Bitcoin Forum

hey,
I wonder, even if the probability so small is, if someone else get the same private key as me could he/she spend my Bitcoins and viceversa? would we have the same Bitcoin Adress?

Simple answer: Yes.

Advanced answer: The possibility is so small that we should not even discuss it. It's like finding a random number between 1 and 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129 that has already been chosen from another person.

It's more possible to win 10 jack pots on a row than finding the same private key with someone else.

Except if you choose a number that is not random. Like 5, because you can. Then some developers may steal your bitcoins because there are people who do that kind of researches.

Although everything is possible. The problem is that it's very unlikely to happen.

@BlackHatCoiner
thank you

Indeed. But chances are not that high and one out of million times. But there are cases of stolen funds by guessing.

Check out these articles:
[1]Guess My Bitcoin Private Key (https://medium.com/breathe-publication/a-dance-with-infinity-980bd8e9a781)
[2]A 'Blockchain Bandit' Is Guessing Private Keys and Scoring Millions (https://www.wired.com/story/blockchain-bandit-ethereum-weak-private-keys)

Private keys are generated uniquely, there is no way that there are 2 identical/ same pattern private keys. Same as the question " Is it possible to guess someone's private key?, the answer is nearly impossible because private keys are set of codes paired to public key which is used for encryption and decryption, for cryptography the common size of the private key is 256 bit, if someone wants to guess it he needs to perfectly guess each of it, it's like winning a toss coin for 256 times or more!

Yeah that. Think the coin, OP.
If we toss it once then you have 1:1 possibilities. H or T.
If we toss it 2 times then you have 1:4. HH, TT, TH, HT
3 times even bigger.

It becomes HHH, TTT, HHT, TTH, HTH, THT, THH, HTT.

Imagine tossing it for 256 times

The private key is really important. These are things that are must not be shared. But then there are also times that it may be guessed.
Bitcoin transactions are traceable, public, and stored permanently in networks of bitcoin. If you have an account anyone may see your transactions and can see your balance. If one address are used, in every transaction it can be involved with. I think the answers are yes just like what the other says but the private key is just so many letters and numbers so we could assume that there is only a very small chance it having the same private, maybe a small percentage of users only could have the same private key but it would never happened in the same wallet or platform I assumed.

You are right,it is possible to have the same private key but it is possible to have only one number or letter different from other private like what happened to my own private key which i think i lost because i can't open my wallet using it but when i tried what Myetherwallet team told me to do,i recovered my own private key and open my wallet again and i found out that there is another wallet with private key almost the same with mine,only one number is different. But if you want to guess someones private key,it is difficult because every private key has a ramdom number with letters.

Of course it is. Which means if you have one unknown variable then it will be much easier to crack/brute force it. However, finding/guessing private key of a given address is another story.

Sounds interesting. Some times even mad things in terms of probability really could happen, it would be interesting for researchers.

Indeed. It is impossible for someone to have the same private keys because it is generated uniquely. It is really possible for you to have the almost same letter and numbers in your private with another wallet that only one letter and number is different, yet it is still a unique private key because you are the only one who has that private key.

Cleared answer is yes, if he got your wallet and your private key then he can use all of your bitcoins. But if you mean that he can generate the same wallet and the same key in your own wallet then that is impossible to happen because bitcoin or any blockchain wallets are generated together as one. What i mean is they are encrypt and decrypt each other, means you can’t generate the same public key wallet without generating the same private key.

That number is not right. You've taken 2²⁵⁶, but missed out the last 6 digits of 639,935, giving a number that is closer to 2²³⁶ rather than 2²⁵⁶.

However, 2²⁵⁶ isn't correct either. Because of the secp256k1 curve that bitcoin uses, the upper limit to the number of private keys is slightly less than 2²⁵⁶. In decimal, the number is:


However, that number isn't actually correct either. Although there are just less than 2²⁵⁶ private keys, there are "only" 2¹⁶⁰ addresses, meaning on average there are around 2⁹⁶ private keys for each address.

I didn't get the first part. Why is it closer to 2²³⁶ rather than 2²⁵⁶?

You say that there are "only" 2¹⁶⁰ addresses. Why their private keys aren't 2¹⁶⁰ too?

Guide me.

Because you wrote the wrong number, and missed out the last 6 digits. 2²⁵⁶ is equivalent to 1.158*10⁷⁷. The number you wrote is 1.158*10⁷¹.

