|
Title: Is it possible to generate the same adress twice? Post by: Bytas on June 13, 2013, 03:10:55 PM I have this question that has been bugging me lately.
Is it possible to accidentaly generate the same adress twice on 2 different machines? I mean, if you think of it, couldn't it be possible that i make a new adress on my pc to do a payment, and at the exact same time, someone else makes one too. I know the chances are almost infinitely small, but in theory those 2 adresses could be the same right? Does the client check with the network before making one? What about nodes that are disconnected but have empty adresses on them for later use? How does the blockchain deal with that? Is there a safety protocol in place to prevent this? Would those 2 adresses have the same private key as well? Would the blockchain reject one of those adresses, and if so, which one? I'm trying to understand as much as possible about bitcoin, so if anyone can enlighten me, that would be great! Title: Re: Is it possible to generate the same adress twice? Post by: linuxer on June 13, 2013, 03:14:21 PM I have this question that has been bugging me lately. Is it possible to accidentaly generate the same adress twice on 2 different machines? I mean, if you think of it, couldn't it be possible that i make a new adress on my pc to do a payment, and at the exact same time, someone else makes one too. I know the chances are almost infinitely small, but in theory those 2 adresses could be the same right? Does the client check with the network before making one? What about nodes that are disconnected but have empty adresses on them for later use? How does the blockchain deal with that? Is there a safety protocol in place to prevent this? Would those 2 adresses have the same private key as well? Would the blockchain reject one of those adresses, and if so, which one? I'm trying to understand as much as possible about bitcoin, so if anyone can enlighten me, that would be great! bitcoin-qt generates 100 address in advance in wallet.dat Title: Re: Is it possible to generate the same adress twice? Post by: Rannasha on June 13, 2013, 03:23:23 PM The number of possible addresses is so large that you could have every computer on the planet continuously generating addresses for as long as the universe has existed and you would still not expect to see the same address twice.
Yes, it is possible to generate the same address twice. There is nothing in the Bitcoin protocol that enforces that an address you have in your wallet is not also generated by someone else. But the numbers make it so mindbogglingly unlikely that there´s no point in worrying about it. Title: Re: Is it possible to generate the same adress twice? Post by: Bobs Yerunkle on June 13, 2013, 03:25:05 PM https://bitcointalk.org/index.php?topic=62.0;all
If you were to intentionally try to make a collision, it would currently take 2^126 times longer to generate a colliding bitcoin address than to generate a block. You could have got a lot more money by generating blocks. Title: Re: Is it possible to generate the same adress twice? Post by: davidpbrown on June 13, 2013, 03:25:22 PM It's possible but you're more likely to win the lottery multiple times. I don't know, if the chain could help enforce the first used instance as perhaps it doesn't see enough of the private key to be sure but then the extra effort is probably not worthwhile.
Title: Re: Is it possible to generate the same adress twice? Post by: DeathAndTaxes on June 13, 2013, 03:29:20 PM Possible but improbable. That can be kind of disconcerting to people but understand this same "issue" existing in all public key cryptography. For example I could just happen to create a private key that would allow me to impersonate your bank's SSL cert. I could just happen to create a PGP private key which unlocks someone else encrypted messages.
It is possible but so improbable as to be considered essentially zero. Title: Re: Is it possible to generate the same adress twice? Post by: pand70 on June 13, 2013, 03:38:35 PM I had the same question once.
