no-ice-please (OP)
|
|
March 29, 2015, 06:11:48 PM |
|
This is a basic question about bitcoin security that I don't see answered adequately.
I'm not an expert in anything, so it is possible I am missing the obvious, but would still like an answer.
The bitcoin private key is a 256 bit number that contains a numerical address and a key to decrypt numerical messages sent to that address.
The number of key is quite high. The security of the bitcoin system seems to be based on the difficulty of using a public address to work backwords and find the private key. But there seems to be an obvious proof that shows that to be flawed.
In order to show that the current bitcoin key system is flawed, all that a person would need to do is show that there was a correlation between the relative position of a private key and the relative position of its corresponding public address.
In other words, if you took the lowest possible private key, a 256 bit number starting with 00000... etc, and the highest possible private key, a 256 bit number starting with 11111... etc, and you were able to show that the two public addresses for those keys formed hard boundaries, i.e., that all bitcoin public addresses fell between those two numbers in some mathematical formula or progression, then you would be showing that an accessible formula existed to work backwords from the public adrress to the private key.
The obvious question then, does some formula or progression exist that could put bitcoin addresses in sequence? Any set of numbers that are derived from another set of numbers ultimately can be ordered in the same sequence as the original set. Therefore it seems that the "security" of the cryptography used in bitcoin would come not from the size of the number set but rather from the computational difficulty of converting private key to public address or vice versa. Since in bitcoin the conversion in one direction, i.e., private key to public address, requires little effort, there is really no security once a formula or progression rule for addresses is discovered. And such a fomula or progression is easily findable by anyone with a little skill in that kind of thing.
... Is that accurate?
|
|
|
|
dothebeats
Legendary
Offline
Activity: 3766
Merit: 1354
|
|
March 29, 2015, 06:35:51 PM |
|
This is a basic question about bitcoin security that I don't see answered adequately.
I'm not an expert in anything, so it is possible I am missing the obvious, but would still like an answer.
The bitcoin private key is a 256 bit number that contains a numerical address and a key to decrypt numerical messages sent to that address.
The number of key is quite high. The security of the bitcoin system seems to be based on the difficulty of using a public address to work backwords and find the private key. But there seems to be an obvious proof that shows that to be flawed.
In order to show that the current bitcoin key system is flawed, all that a person would need to do is show that there was a correlation between the relative position of a private key and the relative position of its corresponding public address.
In other words, if you took the lowest possible private key, a 256 bit number starting with 00000... etc, and the highest possible private key, a 256 bit number starting with 11111... etc, and you were able to show that the two public addresses for those keys formed hard boundaries, i.e., that all bitcoin public addresses fell between those two numbers in some mathematical formula or progression, then you would be showing that an accessible formula existed to work backwords from the public adrress to the private key.
The obvious question then, does some formula or progression exist that could put bitcoin addresses in sequence? Any set of numbers that are derived from another set of numbers ultimately can be ordered in the same sequence as the original set. Therefore it seems that the "security" of the cryptography used in bitcoin would come not from the size of the number set but rather from the computational difficulty of converting private key to public address or vice versa. Since in bitcoin the conversion in one direction, i.e., private key to public address, requires little effort, there is really no security once a formula or progression rule for addresses is discovered. And such a fomula or progression is easily findable by anyone with a little skill in that kind of thing.
... Is that accurate?
There was once a user here in the forum that often holds bounties in the form of solving complex equations and mathematical problems that are somewhat related to cracking the fundamentals of the bitcoin privkey and its security. It was a fun thread to show as it progresses, but I'm no mathematical genius, but seeing those comments and replies to his thread (and similar to what you are pointing to), there is indeed a way to solve the privkey for each addresses in existence, though it strongly oppose this line here: Since in bitcoin the conversion in one direction, i.e., private key to public address, requires little effort, Again, according to that thread, solving the necessary formula needed a huge amount of computing power before being "cracked."
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
March 29, 2015, 07:14:14 PM |
|
This is a basic question about bitcoin security that I don't see answered adequately.
I'm not an expert in anything, so it is possible I am missing the obvious, but would still like an answer.
The bitcoin private key is a 256 bit number that contains a numerical address and a key to decrypt numerical messages sent to that address.
The number of key is quite high. The security of the bitcoin system seems to be based on the difficulty of using a public address to work backwords and find the private key. But there seems to be an obvious proof that shows that to be flawed.
In order to show that the current bitcoin key system is flawed, all that a person would need to do is show that there was a correlation between the relative position of a private key and the relative position of its corresponding public address.