Private keys are limited by the order of the secp256k1 elliptical curve used in bitcoin. The order n is as follows:

Private keys can range from 0 to n-1. In hex, n-1 is:

In decimal, it is:

This number is so close to 2²⁵⁶ that we often just say there are 2²⁵⁶ private keys for ease of communication. The difference between this number and 2²⁵⁶ is tiny.

Addresses, on the other hand, are limited by the RIPEMD160 hash function. To turn a public key in to an address, it is first hashed using SHA256 and then use RIPEMD160. The result of this will be a number which is 160 bits long, meaning the upper limit is 2¹⁶⁰ unique addresses. (Assuming of course we are talking about 1 type of address. There are 2¹⁶⁰ P2PKH "1" addresses, 2¹⁶⁰ P2SH "3" addresses, and 2¹⁶⁰ P2WPKH "bc1" addresses.)

So yes, there are many more private keys than there are addresses, meaning multiple private keys can lead to the same address.

I have another related question.
When I generate a new address/privkey through a custodian/non-custodian wallet even on the exchange, is it possible to get someone else's address or will it be skipped?
if at least 1% of the total privkey was generated, it's not impossible that one day someone will get someone else's privkey.
And I think this is more possible for people who want vanity addresses.

Theoretically it is possible, but in reality it will never happen. There is certainly no mechanism or database that wallets or exchanges use to check if an address has already been used when generating new private keys.

The reason it will never happen is simply down to math. The numbers we are dealing with here are unimaginably large. For example, if every human on the planet each generated 1 million new addresses every second, and had been doing so since the birth if the universe 13.7 billion years ago, we would only have generated approximately 0.0000000000002% of all possible addresses.

That's not going to happen considering the probability and I'm sure if the limit for the private keys has been reach, no new users will allowed to create a wallet. We have so much words to use in private keys, and I'm confident that those system can generate that much. Though we might think about the system error and if you think someone is also using the same private keys with you better to inform the developer and create a new wallet right away, this can be a very rare situation.

Thanks for these numbers. I see a lot of "get rich fast" posts/questions from new members to this forum lately in which they think it is possible to find private keys to well funded addresses by bruteforcing. I think most of these questions arise when people just don't have a grasp about the near infinite candidates. So I'm probably gonna use your number example as reply in the future to point out there's a difference between "theoretical possible" and "practictal feasible".

Learned a lot here.
Thanks to those who answered the question from the OP.

I didn't even think about it since there is a very low chance for it to happen or we could even say "none".
But, it is still better to find an explanation for it.  ;D
The math though is getting me dizzy especially the answers from o_e_l_e_o.

This helps a lot honestly since we should be more aware of a situation like this, though I never heard this kind of problem so maybe this wont exist at all. The developer creates a huge number of combination words to ensure its uniqueness but of course if the wallet comes from suspicious site, then this kind of problem might exist so they can scam the users, its hard to say it.

Even if you happen to be the VERY lucky one to get a "well funded" address through private key generating or bruteforcing, stealing not the morally best thing you can do - if someone found yours, you wouldn't like all your funds to be scrapped off your accounts either, would you..

It's an interesting research but at the end of the day, finding a used private key does not make it yours. You only get control of it, but that doesn't mean you can claim the money because that's literally theft.

That's not how it works. There is no way to monitor or record which private keys have been generated, and so there is no mechanism to stop producing keys or prevent the production of duplicate keys. Even if every possible private key had been generated by someone somewhere (which will never happen), then wallets would continue to generate more.

Here (https://bitcointalk.org/index.php?topic=5147514.msg51228560#msg51228560) is an older post of mine which gives a staggering way of thinking about just how large the numbers we are dealing with are.

And what about mnemonic phrases. They have limited it all on a bunch of mnemonic phrases that are dictionary words.
And another question, are the address created after the mnemonic phrase or is their some association. Would entering same mnemonic phrase on different devices at once create two sets of different private keys?

In terms of numbers, a 24 word seed phrase is the same as a private key - they encode 2²⁵⁶ bits of information.

The same seed phrase will always lead to the same set of private keys and therefore the same addresses, regardless of the device or wallet used. This is the whole point of using them as a back up - they will always restore access to your coins.

Yes they can spend all of your funds on that address if your using a seed phrase to generate your address and someone from the other side of the world coincidentally make the same seed phrase but the chance of it are so slim, generating an address from  BTC client without using any seed phrase will not make any duplicates.

Yes,but not totally the same. It is just a very little percentage to have the same private key because it was generated uniquely. You can't guess it. You'll just have a headache,it's better to bet on lottery than to guess a private key.
 That's why you need to take care your private key and never try to share it to others so that they don't have access to your wallet and spend all your funds.

