|
Title: probability of cross privkey for holders Post by: Potent on December 01, 2017, 10:18:36 AM If 10 billions people use bitcoin and everyone makes 1000 addresses, how much is probability of cross privkey between them?
I am uncomfortable for holding bitcoin because of this for long time. Title: Re: probability of cross privkey for holders Post by: ranochigo on December 01, 2017, 10:45:06 AM There are 2^160 (1.46x10^48) addresses that can possibly exist. That's an INCREDIBLY HUGE number. Just for reference, there are more addresses that can be made than the number of grains in the world. Also, you are more likely to be striked by a lightning while sitting on a toilet bowl for 17 years in a row before a collision can be made. In that scenario that you've described, you have generated 1x10^13 addresses. That's way too far off.
Well, obviously, there are 2^256 private keys that can exist but even after factoring that, the above is what is true. Title: Re: probability of cross privkey for holders Post by: Test User on December 01, 2017, 09:45:27 PM If 10 billions people use bitcoin and everyone makes 1000 addresses, how much is probability of cross privkey between them? The probability of colliding addresses is very low.I am uncomfortable for holding bitcoin because of this for long time. For 10 billion people with 1000 addresses each, the probability of 2 addresses colliding is less than 0.000000000000000000001% Title: Re: probability of cross privkey for holders Post by: haltingprobability on December 02, 2017, 05:12:12 AM If 10 billions people use bitcoin and everyone makes 1000 addresses, how much is probability of cross privkey between them? I am uncomfortable for holding bitcoin because of this for long time. Let's start with the binomial distribution (https://en.wikipedia.org/wiki/Binomial_distribution): Given a private key K, the event of interest is independently generating a matching private key, K'=K. So, we're just looking for the probability of any given private key. According to this source (https://en.bitcoin.it/wiki/Private_key), the following range are valid private keys: "any 256-bit number from 0x1 to 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4140" Rounding the upper bound down to 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE 0000 0000 0000 0000 0000 0000 0000 0000 gives the following decimal number: U = 2256-1 - 2129-1 (U for "Upper Bound") Simplifying exponents, changing the base to 10 and rounding: U ~= 1076-1039 = 1038(1038-10) This bound is quite approximate but it will work for back-of-the-envelope calculations. And since we're approximating anyway, we ignore the lower bound of 1, because it is negligible. Our range has size 1038(1038-10) and every private key is equally probable. Thus, the probability of any given private key K' is p(K') = 1/(1038(1038-10)). Since we can represent the key-collision as a binomial experiment, to find the average number of collisions after n experiments, we just multiply n x p(K'). Let's find the average number of attempts we have to make at finding a key collision in order to have the same odds of success as winning the Powerball (1 in 175,000,000): 175 x 10-6 = n x 1/(1038 x (1038-10)) n = 175 x 10-6 x (1038 x (1038-10)) n = 175 x 1032 x (1038-10) = 175 x (1070 - 1033) ~= 1072-1035 To avoid bignums, we reduce the largest exponent by one and throw away the error term: n = 1071 This number has no standardized name (https://en.wikipedia.org/wiki/Orders_of_magnitude_(numbers)) - using standardized names it's about 100 septillion septillion sextillion. So, after making 100 septillion septillion sextillion attempts, the probability that you will find a private key collision is about the same probability as winning the Powerball. Note that the key fingerprint collision is not nearly as hard, I think we just have to divide the number of attempts by 296 ~= 1029, so you'd only have to make about 1042 attempts, or a trillion nonillion attempts. Not bad odds when you think about it. I think I'll get to work on this right now. (Apologies to the math professors... this is the kind of chainsaw arithmetic we use in engineering.) Title: Re: probability of cross privkey for holders Post by: Xynerise on December 02, 2017, 02:39:48 PM In order to spend money sent to a Bitcoin address, you just need to find a ECDSA public key that hashes to the same 160-bit value. That will take, on average, 2^160 key generations.
Supposing you could generate a billion (2^30) per second, you need 2^130 seconds. Doing this in parallel using a billion machines requires only 2^100 seconds. Getting a billion of your richest friends to join you gets it down to only 2^70 seconds. There are about 2^25 seconds per year, so you need 2^45 years. The age of the Universe is about 2^34 years so far — better get cracking! https://bitcoin.stackexchange.com/questions/22/is-it-possible-to-brute-force-bitcoin-address-creation-in-order-to-steal-money Title: Re: probability of cross privkey for holders Post by: Potent on December 03, 2017, 01:28:30 PM Great answers guys. I am a bitcoin holder with high confident now
|