The possibility is so low , practically zero , that makes collision the absolute last thing you should worry about in this world. Title: Re: Is it possible to generate the same adress twice? Post by: acoindr on June 13, 2013, 03:47:20 PM possible but unlikely Is it possible for someone to get hit by lightning 10 times in one minute? Best answer so far. :D Title: Re: Is it possible to generate the same adress twice? Post by: threeip on June 13, 2013, 04:14:11 PM It was reported at one conference that someone took a sha256 hash of a common password and used that as a private key for their Bitcoin wallet. The (unconfirmed) report was that someone used a dictionary attack to steal the funds. 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T is the address for 'correct horse battery staple', and I'm sure there's more than owner for that private key :) Title: Re: Is it possible to generate the same adress twice? Post by: DeathAndTaxes on June 13, 2013, 04:19:16 PM However, since most I wouldn't say "most". Almost all private keys (addresses are never random) created randomly with the small minority being brainwallets. People using brainwallets should understand the security implications and should always add salt to their passphrase. Remember salt is merely to add entropy it doesn't need to be a secret. You can email the salt to yourself (and others) in plaintext. The point of the salt is to prevent an attacker for just doing an attack against all possible keys using a dictionary. If an attacker learns your salt then he can employ a dictionary or brute force attack against your private key however at that point you are no weaker than if you used no salt. SHA256 is also a horribly "fast" algorithm. This is bad in key derivitive functions. One should consider using a function like PBKDF2 or bcrypt to generate the private key. These functions use thousands of iterations and thus the time to attempt one key is greatly increased. Had the person who was brute forced done this: privatekey = PBKDF2("password",8347389412748942,83473) where the first value is the passphrase, the second is the salt, and the third is the number of rounds it is unlikely he would have lost funds. Neither the number of rounds or salt is a secret. It should be stored in multiple locations to ensure it isn't lot. Title: Re: Is it possible to generate the same adress twice? Post by: greyhawk on June 13, 2013, 04:39:07 PM privatekey = PBKDF2("password",8347389412748942,83473) where the first value is the passphrase, the second is the salt, and the third is the number of rounds it is unlikely he would have lost funds. Neither the number of rounds or salt is a secret. It should be stored in multiple locations to ensure it isn't lot. What timeframe are we talking about here for the generation of a key with your example? Title: Re: Is it possible to generate the same adress twice? Post by: charleshoskinson on June 13, 2013, 05:00:51 PM Quote I have this question that has been bugging me lately. Is it possible to accidentally generate the same address twice on 2 different machines? Technically, yes. Like winning powerball three times consecutively is possible. Quote I mean, if you think of it, couldn't it be possible that i make a new address on my pc to do a payment, and at the exact same time, someone else makes one too. I know the chances are almost infinitely small, but in theory those 2 addresses could be the same right? They would have the same private key, yes. Quote Does the client check with the network before making one? Most do not. Quote What about nodes that are disconnected but have empty addresses on them for later use? Addresses are only recognized after they have received a transaction. I can have five million addresses in my wallet. Only if someone sends bitcoins to them does the blockchain have a record of their existence. Quote How does the blockchain deal with that? Is there a safety protocol in place to prevent this? There doesn't need to be one. The chances of an address collision are so low that it will likely never happen in a 1,000 human lifetimes. Quote Would those 2 addresses have the same private key as well? Yes Quote Would the blockchain reject one of those addresses, and if so, which one? The blockchain is agnostic to the private keys behind an address. One can even send bitcoins to an address without a known private key effectively destroying the coins until quantum computers can find the private key again. The situation you described would result in two parties having access to the funds. Quote I'm trying to understand as much as possible about bitcoin, so if anyone can enlighten me, that would be great! I hoped this helped. Title: Re: Is it possible to generate the same adress twice? Post by: BTC4Victory on June 13, 2013, 05:11:02 PM Possible but improbable. That can be kind of disconcerting to people but understand this same "issue" existing in all public key cryptography. For example I could just happen to create a private key that would allow me to impersonate your bank's SSL cert. I could just happen to create a PGP private key which unlocks someone else encrypted messages. It is possible but so improbable as to be considered essentially zero. I completely agree, but (referring specifically to the italicized portion), I'd question whether saying it so narrowly might reinforce some layperson's misperception that, at the end of the day, there's something just a little bit (even if almost-infinitessimally) less "secure," "certain," or "real" about public key cryptography and the infrastructure built upon it, when compared to analogs in the everyday physical "real world". But really, you reach a point where the odds of a thing happening become so vanishingly small that it is useful to compare it with the odds of similarly ultra-extremely-remote things happening (like the comments others have made about getting hit by lightning 10 times in a minute, or winning