bitcoins that are received at that address, and you will be able to see all of the transactions that are signed by the private key of that address.  You will not be able to see the private key of the address, only the signatures.

It is not possible to create a valid signature unless you have the private key, and it is not possible to send a transaction without a valid signature.  Therefore, you will not be able to spend any of the bitcoins that are received at that address.

There is currently no known way to calculate a private key from a bitcoin address.  Some day in the future, it is possible that mathematicians may find weaknesses in the SHA-256, RIPEMD-160, and ECDSA calculations.  If they find such weaknesses, it might become possible to determine a private key from a bitcoin address.  It would also break much of the electronic security used by services all over the world (such as internet banking, and credit card processing).  Fortunately to calculate a private key from an address it is necessary to break all three algorithms.  Just breaking one or two of them isn't enough.  It is rather unlikely that a single person will suddenly discover weaknesses in all 3 algorithms simultaneously entirely on their own.  Generally such cryptographic weaknesses are discovered in just one algorithm and the weaknesses don't immediately completely break the algorithm, they simply make it slightly less secure.  This will provide bitcoin with plenty of time to switch to a new algorithm if a small weakness is discovered in one or two of the algorithms.

There is REALLY REALLy small chance, i didn't happen yet and cryptocoins are here for few years already.

I guess u r referring to https://bitcointalk.org/index.php?topic=560733.0. 90% of bitcoiners are not going to do this and will trust on OS generated random number. Does a Bitcoin-QT depend on CryptGenRandom (http://en.wikipedia.org/wiki/CryptGenRandom) implementation of Windows ?[/list][/list]

Now that really answers the whole question, wish if you explained that from start.
Basically you can't generate the address, you have to generate the private key and the private key generates and the address.
That also explains where the 2^160 came from as it is for the private key (not the address, since the address is shorter).
It is also worthless to type in the address cause you will only see transactions but nothing more, unless you like to watch how much people are dealing with.
And that leave us with the only = almost 0% chance to generate the key, which also off course we will have to remember that wallets will be born but also at the same time there are wallets will be destroyed.

Thank you all for everything, I just needed to feel more secure about the system before I decide to invest more in it.

No.  The private key is a random 256 bit number (2²⁵⁶) which is much larger than the range of bitcoin addresses (which are the result of a 160 bit hash from RIPEMD-160). The 2¹⁶⁰ is from the maximum number of possible addresses that can be calculated from the pool of possible private keys.

Couldn't coins just implement a fix for this? Like maybe create a few servers that manage address generation?

Also, I imagine that if walmart or Amazon started accepting a cryptocurrency they would likely get insurance coverage to protect them against any kind of computer failure/error including this.

Amazon should get "asteroids capable of killing all life on the planet" insurance coverage as the odds of that happening are quadrillions of times more likely than a 160 bit random collision.

No.  If they did, they wouldn't be a decentralized trustless system.  It would then require someone to run the servers and trust in whoever was running the servers.  

I didn't say they should get insurance specifically for that issue I'm saying that I'm sure they would have some kind of insurance clause that covers a wide array of random computer glitch type issues.

I don't think any insurance company is going to write a policy for "losing" coins which can never be definitively proven as lost.

This isn't a "computer glitch" it is a fundamental characteristic of how ALL public key cryptographic systems work.  SSL, TLS, PGP/GPG, DSA, etc they all work on the concept that creating a duplicate private key is infeasible (but not theoretically impossible).

It's also possible for everyone named Bob to simultaneously be hit with lightning.  Better start worrying about that, too.

Thanks. Can you also explain how VanityGen works then? It can calculate private keys for specified addresses, but it is nearly impossible to do so. (Unless the specified part is short)

VanityGen just generates lots of random addresses as fast as it can.  It compares each random address to the string of characters that you supply.  If they don't match, it ignores the address and keeps on generating more.  If they do match, then it gives you the private key and the address.


The longer the string of characters that you are trying to match, the less likely that vanityGen will ever randomly end up with a match.

I think this video summarizes the conversation:

https://www.youtube.com/watch?v=KX5jNnDMfxA

I take my hat off to you, sir. That video is just awesome.