Bitcoin Forum
November 12, 2024, 06:23:53 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Duplicate private keys  (Read 909 times)
vite (OP)
Legendary
*
Offline Offline

Activity: 1018
Merit: 1000


View Profile
January 15, 2013, 01:07:11 PM
 #1

what are the odds that an offline bitcoin wallet when created is duplicate of an already existing wallet?
There is prolly a mathematical relation there in probability
RaTTuS
Hero Member
*****
Offline Offline

Activity: 792
Merit: 1000


Bite me


View Profile
January 15, 2013, 01:13:01 PM
 #2

more than the atoms in the universe

In the Beginning there was CPU , then GPU , then FPGA then ASIC, what next I hear to ask ....

1RaTTuSEN7jJUDiW1EGogHwtek7g9BiEn
K1773R
Legendary
*
Offline Offline

Activity: 1792
Merit: 1008


/dev/null


View Profile
January 15, 2013, 01:23:50 PM
 #3

more than the atoms in the universe
this isnt true, to be corect it has been said "more than the visible atoms" which is a significant difference! but still, its not true

[GPG Public Key]
BTC/DVC/TRC/FRC: 1K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM AK1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: NK1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: LKi773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: EK1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: bK1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1288
Merit: 1227


Away on an extended break


View Profile
January 15, 2013, 01:28:48 PM
 #4

1 in 2^256
Foxpup
Legendary
*
Offline Offline

Activity: 4533
Merit: 3184


Vile Vixen and Miss Bitcointalk 2021-2023


View Profile
January 15, 2013, 01:34:07 PM
 #5

1 in 2^256
Wrong. Since a hash collision is all that's required, the odds are actually 1 in 2^160, or 1 in 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976 if you prefer.

more than the atoms in the universe
Actually, it's less than the best estimate of the number of atoms in the universe by over 30 orders of magnitude, which is about the difference between the width of a human hair and the extent of the observable universe. Roll Eyes Please do your research before claiming that all "really big" numbers are equally "really big".

Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
memvola
Hero Member
*****
Offline Offline

Activity: 938
Merit: 1002


View Profile
January 15, 2013, 01:36:58 PM
 #6

1 in 2^256

Though addresses have less information, i.e., you could generate the same address with different private keys. It's still 2^160 though, which is about 1 in 1.46 trillion trillion trillion trillion.

Just out of curiosity, will I be able to spend an address created with one private key with another that corresponds to the same address? I guess yes. But, will the other party still be able to spend after I have spent with one private key (since the public key is revealed)? I might be asking this in a dumb way.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
January 15, 2013, 02:03:10 PM
 #7

1 in 2^256

Though addresses have less information, i.e., you could generate the same address with different private keys. It's still 2^160 though, which is about 1 in 1.46 trillion trillion trillion trillion.

Just out of curiosity, will I be able to spend an address created with one private key with another that corresponds to the same address? I guess yes. But, will the other party still be able to spend after I have spent with one private key (since the public key is revealed)? I might be asking this in a dumb way.


Once an output is spent it can't be respent.  The network would see a second attempt to spend it no different than any other failed double spend.  If more funds are sent to this double private key address it would be a race on which party is able to make a transaction and get it included in a block first.  For all intents and purposes it would be no different than an attacker stealing your private key.  In terms of ability to spend (or not because funds are already spent) the network would see signatures from either party as having equal validity.

I would point out the odds of this happening are so astonishingly small as to essentially be 0%.  I don't mean win the lottery small (1 in 1.75E8 for US Powerball jackpot), it would be more like the exact same number sequence is the winning number for five sequential Powerball lottery drawings.

While with probabilities we can never say the odds are zero honestly this is close enough to zero because humans have a finite lifespan and are continually exposed to other risk factors which have a much greater probability of occurring.  To put it into perspective the, risks such as being murdered (1 in 18,000), dying from the elements, exposure, natural disaster (1 in 225,000), getting struck by lightning (1 in 775,000 per year), getting killed by SARS (1 in 1 mil for US residents during the last outbreak), being struck by a falling meteorite (1 in 1.8 million), getting killed by a shark (1 in 11.5 million per year) or being killed in a car accident (1 in 65 million per mile driven).