the lottery 3 times in a row). (E.g., imagine a mathematically-skeptical goldbug who says "well, you can't tell me with *absolute 100% certainty* that there won't be a colision allowing someone else to spend my BTCs? Forget that, I'm sticking with my gold bullion bars!" Even setting aside the issues of assaying your gold to make sure it's real, and securing it and guarding it to protect it from being stolen by thieves or washed away in a tsunami or vaporized in a bomb blast, I could respond, "you can't be *absolutely 100% certain* that all of the atoms of gold in those bars won't spontaneously decay into lighter elements and alpha, beta and gamma rays" -- and for a sufficiently high level of computational complexity, the odds of those things may be roughly equal.) No real deep point here, other than -- as seems to have a habit of happening in the Bitcoin world -- when you start to focus on what seems weird or troubling or risky or disconcerting, tahat can have a way of revealing how there's a lot that's equally weird or troubling or risky or disconcertaing about things existing world that you've alwways just taken for granted, in ways that you'd never really thought about ("oh, you mean it's turtles all the way down...?")... Title: Re: Is it possible to generate the same adress twice? Post by: threeip on June 13, 2013, 05:26:30 PM privatekey = PBKDF2("password",8347389412748942,83473) where the first value is the passphrase, the second is the salt, and the third is the number of rounds it is unlikely he would have lost funds. Neither the number of rounds or salt is a secret. It should be stored in multiple locations to ensure it isn't lot. What timeframe are we talking about here for the generation of a key with your example? 'Execution time 1.0590908527374 seconds' I made a quick calculator here; http://rackverse.com/pbkdf2/index.php ; (don't use your real passwords etc) Title: Re: Is it possible to generate the same adress twice? Post by: greyhawk on June 13, 2013, 05:50:47 PM privatekey = PBKDF2("password",8347389412748942,83473) where the first value is the passphrase, the second is the salt, and the third is the number of rounds it is unlikely he would have lost funds. Neither the number of rounds or salt is a secret. It should be stored in multiple locations to ensure it isn't lot. What timeframe are we talking about here for the generation of a key with your example? 'Execution time 1.0590908527374 seconds' I made a quick calculator here; http://rackverse.com/pbkdf2/index.php ; (don't use your real passwords etc) Christ. That's a nice deterrent. Title: Re: Is it possible to generate the same adress twice? Post by: fluidjax on June 13, 2013, 07:07:23 PM Changing the user data into a private key with sha256 can be done very quickly, however obtaining the public key from this private key requires ellipitical key multiplications.
This takes significantly longer. From my test using OpenSSL on a single cpu core on a reasonably fast machine, it can manage 1000 per second. So a 3 word pass phrase from a set of 10000 words will take 15 years on average to brute form. The comparison I heard before was the chance of getting duplicate private keys by chance, is the same as getting struck by lightning every minute for the next 60 years. Title: Re: Is it possible to generate the same adress twice? Post by: owsleybeatsbigcartel on June 13, 2013, 10:45:07 PM The number of possible addresses is so large that you could have every computer on the planet continuously generating addresses for as long as the universe has existed and you would still not expect to see the same address twice. Yes, it is possible to generate the same address twice. There is nothing in the Bitcoin protocol that enforces that an address you have in your wallet is not also generated by someone else. But the numbers make it so mindbogglingly unlikely that there´s no point in worrying about it. ~~~then the weakest computer forces the trade sweet~! ?lol Title: Re: Is it possible to generate the same adress twice? Post by: Anon136 on June 13, 2013, 10:47:03 PM short answer yes, long answer no
Title: Re: Is it possible to generate the same adress twice? Post by: lunarboy on June 14, 2013, 12:38:06 PM Everyone it seems in agreement. Yes its possible but no, it's so unlikely there is no need to worry about it.
OK but wouldn't it be fairly simple to have an automatic check within all the clients and a simple prompt .. 'this key pair already exits please try again' Getting Deja-vu on this topic but its nice to rehash once in a while. ;) Title: Re: Is it possible to generate the same adress twice? Post by: DeathAndTaxes on June 14, 2013, 01:49:29 PM Clients don't know if an address already exists only if it has already been used. Also coding that would be like coding your website to display .... "sorry we are offline because our lead developer was just hit by 12 metorites while being eaten by a shark" just in case that happens.
Title: Re: Is it possible to generate the same adress twice? Post by: Remember remember the 5th of November on June 14, 2013, 01:51:32 PM In case one does, it's finders keepers so.
Personally I am importing the blockchain into a MySQL database and will be creating a list of bitcoin addresses with a balance of X coins that have not been touched in a long time, compile that list into a single file and run my CPU Address bruteforcer on it. With my 30k list of addresses, I am generating about 800k addresses per second(even when comparing each and everyone of these 800k to the list)(on a single core). I am not even using any binary search trees. If I were to port this code to a GPU, it would be orders of magnitudes faster. Hey, it may take a billion years to get a single address, but I am doing for the fun. Title: Re: Is it possible to generate the same adress twice? Post by: lunarboy on June 14, 2013, 02:43:34 PM Just to give all a complete understanding on the scale of probability.
