Bitcoin Forum
November 11, 2024, 09:08:46 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Odds of address collision with vanitygen  (Read 984 times)
YIz (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 502


View Profile
August 14, 2016, 01:22:36 PM
Last edit: August 14, 2016, 02:20:58 PM by YIz
 #1

Yeah, I know some of you will start saying "It's not possible" before I even click the post button, but I'm just curious.

If I had a hundred computers with an Intel i7-6700K running vanitygen generating random addresses running 24/7 for a year, and after that I would search a random address in the database I created (assuming that I can load a file that huge) what would be the probability of finding a random address and its private key in there?
Lauda
Legendary
*
Offline Offline

Activity: 2674
Merit: 2965


Terminated.


View Profile WWW
August 14, 2016, 01:28:05 PM
 #2

Intel i7-6700K
That's a weak way of generating random addresses. I will leave this picture here and it should hopefully explain why this attack isn't feasible:



People are generally bad with probabilities. It is more probable that an asteroid will wipe out humanity, than someone generating a collision in the future. I was going to provide some sort of numbers but it seems that DannyHamilton is on it.

"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
😼 Bitcoin Core (onion)
DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4832



View Profile
August 14, 2016, 01:31:32 PM
Last edit: August 14, 2016, 01:55:11 PM by DannyHamilton
 #3

I don't know how many addresses per second an i7-6700K can generate per second.  But lets go with an unrealistically large number.  Lets pretend that number of hashes that are computed by the entire worldwide bitcoin mining network is the same as the number of addresses you could generate.  (In other words, let pretend like your computer all by itself could mount an effective 51% attack on the bitcoin network)

That would mean that you could generate 1648994603000000000 (1.65 X 1018)addresses every second.

There are about 31557600 (3.16 X 107) seconds in a year.

That means after running your super powerful machine for a full year, you would have generated a total of:

1.65 X 1018  *  3.16 X 107 =

5.214 X 1025 addresses (approximately 52140000000000000000000000).

Now, there are a total of 2160 possible bitcoin addresses.
2160 = 1.46 X 1048

So, you will have generated
1.46 X 1048 / 5.214 X 1025 =

1 / 2.8X1022th of all possible addresses.

If you now choose a completely random address, that address has an equal chance of being in the 1 / 2.8X1022th that you generated or any of the remaining 2.8X1022ths that you haven't yet generated.

Therefore, "the probability of finding that random address and its private key in there" with the imaginary supercomputer is:
1 / 2.8X1022 =

3.57 X 10-23
or 0.00000000000000000000357%


While we haven't computed what your i7-6700K could do, it should be clear that it will do MUCH worse that this.
7788bitcoin
Legendary
*
Offline Offline

Activity: 2282
Merit: 1023


View Profile
August 14, 2016, 01:34:34 PM
Last edit: August 14, 2016, 01:58:44 PM by 7788bitcoin
 #4

It's not possible, even if you own all the computers in the world!!

There is a youtube video that I like very much that explains how it is not possible: https://www.youtube.com/watch?v=ZloHVKk7DHk



Yeah, I know some of you will start saying "It's not possible" before I even click the post button, but I'm just curious.

If I had a hundred computers with an Intel i7-6700K running vanitygen generating random addresses running 24/7 for a year, and after that I would search a random address in the database I created (assuming that I can load a file that huge) what would be the probability of finding a random address and its private key in there?
Chris!
Legendary
*
Offline Offline

Activity: 1382
Merit: 1123



View Profile
August 14, 2016, 01:34:43 PM
 #5

Haha Lauda got it up first... but yes it's impossible. If you find a bitcoin address with someone else's funds in it you would have been better off buying a lottery ticket! At least that way you know you get ~$1million whereas you my only find a bitcoin address with a few Satoshis in it if you're the luckiest person on earth and you live a quadrillion years. Don't bother trying! Go buy a lottery ticket! The odds are way better.
YIz (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 502


View Profile
August 14, 2016, 01:38:19 PM
 #6

Intel i7-6700K
That's a weak way of generating random addresses. I will leave this picture here and it should hopefully explain why this attack isn't feasible:



People are generally bad with probabilities. It is more probable that an asteroid will wipe out humanity, than someone generating a collision in the future. I was going to provide some sort of numbers but it seems that DannyHamilton is on it.