In other words, if you took the lowest possible private key, a 256 bit number starting with 00000... etc, and the highest possible private key, a 256 bit number starting with 11111... etc, and you were able to show that the two public addresses for those keys formed hard boundaries, i.e., that all bitcoin public addresses fell between those two numbers in some mathematical formula or progression, then you would be showing that an accessible formula existed to work backwords from the public adrress to the private key.
The obvious question then, does some formula or progression exist that could put bitcoin addresses in sequence? Any set of numbers that are derived from another set of numbers ultimately can be ordered in the same sequence as the original set. Therefore it seems that the "security" of the cryptography used in bitcoin would come not from the size of the number set but rather from the computational difficulty of converting private key to public address or vice versa. Since in bitcoin the conversion in one direction, i.e., private key to public address, requires little effort, there is really no security once a formula or progression rule for addresses is discovered. And such a fomula or progression is easily findable by anyone with a little skill in that kind of thing.
... Is that accurate?
Your assumption that such a formula is "easily findable" is false. Hash functions effectively scramble the data so there's no way to predict what the output is going to be, so you cannot find a "progression rule".
|
|
|
|
protokol
Legendary
Offline
Activity: 1188
Merit: 1016
|
|
March 29, 2015, 07:37:31 PM |
|
Your assumption that such a formula is "easily findable" is false. Hash functions effectively scramble the data so there's no way to predict what the output is going to be, so you cannot find a "progression rule".
Correct, the consensus is that good hash functions are "one way". They require a ridiculously huge amount of computing power to brute-force (predict), but only a small amount to verify information.
|
|
|
|
neoneros
|
|
March 29, 2015, 07:54:31 PM |
|
Try to find some basics about encryption, using private keys. It is a one way encryption and lucky guessing is with the current state of computing power not something that is done easily. Though the development of bitcoin is spawning mines that have massive computer power and it spurts like hell to new hights. The downfall of the crypto currency might just be it's popularity and influence on the processing power.
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
March 29, 2015, 08:08:59 PM |
|
The downfall of the crypto currency might just be it's popularity and influence on the processing power.
Not really, because the amount of processing power required to brute force a private key is MANY orders of magnitude beyond that of solving a block.
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
March 30, 2015, 01:12:33 AM |
|
Your assumption that such a formula is "easily findable" is false. Hash functions effectively scramble the data so there's no way to predict what the output is going to be, so you cannot find a "progression rule".
Correct, the consensus is that good hash functions are "one way". They require a ridiculously huge amount of computing power to brute-force (predict), but only a small amount to verify information. Okay, that is clear, but a hash is not a random number. More significantly, there are a number of ways to go from address to private key. Finding a precise formula would be extremely difficult of course, but would let you go from address to key in one step. However finding only the relative position of an address, being able to say one address comes before or after another, would be much easier and would get the private key of any address within a few hundred steps by telling you whether you need to generate a higher or a lower private key. So the hash itself contains several different kinds of information that together may give the appearance of a random number. But if you take a string of several private keys in proper sequence from low to high, then generate addrresses from them, and there is any corresponding pattern whatsoever in those addresses, you do not need to find any formula to solve the problem the second way, which takes a few hundred steps. I hear what you are saying, but the fact of the matter is that so far, no one has been able to detect any sort of pattern in strong cryptographic hash functions such as SHA-256. There is something called the 'avalanche effect' where changing one character changes the outcome completely. If you look into the inner workings of the hash function, it goes through I believe 64 rounds of computation. By the time its done all that computing, you're left with something that has no discernable pattern. So while you're correct that they are not 'random', the outputs appear random for all intents and purposes and without a pattern to follow, no ordering is possible. Perhaps someday someone may indeed find a pattern, but when/if that happens, it would be time to migrate to a stronger form of cryptography.
|
|
|
|
acoindr
Legendary
Offline
Activity: 1050
Merit: 1002
|
|
March 30, 2015, 05:20:08 AM Last edit: March 30, 2015, 07:07:31 AM by acoindr |
|
The bitcoin private key is a 256 bit number that contains a numerical address and a key to decrypt numerical messages sent to that address.
No, it's just a 256 bit number. It doesn't "decrypt" anything. However, it's used to sign messages proving a relationship to a particular public key. The number of key is quite high.
Yes. The security of the bitcoin system seems to be based on the difficulty of using a public address to work backwords and find the private key.
Yes, that's the part of security which protects user accounts (private keys). It's based on elliptic curve cryptography. The other large part of Bitcoin security is secure hashing algorithms used by miners to provide arbitration for the blockchain. In order to show that the current bitcoin key system is flawed, all that a person would need to do is show that there was a correlation between the relative position of a private key and the relative position of its corresponding public address.
