Thanks for your reply. Appreciated. However, it does seem like the tool is doing all the work for me. I'm trying to learn how the calculation works myself.
With numbers as big as these, it usually is a program, or programming language library that does do all the actual work. Doing these calculations by hand would take too much time. If you are interested, here is a pdf, which explains ECC really easily and well https://www.entrust.com/wp-content/uploads/2014/03/WP_Entrust_Zero-to-ECC_March2014.pdfIf you want to practice actually doing these calculations I recommend trying them on smaller field first. eg: y²=x³+7 mod 1051 would create a prime field of 1093 points. you can choose any point from the field to be G For doing the multiplication with actual bitcoin curve you would first need to multiple the G by 2, then multiple the result by 2 and so on. until you have done it 255 times. And save the results. Then you will have a list of points G, 2*G, 4*G, 8*G, 16*G ... 57896044618658097711785492504343953926634992332820282019728792003956564819968*G for the multiplications of 2 you use these formulas: s=(3x²+a)/(2y1) mod p x2=s²-2x1 mod p y2=-y1+s(x1-x2) mod p
Then you transform your private key to a binary number and lets say it is 1001101 (very short priv key ) then you can do the additions. 1 G 0 (2) 1 4G 1 8G 0 (16) 0 (32) 1 64G The resulting public key would be: G+4G+8G+64G For the additions you use these formulas: s=(y2-y1)/(x2-x1) mod p x3=s²-x2-x1 mod p y3=-y2+s(x2-x3) mod p
The pdf will explain these better. Have fun
|
|
|
Thanks for the updated list And to "holy_ship" you can easily write a script that can compare balances in this new list against your list of old "abandoned" addresses and see how many have been emptied...
|
|
|
Hey, guys!
Trying to make list of abandoned non-empty wallets (in java and bitcoinj library), but not getting one moment: I want a list of abandoned for 3 years wallets. And a yearly snapshots. The most intriguing part is: were there wallets that became empty in next years?
I would not call addresses without action for 3 years abandoned addresses. 3 years ago bitcoin already had a lot of value, and that means people saved their private keys & seeds carefully. So there wont be that many "abandoned" addresses from that time period. However. In 2009-2011 bitcoin had almost no value, and that is why keys to many addresses were permanently lost at that time. Most abandoned & forgotten addresses are from that time.
|
|
|
With the right tools it is easy: This is one example in how it can be done in Sagemath http://www.sagemath.org/, the free math program. modi =0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F E=EllipticCurve(GF(modi), [0,7]) print E
# generator used with this curve G=E(0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798, 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)
PrivK=0x18E14A7B6A307F426A94F8114701E7C8E774E7F9A47E2C2035DB29A206321725
PubK=PrivK*G print "Public key :", PubK
So you basically just multiply your private key with the Generator (G) and get the public key. Easy. Actually the code could be a lot shorter, because you do not have to tell sagemath the modulus, Generator point and elliptic curve. You could just say that you want to use the secp256k1 -curve and sage will then know all the needed parameters. But I do not know how to do that, so I do it the "hard" way. The above code prints the public key in decimal format. Here is the output of the above code: Elliptic Curve defined by y^2 = x^3 + 7 over Finite Field of size 115792089237316195423570985008687907853269984665640564039457584007908834671663 Public key : (36422191471907241029883925342251831624200921388586025344128047678873736520530 : 20277110887056303803699431755396003735040374760118964734768299847012543114150 : 1)
|
|
|
I heard that Quantum Computer can destroy bitcoin. Is it possible?
Yes and no. Efficient quantum computer can get the private key from public key, which means it could empty wallets that have been spend from. A single send action from an address reveals the public key. However. If you use bitcoin properly and do not re-use addresses, then you are safe from quantum computers, because they cannot break SHA256 hash. Also if/when quantum computers would ever become big enough, bitcoins encryption is probably going to be changed to something quantum resistant. How do we know when the time has come? There are several addresses with over 1000000000$:s worth of bitcoins in them, that have send actions in them and they have published their public keys. When someone starts emptying them, then we know it is time to do something.... or hopefully long before that. And it is not only quantum "magic" computers we need to worry. Maye someday some hacker will find a way to break bitcoin crypto even without quantum magic.
|
|
|
QR-codes can be generated in different ways, for example with different level of error correction. That means that 2 QR-codes having the same content do not necessarily look the same. This is normal. You can check that both contain the same address by eg. scanning them with your phone and comparing the address that they produce.
|
|
|
Recently, I have been posting on this forum and my posting is increasing but my activity is not increasing it has remained stagnant for the past 3 days. Please help!!
