Ok here is the idea and the issue.

Add all of the public keys from all customers into a "grand total" public key.  If A, B, C, etc. represent the public keys of all the customers then T = A + B + C ...

Now for type 1 addresses:
  r represents a random private key
  X = r*G + T (or could be X = r*T) represents a trial
  Hash X
  Test against all patterns from all customers

For a type 3 address
  R represents a random pseudo public key
  Hash the script "T or R"
  Test against all patterns from all customers

When an address is found for customer Z

You now need to broadcast a request to all the customers and all the customers need to cooperate by sending their private keys to customer Z
Given their own private key and all of the private keys from all the other customers and finally either r or R from the miner the customer has all they need to create the vanity key pair and vanity address

Obviously customer cooperation required - but I think that can be solved.

The biggest issue is that if any one customer "goes away" and they never transmit their private key to Z the entire thing falls apart.

Assuming all goes well everyone generates new key pairs, sends out their new public keys to the miners and the process starts again.

I am not asking for the key pair.  I just want valid public key addresses that will be accepted into the block chain. 

All of these addresses will be BTC "black holes" from where no BTC will ever return.

You would not be using vanitygen.  Just doing the necessary calculations to get a valid "checksum" after doing all the pre-processing.

Sorry, my posts above kind of got ahead of this thread.  There is a lot of history on this subject burried in the vanitygen thread and other threads.  The "holy grail" of the project is to be able to have multiple miners and have each miner searching for the patterns of all the customers at the same time.  That is why it appears I am doing unneeded work there.  I will dig up some of those old posts and get them moved over here.

Basically the idea is to combind all the keys from all the customers so you can do one trial and then check the result against all of the customer requests.  If you find the desired pattern for any one customer then you stop, give the result to that customer, and then the process starts again.

I am looking for someone to create a program or script that would do the following.

Given an arbitrary paragraph like:


automatically convert it so a series of valid public key addresses like this:


You need to:

Convert everything to CamelCase and remove all spaces and punctuation marks
Convert all illegal characters to the nearest equivalent
Break up the phrase into correctly sized chunks
Calculate the valid public addresses

I am pretty sure I could do this but I am lazy and thought someone might like to earn some BTC.

Anyone interested?

Bruno and I need this for a project we are working on.

I really love this idea!  Especially the catch phrase for the project "You can take it with you!"

We can even prove it:

Given an arbitrary valid public key addess, like 1BurtWagnersAfterLifeFundx...x where x...x contains the proper "checksum" you can, through trial and error, calculate an actual key pair that would produce it given an infinte time to do the calculation.  Everyone knows that we will have infinite time in heaven so you will be able to do the calculation!

In fact you don't have to limit yourself to just one address.  You can send your funds to a poem or a favorite passage of a book.  This has alread been done at least once.  The block chain currently contains the following set of public key addresses:


Whoever put this there must be planning on claiming their funds in the after life!

That is great!  I guess you now have another new side business

Fixed my own post.

Yes, but please no.

By the time you are able to "punish" him by pushing him out you would also as a side effect punish ever single one of the very nice polite people below him by pushing all of them out.

"Sub leasing" out P@40 space while being moral, ethical, legal, unstoppable, etc. is just kind of, well ... rude (and a bit greedy).

OOOOOOOOOOOOOOOO actually reading the bolded part makes a big difference. 

I just made a new years resolution to learn to read more carefully.

Just to make sure we are on the same page I am cross posting this description of the proposed algorithm:

To do this would take a new version of the vanitygen (and GPU version of vanitygen) that does all the proper calculations in order to create the proper script and proper hash of the script.

The nice thing is that each trial in the search for the vanity address would be much faster.  In this future system the algorithm is:

1) Create a valid keypair
2) Create a random invalid/bogus public key (basically a nonce).  Note the private key is unknown/unknowable
3) Create a valid "use one of these two keys" script with the valid public key and the bogus public key as the two parameters
4) Properly hash the script (much easier that a public key calculation)
5) Check for the vanity pattern, if it matches quit, otherwise go to step 2)

Note that each trial is now just the time it takes to generate a random number and take the hash of the script!

As discussed in this thread https://bitcointalk.org/index.php?topic=56839.0 we are not talking about creating a vanity address using the current software that "just happens to start with a 3" we are talking about creating a proper vanity address that starts with 3 - that is - the hash of a one of two key script where one of the keys is a valid public key and the other key is a bogus "filler" public key.  Therefore you would end up with a vanity address that starts with a 3 which is the proper hash of a proper script that will work properly.

To do this would take a new version of the vanitygen (and GPU version of vanitygen) that does all the proper calculations in order to create the proper script and proper hash of the script.

The nice thing is that each trial in the search for the vanity address would be much faster.  In this future system the algorithm is:

1) Create a valid keypair
2) Create a random invalid/bogus public key (basically a nonce).  Note the private key is unknown/unknowable
3) Create a valid "use one of these two keys" script with the valid public key and the bogus public key as the two parameters
4) Properly hash the script (much easier that a public key calculation)
5) Check for the vanity pattern, if it matches quit, otherwise go to step 2)

Note that each trial is now just the time it takes to generate a random number and take the hash of the script!

What do you mean?

So the creation of vanity addresses that start with 3 could still be distributed/outsourced using either the * or + shared key creation options mentioned in the OP.

1) Customer creates a key pair and sends out the public key to the vanity address miner(s).
2) The vanity address miner creates a second keypair
3) Then the miner creates the final public key by either adding the two public keys or by multiplying the miners private key and the customers public key
4) Using this final key the vanity address miner tries various randomly generated "filler" keys in the script until the hash of the script creates the desired vanity public script address.
5) The vanity address miner then turns over the second keypair they used plus the randomly generated "filler" key to the customer.

So once we start using this new public address scheme I expect we will be able to create much longer vanity addresses as the amount of computation per trial is greatly reduced.

As discussed in the new thread on vanity address outsourcing the vanity addresses that start with 3 will be much easier (less computation) to create.  This will lead to the possibility of longer vanity addresses for those that start with 3.

Wow, that does sound a lot easier.

Are these features available now?  If not when are they expected to be available?

If you have it handy can you give me a link to the new bitcoin address format?

Edit, nevermind, found it https://en.bitcoin.it/wiki/BIP_0013

As you may know I have given this a lot of thought (in other threads) and would like to be involved in this.  I will post a list of the issues later today.

Since you did not reformat it, and assuming you have not written to it then it should be easier to recover than from the formatted drive.

Ok we both agree:


According to the docs p is the prime number specifying the finite field used and n is the prime number specifying the order of G.

So I think the number p should be used for all the finite field math operations, for example a = b*c mod p

And n has something to do with G (the base point of the system).

So, I believe that I am correct in that the "overflow" in the finite field math is at p.

I am trying to remember exactly what n means and how it is used.  I remember reading it and understanding it at one point but I forget now exactly what it means.

If I find the reference again I will post it here.

We need to nail this down because it affects the all important calculation of the final private key f = a*b mod ?

So you could easily experimentally determine which one it is.  Calculate the final private key using each number and let us know which one calculates the correct final private key.

The number mike calls N is the same number I call p (for "prime") is the prime number:

p = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F

All the other parameters for the Bitcoin elliptical curve system can be found here: 

https://bitcointalk.org/index.php?topic=53177.msg635050#msg635050

and most of the thread at https://bitcointalk.org/index.php?topic=53177.0 is interesting and informative.