How did this address come into being 1BitcoinEaterAddressDontSendf59kuE?

[NeoCortX]

How in the world did that address come into being?

http://blockchain.info/address/1BitcoinEaterAddressDontSendf59kuE


I'm trying to brute force a simple bitcoin address of 6 or 7 characters, and it takes quite a bit of computer power. If someone can brute force such an address, why can they not just brute force my address?

[Inaba]

Because there is no known private key to that address.  You can have any address you want if you don't care about retrieving the funds.

[DannyHamilton]

An address is simply a set of bytes that meet a set of requirements (starting with 1, last 4 bytes are the first 4 bytes of a double SH256 hash of the rest of the bytes).  There is no requirement that someone know the private key for an address to be valid.

This address is exactly what it says it is: A Bitcoin Eater, Don't Send.

That is because, while it meets all the necessary requirements to receive bitcoins, nobody has the private key to it to be able to spend them.  Once coins are sent there, they are stuck there forever.

[Foxpup]

Nobody brute forced anything. They just took the string they wanted, stuck a correct checksum on the end to make it a "valid" Bitcoin address, and that's it. They did not find a private key whose public key hashes to that string, which is what you need to do if you want to actually spend coins sent to an address.

[NeoCortX]

Ok, that's cool. I got a bit afraid for a second.

How do I go ahead if I want to create my own address like that?
I want the address without the private keys.
Are there some tools that allow me to create the correct checksum?

[Hexadecibel]

I love how people have sent a total of BTC0.26 to it anyway...

[crazyates]

Ok, that's cool. I got a bit afraid for a second.

How do I go ahead if I want to create my own address like that?
I want the address without the private keys.
Are there some tools that allow me to create the correct checksum?

Yep. See this thread: https://bitcointalk.org/index.php?topic=25804.0

[casascius]

My Casascius Bitcoin Address Utility has a Base58 calculator with an option that allows ignoring and recalculating the checksum.

https://casascius.com/btcaddress-alpha.zip

Here is how you would go about it:

1. Use the Base58 calculator tool
2. Enter the address you want, which of course it will say "invalid".  Add a question mark to the end of the address.  This ignores the checksum failure.  (If the invalid doesn't go away, you may have characters like O, I, l, 0, which are never acceptable in addresses regardless of checksum)
3. Ensure that the hex is 21 bytes and that the first byte is 00.  The remaining bytes can be anything and don't matter.  You must have exactly 21 bytes, so add or remove bytes to/from the end until you do.
4. Convert the hex back into a bitcoin address (can be done by making any trivial edit to the hex field, like adding a space to the end).  The address will be recomputed with the correct checksum.

EDIT to add warning: This is how you make a black hole address, not a vanity address.  I just want to make clear that by doing this procedure, you will be making an address that bitcoin clients will accept as valid, but any coins sent to any address created this way will be permanently stuck there, essentially they're lost.

[odolvlobo]

Ok, that's cool. I got a bit afraid for a second.

How do I go ahead if I want to create my own address like that?
I want the address without the private keys.
Are there some tools that allow me to create the correct checksum?

Yep. See this thread: https://bitcointalk.org/index.php?topic=25804.0

That thread is not what you want.

The bitcoin wiki describes how the address is created. You start from step 9 and work backwards.

https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses

Also, you can use this page to make sure the address is valid.

http://gobittest.appspot.com/Address

[casascius]

any coins sent to any address created this way will be permanently stuck there, essentially they're lost.

You mean private key that creates such address would not be valid, e.g. one could not import it into wallet?

It's not that the private key would be invalid, it's that it would be unknown to you, the same as if it were someone else's address and not yours.  It would be unknown to everyone else too, which is why the coins would be forever lost.

The hex bytes are not the private key, but the hash.

[caveden]

1BitcoinEaterAddressDontSendf59kuE can be created using some private key, right? If yes, coins are not stucked permanently.

