Bitcoin Forum

Can anybody explain in simple form why keys are safe?

There are several exchanges with wallets, desktop wallets, web wallets, mobile wallets, etc, and all of them are generating new addresses and private keys all the time for every user. And none of them are telling the other what keys have been used already. So why is it not possible that duplicate addresses can be created? Why is it not possible that a private key can be discovered by luck or brute force?

Hey, If you want consistent explanation reads It on wiki.

Private key: https://en.bitcoin.it/wiki/Private_key

Public key: https://en.bitcoin.it/wiki/Address

I read both of those wikis completely but I did not find the answers to my questions.

In short, the chances of two people generating the same private keys are so low that it is not worth worrying about. Do you worry about being hit by a meteor?

Because for one


but most people dont grasp how slim the chance for this actually is.

Lets play a game with private/public keys, shall we?

I have a public key (e.g. the one in my signature) the chance for you finding the private key for it is the same chance to find a bucky ball  (https://en.wikipedia.org/wiki/Fullerene) within planet earth (this includes the core and the air). If you want to see the calculation go here: https://bitcointalk.org/index.php?topic=587693.msg6473942#msg6473942

If this is to abstract you can think off it as finding a single water molecule in every water source (this would ofc include animals and humans) on earth. Yet this is way off, you have a very good chance to find this water molecule compared to your chance to find the private key to my public one.

These chances are so minimal that even if everyone would make a new address for every transaction for the next 1000 years, the chance of collision (2 same private keys) is still minimal. I probably will do a calculation on how slim exactly sometime in the future.

If you had to ask other people not to use your private key then your coins would be stolen in seconds.

Ok, but that doesn't really satisfy. Because as more people used bitcoin, and more an more addresses are generated, and the longer its been around, there would be more and more of a chance of duplicate addresses.

Question: after an addresses is loaded with funds and added to the blockchain, then, does that information get sent to these automatic addresses generators in all the web, desk, and mobile wallets, and the bitaddress.org generator too? I don't think so. So how do they know they are not creating an address which was already created?

The chances are extremely slim, but technically speaking, it IS POSSIBLE.

The numbers are so huge that none of the things you mention, even multiplied by a billion, make the slightest difference.

The number of possible addresses is 2¹⁶⁰. If 10 billion people have generated 1 billion addresses each, then the chances of a new address colliding with any of those is 1 in 2¹⁴¹. That's a 1 in 2,787,593,149,816,327,892,691,964,784,081,045,188,247,552 chance.

Let's pretend that Bitcoin is as big as Visa, which can process 24,000 transactions per second. In a million years, bitcoin will have processed up to 800,000,000,000,000,000 transactions. If a new key were generated for each of those, then there is still only a 1 in 2,000,000,000,000,000,000,000,000,000,000 chance that it will be a duplicate.

Send me your private key and I'll promise not to use that address. Pinky swear.

Please watch this: https://www.youtube.com/watch?v=KX5jNnDMfxA

They dont.


probabilistically speaking: it will not happen.

Humans are just really bad at understanding just how big a number is when numbers start getting REALLY REALLY big.

We're not talking about lottery winning numbers here.

We're talking about:


It just isn't going to happen as long as the numbers being generated are from a random enough source.

Now, what can happen, is that an operating system or wallet program can have a very inadequate way of generating random numbers such that they aren't truly random.  Due to poor design, the program could fall into some pattern of numbers that initially seem random, but actually aren't.  If that happens, then two people running the same program could potentially generate the same addresses.

That thread is awesome!

You can try to generate as many addresses as you can to try your luck. Winning some big lottery is easier actually :D

No use, Bitcoin is designed to prevent duplicate address.

Bitcoin is not designed to prevent duplicate addresses.

Public key and Address are two completely different things, your address is made from your public key but you don't normally see your public key.

This would be very comforting, if it wasn't for the fact that less than 500 years ago scientists believed the Sun revolved around the Earth. Humans are consistently creating theories to fit an infinite universe into a finite mind, and ending up proving ourselves wrong and looking foolish. Without getting too abstract, can you, without doubt, say that we actually understand completely the dynamics of probablity? Is it truly random as you assume? What if it's not. Have you heard of Murphy's laws?

http://www.murphys-laws.com/murphy/murphy-laws.html

It is -mathematically speaking- not clear what randomness is. This however is no issue when analysing it, as long as you keep "luck" or "gods will" out of the equation.


True randomness -if it even exists- is hard to generate for computers. Thats why the safety of your coins is tied to the quality of the random number generator your operation system uses. If your random number generator (RNG) is bad the chance that someone else gets the same keys is high. E.g. android phone RNG https://bitcoin.org/en/alert/2013-08-11-android
This is easy to understand. If you have only 4 random bits instead of 160 you only have 2⁴ = 16 different keys. So the chance of a collision increases drastically with every new key. The pool of possible keys on the other hand is doubled with every bit.