Nobody needs to show that. It's already known. That's why it's possible to verify a private key without knowing it. In other words, if you took the lowest possible private key, a 256 bit number starting with 00000... etc, and the highest possible private key, a 256 bit number starting with 11111... etc, and you were able to show that the two public addresses for those keys formed hard boundaries, i.e., that all bitcoin public addresses fell between those two numbers in some mathematical formula or progression, then you would be showing that an accessible formula existed to work backwords from the public adrress to the private key.
The part where you go off the track is when you say "accessible formula". The elliptic curve used by Bitcoin is Secp256k1. Its points on a graph would appear randomly scattered and the number of points is between 2^255 and 2^256 or about one point for every eight atoms in the universe. If you think you have or can find an accessible formula to compute these points backward from a public key, then yes you could cause problems with the current version of Bitcoin. The obvious question then, does some formula or progression exist that could put bitcoin addresses in sequence?
Yes, counting up by one for instance. The problem is there are so many possible addresses it would take you (or a computer) an unbelievable amount of time just to count upward and hit one. Any set of numbers that are derived from another set of numbers ultimately can be ordered in the same sequence as the original set.
Can be ordered or must be ordered? Therefore it seems that the "security" of the cryptography used in bitcoin would come not from the size of the number set but rather from the computational difficulty of converting private key to public address or vice versa.
The security comes from both the size of the number set and the difficulty in calculating the private key from only a public key. Since in bitcoin the conversion in one direction, i.e., private key to public address, requires little effort, there is really no security once a formula or progression rule for addresses is discovered.
This presumes such a formula could be discovered. And such a fomula or progression is easily findable by anyone with a little skill in that kind of thing.
Let's see it then.
|
|
|
|
turvarya
|
|
March 30, 2015, 09:34:42 AM |
|
You just make it sound too easy. Mathematical geniuses were researching cryptography before there was even a computer. One a mathematical level, there was no way found, to reverse e.g. SHA-256. Don't you think, people already tried that? People, who are much smarter than everyone who wrote in this thread combined(at least, when it comes to math). I guess, you would have to find a new mathematical law, that would win you the nobel prize with certainty, to find the pattern you are talking about.
|
|
|
|
Kazimir
Legendary
Offline
Activity: 1176
Merit: 1011
|
|
March 30, 2015, 03:06:19 PM Last edit: April 01, 2015, 07:16:50 AM by Kazimir |
|
In order to show that the current bitcoin key system is flawed, all that a person would need to do is show that there was a correlation between the relative position of a private key and the relative position of its corresponding public address. Both the elliptic curve maths for going from private to public key, as well as the sha256+ripemd160 hashing to go from public key to address, are both deliberately designed to be one way operations. The only correlation is that they're deterministic (the same private key always results in the same address). In other words, if you took the lowest possible private key, a 256 bit number starting with 00000... etc, and the highest possible private key, a 256 bit number starting with 11111... etc, and you were able to show that the two public addresses for those keys formed hard boundaries, i.e., that all bitcoin public addresses fell between those two numbers in some mathematical formula or progression, then you would be showing that an accessible formula existed to work backwords from the public adrress to the private key. Not saying that it is theoretically impossible to come up with a feasible way of constructing a matching private key with some given addresses (although extremely, astronomically unlikely). But in general, such a formula will not exist. For starters because it's destructive: some information is lost in the process, and you can't magically restore information out of thin air. You seem to think that for mathematical or logical reasons, there must be some hidden correlation or formula that, once discovered, would allow you to efficiently reverse addresses back into private keys. This is not necessarily the case. For example, suppose that the function that converts from private keys to addresses is a pseudorandom mapping: it's deterministic, but there's no specific order or correlation whatsoever. Or for argument's sake, let's say the mapping is really random, constructed by sequentially throwing a dice a centillion times. Then this boils down to a huge (but ordered) list of private keys and their corresponding addreses. Well, guess what, we have such a mapping right here: http://directory.io/Note that this is actually real: ALL private Bitcoin keys are in there, both used and new, current and future ones, along with their matching addresses. So there's the function right there. It allows for very efficiently calculating the address for any private key, based on a simple (but huge) one-to-one mapping. Now, given this function, how does your argument apply that this 'must' be feasibly reversible in some way?
|
|
|
|
BitUsher
Legendary
Offline
Activity: 994
Merit: 1035
|
|
March 31, 2015, 01:35:17 AM |
|
Without getting into details of Mathematical trap doors please just watch this video and you will begin to understand how difficult it is to brute force or guess a private key. https://www.youtube.com/watch?v=ZloHVKk7DHkAdditionally , Its not just about guessing the correct private key but guessing the correct private key for a specific public key. This is the reason there are hundreds of wallets with single public addresses that even the smartest cryptographers and hackers cannot steal. http://bitcoinrichlist.com/top100
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
March 31, 2015, 01:41:19 AM |
|
Most of the responses are over my head, but here is the basic point I try to make, even if it is not practical.