Yeah, I know that picture, but I'm looking for numbers, haha. It's not that I'm actually going to try because I know the odds are ridiculously low.
NorrisK
Legendary
*
Offline Offline

Activity: 1946
Merit: 1007



View Profile
August 14, 2016, 01:43:53 PM
 #7

A picture speaks more than a thousand words. The numbers are so astronomically huge, that your odds will be insanely small.

Here is a calculation posted by DeathAndTaxes a few years ago:

The odds in colliding with a specific address is 1 in 2^160.

If there are a billion users and each have one million active addresses (1 quadrillion funded addresses in the blockchain) the odds in colliding with any address would be roughly 1 in 2^110 (1*10^33).

Vanitygen can produce 20 million keypairs per second.  Lets say you build a super ASIC on 12nm (4 generations ahead of current tech) process that could create, validate, and steal one trillion keypairs per second (1 TK/s). That would be about 50,000x more powerful than faster GPU today.  Lets also say you built a thousand of them and ran them continually with no downtime 24/7/365.   In 1 year you could brute force 3*10^28 possible addresses.  

If there are 1 quadrillion funded addresses you would still have a ~1% chance of colliding with a random funded address in the next 1,000 years.


Those numbers should make it clear that the chance of a collision are so negliable. If 100 CPUs would be able to produce a collision, it would have been done a ton of times by now, as there are a lot of people that have this kind of computing power at their disposal. Especially look at the requirement of having 1 quadrillion funded addresses in this calculation..
Sir Alpha_goy
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250



View Profile
August 14, 2016, 01:44:19 PM
 #8

Intel i7-6700K
That's a weak way of generating random addresses. I will leave this picture here and it should hopefully explain why this attack isn't feasible:

https://i.imgur.com/VjtG3.jpg

People are generally bad with probabilities. It is more probable that an asteroid will wipe out humanity, than someone generating a collision in the future. I was going to provide some sort of numbers but it seems that DannyHamilton is on it.

"Bitcoin - Your money is secured by the laws of the universe"

 Tongue

The Virgin Mary herself would be so proud of you all.
Sir Alpha_goy
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250



View Profile
August 14, 2016, 01:45:38 PM
 #9

Most likely quantum computing will be the death of BTC.

All part of the stairway to heaven.
YIz (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 502


View Profile
August 14, 2016, 01:49:51 PM
 #10

Most likely quantum computing will be the death of BTC.

All part of the stairway to heaven.

Will it actually change the odds of finding a private key drastically? I've heard that it makes a lot more calculations in comparison to a traditional computer, but the question is, how many more.
DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4832



View Profile
August 14, 2016, 01:56:01 PM
 #11

- snip -

I've updated my post above with actual math.

Since I didn't know how many addresses an i7-6700K could generate per second I rounded WAY up to a ridiculously high number.

If you want to know the actual chances with an i7-6700K, then let me know how many addresses an i7-6700K can generate in a second (or hour) and I'll update my post with the actual numbers.
Lauda
Legendary
*
Offline Offline

Activity: 2674
Merit: 2965


Terminated.


View Profile WWW
August 14, 2016, 01:58:33 PM
 #12

Most likely quantum computing will be the death of BTC.
No, it won't. Stop trolling.

Will it actually change the odds of finding a private key drastically? I've heard that it makes a lot more calculations in comparison to a traditional computer, but the question is, how many more.
Not necessarily. Generally (summarized), 256 bit for a standard computer is 'treated' as 128 bit for a quantum computer. However, keep in mind that while they are more faster in doing some calculations, they are much slower at doing others. The only potential vulnerability (so far) may be ECSDA. Bitcoin can fork and move away to quantum resistant algorithms. I'm not sure how exactly it may influence key generation, albeit I'd say doing so with a GPU would still be faster.

"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
😼 Bitcoin Core (onion)
YIz (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 502


View Profile
August 14, 2016, 01:59:24 PM
 #13

I don't know how many addresses per second an i7-6700K can generate per second.  But lets go with an unrealistically large number. Lets pretend that number of hashes that are computed by the entire worldwide bitcoin mining network is the same as the number of addresses you could generate.  (In other words, let pretend like your computer all by itself could mount an effective 51% attack on the bitcoin network)

That would mean that you could generate 1648994603000000000 (1.65 X 1018)addresses every second.

There are about 31557600 (3.16 X 107) seconds in a year.