What is the probability that someone else will predict 12 random words generated by a random generator? It is possible but very minimal.
If you are so lucky, then why not try this method in bank accounts and penetrate an account with millions of dollars and send it to your bank account?
Or participate in one of the games based on expectations and win thousands of dollars.
Guessing is difficult.

The whole security system for bitcoin is not that it is impossible (which would be good) but that it is vvvveeerrryyy unlikely.  Not impossible. 

It is impossible to have a security system which is impossible to hack, and as far as security systems go, bitcoin's is pretty darn good.

Given that most 2FA codes are 6 digits long, there is a 1 in 10⁶ chance of someone guessing your 2FA code.
Assuming an average house lock as 8 tumblers, and each tumbler can adopt one of 10 positions, then there is a 1 in 10⁸ chance that someone will be able to guess your exact house key shape and unlock your door.
Given a standard credit card has a 15 or 16 digit number on it, there is at most a 1 in 10¹⁶ chance that someone will be able to guess your credit card number.
If you use a password manager to generate a long and totally random 16 character password, drawing from the full ASCII 95 character set of upper and lowercase letters, numbers, and symbols, (e.g. CY\u4"=t{rV%;N9S), there is a 1 in 4.4*10³¹ chance of someone guessing it.
The chance of someone guessing your private key is 1 in 1.158*10⁷⁷.

The chance of someone correctly guessing your password, your 2FA code, your credit card number, and the key to your house simultaneously is 4.4*10⁶¹, which is still around 2 thousand trillion times more likely than them guessing your private key.

I'm more into tech than math so once again thanks for these numbers! Pointing things out like this gives a measurement to "yeah, it's possible but not likely".

You have public key, you can try and find the private key for it.  You have a (valid) private key, you can try and find other public keys for it.  As you say the odds are slim, but they are still odds.  Apart from time, CPU power and storage, there is nothing stopping you from generating a list of all the pairs in existence. 

Knowing a public key reveals zero information about the associated private key, and does not make brute forcing it any easier. You still have to check 2²⁵⁶ keys.

If you have a valid private key, then you can find exactly 1 associated public key. I'm not sure what you mean by "find other public keys" - there are none to find.

Apart from time, in that the sun will die before you get even a tiny fraction of the way through, and CPU power and storage, in that even just listing every private key (never mind calculating and storing the public keys or addresses) would take up approximately 1 billion trillion trillion trillion trillion (10⁵⁷) times more storage than there is in the entire world. For reference, the difference between the current global storage and that needed to store all the private keys (10⁵⁷), is larger than the difference between a single atom and all the atoms in the entire world (10⁵⁰).

Wow, are they so many different combinations really? My head cannot fully understand this "hugeness"...

Yes. Since there are 2²⁵⁶ private keys, and each private key is 32 bytes, then that works out as 3.7*10⁷⁸ bytes, which is equivalent to 3.7*10⁵⁷ zettabytes (a zettabyte is a billion terabytes). Current estimates put global storage at around 2 zettabytes.

Humans cannot comprehend these kind of numbers. It is easier to just think of brute forcing a private key as impossible, because it is.

Well yes, if we look retrospectively then improbable things happen all the time. The difference is predicting which improbable thing is going to happen before it happens. Someone wins the lottery every week. Predicting which person that will be in advance is incredibly unlikely. The next private key I generate will be some combination of letters of numbers. Predicting that combination in advance is impossible.

If you are going to look retrospectively, then the chances of any event happening is so small as to be miraculous.

No, it is impossible. When generating keys, several levels of encryption and decryption are used. As well as guessing the key, the probability is almost zero.

Thank you very much for the information. These articles are really very informative and answered me many of my questions, especially regarding the security of an ethereum wallet and the ability to have an individual personal key to access the wallet.

I suppose when you think about it, the chances of someone randomly guessing your email and bank password are much higher than getting access to your BTC.  Email 30 characters max and passwords 6 to 16. That is a lot less combinations to try. ;)

Until now I have never encountered an event that has the same private key between one and another, in other words almost
impossible to happen. Let's just say that someone who has the same private key as I have, means that i can access his wallet
and vice versa. After all, if there is anyone who has the same private key, it is impossible for each other to know. Because
everyone keep a private key in a safe place, which is impossible for others to know.

Yes, but if you make a transaction, the other guy will notice it.