And the grand finale....  The odds of an asteroid strike of sufficient magnitude to cause an extinction level event is estimated at roughly 1 in 100 million per year.  That is roughly 1 in 36.5 billion per day,  1 in 876 million per hour, or 1 in 52 trillion per minute.      So the odds that the human race was wiped off the planet earth just during the time you were reading this post is roughly was 27,806,347,742,216,600,000,000,000,000,000,000x MORE likely than the odds of a random collision in a 160 bit space.
memvola
Hero Member
*****
Offline Offline

Activity: 938
Merit: 1002


View Profile
January 15, 2013, 03:05:21 PM
 #8

In terms of ability to spend (or not because funds are already spent) the network would see signatures from either party as having equal validity.

So, to be clear, assuming I have two keypairs for the same address, I can create transactions "from" the same address (obviously different outputs, e.g. after sending the address again) using different pubkeys? (Not talking about double spend.)

Since this isn't the newbie section, I won't re-iterate how absurd the notion of having multiple keypairs in the first place is. Smiley
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
January 15, 2013, 03:13:24 PM
 #9

So, to be clear, assuming I have two keypairs for the same address, I can create transactions "from" the same address (obviously different outputs, e.g. after sending the address again) using different pubkeys? (Not talking about double spend.)

No it would be a double spend.  It would be a race to see which ones ends up in the block at which point the other transaction using the same inputs would be rejected by the network as a double spend. 

It doesn't matter if
a) both tx are signed by you with same private key
b) both tx are signed by you with different private keys (which produce the same public address)
c) the two tx are signed by different parties using the same private key (i.e. a stolen wallet and race to spend funds)
d) the two tx are signed by different parties with different private keys (i.e. a nearly 0% chance public address collision)

In all four outcomes both tx are valid, only one will end up in a block and that will invalidate the other tx as a double spend.

John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1288
Merit: 1227


Away on an extended break


View Profile
January 15, 2013, 04:19:51 PM
 #10

1 in 2^256
Wrong. Since a hash collision is all that's required, the odds are actually 1 in 2^160, or 1 in 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976 if you prefer.

more than the atoms in the universe
Actually, it's less than the best estimate of the number of atoms in the universe by over 30 orders of magnitude, which is about the difference between the width of a human hair and the extent of the observable universe. Roll Eyes Please do your research before claiming that all "really big" numbers are equally "really big".
I was under the impression that the bitspace encompasses the entire 2^256 range. Learnt something new today.  Grin
memvola
Hero Member
*****
Offline Offline

Activity: 938
Merit: 1002


View Profile
January 15, 2013, 04:39:11 PM
 #11

No it would be a double spend.  It would be a race to see which ones ends up in the block at which point the other transaction using the same inputs would be rejected by the network as a double spend. 

Of course, though I'm not talking about same inputs, but same address. I send 1 BTC to the address today, and create a transaction using it as an input, signing with private key 1. Tomorrow, I send 1 BTC to the same address, and create a transaction using that new one as an input, signing with private key 2. There will be two transactions involving the same address, exposing two different pubkeys. Is this correct?
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
January 15, 2013, 04:49:08 PM
 #12

Correct.  It will work without issue.  Both will be valid transactions from the same address despite having different public keys.
memvola
Hero Member
*****
Offline Offline

Activity: 938
Merit: 1002


View Profile
January 15, 2013, 04:52:49 PM
 #13

Correct.  It will work without issue.  Both will be valid transactions from the same address despite having different public keys.

Thanks for your patience. This has been a mystery for me for a long time. Wink

ETA: And that concludes that the probability is perfectly 1 in 2160. Cheesy
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!