Can anyone give an estimate as to how long it would take the ENTIRE network hashing simultaneously to crack one address with a big balance ? ??? Title: Re: Is it possible to generate the same adress twice? Post by: DeathAndTaxes on June 14, 2013, 03:23:56 PM Just to give all a complete understanding on the scale of probability. Can anyone give an estimate as to how long it would take the ENTIRE network hashing simultaneously to crack one address with a big balance ? ??? Just about the time the Sun burns out, no? Well significantly longer. A perfect computer, that is one that operates at the thermodynamic limit in absolute zero, using all the available energy of our sun can't count to 2^256 in the next 4 billion years before our sun burns out. Yes we are talking far future science fiction, like using all the matter in our solar system to construct a star system sized super computer and the dyson sphere around the sun to power it. This is just counting 0, 1, 2, 3, .... 2^256. It isn't based on any current or future (Moore's law) computing power but the thermodynamic limit which is the efficiency limit of any cryptographic system. Per linked article below you would need to capture the entire output of a supernova to has sufficient energy to count to 2^216 so given a sufficient number of perfect computers and the ability to capture without any loss the energy output of a super nova if you found and used roughly 1 trillion super novas one could count through all possible values o to 2^256. I think Bruce Schneier says it best Quote ... These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space. http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html DISCLAIMER (as people have taken this out of context before): ECDSA like all public key cryptographic systems rely on certain mathematical properties to remain secure. ECDSA relies on the fact that finding a discrete logarithm of an elliptic curve element with respect to a publicly known base point is computationally infeasible. This is known as the discrete logarithm problem (http://en.wikipedia.org/wiki/Discrete_logarithm). A common misnomer is that ECDSA relies on factoring large numbers but that applies to other systems like RSA which are not used in Bitcoin. This principal has so far remained true and as such no faster than brute force attack exists at the current time. Likewise a brute force attack while possible is infeasible due to the energy requirements of a 256 bit keyspace. However like all public key cryptography, it is possible that ECDSA will eventually be compromised due to a flaw in its design or underlying principal allowing faster than brute force attacks. Depending on the severity of the compromise it *may* be possible in the future to find a private key from a public key in a reasonable amount of time/energy. The above cite is only based on brute force attack against a 256 bit private key like what would occur by computers randomly generating keys that happen to be one which is already in use. Of course if ECDSA becomes degraded the Bitcoin protocol could be extended to use new more secure address types and smart users would migrate their funds to more secure addresses. In the event of such a compromise (or quantum computing attack) Bitcoin provides a secondary layer of security by making the address a hash of the public key. The public key is not known until funds are spent. If one does not reuse addresses there is no known public key to attack against. Title: Re: Is it possible to generate the same adress twice? Post by: lunarboy on June 14, 2013, 03:59:41 PM ^^
....and comprehension finally dawns. HOLY SMOKE ! :o Title: Re: Is it possible to generate the same adress twice? Post by: grue on June 14, 2013, 04:06:51 PM This calculation is based on Boltzmann's constant which is classical physics. Not sure if quantum effects can theoretically do better. Title: Re: Is it possible to generate the same adress twice? Post by: DeathAndTaxes on June 14, 2013, 04:21:47 PM I think Bruce Schneier says it best Quote ... These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space. http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html This calculation is based on Boltzmann's constant which is classical physics. Not sure if That is correct. A quantum computing attack on ECDSA is theoretically possible but not currently available. At the current time no true QC has sufficient qubits necessary to complete Shor's algorithm against a 256bit key. IIRC the largest true QC has 7 quibits (http://en.wikipedia.org/wiki/Nuclear_magnetic_resonance_quantum_computer) (see note below *). It was used in 2011 after years of development to factor the number 21. I can't find the cite now but I remember reading a research paper indicating an optimal construction of shor's algorithm to break a 256 bit ECC key would require >3000 qubits and that excludes the additional overhead to compensate for quantum noise. I think Gavin once said he would be worried once QC can break 64bit keys. At that point the Bitcoin community should be looking at post-quantum cryptography. http://en.wikipedia.org/wiki/Post-quantum_cryptography The Bitcoin protocol provides a defense against non brute force attacks on ECDSA (like QC and cryptographic flaws) in that the address is not the public key but a hash of the public key (see note below **). The