Vanity bitcoin addresses: a new way to keep your CPU busy

[grondilu]

IllSend1000BTCtoWhoEvrMakesDisAddr

Awww, even replacing the lower-case-l's with 1's it ain't right:

Code:

$ bitcoind validateaddress I11Send1000BTCtoWhoEvrMakesDisAddr
{
    "isvalid" : false
}

Hum ?  What did I get wrong ?  I thought it would be ok.   I guess I didn't understand what base58 is exactly...  My bad.


edit:
ok I checked Satoshi's code (in base58.h), and now I know :

//
// Why base-58 instead of standard base-64 encoding?
// - Don't want 0OIl characters that look the same in some fonts and
//      could be used to create visually identical looking account numbers.
// - A string with non-alphanumeric characters is not as easily accepted as an account number.
// - E-mail usually won't line-break if there's no punctuation to break at.
// - Doubleclicking selects the whole number as one word if it's all alphanumeric.
//

[khal]

Vanity key tried 29'800'000.

How long will it take to find an adress matching : "^1Khalahan[A-Z0-9]" ?

[ByteCoin]

How long will it take to find an address matching : "^1Khalahan[A-Z0-9]" ?

You need to search about 1.28E14 keys. Using my software (if I remember the performance correctly) that'd take me about 4 years.

ByteCoin

[khal]

Wow... i should be a little less gluttonous though... or really lucky :p
Thanks for the estimation.

[mathx]

Wow... i should be a little less gluttonous though... or really lucky :p
Thanks for the estimation.

Is your software using the GPU too? Whats the nominal market value for this derivative market?

You sharing your vanity generation code?

[gmaxwell]

If there is a demand for it, I might be tempted to start a webservice like the faucet where people can buy vanity addresses for a small bitcoin fee. I have a simple handshake scheme which allows me to generate a new address for you without me finding out your private key. My method sounds like it's faster than Gavin's and mathematically it's non-trivial. It can find addresses containing a short string like "gavin" in a fraction of a second for example.
ByteCoin

I think the claim that you can do this search without knowing the private key is surprising and dubious.

I'd be interested in hearing more about how you propose to do this.
 

[mathx]

I have a simple handshake scheme which allows me to generate a new address for you without me finding out your private key.

How does this work? You HAVE to explain it or the public wont trust your keys. Furthermore, some segment of the population has to understand it fully, the rest will follow the herd of smart people.

Til then tho, there's no market.

[ploum]

But there are 2^160 possible bitcoin addresses,

Just to give some perspective: in order to run out of addresses, each human currently living on the planet (±6 billions) has to generate 500 million of addresses for each single nano-second (10⁻⁹s) during the entire age of the universe (15 billions of years).

I think that, from that point of view, the system is pretty safe.

[davout]

Just to give some perspective: in order to run out of addresses, each human currently living on the planet (±6 billions) has to generate 500 million of addresses for each single nano-second (10⁻⁹s) during the entire age of the universe (15 billions of years).

Read "the restaurant at the end of the universe" you might then want to review your statement

[grondilu]

Thanks for reviving this old thread.

I've added a "vanityAddress" function in my bash lib:

Code:

#!/bin/bash
# 
# This is free and unencumbered software released into the public domain.
# 
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled
# binary, for any purpose, commercial or non-commercial, and by any
# means.
# 
# In jurisdictions that recognize copyright laws, the author or authors
# of this software dedicate any and all copyright interest in the
# software to the public domain. We make this dedication for the benefit
# of the public at large and to the detriment of our heirs and
# successors. We intend this dedication to be an overt act of
# relinquishment in perpetuity of all present and future rights to this
# software under copyright law.
# 
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
#
#
# Requires bc, dc, openssl, xxd
#

base58=({1..9} {A..H} {J..N} {P..Z} {a..k} {m..z})
bitcoinregex="^[$(printf "%s" "${base58[@]}")]{34}$"

decodeBase58() {
    local s=$1
    for i in {0..57}
    do s="${s//${base58[i]}/ $i}"
    done
    dc <<< "16o0d${s// /+58*}+f" 
}

encodeBase58() {
    # 58 = 0x3A
    bc <<<"ibase=16; n=${1^^}; while(n>0) { n%3A ; n/=3A }" |
    tac |
    while read n
    do echo -n ${base58[n]}
    done
}

checksum() {
    xxd -p -r <<<"$1" |
    openssl dgst -sha256 -binary |
    openssl dgst -sha256 -binary |
    xxd -p -c 80 |
    head -c 8
}

checkBitcoinAddress() {
    if [[ "$1" =~ $bitcoinregex ]]
    then
        h=$(decodeBase58 "$1")
        checksum "00${h::${#h}-8}" |
        grep -qi "^${h: -8}$"
    else return 2
    fi
}

hash160() {
    openssl dgst -sha256 -binary |
    openssl dgst -rmd160 -binary |
    xxd -p -c 80
}

hash160ToAddress() {
    printf "%34s\n" "$(encodeBase58 "00$1$(checksum "00$1")")" |
    sed "y/ /1/"
}

