generating and guessing BTC-adresses

[batesresearch]

Hey OP,

Have you seen this website: http://directory.io ?

[DannyHamilton]

Help me get this straight... A single Public Key can have multiple private keys?

No.  A single ECDSA public key on the Secp256k1 curve only corresponds to a single private key.

However, each bitcoin address corresponds to (on average) 7.9 X 10²⁸ ECDSA public keys on the Secp256k1 curve.

I mean, can I use Vanitygen and input an exact address, in hopes of generating the keypair?

thanks

You can.  You would be wasting your time and your money, but you can try if you want.  You'll spend electricity to run the computer for a few billion years, and you probably still won't find the exact address.  Do you really think people will still be using bitcoin a few billion years from now?

[Was]

Help me get this straight... A single Public Key can have multiple private keys?

No.  A single ECDSA public key on the Secp256k1 curve only corresponds to a single private key.

However, each bitcoin address corresponds to (on average) 7.9 X 10²⁸ ECDSA public keys on the Secp256k1 curve.

I mean, can I use Vanitygen and input an exact address, in hopes of generating the keypair?

thanks

You can.  You would be wasting your time and your money, but you can try if you want.  You'll spend electricity to run the computer for a few billion years, and you probably still won't find the exact address.  Do you really think people will still be using bitcoin a few billion years from now?

Thanks Danny, Appreciate the help. These are hypothetical questions. The answers to which help me (and others who view this) better understand the inner-workings of the software.

[roslinpl]

What if someone were to generate keypairs randomly while simultaneously scanning the blockchain for any addresses generated that have previous inputs? How unlikely is it to generate a 'used' address?

If you run 1 billion computers that are each generating and checking the balance of 1 billion addresses per second, you would (at best) have a 1% chance of finding a 'used' address in about 2,190,476 years.

(...)

4.6 X 10²⁰ divided by 2.1X10¹⁴ = 2,190,476 years.

Hello,

Your math is not accurate.
I will share with you some interesting materials which I found few years ago when I was doing my own math for this situation.

But 1st let's start from the beginning:

A chance to generate same address - to generate a collision is tiny. But still - there's a chance.
If you will somehow manage to do that you will be a legend.

The RIPEMD-160 collision - because this is how we will perhaps name that moment - can happen.
https://securewww.esat.kuleuven.be/cosic/publications/article-1355.pdf

I said that your math is not accurate, because simple Radeon GPU card can generate more than 20 million addresses per second.

David Perry wrote very interesting article where he included his calculations : http://codinginmysleep.com/stealing-bitcoins-the-hardest-way/

Still - is it possible to generate same address - address which is already in use by other Bitcoiner and have some founds on it? Yes. It's possible.


Have a look at this interesting graphic (I will share a link instead of preview it here, it's quite large):
http://bitcoinet.pl/wp-content/uploads/2013/10/fYFBsqp.jpg


2^160 is a number which is really hard to image by human brain.

10^21 grains of sand on the entire planet

It's hard to calculate how many years you will need as today's computers are pretty fast, so you can literally generate (hundred) millions of addresses in your home with a standard gaming PC per second.

It equald to = Chance is pretty little and it's not worth such effort/time/energy.


Best regards.

[DannyHamilton]

What if someone were to generate keypairs randomly while simultaneously scanning the blockchain for any addresses generated that have previous inputs? How unlikely is it to generate a 'used' address?

If you run 1 billion computers that are each generating and checking the balance of 1 billion addresses per second, you would (at best) have a 1% chance of finding a 'used' address in about 2,190,476 years.

(...)

4.6 X 10²⁰ divided by 2.1X10¹⁴ = 2,190,476 years.

Hello,

Your math is not accurate.

While I'm willing to accept that I may have made an error in my maths, you didn't point out any errors at all. Please explain why you think my math is not accurate and where you believe I made the mistake.

I will share with you some interesting materials which I found few years ago when I was doing my own math for this situation.

But 1st let's start from the beginning:

A chance to generate same address - to generate a collision is tiny. But still - there's a chance.

There really isn't.  Sure you could say that there is a non-zero mathematically calculated probability, but that probability is so low that we humans would generally use the words "impossible" and "there isn't a real chance" to describe it.

There is also a non-zero mathematically calculated probability that oxygen molecules moving randomly around a room might spontaneously move far enough from the breathing holes in your face for long enough to suffocate you.  Are you really willing to say that "there's still a chance"?

The RIPEMD-160 collision - because this is how we will perhaps name that moment - can happen.
https://securewww.esat.kuleuven.be/cosic/publications/article-1355.pdf

And yet the article you linked to specifically says the following:

"While RIPEMD and RIPEMD-128 reduced to 3 rounds are vulnerable to the attack, it is not feasible for RIPEMD-160"

"we show that methods successfully used to attack SHA-1 are not applicable to full RIPEMD-160."