If anyone found precisely the same private key as yours, he would never deposit any bitcoins on the corresponding public address, thus he would never tend to keep it safe. The first thing he would do is withdraw existing balance to another address, over which he would have full control. So, if you still scared of someone finding your private key, use hierarchical deterministic wallets (HD-wallets) in which you will only have to keep a seed phrase that is used to derive private key/public key/address for each payment.

except the bank will lock your online access after a set number of failed logins, typically three.

the only limit to how many guesses you can try for bitcoin private key is your computational power.

HD wallets are not any significantly more secure as compared to the non HD wallet.

While it is true that a HD wallet allows you to have a higher entropy as compared to just bruteforcing addresses, the Bitcoin public key that is generated (ECDSA) already gives 128bits of entropy. That, by itself is sufficient enough. BIP32 allows you to go above and beyond that level but it is just redundant. It would be exponentially harder to bruteforce seeds with higher security but it doesn't offer a significant advantage over any keys that has >128bits of entropy.

To clarify, I am still considering private key nearly impossible to bruteforce even if public key is known. Essentially, HD-wallets is simply more convenient way to "spread" coins across several addresses and also users don't have to back up each key. If someone finds one of your private keys (still impossible, but), he won't be able to steal an entire balance of HD-wallet.

yeah but also there are other ways of getting into your bank account that may not even involve using a login. after all your bank account is just an entry in a centralized database that can easily be hacked.
your bitcoin key still remains the same impossible to break key.

True, but let's put some math to that for any newbies reading this who might be worried.

Let's say my online bank password is truly random and drawn from the full 95 character ASCII set. Something along the lines of c"AQ+K78[={2W+9t, for example. (In reality, this is significantly more secure than the VAST majority of passwords which are being used, but we will error on the side of caution.) If someone has 3 attempts, then the probability of them guessing my password is 3 out of 95¹⁶, which is a probability of 6.8*10^-32. Given that there are 2²⁵⁶ private keys, for someone to have the same probability of finding my private key, they would have to check 7.9*10⁴⁵ private keys. Even checking a trillion trillion keys every second, it would still take 250 trillion years for them to do so. I'm happy to take those chances. :P

Also worth pointing out that the chance of someone guessing your credit card PIN or even your long credit card number is astronomically more likely than either of the above scenarios.

It's always worth noting the caveat to this - if you have revealed your extended public key (as you might do when setting up a watch only wallet), then the additional knowledge of the private key of one single address in that wallet would allow an attacker to calculate all the private keys in that wallet.

yup. good reminer. didnt know that way back when i set some some watch only wallets.. soon as i realized that i moved everything off to a new wallet.

This is a very good topic in my opinion, it would never thought to me if there really is a person who has the same private key as me.
This is a scary thing, that person can have full control over my wallets. Hopefully nothing happens to me. Occasionally someone's wallets
are hacked even though they already use maximum security, possibly that hacker having the same private key.

Even slight chances having the same private key still it will give doubt to the users. Who knows that out of luck your holdings will be shared to the same wallet private key. This is somehow what we call a really2x bad luck out of the so many private keys you two had made the same. LOL, anyway as it was mention from other usera that it is bwing close to impossible. Well just hope that the system will not going to make any duplications regarding with private keys so as to protect holdings and should not be to become the most unfortunate btc user.

Which algorithm are you talking about? Addresses are not generated on blockchain. There is no algorithm that checks if a private key is already into use. There is no record of any private key on blockchain.

Also, one private key doesn't mean one wallet. One private key means one bitcoin address. The example you gave in which Bitcoin Address changes after each transaction is HD wallet which is generated using seed which is derived from mnemonic code and passphrase. I don't know why I am explaining at all, your bitcoin knowledge is horrendously wrong.

Big numbers don't make people understand. Sentences like this do. Its easier to imagine things with it.
Its possible but so unlikely that impossible in reality.
You can also easy secure yourself, second address you own is risk with this slashed by half.

I have a similar question to OP: can (not asking if likely or not, just asking if possible) collision occure in BIP39 Mnemonic?

For example, can a 12-word mnemonic produce the same wallet/pk/etc than, lets say, a 36-word mnemonic phrase?

The difference is that you can't guess 1 billion different credit cards in a second. There are blockers. They won't let you. In the private key, on the other hand, do your best!

Of course, I don't say, guessing the privkey is much harder that all of the things you've said, but you don't have the same opportunities.

It's not possible for anyone to get your private because it is some sort of random generated alphabets which only you have authorized access to unless you gave it out or your wallet got compromised through hack and security breach or by submitting your private keys to fake and phishing sites.

Seed phrases are generally 12 or 24 words long, sometimes 15, 18, or 21, but pretty much never 36.

