Duplicate private keys

[vite]

what are the odds that an offline bitcoin wallet when created is duplicate of an already existing wallet?
There is prolly a mathematical relation there in probability

[1714127192]

1714127192

[1714127192]

1714127192

[1714127192]

1714127192

[1714127192]

1714127192

[RaTTuS]

more than the atoms in the universe

[K1773R]

more than the atoms in the universe

this isnt true, to be corect it has been said "more than the visible atoms" which is a significant difference! but still, its not true

[John (John K.)]

1 in 2^256

[Foxpup]

1 in 2^256

Wrong. Since a hash collision is all that's required, the odds are actually 1 in 2^160, or 1 in 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976 if you prefer.

more than the atoms in the universe

Actually, it's less than the best estimate of the number of atoms in the universe by over 30 orders of magnitude, which is about the difference between the width of a human hair and the extent of the observable universe. Please do your research before claiming that all "really big" numbers are equally "really big".

[memvola]

1 in 2^256

Though addresses have less information, i.e., you could generate the same address with different private keys. It's still 2^160 though, which is about 1 in 1.46 trillion trillion trillion trillion.

Just out of curiosity, will I be able to spend an address created with one private key with another that corresponds to the same address? I guess yes. But, will the other party still be able to spend after I have spent with one private key (since the public key is revealed)? I might be asking this in a dumb way.

[DeathAndTaxes]

1 in 2^256

Though addresses have less information, i.e., you could generate the same address with different private keys. It's still 2^160 though, which is about 1 in 1.46 trillion trillion trillion trillion.

Just out of curiosity, will I be able to spend an address created with one private key with another that corresponds to the same address? I guess yes. But, will the other party still be able to spend after I have spent with one private key (since the public key is revealed)? I might be asking this in a dumb way.

Once an output is spent it can't be respent.  The network would see a second attempt to spend it no different than any other failed double spend.  If more funds are sent to this double private key address it would be a race on which party is able to make a transaction and get it included in a block first.  For all intents and purposes it would be no different than an attacker stealing your private key.  In terms of ability to spend (or not because funds are already spent) the network would see signatures from either party as having equal validity.

I would point out the odds of this happening are so astonishingly small as to essentially be 0%.  I don't mean win the lottery small (1 in 1.75E8 for US Powerball jackpot), it would be more like the exact same number sequence is the winning number for five sequential Powerball lottery drawings.

While with probabilities we can never say the odds are zero honestly this is close enough to zero because humans have a finite lifespan and are continually exposed to other risk factors which have a much greater probability of occurring.  To put it into perspective the, risks such as being murdered (1 in 18,000), dying from the elements, exposure, natural disaster (1 in 225,000), getting struck by lightning (1 in 775,000 per year), getting killed by SARS (1 in 1 mil for US residents during the last outbreak), being struck by a falling meteorite (1 in 1.8 million), getting killed by a shark (1 in 11.5 million per year) or being killed in a car accident (1 in 65 million per mile driven).

And the grand finale....  The odds of an asteroid strike of sufficient magnitude to cause an extinction level event is estimated at roughly 1 in 100 million per year.  That is roughly 1 in 36.5 billion per day,  1 in 876 million per hour, or 1 in 52 trillion per minute.      So the odds that the human race was wiped off the planet earth just during the time you were reading this post is roughly was 27,806,347,742,216,600,000,000,000,000,000,000x MORE likely than the odds of a random collision in a 160 bit space.

[memvola]

In terms of ability to spend (or not because funds are already spent) the network would see signatures from either party as having equal validity.

So, to be clear, assuming I have two keypairs for the same address, I can create transactions "from" the same address (obviously different outputs, e.g. after sending the address again) using different pubkeys? (Not talking about double spend.)

Since this isn't the newbie section, I won't re-iterate how absurd the notion of having multiple keypairs in the first place is.

[DeathAndTaxes]

So, to be clear, assuming I have two keypairs for the same address, I can create transactions "from" the same address (obviously different outputs, e.g. after sending the address again) using different pubkeys? (Not talking about double spend.)

No it would be a double spend.  It would be a race to see which ones ends up in the block at which point the other transaction using the same inputs would be rejected by the network as a double spend. 

It doesn't matter if
a) both tx are signed by you with same private key
b) both tx are signed by you with different private keys (which produce the same public address)
c) the two tx are signed by different parties using the same private key (i.e. a stolen wallet and race to spend funds)
d) the two tx are signed by different parties with different private keys (i.e. a nearly 0% chance public address collision)

In all four outcomes both tx are valid, only one will end up in a block and that will invalidate the other tx as a double spend.

[John (John K.)]

1 in 2^256

Wrong. Since a hash collision is all that's required, the odds are actually 1 in 2^160, or 1 in 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976 if you prefer.

more than the atoms in the universe

Actually, it's less than the best estimate of the number of atoms in the universe by over 30 orders of magnitude, which is about the difference between the width of a human hair and the extent of the observable universe. Please do your research before claiming that all "really big" numbers are equally "really big".

I was under the impression that the bitspace encompasses the entire 2^256 range. Learnt something new today. 

[memvola]

No it would be a double spend.  It would be a race to see which ones ends up in the block at which point the other transaction using the same inputs would be rejected by the network as a double spend. 

Of course, though I'm not talking about same inputs, but same address. I send 1 BTC to the address today, and create a transaction using it as an input, signing with private key 1. Tomorrow, I send 1 BTC to the same address, and create a transaction using that new one as an input, signing with private key 2. There will be two transactions involving the same address, exposing two different pubkeys. Is this correct?

[DeathAndTaxes]

Correct.  It will work without issue.  Both will be valid transactions from the same address despite having different public keys.

[memvola]

Correct.  It will work without issue.  Both will be valid transactions from the same address despite having different public keys.

Thanks for your patience. This has been a mystery for me for a long time.

ETA: And that concludes that the probability is perfectly 1 in 2¹⁶⁰.