"no attack has been found for the original RIPEMD-160 hash function"

"we can state that RIPEMD-160 is secure against known attack methods"

"existing attacks on RIPEMD are not applicable to RIPEMD-160"

"we conclude that the final attack complexity would be too high for a reasonable attack"

"the probability of the found L-characteristic is too low for an attack on RIPEMD-160 following the strategy described"

"We found no attack on the original RIPEMD-160 hash function including all 5 rounds. In summary, we state that RIPEMD-160 is secure against known attacks. Neither the attack of Dobbertin or Wang et al. on RIPEMD can be extended to RIPEMD-160, nor recent methods used in the cryptanalysis of SHA-1 are applicable to full RIPEMD-160."

Did you even read that document before trying to use it as evidence that "RIPEMD-160 collision can happen"?

I said that your math is not accurate, because simple Radeon GPU card can generate more than 20 million addresses per second.

And my math was based on 1 BILLION computers all running 1 BILLION addresses per second.

How does a 20 million address GPU card make my math incorrect?

David Perry wrote very interesting article where he included his calculations : http://codinginmysleep.com/stealing-bitcoins-the-hardest-way/

Sure, and in his article he indicates:

"Now we’re down to 2.43e+28 seconds between hits or 771,000,000,000,000,000,000 years between hits"

My estimate was 2,190,476 years, but that's because i was calculating a 1% chance of a hit instead of an almost certain hit.  Additionally, I explained that my calculations were based on the "worst case scenario" of the bitcoins being spread out to 2,100,000,000,000,000 addresses with exactly 1 satoshi in each address.  Realistically this would never happen, and Mr. Perry chose to work with only 60,000,000 addresses.

Still - is it possible to generate same address - address which is already in use by other Bitcoiner and have some founds on it? Yes. It's possible.

You keep saying this, and you keep saying that my math is incorrect, but you haven't provided any evidence yet of either of your statements being true.

Have a look at this interesting graphic (I will share a link instead of preview it here, it's quite large):
http://bitcoinet.pl/wp-content/uploads/2013/10/fYFBsqp.jpg

It's a great graphic.  Did you read it?  It specifically states:

"brute-force attacks against 256 bit keys will be infeasible until computers are built from something other than matter and occupy something other than space"

Of course, I'm not sure why you even posted a link to that image since we are discussing a 160 bit hash and not a 256 bit key.

2^160 is a number which is really hard to image by human brain.

Yes it is.  That may be why people like you keep confusing others by saying that a collision is "possible".  If you could really comprehend such a large number, you wouldn't be saying that.

It's hard to calculate how many years you will need as today's computers are pretty fast, so you can literally generate (hundred) millions of addresses in your home with a standard gaming PC per second.

It's really a pretty simple calculation.  Why do you say it's "hard"?  I think any high school student should be capable of it (and probably many primary school students).

[roslinpl]

What if someone were to generate keypairs randomly while simultaneously scanning the blockchain for any addresses generated that have previous inputs? How unlikely is it to generate a 'used' address?

If you run 1 billion computers that are each generating and checking the balance of 1 billion addresses per second, you would (at best) have a 1% chance of finding a 'used' address in about 2,190,476 years.

(...)

4.6 X 10²⁰ divided by 2.1X10¹⁴ = 2,190,476 years.

Hello,

Your math is not accurate.

While I'm willing to accept that I may have made an error in my maths, you didn't point out any errors at all. Please explain why you think my math is not accurate and where you believe I made the mistake.

Hello Danny and hello all,

I say your math is not accurate, and also I cannot fully agree with calculation made by David Perry.
I guess no one can calculate it accurately.

Reason is simple - your math is accurate with specific assumptions. But your assumptions may vary depends on a situation.

There really isn't.  Sure you could say that there is a non-zero mathematically calculated probability, but that probability is so low that we humans would generally use the words "impossible" and "there isn't a real chance" to describe it.

Do you know what was "impossible" in 1886?
As you already wrote "there is a non-zero mathematically calculated probability".

And I agree that it's (almost) "impossible".

Imagine a situation. Year 2025 - Bitcoin is still around and everyone loves it.
You don't know how fast the GPU and CPU will be in 10 years. Moore's law is not perfect as you know.

Let say that some evil genius built a botnet, botnet made from 100 000 000 of users. Possible, why not.
He will be able to generate such amount of addresses which we cannot imagine - per second.

Still, his chances are close to "none". But will you still say the, that this is impossible?

And yet the article you linked to specifically says the following:
(...)
Did you even read that document before trying to use it as evidence that "RIPEMD-160 collision can happen"?

Yes, I did. I sent you a link because it's very interesting and it's bringing more infos about what we are talking about.
I didn't used it as a evidence.  I used it as a good thing to read if we talk about RIPEMD160.
I don't need the evidence that collision "is possible to" happen one day.
Simple math is telling me that it "can" happen.

I said that your math is not accurate, because simple Radeon GPU card can generate more than 20 million addresses per second.

And my math was based on 1 BILLION computers all running 1 BILLION addresses per second.

How does a 20 million address GPU card make my math incorrect?

It's hard to say how many addresses you can generate with super powerful computer. We can put any number as a variable... because we can make 20 million, 20 billion, more more ...
So that's making those calculations not really accurate.

Still - is it possible to generate same address - address which is already in use by other Bitcoiner and have some founds on it? Yes. It's possible.