Given that each seed phrase can derive trillions upon trillions of addresses, then the same address will show up under two different seed phrases at different derivation paths. It is also possible that two different seed phrases (potentially with different specific passphrases), would generate the same 512 bit seed number and therefore identical wallets, but the chances of a collision in a 512 bit space is astronomically smaller than the already astronomically small chance of a collision in a 256 bit space.

So yes, it can theoretically happen, but no, it will never actually happen.

This is really some deep stuff. I used to get bothered the same way noorman0 was and would always crosscheck to see if my transactions actually landed in my account on exchanges. Even on this forum when new entrants are asked to pay a fine for "IP cleansing", I used to wonder how that particular generated address is specific to that account. Now I know. Thanks buddy for your explanation.

It is very interesting area I still hardly understand. Let me summarize. In order to derive master private key (m), we use root seed phrase as an input in HMAC-SHA512 function. But. Since the output of the function is 512 bits number, it is worth to note that left part of that number is our master private key and right part is our master chain code (c). Master chain code is further used as entropy in the HMAC-SHA512 function to calculate child key. Extended private key is a 512 bit number, in other words this is a direct result of initial calculation - private key + chain code. Extended public key is a master public key + master chain code. If I get it right, since extended public key contains master chain code, this code plus leaked child private key can be used to calculate both child private keys and parent private key. And what about hardened derivation when parent private key is used to calculate child chain code? Then it supposed to be safe to use xpub derived from hardened parent key...

Not quite. "Root seed phrase" isn't really a term that is used. "Root seed" is a 512 bit number, while "seed phrase" is your 12 or 24 words.

Your seed phrase (plus optional passphrase) are the input parameters for 2048 rounds of HMAC-SHA512 to produce your 512 bit "root seed" number. Your root seed then undergoes a further HMAC-SHA512, where the left 256 bits become your master private key and the right 256 bits become your master chain code.

This is generally correct, but be careful mixing up the terms "master" and "extended". Master keys and master chain codes refer specifically to the top level of the derivation path - the "m" in m/44'/0'/0'/0/0, for example. Extended keys refer to the key (public or private) concatenated with the chain code for that specific level, and can occur at any level in the derivation path. For example, the extended keys for a standard wallet are at derivation path m/44'/0'/0'. These let you generate addresses for that particular account, but don't let you swap to other accounts as you could do with master keys.

Extended public keys contain the parent chain code, not necessarily the master chain code, as I explained above. But yes, this is correct.

A child private key is calculated by hashing the parent public key, the parent chain code, and the index, and then adding all of that to the parent private key. If an attacker knows a child private key, as well as the extended public key (which includes parent public key and parent chain code), then the only unknown left in the equation is the parent private key, which can easily be calculated by subtracting the hash we just described from the child private key.

Correct. When using hardened derivation, the parent public key is not used at all in the child key derivation, and so wallets cannot be compromised in the way we've just discussed.

I came through Mastering Bitcoin several times, but it is still unclear to me. How exactly does "adding to parent private key" part work? What do we actually add? The result of these addings is supposed to be a child private key corresponding to child public key, right? How is it possible to calculate parent private key from child private key, given that hashing function is one-way function? What if a child private key that was leaked is deep enough from master keys "layer", it is still possible to calculate all the parent keys back to the master key root branch? What equation are you referring to?

Let:

k = private key
K = public key
c = chain code
i = index
n = order of the secp256k1 curve

The steps for calculating an unhardened child key are therefore:

Calculate HMAC-SHA512(K_parent, c_parent, i)
Take the left 256 bytes of the result, and add to k_parent (modulo n)

The result of this calculation is indeed a child private key. You can then turn that child private key in to a child public key in the normal way, via elliptic curve multiplication.

If you only know the child private key, then it isn't. However, if you know the child private key and the parent extended public key, which includes the parent public key (K_parent) and the parent chain code (c_parent), then you can.

If we simplify the equation above to:

Child private key = Parent private key + Hash

In this scenario, an attacker knows a child private key, and can calculate the hash from the parent extended public key. The only thing he doesn't know is the parent private key. So he rearranges the equation to:

Parent private key = Child private key - Hash

No. Even if you had leaked your extended public key from every individual level, the hardened levels would stop an attacker progressing all the way to the master keys.

That would not be possible since every Private key made is unique and having the same private key would be a breach in security. The blocks where they are stored are also different and since there are a lot of wallets being made daily, there have been no issue regarding the same private key. Blockchain Technology boasts its security regarding these kinds of matter and that is why the same private key won't be produced.