This starts to get philosophical. If you dont have randomness you cant have security. This is not limited to bitcoin, this would also effect online banking and credit cards.
There is currently no known attack against the algorithms used by bitcoin. The RNG can be bad, the code can be bad, but the algorithms are good.
However the bitcoin protocoll can be changed, its not set in stone. The strong crypto algorithms of today may tomorrow be weak and can be replaced by newer stronger ones.


Yes, its satirical.

damn, i still don't understand the meaning of having public and private key.
could someone explain it with simple sentences?

Private key of A = A can spend the coins
Public key  of A = you can get the address and send coins to A.

If you will a public key is (are many) padlock(s), they allow you to lock the coins for someone else without having the key.
The key to unlock the coins is the private key. There can be several copies of the same private key but thats not wise. Thats why its so important to take care of your wallet. It has your private keys.

so for example i buying pizza, and i pay them using private key?

and if i'm the seller i give them my public key?

Yes.
If you (A) buy a pizza, the person selling the pizza (B) gives you public key B. Now you make a transaction (10,000 BTC for 2 Pizza (https://bitcointalk.org/index.php?topic=137.0)) and sign it with private key A. Now everyone else knowns (via the blockchain) that you have 10,000 BTC less and B has 10,000 BTC more. Now B can spend the 10,000 with B's private key etc.

haha, thanks for the explanation!.
finally understand  ;)

Unfortunately, some people use the words "public key" to mean "bitcoin address".

A public key is NOT a bitcoin address (even though many confused people will tell you that it is).

You typically will never see and never know your public key.  The public key is used by the bitcoin protocol to verify digital signatures.

If you are buying a pizza, you will use bitcoin wallet software to create a bitcoin transaction that "sends the bitcoins to the pizza seller".

The bitcoin software will handle all the technical details for you.

If you want to know about those technical details:

The bitcoin wallet software will choose enough unspent outputs that you have received in the past so that the sum of the value is more than the amount you are "sending to the pizza seller".  These will all be listed in the transaction as "inputs".

Then the bitcoin wallet software will create a new output that assigns the desired value to the pizza merchant's bitcoin address, and a second output that assigns any extra amount from the sum of the inputs to an address in the bitcoin wallet.

The protocol requires digital signatures for each of those inputs proving that you have authorization to spend them.  The wallet uses the private keys to compute ECDSA digital signatures.  This is the mechanism that prevents other people from spending, or stealing your bitcoins.  Since they don't know your private keys, they are unable to generate the proper digital signatures, and the rest of the network just ignores any transaction that anyone else tries to create that would spend your bitcoins.  Of course, if a hacker can gain access to your private keys, then they can load them into wallet software of their own, and spend your bitcoins.

There is a mathematical relaitionship between the private key and the bitcoins address, but if only works in one direction.  If you know the private key, then you can compute the bitcoin address.  If you know the bitcoin address, it is impossible to compute the private key.  This means it is safe to give your bitcoin address to people (so they can send you bitcoins), since they can't figure out your private key.

The digital signature is also mathematically computed.  The particular mathematical relationship means that a signature can be verified without the private key as long as you have the public key.  Bitcoin includes the public key with the signature.  That way the entire network can verify the signature with the public key, and then can make sure that hashing the public key results in the correct bitcoin address.

how about blockchain?
i don't see any private key?

Sorry for all the question, i'm just want to learn more about bitcoin security  :-[

The blockchain.info website creates an indexed database of all transactions that have ever been seen on the bitcoin network.  That allows them to create a website where you can search for and see transactions, addresses, and blocks.

The blockchain.info wallet service stores your private keys for you in encrypted form in their database.  When you want to create a transaction, they send these encrypted private keys to your web browser where their are decrypted with your password.  Then javascript software running in your web browser handles the creation of the bitcoin transaction and generating all the proper signatures.

That's the whole point of "private". ;)

I'm pretty sure there are no keys on the blockchain at all. Just transactions that are signed.

so do you mean my private address well kept and secured from them with only my password, etc?

Yes, the blockchain.info mywallet "server" never knows your PK's, the wallet in encrypted in your browser locally and then uploaded to their server. You can also use a secondary password which means the password your wallet in encrypted with is different than the password that you login with to d/l your wallet.

locally? are you pointing at cookies?

Yes locally. You can inspect the cookies. There is a cookie that remembers your wallet id. that has nothing to do with the encryption.

But, other than that, the blockchain.info wallet is all javascript that runs locally. It uses the blockchain.info API to get your balances and to send money. You can view the blockchain wallet source code on github.