Yes, they are. The corresponding private key will never be found, as that would be the equivalent of brute forcing it.
Unless, of course, some critical flaw is found in the algorithms used by BTC that would allow for a private key to be found without having to brute force it. That's not something you should be afraid of.

[BurtW]

If you like that address check this out:

https://bitcointalk.org/index.php?topic=90982.msg1318333#msg1318333

I also wrote up an explaination (for Phinnaeus Gage) of how these addresses are created here:

https://bitcointalk.org/index.php?topic=90982.msg1318808#msg1318808

[BurtW]

1BitcoinEaterAddressDontSendf59kuE can be created using some private key, right? If yes, coins are not stucked permanently.

Actually many public/private key pairs will hash to this address.

Still, you will never find any of them.  Ever.  Unless flaw is found as stated above.

[BurtW]

1BitcoinEaterAddressDontSendf59kuE can be created using some private key, right? If yes, coins are not stucked permanently.

Actually many public/private key pairs will hash to this address.

Still, you will never find any of them.  Ever.  Unless flaw is found as stated above.

I belive you are refering to insane small chance, but my point is = if there is a chance, "stucked permanently" is not true. Use proper terms.

If something cannot happen within the heat death of the universe it is, for all practical puposes, impossible.

Being the optimist you are about finding one of these you might run this program:  https://bitcointalk.org/index.php?topic=107172.0

To make it worth your time be sure to look for one or all of these addresses: https://bitcointalk.org/index.php?topic=92423.0;topicseen

But be sure to constantly keep the addresses you are looking for up to date as the richest addresses do change.

Good luck!  You are going to need it.

[casascius]

1BitcoinEaterAddressDontSendf59kuE can be created using some private key, right? If yes, coins are not stucked permanently.

Actually many public/private key pairs will hash to this address.

Still, you will never find any of them.  Ever.  Unless flaw is found as stated above.

I belive you are refering to insane small chance, but my point is = if there is a chance, "stucked permanently" is not true. Use proper terms.

I think the term is proper.

If you were going to a football game next weekend, you wouldn't call it improper to say so and not qualify it with "as long as I don't die first".  And yet that is far more likely, like a billion billion billion times more likely than "permanently stuck" coins getting unstuck.

[wabber]

No matter how many times you repeat "billion", there might be computer - or entity - one day that will do the job in an instant.

I am arguing here just because there are way too many people like you, spreading LIES around. Be factual or be quiet, thanks!

No. There won't be such a machine, never. No matter how fast your computer is there's a theoretical minimum amount of energy required to compute a private/public key and the corresponding address. No matter how efficient your computer is, you won't be able to get below that. Practically you won't even get close. That means we are able to calculate the AVERAGE amount of energy needed to brute force the priv key for a given address, and that energy is far more than the sun emits in it's entire life. If humanity is able to use the energy of multiple stars we are probably advanced enough to forget about currencies in general.

So forget about brute forcing once and for all. However the algorithm can be flawed, but that's something else. Flawed usually means that you can speed it up by less than 100 times You would usually still have more than a lifetime to convince everyone to switch to a new algorithm.

[DannyHamilton]

No matter how many times you repeat "billion", there might be computer - or entity - one day that will do the job in an instant.

I am arguing here just because there are way too many people like you, spreading LIES around. Be factual or be quiet, thanks!

You are mistaken.  Unless a weakness is discovered in the hashing algorithm and ECDSA (and there is no reason to assume that such a weakness will turn up), any address with a randomly generated private key (and all of these addresses created without a private key essentially have an unknown random private key) cannot and will not be found in the amount of time that our sun continues to exist.  If you believe otherwise, then you don't understand just how large these numbers are.

[jl2012]

An address is simply a set of bytes that meet a set of requirements (starting with 1, last 4 bytes are the last first 4 bytes of a double SH256 hash of the rest of the bytes).  There is no requirement that someone know the private key for an address to be valid.

This address is exactly what it says it is: A Bitcoin Eater, Don't Send.