You can only get 14 points of activity in one 2 week period...
|
|
|
Is there any change, that you generated those addresses in a mac? There was a bug related to bitaddress.org, that if you created the address using some version of safari (was it 5 or 6 ?), then you can only decrypt the key in the exact same version of safari.... here is a link: https://bitcointalk.org/index.php?topic=416324.10;imodeit also talks about a faulty encrypted key starting with 6P... Your key starts with the same 6P... Edit: Apparently the correct ones start with 6P... too. So cant make any conclusions about that.
|
|
|
but both the "My" and offset are returned to the calling function and sent to Point() in the end To me it looks like only the My is sent to Point() (there is a \[0] after the call, easy to miss): return Point( curve, Mx, ECC_YfromX(Mx, curve, Aser[0] == 0x03)[0], _r ) Did not notice that. Re-reading the code, my opinion is now that the offset must always be "0" otherwise it would return the y-coordinate of a wrong point!!!!!! I can see no reason why the for loop wont go through with the first try with offset 0. That is if the x is a valid x point on the curve. IF x is not valid, then that function returns y from a wrong point ! Now I understand the sqrt. Thanks for explaining that. Btw, there is another bug in there. It should be (_p+1)/4 and not (_p+1)//4 Shouldn't it? I was wondering how is it possible to omit the remainder of dividing by 4. But by luck in this case (p+1) does divide by 4 nicely. So there is no remainder and it works with bitcoin curve. Edit: Just realized that "/" and "//" both work the same here, because both would omit the remainder here... Also if the ECC_YfromX() function assumes that p%4=3 (and p+1 is divisible by 4) when taking the sqrt, it definitely cannot handle changing the curve that bitcoin uses. So the whole "_a * pow(Mx, 2, _p) + _b % _p" part is pointless and could be changed to simply be "+7" (or + _b) Quite worrying to see that kind of code in my favorite wallet program.
|
|
|
- What is the meaning of the offset? Why is it needed? Other implementations seem to be fine without it.
What are the mathematical foundations? Why does x + offset still result in the same y (or does it?)? - When calculating y^2, why is the coefficent a multiplied by x^2 instead of just x, like in the basic elliptic curve equation?
Could this be a bug, that has not yet been discovered, because a is 0 in secp256k1?
def ECC_YfromX(x,curved=curve_secp256k1, odd=True): _p = curved.p() _a = curved.a() _b = curved.b() for offset in range(128): Mx = x + offset My2 = pow(Mx, 3, _p) + _a * pow(Mx, 2, _p) + _b % _p My = pow(My2, (_p+1)//4, _p )
if curved.contains_point(Mx,My): if odd == bool(My&1): return [My,offset] return [_p-My,offset] raise Exception('ECC_YfromX: No Y found')
I'm glad for any help or pointers in the right direction... Quite an interesting find. You are right, it does seem to be a "bug" to have a*x² in there. It should be a*x, but would be even better if there were no "a" at all, because as you said a=0 in the curve bitcoin uses (y²=x³+7) Also interesting to have _b % _p at the end. Why take a mod of curve parameter b? How could it ever be bigger than p? It is a curve parameter that never changes. Maybe Electrum devs want to be prepared for bitcoin changing the curve it uses ?? (never going to happen) It is not very efficient to do 128 times "_a * pow(Mx, 2, _p)" and "_b % _p" for no reason, when the numbers are as big as they are (256bit). Also as you said. the offset is quite confusing. but both the "My" and offset are returned to the calling function and sent to Point() in the end, and Point() is an imported function (from ecdsa.ellipticcurve import Point) And I did not look what it does with the offset value. One more thing that confuses me is the line: My = pow(My2, (_p+1)//4, _p ) That is an interesting way to take a squareroot in finite field. I know sqrt is a heavy operation in finite field, but never seen it taken like that. Could that be what is behind the whole offset thing... an easier way to find a sqrt?
|
|
|
Have you ever tried to read the source code of Linux? There is so much code that it is pretty impossible to go through that. I would not be surprised if there were some surprises hidden in there too. NSA could have some programmers "contributing" to developing Linux, who could know. A well designed "bug" could be all that they want. But I too trust Linux much more than windows, which really is spying its users. As for hardware wallets, I have to be honest that I have no idea how they work internally, but the fact that they have been completely safe thus far suggests that they're quite trustworthy. There are probably some out there that houses hundreds of thousands of coins. But then again, there are only no incidents until there has been an incident, so that could change in a hurry. I personally still trust them because it's not like they're running on some kind of freemium model, but that's just me.