public key remains an unknown until coins are spent. Shor's algorithm requires knowledge of the public key to find the private key. If one does not reuse addresses there is no known public key for the addresses holding funds. If you receive coins at an address you have previously spent from (address reuse) a quantum computer could (in theory) use the known public key to find the private key and transfer those coins (steal them). http://en.wikipedia.org/wiki/Discrete_logarithm#Algorithms http://en.wikipedia.org/wiki/Elliptic_curve_cryptography http://en.wikipedia.org/wiki/Shor%27s_algorithm * There is the DWave system which is 512 qubits and it has shown speed up relative to classical computers however it does not appear to work "as expected". The speedup was only a factor of 3,600 and while impressive it is far below what is possible using QC (in theory). A 3,600 speedup to breaking ECDSA for example is a non-event. It breaks the energy requirements down from 1 trillion supernovas to a mere 300 million supernovas. This isn't to say DWave is a "scam" it does show promise in certain applications namely complex modeling just that its improvement while impressive is much less one would expect from a true quantum computer. ** It is in aspects like this I am amazed how many things Satoshi got right on the first try. Maybe it was just luck (hash is smaller than the public key) but had the address been the actual public key (w/ version and checksum) Bitcoin would be far more vulnerable to QC attack. Title: Re: Is it possible to generate the same adress twice? Post by: nimda on June 14, 2013, 05:25:54 PM Possible but improbable. That can be kind of disconcerting to people but understand this same "issue" existing in all public key cryptography. For example I could just happen to create a private key that would allow me to impersonate your bank's SSL cert. I could just happen to create a PGP private key which unlocks someone else encrypted messages. https://en.wikipedia.org/wiki/Almost_surelyIt is possible but so improbable as to be considered essentially zero. Title: Re: Is it possible to generate the same adress twice? Post by: AliceWonder on June 14, 2013, 09:14:38 PM You can email the salt to yourself (and others) in plaintext. The point of the salt is to prevent an attacker for just doing an attack against all possible keys using a dictionary. If an attacker learns your salt then he can employ a dictionary or brute force attack against your private key however at that point you are no weaker than if you used no salt. You can also salt the salt - e.g. use the md5sum of the salt you keep in a text file. Then attacker who gets your salt has to know you do that. Title: Re: Is it possible to generate the same adress twice? Post by: cp1 on June 17, 2013, 06:35:20 PM Everyone it seems in agreement. Yes its possible but no, it's so unlikely there is no need to worry about it. OK but wouldn't it be fairly simple to have an automatic check within all the clients and a simple prompt .. 'this key pair already exits please try again' Getting Deja-vu on this topic but its nice to rehash once in a while. ;) It would be better if it said "Bingo! You've found someone else's address -- transferring all their funds now" Title: Re: Is it possible to generate the same adress twice? Post by: nimda on June 17, 2013, 06:50:02 PM Everyone it seems in agreement. Yes its possible but no, it's so unlikely there is no need to worry about it. OK but wouldn't it be fairly simple to have an automatic check within all the clients and a simple prompt .. 'this key pair already exits please try again' Getting Deja-vu on this topic but its nice to rehash once in a while. ;) It would be better if it said "Bingo! You've found someone else's address -- transferring all their funds now" Title: Re: Is it possible to generate the same adress twice? Post by: raze on June 18, 2013, 12:10:45 PM Just to give all a complete understanding on the scale of probability. Can anyone give an estimate as to how long it would take the ENTIRE network hashing simultaneously to crack one address with a big balance ? ??? Just about the time the Sun burns out, no? Well significantly longer. A perfect computer, that is one that operates at the thermodynamic limit in absolute zero, using all the available energy of our sun can't count to 2^256 in the next 4 billion years before our sun burns out. Yes we are talking far future science fiction, like using all the matter in our solar system to construct a star system sized super computer and the dyson sphere around the sun to power it. This is just counting 0, 1, 2, 3, .... 