That means after running your super powerful machine for a full year, you would have generated a total of:

1.65 X 1018  *  3.16 X 107 =

5.214 X 1025 addresses (approximately 52140000000000000000000000).

Now, there are a total of 2160 possible bitcoin addresses.
2160 = 1.46 X 1048

So, you will have generated
1.46 X 1048 / 5.214 X 1025 =

1 / 2.8X1022th of all possible addresses.

If you now choose a completely random address, that address has an equal chance of being in the 1 / 2.8X1022th that you generated or any of the remaining 2.8X1022ths that you haven't yet generated.

Therefore, "the probability of finding that random address and its private key in there" with the imaginary supercomputer is:
1 / 2.8X1022 =

3.57 X 10-23
or 0.00000000000000000000357%


While we haven't computed what your i7-6700K could do, it should be clear that it will do MUCH worse that this.



Alright the number is even more ridiculous than I thought it's going to be, and this is the best possible case.. and damn dude, you have some fine math skills, I wish I knew how to make those calculations myself  Cheesy
YIz (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 502


View Profile
August 14, 2016, 02:05:19 PM
 #14

- snip -
It's not that I'm actually going to try because I know the odds are ridiculously low.

And yet you use a subject for the thread of "Theoretical bitcoin attack"?

If you know that the odds are "ridiculously low", then you know it's not a "Theoretical bitcoin attack".

This would seem to imply that you chose that subject line to troll or try to start a flame war.

I was just curious dude, I wasn't trying to start a "flame war" or troll. and why couldn't I call it an attack, even if the chances are almost 0%? it's still some kind of attack.
Sir Alpha_goy
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250



View Profile
August 14, 2016, 02:05:58 PM
 #15

Most likely quantum computing will be the death of BTC.
No, it won't. Stop trolling.

Will it actually change the odds of finding a private key drastically? I've heard that it makes a lot more calculations in comparison to a traditional computer, but the question is, how many more.
Not necessarily. Generally (summarized), 256 bit for a standard computer is 'treated' as 128 bit for a quantum computer. However, keep in mind that while they are more faster in doing some calculations, they are much slower at doing others. The only potential vulnerability (so far) may be ECSDA. Bitcoin can fork and move away to quantum resistant algorithms. I'm not sure how exactly it may influence key generation, albeit I'd say doing so with a GPU would still be faster.


Wasn't that the whole purpose of the blockchain?

Make the database so big and make mining (transaction verifications) so intense that only high end computing (quantum) could handle it in the future without the need for so much power.

IMO BTC will breathe more life into AI.

It was designed that way from the beginning.

On second thought disregard my statements.

I'm only trolling right?

DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4832



View Profile
August 14, 2016, 02:16:56 PM
 #16

disregard my statements.

I'm only trolling

I was going to respond, but then you said that and I realized that it's a bad idea to feed the trolls.
YIz (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 502


View Profile
August 14, 2016, 02:17:03 PM
 #17

- snip -
why couldn't I call it an attack, even if the chances are almost 0%? it's still some kind of attack.

Sure.  In the same way that I could say that "reading Green Eggs and Ham in my bed in the U.S. is a theoretical attack on the people of France"

It may not accomplish anything, and be entirely harmless, but if I want to call it an "attack" then it is still some kind of attack.

If generating addresses and checking to see if those addresses have a balance is "some kind of attack" then every bitcoin user is "attacking" bitcoin every time they use bitcoin.  Nonsense!

Pick an appropriate title for the thread and I'll change it then, if you are so annoyed by the title.
YIz (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 502


View Profile
August 14, 2016, 02:21:23 PM
 #18

Pick an appropriate title for the thread and I'll change it then, if you are so annoyed by the title.

Odds of address collision with vanitygen

There you go, yeah, it might be a better title after all.
DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4832



View Profile
August 14, 2016, 02:29:35 PM
 #19

yeah, it might be a better title after all.

Removed my complaints
raphma
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250



View Profile
August 14, 2016, 03:18:55 PM
 #20

Most likely quantum computing will be the death of BTC.

Wasn't that the whole purpose of the blockchain?

Make the database so big and make mining (transaction verifications) so intense that only high end computing (quantum) could handle it in the future without the need for so much power.

IMO BTC will breathe more life into AI.

It was designed that way from the beginning.

On second thought disregard my statements.

I'm only trolling right?


so, in the first statement you say it(quantum) will kill bitcoin and in the other you say it was "needed" to bitcoin work properly?
doest that make sense?

if i understood wrong, please, correct me.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!