I trust hw-wallets too, but there could always be a bug in them too. Paper wallets are safer, if the key has been made with a good RNG.
|
|
|
There are a lot of stories of stolen bitcoins from hacked websites or fooled people.
I was wondering, since all transactions are in blockchain, is it technically possible to make blacklist of wallets where stolen funds where transferred (by claims of victims) to track transfers of those funds and report when the owner can be identified (for example when some goods where bought and delivery address is known)?
Or perhaps just block those blacklisted wallets and don't support them on the network (bitcoin) level?
It is possible to follow the coins, but it is impossible to know if/when the owner has changed. You cannot know if a transfer is from one owners address to another address of his, or if the new address belongs to a new owner. Even proving that the coins belonged to you could sometimes be difficult On the other hand. Now all? exchanges require identification for buying or selling large amounts of bitcoins. If the thief sells the stolen coins through an exchange then he can be identified. Blacklisting coins from the blockchain is impossible. Who could do that? Bitcoin is a decentralized system after all...
|
|
|
Wow! That is interesting. I don't think any mining pool would leave the block empty losing bitcoins in doing it. Could it be possible that some hobbyist just got lucky and succeeded in mining a block? Edit: It was apparently mined by: Z/BTPOOL https://btc.com/stats/pool/BTPOOL and they are pros. Wonder why they decided to not take ~4 BTC transfer fees
|
|
|
Im trying to do some tests to learn how to use raw transactions and other command lines. Since im scared to do this with real coins, I would like to use the testnet. I've never used it before. It looks like you just have to open the testnet shortcut and it will open. My questions are:
1) Does it keep the data folder separated from the real blockchain I guess? Do I get prompted when I first open it for the first time where to put the testnet blockchain? 2) Is there any way to download this faster from a torrent or something? Since its just testnet coins I don't really care that much about it so I would be willing to download it from somewhere faster that the client then just validate it.
You do not have to use the bitcoin core, which needs to download the blockchain. For example I use Copay (both in android phone and desktop), which supports testnet, and doesn't need to download anything. If you want to manually create your transactions then you can just use https://live.blockcypher.com/btc-testnet/pushtx/ to broadcast them.
|
|
|
Nice One thing to improve. Now you have to choose 6 different coins. It would be nicer if you could choose less. For example I tried to select only the 4 coins that I am currently interested in.. And it was not possible. (it did not show the value of any of them until I selected 6 coins...) I am using Firefox 52.5 in Linux.
|
|
|
Also, what would happen if you flooded the system (neighboring bitcoin nodes) with 1000s of random guesses?
Random guesses? After several invalid transactions, they would've banned you. I do not know any way how they could ban anyone. But it wouldn't be necessary. verifying that a message is false and ignoring it is a really really quick operation. And Kwothe117, you would not have to send your false guesses to the network. You could just check if your random guess is correct by yourself on your own computer. It would be much faster too. Then if your random guess is correct you could broadcast it and it will be accepted in to the blockchain...
|
|
|
i have created another paste, which wont get removed after 1 year., i hope you dont mind. so that ppl can benefit from this even after a year. https://pastebin.com/6yw2BtDMCool. Of course I don't mind, just a pity that I didn't write "python 2.7" to the comments in the beginning of the code. But I guess it is obivious, because the print commands do not have parentheses in them...
|
|
|
Here is my version of the python code: https://pastebin.com/19y9pUg5It works for me. My Python version is 2.7.13 It generates 10 Addresses every time it is run. For the first address it also displays the 256 bit random number and public key In the end there is some commented code, to make an uncompressed address, and where you can manually add your own random number and it makes address form that
|
|
|
I just re-read my comment and realized that it can be understood that I have made my own c++ implementation. BUT I meant I have just edited the python code, not converted it to c++. Here is a link with some c++ code: https://stackoverflow.com/questions/17672696/generating-bitcoin-address-from-ecdsa-public-keyEdit: Also tried to post my version of the python code, but the forum prevented me from posting it. Quite surprising. But doesnt matter, because you were not looking for python code anyway. This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
|
|
|
|