2^256. It isn't based on any current or future (Moore's law) computing power but the thermodynamic limit which is the efficiency limit of any cryptographic system. Per linked article below you would need to capture the entire output of a supernova to has sufficient energy to count to 2^216 so given a sufficient number of perfect computers and the ability to capture without any loss the energy output of a super nova if you found and used roughly 1 trillion super novas one could count through all possible values o to 2^256. I think Bruce Schneier says it best Quote ... These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space. http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html DISCLAIMER (as people have taken this out of context before): ECDSA like all public key cryptographic systems rely on certain mathematical properties to remain secure. ECDSA relies on the fact that finding a discrete logarithm of an elliptic curve element with respect to a publicly known base point is computationally infeasible. This is known as the discrete logarithm problem (http://en.wikipedia.org/wiki/Discrete_logarithm). A common misnomer is that ECDSA relies on factoring large numbers but that applies to other systems like RSA which are not used in Bitcoin. This principal has so far remained true and as such no faster than brute force attack exists at the current time. Likewise a brute force attack while possible is infeasible due to the energy requirements of a 256 bit keyspace. However like all public key cryptography, it is possible that ECDSA will eventually be compromised due to a flaw in its design or underlying principal allowing faster than brute force attacks. Depending on the severity of the compromise it *may* be possible in the future to find a private key from a public key in a reasonable amount of time/energy. The above cite is only based on brute force attack against a 256 bit private key like what would occur by computers randomly generating keys that happen to be one which is already in use. Of course if ECDSA becomes degraded the Bitcoin protocol could be extended to use new more secure address types and smart users would migrate their funds to more secure addresses. In the event of such a compromise (or quantum computing attack) Bitcoin provides a secondary layer of security by making the address a hash of the public key. The public key is not known until funds are spent. If one does not reuse addresses there is no known public key to attack against. Post of the day award goes to D&T. I'm also a fan of Schneier's work. Title: Re: Is it possible to generate the same adress twice? Post by: threeip on June 18, 2013, 07:01:18 PM Getting Deja-vu on this topic "Due to the incredibly small chance of this happening naturally, this event probably represents a fundamental flaw in the way Bitcoin addresses are generated. Sell all your coins and warn your close friends, then notify Gavin Andresen."Then you get Deja-vu again. Then you know something has been changed.. in the Matrix. Title: Re: Is it possible to generate the same adress twice? Post by: lunarboy on June 18, 2013, 09:09:54 PM Getting Deja-vu on this topic "Due to the incredibly small chance of this happening naturally, this event probably represents a fundamental flaw in the way Bitcoin addresses are generated. Sell all your coins and warn your close friends, then notify Gavin Andresen."Then you get Deja-vu again. Then you know something has been changed.. in the Matrix. Pop-up Black cat walks across the screen. Title: Re: Is it possible to generate the same adress twice? Post by: AU on October 01, 2013, 10:02:25 AM No just no
Title: Re: Is it possible to generate the same adress twice? Post by: DeathAndTaxes on October 01, 2013, 04:06:18 PM No just no Yes just yes. The question was possible. Yes it is very much possible. It is however highly improbable. The probability of such an event is so low that one should spend time worrying about more likely events such as getting struck by lightning in a desert, or getting eaten by a shark in a sushi restaurant, or winning the lottery the day an extinction level event asteroid strikes the earth. Title: Re: Is it possible to generate the same adress twice? Post by: hayek on October 01, 2013, 06:17:41 PM If you took the entire known universe and broke it up in to even sized parts and the total number of parts was equal to the total possible addresses each "part" in the universe would consist of ~900 atoms.
I believe this is "effective" infinity as we are bound by scarcity. Not in a scarcity of addresses sense but a scarcity of time and resources available in the entire universe. If you're children's children's children's children's children's were to generate as many addresses as they possibly could in their lifetimes they would not duplicate an address. Another good one is: If every grain of sand on the entire Earth represented another Earth with an equal number of grains of sand it would not come close to the total number of addresses. In fact, that number would be close to 4^41. So 42 digits. Bitcoin Addresses are 256 digits Title: Re: Is it possible to generate the same adress twice? Post by: DannyHamilton on October 01, 2013, 06:34:24 PM In fact, that number would be close to 4^41. So 42 digits. I know, I'm pointing out facts that aren't really all that relevant to the discussion at hand, but: 441 is approximately equal to 4.8357033 X 1024 So that's 24 digits in base 10 (or 41 digits in base 4?) Bitcoin Addresses are 256 digits Again, I don't want to take away from your point (which seems to be something along the lines that the number of possible bitcoin addresses is so large that most humans have a difficult time comprehending just what that means). However to be technically accurate... Bitcoin addresses are 160 bits, which is approximately equal to 1.4615016 X 1048 That's 48 digits in base 10, 160 digits in binary, or about 30 digits in Base58. Title: Re: Is it possible to generate the same adress twice? Post by: hayek on October 01, 2013, 06:36:22 PM Danny I'm always learning from you.