Private key is a random binary number, which is used to spend your bitcoins corresponding to that private key. Imagine your bitcoins stored in safe deposit box and in order to open it you have to use your own key. That key is your private key, binary number. That number is not stored inside blockchain, it is stored inside your encrypted wallet, protected by password. In order to send bitcoins somewhere, you have to sign a transaction with your own key. You literally open your deposit box and hand over coins to another deposit box, which could be owned by you or another person. In order to achieve maximum security and privacy, you never reuse your old deposit box. The technology used to generate your safe deposit box key is so unique that it is nearly impossible to create identical keys, so you can be sure that you are the only one who controls your own deposit box.

most likely impossible, as you explain
but it can happen if there are bugs and this possibility is very small
privatekey works like a username where there is very little chance of the same username on a website unless there is a bug

no, it doesnt

a forum or website checks a new username against its database to see if its used. if it is, you are promoted to choose a different one. a private key is just a random number. what generates that private key (a program, dice, cards, coin flips, radioactive decay, whatever) doesnt check to see if its used. its just astronomically high that you generate a private key thats "used" already.

Sorry for hijacking a bit, I know the Public key is associated with the private key so wherever I use the private key, I get the same public key.
Is there a specific way of defining the Public key from a private key?
As private key are longer (51-52) and public keys shorter, is there any chances that a different set of private key be associated with same public key.
Furthermore, if there's an association between public and private key, would it make easier to guess the private keys from the public key?

Absolutely. It's called elliptic curve multiplication. In short, you multiply the private key by the generator point of the secp256k1 curve. The generator point is a fixed value, and is the same for every person and every key, so the same private key multiplied by the generator point will always result in the same public key.

Private keys are only 51-52 characters when they have been converted to Wallet Import Format (WIF). A raw private key is 64 characters of hexadecimal.

In total there are a little under 2²⁵⁶ possible private keys, a little under 2²⁵⁶ possible public keys, and exactly 2¹⁶⁰ possible addresses. Therefore, no two private keys will lead to the same public key, but multiple public keys (and therefore private keys) can lead to the same address.

Guessing the private key from knowledge of only the public key is impossible.

You normally never see or deal with private keys or public keys while using your HD-wallet. Bitcoin address is not the same thing as public key. In essense, bitcoin address is a result of double hash of your public key. In case an attacker knows your bitcoin address, he first needs to bruteforce your public key and only then he can start bruteforcing your private key. It is kind of double defense system, however it is hard to unhash hashes and infeasible to "calculate" elliptic curve multiplication back.

Yes, if someone like you gets the same private key then that person will have complete control over your wallet. But in reality it is impossible to generate the same private key and the same bitcoin address. Take care of your personal key and never try to share it with others so that you do not have access to your wallet. Otherwise the fraudster will spend all your funds.

https://keys.lol/
Try your luck if you don't understand what 2²⁵⁶ means.

Then read this
https://www.reddit.com/r/Bitcoin/comments/1ohwvu/bitcoin_your_money_is_secured_by_the_laws_of_the/ccs5g52/
and this
https://www.reddit.com/r/theydidthemath/comments/1x50xl/time_and_energy_required_to_bruteforce_a_aes256/

I wouldn't worry about someone generating the same key

I don't know and have never experienced that, because in my opinion it is impossible based on this key type the same as the encryption model that the blockchain has with sha256. But based on what some users say "possible", is there any concrete information about the private key model of the wallet? Especially if we see that the combination of numbers, lowercase and uppercase can make more than a million results.

 ?yes but what for how do you suppose to use it

Importantly, an address also includes a checksum.

Knowing an address provides exactly zero help when it comes to bruteforcing a public key, and knowing a public key provides exactly zero help when it comes to bruteforcing a private key. An attacker would still have to exhaust half the search space, on average.

It is not hard to reverse a hash function - it is impossible.

A hash function is not encryption.

Bitcoin private keys cannot be the same from one person to another because Satoshi Nakamotor has designed the best possible private key generation, because the random private key generation for words from 1 to 9 and from a to z cannot be the same, so everyone will have one private key each

It is true that the private key cannot be the same, the creators of bitcoin do not play in maintaining security, of course with the expensive price of bitcoin the security key is tightly secured, randomized from the numbers 1 to 9 and from the letters A to Z there is definitely nothing the same.