No, think about a file that you encrypt and send to their server. It can only be decrypted with a password only you know. So they take care of the file, but if you forget the password, they cant help you. That way they private keys are stored online but only encrypted. When you want to do something on blockchain.info you login, the browser downloads the encrypted file and decrypts it on your computer. That way your private keys are not decrypted online.

ah!, got it!. thanks!  ;D

I'd like to bring this topic into the light again, and ask about quantum computers as a threat to the security of cryptocurrency.
Isn't it more than likely that quantum computers, when developed sufficiently would have no problem at all discovering or cracking bitcoin private keys?
The computing power of quantum computers is awesome and will only get more awesome with development.

Couldn't they also dominate mining as well?

Well, the chance of some two people having generated the same key is bigger, and that is needed for collision. The chance is still low enough to be neglected. But to answer OP, yes it is possible that the next time you generate an address with your client, you get the key to Satoshi's main wallet and can use his coins. But the chance is really small. Not like winning the lottery, more like the event that you win the lottery this week and your brother wins it the next week and then the both of you get shot while shopping for groceries in two seemingly unrelated killing sprees and then the killers share the next week's lottery jackpot and Macarena regains its popularity and becomes the numbers one hit on major radio stations, and before that a bitcoin whale reading this message thinks it was the best and most inspiring thing he ever read and contacts me and sends me 500 bitcoins because he was so impressed, you know, that sort of thing.

Macarena's coming back, I'm sure of that.  :P


um...what if someone in the future got a quantum computer to continually generate new private keys and check their balance in the blockchain.

Well, quantum computers are not a high-speed ordinary computers but completely different. Powerful quantum computers would be a threat to Bitcoin, but the main threat would be to the public key cryptography used in bitcoin. The elliptic curve discrete logarithm problem can be quite efficiently solved with a quantum computer using an algorithm similar to Shor's algorithm for prime factorization, and would allow private keys to be recovered from public keys.

But at the current state of quantum computing the risk is only theoretical, Shor's algorithm has been run on quantum computers to factor numbers like 15, which is a nice proof of concept but hardly a threat to any cryptosystems.

In the future, the algorithms in Bitcoin will probably have to be changed into quantum-resistant ones, but there will be a lot of time to think about that. For sure we will see wonderful things in cryptography in the future, maybe it is possible to find some kind of provably very strong cryptography; maybe it is even possible to prove the nonexistence of a really efficient (whatever that means) algorithm at some point. Of course these are hard things, just look at the P=NP problem, but I believe this will be one area of science to see unbelievable progress in the near future. Anyway we will almost surely not see a sudden collapse of present-day crypto, but a gradual weakening and replacement.

What you wrote made no sense. I recommend that you learn the difference between an "address" and a "wallet".

Sorry, that was surely really badly put. But the next time he generates a new address, he might just generate the private key that corresponds to the address where Satoshi has the most bitcoins.

I would not want to create any more confusion with these things of course...

Theoretically, quantum computers will render all current cryptography insecure. That includes AES, RSA, SHA, SAH256, Blowfish, etc. The underpinnings of SSL, bank security and others.

Frankly, I don't think it will happen in my lifetime.

The next time you walk outside you might be approached by an alien robot disguised as a semi-truck too.

Ha... that's funny. Of course, you can't compare impossible to improbable.

How can you say it won't happen in your lifetime? Google and NASA are already using quantum computers, aren't they?

Are you referring to the D-Wave? It is far from a general usage computer. Also, very few people have agreed it actually is a quantum computer.

From what I read it is all research and theory at this time. That whole super conductor issues has to be solved first.

There might be some very very small tests that have been done. But, they have a long way to go before there are any practical uses of quantum computing.

But, still my point stands. If a quantom computers start to exist, then pretty much all crypto will have to move to them, not just crypto currency.

Not to get too abstract, but there are many on this Earth who claim there is technology that exists that goes beyond anything we thought possible for this time period, whether it be alien or not, it is almost certain that there are technologies kept secret which are not revealed publicly.

I find it irritating how some people in this forum seem to think there is nothing in the world that they don't know of or haven't heard of.

"Some people" here. ;)

BTW: I never said that. But, the scientific community is much more open and transparent now than it every was. This is because people know that sharing research helps the greater whole.

Is it possible that the NSA has built a quantum computer, sure. The real question is, is it probable?

Anything possible eventually will become probable, given time.   :)

That is not true.  Quantum Computers need an efficient quantum algorithm.  Shor's algorithm is very effective at brute forcing public key systems (RSA, DSA, ECDSA).  They don't significantly reduce the security of symmetric (AES) cryptography or hashing algorithms (SHA-256).