That is because, while it meets all the necessary requirements to receive bitcoins, nobody has the private key to it to be able to spend them.  Once coins are sent there, they are stuck there forever.

FTFY

[DannyHamilton]

Don't wanna discuss more with same sort of people that not so long ago claimed human flying and space travel are impossible.

You've got the reality and fantasy side of this conversation backwards.  If you are going to try to claim that computers will eventually be capable of the necessary brute force calculations to find the private key for a given address, then I'm not interested in carrying discussions any further with the sort of person that would be likely to claim that a perpetual motion (or over-unity) machine can eventually be built.

[kjj]

Don't wanna discuss more with same sort of people that not so long ago claimed human flying and space travel are impossible.

This is different.

Start with a 256 bit counter, set to any number you like.  On the secp256k1 curve, do an EC multiply of the value in the counter by the point at (0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8).  Now hash that result in RIPE-MD160.  If you got 0x759d6677091e973b9e9d99f19c68fbf43e3f05f9 as the result, you found the pubkey for the bitcoin eater address.  If not, increment the counter and try again.

Do that 2¹⁶⁰ times, and you have a decent chance* at finding it.  And every other address.

Of course, the entire bitcoin network has done less than 2⁷⁰ hashes since it started.  We can't expect to do much better than ol' Gordy predicted so long ago, but figure we double the amount of work done in each year.  That means one bit per year, which means 90 years between today and 2¹⁶⁰.

Except that EC multiplication is harder than hashing.  And that we are very unlikely to beat Moore's law in the long run.

Still, the 160 bit hash is by far the weakest link in bitcoin, by a factor of 2⁹⁶ and I suspect that they will gradually fade from favor over the next 50-100 years.

* Only a chance.  We don't have know that the output of RIPE-MD160 is evenly distributed.  It is possible that there is no input that gives that output, and more likely, it is possible that no bitcoin pubkey gives that output.

[DannyHamilton]

. . . Start with a 256 bit counter, set to any number you like.  On the secp256k1 curve, do an EC multiply of the value in the counter by the point at (0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8).  Now hash that result in RIPE-MD160.  If you got 0x759d6677091e973b9e9d99f19c68fbf43e3f05f9 as the result, you found the pubkey for the bitcoin eater address.  If not, increment the counter and try again . . .

I think you missed a step.  After determining the public key from the private key, isn't the resulting public key hashed using SHA-256, and then that result is hashed using RIPEMD-160 to generate the address?

So isn't this more accurate?

. . . Start with a 256 bit counter, set to any number you like.  On the secp256k1 curve, do an EC multiply of the value in the counter by the point at (0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8).  Now hash that result in SHA-256.  Now hash that result in RIPE-MD160.  If you got 0x759d6677091e973b9e9d99f19c68fbf43e3f05f9 as the result, you found the pubkey for the bitcoin eater address.  If not, increment the counter and try again . . .

[DannyHamilton]

. . . figure we double the amount of work done in each year.  That means one bit per year, which means 90 years between today and 2¹⁶⁰ . . .

While you might be able to imagine that the speeds necessary to calculate hashes and/or perform EC multiplication might double each year, you'll eventually find that you run into a limit in the amount of energy required to change a binary state.  When you multiply the minimum possible amount of energy required by the number of bits that have to have their state changed to perform the necessary calculations, you encounter a situation where you can't increase speed any further because all the available energy is used at the current speed.  When that energy requirement is higher than the total energy output of the sun, you can feel pretty secure in saying that it won't be possible to calculate any faster.

[drakahn]

No matter how many times you repeat "billion", there might be computer - or entity - one day that will do the job in an instant.

I am arguing here just because there are way too many people like you, spreading LIES around. Be factual or be quiet, thanks!

[kjj]

. . . Start with a 256 bit counter, set to any number you like.  On the secp256k1 curve, do an EC multiply of the value in the counter by the point at (0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8).  Now hash that result in RIPE-MD160.  If you got 0x759d6677091e973b9e9d99f19c68fbf43e3f05f9 as the result, you found the pubkey for the bitcoin eater address.  If not, increment the counter and try again . . .