Thank you for the corrections, but I personally prefer avoid strong adjectives when it comes to questions about odds, sometimes I fail and use "infeasible" insted of "extremelly unlikely" and "almost impossible". If it can happen, it will happen, this is how I see it. It may be that knowing bitcoin address provides zero help, but at least it gives some information to an attacker: existence of UTXO and amount of bitcoin. Address is now active and therefore more interesting than empty, inactive ones. Still, with the current computation power, it is impossible to crack specific address. But what if an attacker is not interested in specific address, but in all addresses with balance. I have heard of so-called "bitcoin collider" pools where they create a list of known bitcoin addresses with funds and then searching for collisions. What they do is simply a calculating of bitcoin addresses: private key -> public key -> address and comparing them with the list of known addresses. It looks like stupid waste of energy, but sooner or later they may find something.

did not know that this is even possible, but of course is it, and in the end after enough time, one could find some collision, it is not likely event, but i agree, if it is possible, it will eventually happen
just probability that is stuck to zero, it is impossible, when it is not zero, than some number, no matter how small, it leads to something happen after enough time

Without getting too much off topic here, this logic is incorrect.

Given that entropy is always increasing towards the eventual heat death of the universe, then there is finite amount of time in which things can happen. Therefore, just because something can happen does not guarantee that it will happen. Even if we assume that time is infinite, this also does not guarantee that everything which can happen will happen, as infinite does not necessarily mean everything. There are infinite numbers between 1 and 2, but none of them are 3. The line y = x will continue infinitely, but will only ever visit the value of 1 once.

My point about hashes is quite different though. Reversing a hash is quite literally impossible. Take SHA256 as an example. The input in to SHA256 can be any amount of data up to around 2 exabytes (2 million terabytes), but the output is always a string of 64 hexadecimal characters. Therefore, data from the input is lost during the process which makes it impossible to reverse. Although finding collisions is possible (but difficult), you can't definitely tell me what my input is. Just as if I told you I have two numbers which add up to 1000, you could give me two numbers which fit the criteria but have no way of knowing if they are the same two numbers which I am using.

The amount of data, size, structure are known in this case. For a compressed public key, it is 33 bytes hex-number as input for sha-256, and standart SHA-256 hash as input in RIPEMD160 function. Does it make things easier to crack? I guess not, but at least we have something to consider.

We don't need to create an algorithm for reversing hash functions, actually. Even if it were possible, it wouldn't give us much information anyway. After all, our goal is to find private key not public key, public key calculation and further hashing into bitcoin address is just for verification (whether or not the private key we found can be used to sign a transaction). What we do is generate a private key, calculate corresponding public key and then applying (RIPEMD160(SHA256(public key))) function and base58 encoding. If our value is matching with sought value, we are fine, if not, we continue until death of universe. Personally, if had a huge amount of proccesing power, I would spend it on mining of new bitcoins, it would be more profitable and more rational than finding the same private keys.

I am of the opinion that if the private key is the same as yours, it could possibly take your coins, it could happen,
but it is very unlikely to happen, in my opinion the private key is made with very good security standards, so getting the same private key is very difficult to happen.

I'll attempt an easier comparison (maybe not as accurate as yours, but still something more real that just numbers).

The chance is about the same as hand-picking the only one correct grain of sand from a beach, 4 times in a row (randomly different grains of sand for each 4 picks) (https://bitcointalk.org/index.php?topic=5255317.msg55134573#msg55134573)
You can't do it with a machine (the numbers we talk about are so big the machine would not have enough power to only count those), so you'll have to hand pick.

Now think again about the "it will happen" part.


Edit: I improved (corrected) the math based on @o_e_l_e_o's post

the possibility of using the same private key can happen but whether it can be used maybe this needs to be questioned again. if it can't be used, then finally the problem has been resolved besides it can indeed be used.

ireversibility of the hashes is not about the data size but about the algorithm that they use. to put it simply we can use a simple mathematical formula like x+y. if we know the result of this formula to be something like 12 you have no way of reversing it back to x and y. that is why it is impossible to reverse a hash function.

that formula above is not far from reality either. your RIPEMD160 result is literary the addition of 2 32-bit numbers for each of its hash state items. hash_state[1] = hash_state[2] + d + e where d and e,etc. are computed by bit rotations.

That's true, until we start talking about quantum computers, which is the most likely way that bitcoin will be "broken" in the near future. A quantum computer in a few decades could potentially use Shor's algorithm to reverse elliptic curve multiplication and calculate a private key from a public key. It could not, however, reverse a hash. Since the public key is only revealed when a transaction is made, as long as you do not reuse addresses, then your coins remain safe.