publicKeyToAddress() {
    hash160ToAddress $(
    openssl ec -pubin -pubout -outform DER 2>/dev/null |
    tail -c 65 |
    hash160
    )
}

makeBitcoinPair() {
    openssl ecparam -genkey -name secp256k1 |
        tee >(gpg -ae -r grondilu) |
        openssl ec -pubout |
        publicKeyToAddress
}

timestamp() {
    hash160ToAddress "$(hash160)"
}

bigEndianHex2littleEndianHex() {
    local s=''
    while read -n 2 char
    do s=$char$s
    done
    echo $s
}

bitcoinHash() {
    bigEndianHex2littleEndianHex |
    xxd -p -r |
    openssl dgst -sha256 -binary |
    openssl dgst -sha256 -binary |
    xxd -p -c 80 |
    bigEndianHex2littleEndianHex
}

vanityAddress() {
    local pub priv
    while [[ ! "$pub" =~ $1 ]]
    do
        priv="$(openssl ecparam -genkey -name secp256k1 2>/dev/null)"
        pub="$(openssl ec -pubout 2>/dev/null <<<"$priv" | publicKeyToAddress)"
    done
    echo "$pub
    $priv"
}

[029xue]

The idea is cool, but I think there's a big problem in safty.

After you generated a bitcoin address, that means you hold the 'wallat.data' of this address and of source you've a copy of the file.

After you sending this wallet to others, you may still have a copy of the file, how could others believe that you won't use/steal there bitcoins from this wallat?

[publickeyhash]

Of source big problem with wallat safty!
Copy "wallat.pasta" to use/steal there bitcoins from open sesame wallat!

[slowmining]

I would love this using the GPU.

[ByteCoin]

I think the claim that you can do this search without knowing the private key is surprising and dubious.

I'd be interested in hearing more about how you propose to do this.
 

How does this work? You HAVE to explain it or the public wont trust your keys.

At the moment addresses are used as fairly ephemeral things and the recommendation is to use a new receiving address for each payment. This limits the utility of vanity addresses and so I don't believe it's worth implementing. This may change in future however as new bitcoin services arise.

It can be implemented securely but the method touches on some issues I should currently keep confidential. However it's an elementary problem for any half-way decent cryptographer.

ByteCoin

[unk]

[removed useless thoughts because i'm out of practice enough that i forgot i was a 'halfway-decent cryptographer' and was barking up the wrong tree]

as an aside, i still think grondilu's script is cleverly minimalist, but the thought of running it as a loop that creates multiple openssl processes for each iteration almost makes me ill.  :-)  (i'm also still annoyed that my own minimalist c client failed to send a transaction to hal correctly in testing the script, depriving him of the bitcoin he sent as a bounty and instead giving it to someone who solved the relevant problem in a better, less cumbersome way!)

bytecoin, i've been thinking idly about mathematically nontrivial ways to generate billions of ec keys quickly since you mentioned it, but i confess that i haven't yet stumbled on your method yet.

[gmaxwell]

At the moment addresses are used as fairly ephemeral things and the recommendation is to use a new receiving address for each payment. This limits the utility of vanity addresses and so I don't believe it's worth implementing. This may change in future however as new bitcoin services arise.

It can be implemented securely but the method touches on some issues I should currently keep confidential. However it's an elementary problem for any half-way decent cryptographer.

Indeed. I spent a while thinking about it and realized I was being stupid. The number of times the point was added initially (the private key) is unknown but you can keep adding it more without difficulty and get additional keys, then just add that value to the private key.

[foo]

Thanks for reviving this old thread.

I've added a "vanityAddress" function in my bash lib:

Cool, except it doesn't work...

Code:

bash: ibase=16; n=${1^^}; while(n>0) { n%3A ; n/=3A }: bad substitution

[TiagoTiago]

If someone sets up a service, could they use a single stream of random new addresses and test for matches for all currently open requests instead of wasting time throwing away addresses that could match one of the many requests filed?

[grondilu]

Thanks for reviving this old thread.

I've added a "vanityAddress" function in my bash lib:

Cool, except it doesn't work...

Code:

bash: ibase=16; n=${1^^}; while(n>0) { n%3A ; n/=3A }: bad substitution

Which version of bash are you running?  (I suspect yours doesn't accept ${1^^})

Mine is
GNU bash, version 4.1.5(1)-release (i486-pc-linux-gnu)

[foo]

Thanks for reviving this old thread.

I've added a "vanityAddress" function in my bash lib:

Cool, except it doesn't work...

Code:

bash: ibase=16; n=${1^^}; while(n>0) { n%3A ; n/=3A }: bad substitution

Which version of bash are you running?  (I suspect yours doesn't accept ${1^^})

Mine is
GNU bash, version 4.1.5(1)-release (i486-pc-linux-gnu)

GNU bash, version 3.2.39(1)-release (x86_64-pc-linux-gnu)

I tried your script on several Linux servers, apparently none of them had a new enough bash... Could you rewrite that line so it works on bash versions that are actually included in distributions?