I think you missed a step.  After determining the public key from the private key, isn't the resulting public key hashed using SHA-256, and then that result is hashed using RIPEMD-160 to generate the address?

So isn't this more accurate?

. . . Start with a 256 bit counter, set to any number you like.  On the secp256k1 curve, do an EC multiply of the value in the counter by the point at (0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8).  Now hash that result in SHA-256.  Now hash that result in RIPE-MD160.  If you got 0x759d6677091e973b9e9d99f19c68fbf43e3f05f9 as the result, you found the pubkey for the bitcoin eater address.  If not, increment the counter and try again . . .

Oh, probably.  I didn't check my notes on the process, I just happened to have the file with the curve constants open.  It doesn't change anything fundamental either way.  And no one is reading this thread for a tutorial on how to create addresses, they already know to look elsewhere.

. . . figure we double the amount of work done in each year.  That means one bit per year, which means 90 years between today and 2¹⁶⁰ . . .

While you might be able to imagine that the speeds necessary to calculate hashes and/or perform EC multiplication might double each year, you'll eventually find that you run into a limit in the amount of energy required to change a binary state.  When you multiply the minimum possible amount of energy required by the number of bits that have to have their state changed to perform the necessary calculations, you encounter a situation where you can't increase speed any further because all the available energy is used at the current speed.  When that energy requirement is higher than the total energy output of the sun, you can feel pretty secure in saying that it won't be possible to calculate any faster.

For the next 50 or 100 years or whatever, the issue is going to be engineering more than physics.

The Schneier quote is here if you want to read it.  The problem really is in the 2¹⁶⁰.  A Dyson sphere around the sun for a year is plenty to iterate 2¹⁶⁰, because 160 is puny compared to 256.  In physics terms, I'm not sure how many operations are required for the other parts of finding an address.  At the limits, the resources in our solar system appear to be capable of breaking 160 bit systems, but we are far, far from approaching those limits.  Maybe our grandchildren, or great-grandchildren will ask us some day if saving 16 bytes was worth it.  But I'm not worried about it tonight.

[robamichael]

I'm confused about the controversy here.

It's nice to get into the math - that's fun, but what we really have here is a battle of semantics.

The word permanent does not describe an eternal situation. For something to have a permanent state, it must only remain that way for the foreseeable future.

The bitcoins in question are permanently stuck, however, they are NOT stuck eternally, regardless of technological progress.

Correct me if I am mistaken, but no matter how unlikely it seems, it is possible that someone will randomly generate this key tomorrow. Of course a brute force attack will take a mind blowing amount of time, but I don't think that is focal point of our discrepancy.

Just don't count on being the lucky winner any time soon...

[casascius]

Correct me if I am mistaken, but no matter how unlikely it seems, it is possible that someone will randomly generate this key tomorrow. Of course a brute force attack will take a mind blowing amount of time, but I don't think that is focal point of our discrepancy.

It's also possible someone will experience a DNA mutation and bear offspring tomorrow with blue skin, a long tail, and the overall appearance as seen in the movie Avatar.

[robamichael]

Correct me if I am mistaken, but no matter how unlikely it seems, it is possible that someone will randomly generate this key tomorrow. Of course a brute force attack will take a mind blowing amount of time, but I don't think that is focal point of our discrepancy.

It's also possible someone will experience a DNA mutation and bear offspring tomorrow with blue skin, a long tail, and the overall appearance as seen in the movie Avatar.

My undergrad knowledge of biology is not enough to dispute this, but it seems you have agreed with me at least.

The hyperbole practically screams semantics!

[honolululu]

Correct me if I am mistaken, but no matter how unlikely it seems, it is possible that someone will randomly generate this key tomorrow. Of course a brute force attack will take a mind blowing amount of time, but I don't think that is focal point of our discrepancy.

It's also possible someone will experience a DNA mutation and bear offspring tomorrow with blue skin, a long tail, and the overall appearance as seen in the movie Avatar.