You keep saying this, and you keep saying that my math is incorrect, but you haven't provided any evidence yet of either of your statements being true.

I keep saying that... From theoretical point of view, collision is possible.
Your math is not accurate because at least one variable may change depends from a situation.

Have a look at this interesting graphic (I will share a link instead of preview it here, it's quite large):
http://bitcoinet.pl/wp-content/uploads/2013/10/fYFBsqp.jpg

It's a great graphic.  Did you read it?  It specifically states:

"brute-force attacks against 256 bit keys will be infeasible until computers are built from something other than matter and occupy something other than space"

Of course, I'm not sure why you even posted a link to that image since we are discussing a 160 bit hash and not a 256 bit key.

This graphic makes it easier to imagine what sort of a number we are talking about.

It's really a pretty simple calculation.  Why do you say it's "hard"?  I think any high school student should be capable of it (and probably many primary school students).

If it's so simple, why your calculation is not accurate? Let me ask some primary school student to teach you

This kind of a calculation is as accurate as carbon dating. So it's not accurate. And cannot be. Or maybe you can calculate how many addresses we can generate per second? How can you do that? You cannot. So it's not accurate.

Best regards.

[DannyHamilton]

I say your math is not accurate, and also I cannot fully agree with calculation made by David Perry.
I guess no one can calculate it accurately.

The math isn't that difficult.

Reason is simple - your math is accurate with specific assumptions. But your assumptions may vary depends on a situation.

My math is based on what is impossible today, and what will continue to be impossible in the near future.  The distant future is meaningless and not relevant to the discussion.

Do you know what was "impossible" in 1886?

Yes.  Time travel was impossible in 1886.  Accelerating an object with mass to a velocity greater than the speed of light was impossible in 1886. Brute-forcing a randomly generated RIPEMD-160 was impossible in 1886.

As you already wrote "there is a non-zero mathematically calculated probability".

And I agree that it's (almost) "impossible".

Something can have a "non-zero mathematically calculated probability" and still be considered "impossible" within the confines of the real universe.

Imagine a situation. Year 2025 - Bitcoin is still around and everyone loves it.
You don't know how fast the GPU and CPU will be in 10 years. Moore's law is not perfect as you know.

It doesn't need to be perfect.  Nobody is going to be able to brute-force a 160 bit number in 10 years.  Now, there certainly might be mathematical advances that make attacks on RIPEMD-160 easier within the next 10 years, but pure brute-force isn't going to be possible.  If RIPEMD-160 is sufficiently weakend, then a new algorithm will be used.  Fortunately bitcoins are protected by more than just RIPEMD-160.  A broken RIPEMD-160 will only let you generate the results of a SHA-256 hash.  Then you'd have to also break SHA-256 to generate a public key. Then, after that, you'd still need to break ECDSA to calculate a private key from the public key before you could successfully sign a transaction.

Let say that some evil genius built a botnet, botnet made from 100 000 000 of users. Possible, why not.
He will be able to generate such amount of addresses which we cannot imagine - per second.

Only 100 million users?  Look back at my post.  I based my calculations off 1 BILLION computers all generating and checking the balances of 1 BILLION transactions per second. I also assume that there are 2.1 quadrillion addresses.  Your evil genius isn't very scary.

Still, his chances are close to "none". But will you still say the, that this is impossible?

Absolutely!

I don't need the evidence that collision "is possible to" happen one day.

Clearly.  You prefer to just say "it's possible" regardless of what that actually means and without any evidence at all.

Simple math is telling me that it "can" happen.

No.  It isn't.

I keep saying that... From theoretical point of view, collision is possible.

No. It isn't. Not with any reasonable definition of the word possible.

Your math is not accurate because at least one variable may change depends from a situation.

My math is fine for any "situation" that exists today or in the near future.

This graphic makes it easier to imagine what sort of a number we are talking about.

No. It doesn't. The graphic is talking about 2²⁵⁶.  That is a VERY different number than 2¹⁶⁰

2²⁵⁶ is almost 800,000,000,000,000,000,000,000,000 times bigger than 2¹⁶⁰

Would you say that a graphic about the number 1 makes it easier to imagine what sort of number 800,000,000,000,000,000,000,000,000 is?

If it's so simple, why your calculation is not accurate?

Perhaps it isn't, no matter how many times you try to say that it is.

Let me ask some primary school student to teach you

Please do.

This kind of a calculation is as accurate as carbon dating. So it's not accurate. And cannot be.

What does any of this have to do with carbon dating?

Or maybe you can calculate how many addresses we can generate per second? How can you do that? You cannot. So it's not accurate.

I might not be able to tell you exactly how many calculations any one particular person can generate (and check the balance of) per second.  But I CAN demonstrate a number of calculations per second so large that any reasonable person will agree that that it is currently impossible.  Then, I can demonstrate that even with that unrealistically large number of computations, you still can't brute-force RIPEMD-160.  

[vlom]

Hey OP,

Have you seen this website: http://directory.io ?

no. never seen this site. thanks for the link.

and now i know the difference between joke and prank...