Yeah I screwed up my conversion. Perhaps too much caffeine today. Title: Re: Is it possible to generate the same adress twice? Post by: DannyHamilton on October 01, 2013, 06:38:58 PM Danny I'm always learning from you. Yeah I screwed up my conversion. Perhaps too much caffeine today. No worries. We're all susceptible to math errors. I just made one yesterday that cost me about $20. Title: Re: Is it possible to generate the same adress twice? Post by: pand70 on October 01, 2013, 06:43:20 PM I would be funny if someone was taking the time to pair the possibility of a collision with facts like "winning a lottery 100 times in a row".
Not just saying something flashy but actually calculating the possibilities of both events. Title: Re: Is it possible to generate the same adress twice? Post by: DannyHamilton on October 01, 2013, 07:05:14 PM I would be funny if someone was taking the time to pair the possibility of a collision with facts like "winning a lottery 100 times in a row". Not just saying something flashy but actually calculating the possibilities of both events. It's been done. People just get tired of quoting the same stuff a few thousand times. Yes, this same question gets asked again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, etc. Here: Ok, new data, will recalc everything:
is my math roughly correct now? If so, I can say: "Finding a collision is about as likely as being struck by lightning while taking a crap every year for 17 years in a row". Or if you prefer: One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.) Given that k = 1.38×10-16 erg/°Kelvin, and that the ambient temperature of the universe is 3.2°Kelvin, an ideal computer running at 3.2°K would consume 4.4×10-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump. Now, the annual energy output of our sun is about 1.21×1041 ergs. This is enough to power about 2.7×1056 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter. But that's just one star, and a measly one at that. A typical supernova releases something like 1051 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states. These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space. Title: Re: Is it possible to generate the same adress twice? Post by: edd on October 01, 2013, 07:52:55 PM I would be funny if someone was taking the time to pair the possibility of a collision with facts like "winning a lottery 100 times in a row". Not just saying something flashy but actually calculating the possibilities of both events. It's been done. People just get tired of quoting the same stuff a few thousand times. Yes, this same question gets asked again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, etc. Here: Ok, new data, will recalc everything:
is my math roughly correct now? If so, I can say: "Finding a collision is about as likely as being struck by lightning while taking a crap every year for 17 years in a row". Or if you prefer: One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.) Given that k = 1.38×10-16 erg/°Kelvin, and that the ambient temperature of the universe is 3.2°Kelvin, an ideal computer running at 3.2°K would consume 4.4×10-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump. Now, the annual energy output of our sun is about 1.21×1041 ergs. This is enough to power about 2.7×1056 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter. But that's just one star, and a measly one at that. A typical supernova releases something like 1051 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states. These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space. Both very good ones. I wonder if there's a market for a calender with daily "generating the same Bitcoin address twice is as likely as ______" ... Title: Re: Is it possible to generate the same adress twice? Post by: jackjack on October 01, 2013, 08:03:15 PM OK but wouldn't it be fairly simple to have an automatic check within all the clients and a simple prompt .. Yeah, let's implement an automatic check within all the smartphones that checks whether the entire phone just turned into antimatter, too'this key pair already exits please try again' Title: Re: Is it possible to generate the same adress twice? Post by: cp1 on October 01, 2013, 08:15:34 PM Wallets do check if the address is in use. They check if any of your addresses are in use, that's what a wallet client does.
Title: Re: Is it possible to generate the same adress twice? Post by: pand70 on October 01, 2013, 11:19:22 PM Both very good ones. I wonder if there's a market for a calender with daily "generating the same Bitcoin address twice is as likely as ______" ... I was thinking more of a thread dedicated to strange facts like the above two. But a calendar is also nice lol |