An internet search puts the number of grains of sand in the world at around 10²⁰, give or take a few orders of magnitude. 2²⁵⁶ is equivalent to ~10⁷⁷. So the chance is similar to hand picking the only correct grain of sand in the entire world chosen at random, four times consecutively.

For bitcoin private keys it is clearly impossible to be the same, because the private key consists of a unique combination of numbers and letters, try to imagine for yourself if an investor who has a lot of bitcoin assets will definitely feel annoyed if he finds out that his private key is the same as someone else's.

You are most probably correct.
I was expecting I may miss some "orders of magnitude", but I thought that should be not a big problem since the goal was easier understanding, not being 100% correct.
However, the idea of adding the "four times consecutively" is very good and although I don't expect too many who didn't understand the initial explanation gasp the difference, I'll add that. Thank you.

I thought this is a simple question until I found this is interesting after reading the comments.
so, a private key / wallet address is not purely generated uniquely.

it just close to unique because of the chance to have the same private key / wallet address close to impossible, because the amount of different keypairs that can be generated is huge.
CMIIW.

I like the coin flipping analogy BlackHatCoiner though.

Yes of course. Though just like what you said the probability is so small like grains of sand. It is all the matter of luck because ever since the creation of crypto I have never been heard of something like the topic had happened. I do hope I am the lucky one who can guess the same private key with those "lost forever" Bitcoins out there.

In imagining OP's question, I imagined something else and that is, no two persons has the same microchip number with regards to phone numbers although, country codes plays a part in this. The least I've heard of is some dormant numbers been recycled can't say if it's really true about that. But then, the point I'm driving at is, the microchip numbers is just a combination that ranges within 100000000000 or less and majority of the world have phones now and still not a single person has the same microchip number. Cases of redirect calls seems to be the only explanation for receiving calls for which it wasn't meant for You.

With that being that, how then would two persons have the same private key?! Especially with the fact that, not so many has the idea of private keys or seed phrase, not so many are into or enthusiastic of bitcoin and the private key or seed phrase are combined in a way that, you really can't make out anything if it,it's just words or alphanumeric combinations that follows no definite other and as such, it's limitless as to how many combinations it can generate. So, having the same private key or seed phrase as someone else is close to impossible and it would be a disaster should this ever happen.

The chance of this happening is really slim or should I say nearly impossible, since I came to the crypto space have never heard of two people owning the same private key :o, if that was possible it would have happened a long time ago cause every day Moore people keep creating new wallets, so if it was possible one of them would have had the private keys to other persons wallet, but its not possible because private keys are combination of letters and numbers so there's absolutely no way two people can own the same combination something must be different between them.

When you do talk about private key collision then thinking off on what would be the odds is.. It would be good on reading up this thread.

https://www.reddit.com/r/crypto/comments/drxyjq/chance_of_private_key_collision_for_256bit_ecc/
https://www.reddit.com/r/Bitcoin/comments/1ylis1/collision_probability_for_bitcoin_private_keys/

So i wont really be bothering myself on finding some private key with having some balance.

I really agree with you that everyone will make a key with the best possible security and security that can be guaranteed because it uses a very difficult combination and its security will definitely be tested. Obviously, it becomes a priority that is impossible until it is not well controlled. so it will not be possible to have the same private key occur, other than what we really suspect is that private key was taken because did not maintain it properly.
Therefore, if someone says that there are similarities, it is very difficult to prove that with very good security, it can be the same, unless we are indeed hacked by irresponsible people.

This is very difficult or we can say it impossible. Wallet created in such a way that i cannot be duplicate. We especially me sis not hear from anyone that his private key is match to another account.
If we suppose that its happen than answer is ""Yes""

yes true, theoretically it would not be possible to say that there would be a double private key, because the simulation made was so complicated and for a system error to give an existing private key to the other, it is certain that it will not happen.
the most likely one is the duplication of the private key due to a private error that is not stored properly and is taken by fraudsters in many ways that can be done.

the most frequent one is via email that gives a link where the contents of the scam are, now starting to use telegram which is booming through airdrops which are indeed very easy to manipulate so that we can have a computer entered by the fraudster.
So many ways now live we must look after ourselves properly.

of course, this is the importance for us to keep private keys from people who can not be trusted because it leaks once our assets can be directly spent or transferred to their personal wallets and none of them can help because of the decentralized nature of bitcoin.

There are lots of situations where you can gain an experience and knowledge through them. As we can see on his issue, wallet address and private keys or even pnemonic/seed phrase are auto generated and cannot be restored on the database of website wallet address generator unless it the website is used for scamming people.