Private keys can be arranged from lowest to highest, 000... to 111... and the addresses that correspond to those keys can be put along side them.
Looking at any two addresses, there would seem to be exactly a 50% chance that address #1 comes from a private key that is lower than the private key for address #2.
If you knew for certain that one address came from a higher or lower numbered private key then you could slowly reduce the number of possible keys until you solved it.
The point that is importaant though is that the amount of certainty you would need is very low.
If you could look at two bitcoin addresses and say "there is at least a 50.000001% chance that it is higher than another specific address" then, because of the astronomical number of addresses, all addresses would be vulnerable.
As we've been trying to explain, there IS no way to way to know if one address came from a higher or lower private key than another address. Why is that so hard to accept?
|
|
|
|
AgentofCoin
Legendary
Offline
Activity: 1092
Merit: 1001
|
|
March 31, 2015, 02:24:30 AM |
|
... The obvious question then, does some formula or progression exist that could put bitcoin addresses in sequence? Any set of numbers that are derived from another set of numbers ultimately can be ordered in the same sequence as the original set. Therefore it seems that the "security" of the cryptography used in bitcoin would come not from the size of the number set but rather from the computational difficulty of converting private key to public address or vice versa. Since in bitcoin the conversion in one direction, i.e., private key to public address, requires little effort, there is really no security once a formula or progression rule for addresses is discovered. And such a fomula or progression is easily findable by anyone with a little skill in that kind of thing. ...
There is no formula or progression that exists. If it did, then current known cryptographic systems used by world intelligence agencies would be rendered worthless. It is not possible to do what you propose since calculating all addresses from private keys would also take thousands of years and millions of dollars. You need to do more reading on how Bitcoin's cryptographic system is implemented and functions.
|
I support a decentralized & unregulatable ledger first, with safe scaling over time. Request a signed message if you are associating with anyone claiming to be me.
|
|
|
Eastfist
|
|
March 31, 2015, 02:52:30 AM |
|
Of course anything is possible, it's just not practical, and that's the design: to be elegantly simple, but incredibly convoluted at the same time.
Even if you had the "master" algorithm, modern computers can't crunch it, and humans can't do it on paper. That Satoshi was a genius. All this trouble for invisible money. LOL
|
|
|
|
cramved
Newbie
Offline
Activity: 56
Merit: 0
|
|
March 31, 2015, 03:30:11 AM |
|
Brute forcing a private key would be incredibly difficult considering that a password that is 10-15 digits is considered secure a private key would be beyond the computing capabilities of today. But in the future with large amounts of power it could be possible.
|
|
|
|
hhanh00
|
|
March 31, 2015, 03:37:08 AM |
|
It would be easy to construct a proof that showed there was some qualitative difference between any two addresses or groups of addresses that corresponded with differences in private keys. It might be an extremely tiny difference but that is all that is needed.
Easy? I doubt it. You seem to think that a hash is calculated from a mathematical formula whether in fact the process is more akin to shuffling and combining a list of bits. Many people believe that bitcoin's cryptographic strength comes from the high number of possible keys.
Right, it is a common misconception carried on by popular culture. That does make brute forcing near impossible, but it also makes a more sophisticated attack much easier.
Easier? Why? Just because people don't know about the iron door doesn't make it less sturdy. I'll research it a bit more and decide whether to admit defeat or not.
I recommend reading the papers on MD5. It was successfully cracked and its construction is the same as SHA-256.
|
|
|
|
R2D221
|
|
March 31, 2015, 03:49:47 AM |
|
I'll research it a bit more and decide whether to admit defeat or not.
Please do, because your hypothesis relies on baseless assumptions.
|
An economy based on endless growth is unsustainable.
|
|
|
hhanh00
|
|
March 31, 2015, 04:17:57 AM |
|
The question is not whether it is possible. It is. It is only a matter of finding a pattern.
Well, it's the difference between theory and practice. Since a hash has a finite length and can be applied on arbitrary long messages, there is an infinite number of collisions, and yet not a single one has been found. And we can live on Mars, it's only a matter of building a colony there.