Interesting.  Now this would put things into perspective to me.  Which of these two is more likely, a born mutant avatar or guessing the private key on the first try?

Because they're both possible.

[John (John K.)]

Correct me if I am mistaken, but no matter how unlikely it seems, it is possible that someone will randomly generate this key tomorrow. Of course a brute force attack will take a mind blowing amount of time, but I don't think that is focal point of our discrepancy.

It's also possible someone will experience a DNA mutation and bear offspring tomorrow with blue skin, a long tail, and the overall appearance as seen in the movie Avatar.

My undergrad knowledge of biology is not enough to dispute this, but it seems you have agreed with me at least.

The hyperbole practically screams semantics!

It would also be possible that someone would generate MT.Gox's cold storage address or one of those highly endowed addresses too.

[BurtW]

It is also possible that all of the oxygen molecules in the air of the room you are in right now will, by random chance, drift to the end of the room you are not in and you will die from lack of oxygen.

[wabber]

You people are really funny. You belive you know almost everything. There is just so little of unknown left in your world. Yet, the truth is
none of us know anything more but human partial truth, countless times proven wrong. Thousands of geniuses of their time were already
proven wrong, yet you are so sure you got things right. You learnt nothing from the past. There is no room in your heads for unthinkable.

Off to altcoin part of forum, people there are so much more open minded.

Oh yea we are really ignorant for believing that the total entropy of a system will always increase. If it wasn't like that, brute forcing some stupid hash function to steal other people's money would definitly be our least concern. We could fly to the moon with no fuel needed woohoo.

[BurtW]

You people are really funny. You belive you know almost everything. There is just so little of unknown left in your world. Yet, the truth is
none of us know anything more but human partial truth, countless times proven wrong. Thousands of geniuses of their time were already
proven wrong, yet you are so sure you got things right. You learnt nothing from the past. There is no room in your heads for unthinkable.

Off to altcoin part of forum, people there are so much more open minded.

Oh yea we are really ignorant for believing that the total entropy of a system will always increase. If it wasn't like that, brute forcing some stupid hash function to steal other people's money would definitly be our least concern. We could fly to the moon with no fuel needed woohoo.

Heck with Bitcoins, I am going to start work on the improbability drive mentioned in the Hitchhiker's Guide to the Galaxy.

[DannyHamilton]

Heck with Bitcoins, I am going to start work on the improbability drive mentioned in the Hitchhiker's Guide to the Galaxy.

I've been focusing my efforts into creating the flux capacitor mentioned in "Back to the Future".

[BurtW]

Heck with Bitcoins, I am going to start work on the improbability drive mentioned in the Hitchhiker's Guide to the Galaxy.

I've been focusing my efforts into creating the flux capacitor mentioned in "Back to the Future".

Both are now possible since we can create temperatures below absolute zero!

http://www.dailytech.com/Researchers+Change+the+Laws+of+Physics+With+SubAbsolute+Zero+Quantum+Gas/article29557.htm

[DannyHamilton]

. . . we can create temperatures below absolute zero!

http://www.dailytech.com/Researchers+Change+the+Laws+of+Physics+With+SubAbsolute+Zero+Quantum+Gas/article29557.htm

While it might be possible to create systems that "by the formal definition of the Kelvin scale is a few billionths of a degree Kelvin below absolute zero", you'll note that these systems are not colder than absolute zero.  The article clearly states:

But don't be confused.  The below-absolute-zero system is not cold.  It is in fact very, very hot -- hotter than any positive Kelvin system.

The issue is that, "In cooler positive temperature systems, the numbers of particles in low-energy states outnumber those in high-energy states, giving rise to the formal quantum mechanics definition of temperature."

However in the system described, ". . . the entropy actually decreases as the system energy (and "heat") increase, giving rise to a negative quantum temperature."

[BurtW]

It is still totally cool, I mean hot, er... ahhhhhhhh (brain explodes)