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
March 31, 2015, 04:37:23 AM |
|
There is no formula or progression that exists. If it did, then current known cryptographic systems used by world intelligence agencies would be rendered worthless. It is not possible to do what you propose since calculating all addresses from private keys would also take thousands of years and millions of dollars. You need to do more reading on how Bitcoin's cryptographic system is implemented and functions.
The whole basis of 'cracking' a code is finding a pattern. When a code involves a small number of samples it can be hard to crack. But bitcoin not only involves a large number, a very large number, it also lets a person easily generate an almost unlimited number of points to test. Code breaking computers exist whose only purpose is to run vast numbers of tests on data samples looking for a pattern. In the case of bitcoin, all that would be needed would be the tiniest correlation between the position of low numbered private keys and their addresses. If you took the first 1 million bitcoin addresses, generated from the lowest 1 million private keys, and you were able to find any difference whatsoever with the last million addresses, generated from the highest 1 million private keys, it would be the end of bitcoin using the current key/address system. Is there any such difference? There certainly is. I was not talking about cracking "all possible addresses". i was talking about using a very selective tactic to solve one bitcoin address at a time by gradually narrowing the range of potential private keys it might have come from. It is the opposite of brute force and once it could be shown workable for one address it would be useful for any address. The question is not whether it is possible. It is. It is only a matter of finding a pattern. Brute forcing a private key would be incredibly difficult considering that a password that is 10-15 digits is considered secure a private key would be beyond the computing capabilities of today. But in the future with large amounts of power it could be possible.
You are ignoring what I said. I have no interest in brute forcing keys. That does make brute forcing near impossible, but it also makes a more sophisticated attack much easier.
Easier? Why? Just because people don't know about the iron door doesn't make it less sturdy. Easier because you have literally trillions of trillions of possible data sets to test. To my knowledge it hasn't been done. On rare occasion, when something has never been done before, an innovator steps up and opens a new door. However, most times, there are reasons why things that intuitively seem easy that no one (or few people) can do, are actually difficult. Many times those reasons aren't discovered until you actually try for yourself. So, try it. Try to find a pattern. Maybe you will come back later and tell us you found a pattern...or more likely that you haven't and why not.
|
|
|
|
AgentofCoin
Legendary
Offline
Activity: 1092
Merit: 1001
|
|
March 31, 2015, 05:13:38 AM Last edit: March 31, 2015, 05:23:50 AM by AgentofCoin |
|
There is no formula or progression that exists. If it did, then current known cryptographic systems used by world intelligence agencies would be rendered worthless. It is not possible to do what you propose since calculating all addresses from private keys would also take thousands of years and millions of dollars. You need to do more reading on how Bitcoin's cryptographic system is implemented and functions.
The whole basis of 'cracking' a code is finding a pattern. When a code involves a small number of samples it can be hard to crack. But bitcoin not only involves a large number, a very large number, it also lets a person easily generate an almost unlimited number of points to test. Code breaking computers exist whose only purpose is to run vast numbers of tests on data samples looking for a pattern. In the case of bitcoin, all that would be needed would be the tiniest correlation between the position of low numbered private keys and their addresses. If you took the first 1 million bitcoin addresses, generated from the lowest 1 million private keys, and you were able to find any difference whatsoever with the last million addresses, generated from the highest 1 million private keys, it would be the end of bitcoin using the current key/address system. Is there any such difference? There certainly is. I was not talking about cracking "all possible addresses". i was talking about using a very selective tactic to solve one bitcoin address at a time by gradually narrowing the range of potential private keys it might have come from. It is the opposite of brute force and once it could be shown workable for one address it would be useful for any address. The question is not whether it is possible. It is. It is only a matter of finding a pattern. ... Each address is supposed to be generated independently of other addresses. Thus, no pattern can be found between addresses. If a private key, for example, ends in EpqWR73, and its corresponding address is gCaAbj23, then the same private key, but ends in EpqWR74, its corresponding address is 55dXgH29. There is no beginning or end or boundary to attempt to crack within. The governments know this and don't waste time cracking, they will just install malware through progs or etc to get around the cryptographic functions. What you are describing is like finding Einstein's Unifying Theory. EDIT: This video might be of interest to you, called "How did the NSA hack our emails?" https://www.youtube.com/watch?v=ulg_AHBOIQUThis video shows that cryptographically, it is impossible to crack, so the NSA actually needed to place backdoors in the cryptographic functions, originally.
|
I support a decentralized & unregulatable ledger first, with safe scaling over time. Request a signed message if you are associating with anyone claiming to be me.
|
|
|
|