Bitcoin Forum
November 18, 2017, 07:17:42 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Indeed, almost any 256-bit number can be a private key  (Read 1893 times)
remotemass
Legendary
*
Offline Offline

Activity: 934



View Profile
March 23, 2013, 10:56:39 AM
 #1

Nearly every 256-bit number is a valid private key. Specifically, any 256-bit number between 0x1 and 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141 is a valid private key. The range of valid private keys is governed by the secp256k1 ECDSA standard used by Bitcoin.

Doing the math:
99.99999999999999999999999999999999999962655446549599% of the 256-bit numbers can be used as private keys.

http://www.wolframalpha.com/input/?i=115792089237316195423570985008687907852837564279074904382605163141518161494337%2F115792089237316195423570985008687907853269984665640564039457584007913129639935

Would be great there was a torrent file of all referenced materials of the paper: "How to Build Time-Lock Encryption" by Tibor Jager. And having its magnet link published on bitcoin blockchain!
1510989462
Hero Member
*
Offline Offline

Posts: 1510989462

View Profile Personal Message (Offline)

Ignore
1510989462
Reply with quote  #2

1510989462
Report to moderator
1510989462
Hero Member
*
Offline Offline

Posts: 1510989462

View Profile Personal Message (Offline)

Ignore
1510989462
Reply with quote  #2

1510989462
Report to moderator
Coinlancer is Disrupting the Freelance marketplace!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1510989462
Hero Member
*
Offline Offline

Posts: 1510989462

View Profile Personal Message (Offline)

Ignore
1510989462
Reply with quote  #2

1510989462
Report to moderator
1510989462
Hero Member
*
Offline Offline

Posts: 1510989462

View Profile Personal Message (Offline)

Ignore
1510989462
Reply with quote  #2

1510989462
Report to moderator
markm
Legendary
*
Offline Offline

Activity: 2002



View Profile WWW
March 23, 2013, 11:04:17 AM
 #2

I didn't know there were any that cannot be used. Hmm now you have me wondering why some cannot be used.

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
prezbo
Sr. Member
****
Offline Offline

Activity: 430


View Profile
March 23, 2013, 11:12:10 AM
 #3

I didn't know there were any that cannot be used. Hmm now you have me wondering why some cannot be used.

-MarkM-

There really is no reason why they coulnd't be used. Yes, the group order is less than 2^256, but even a larger number would work - it just wouldn't be very efficient.
remotemass
Legendary
*
Offline Offline

Activity: 934



View Profile
March 23, 2013, 11:17:14 AM
 #4

I didn't know there were any that cannot be used. Hmm now you have me wondering why some cannot be used.

I don't know enough about elliptic curves to make you more clear on that.
But note that the public key is made of 65 bytes. The first byte is always 0x04, I think, and the next pair of 32 bytes correspond to the (x,y) coordinates of a point in the curve.
So the reason must be that because not all points (x,y) can be used, so that not all public keys can be used and therefore not all private keys.
Just my thoughts about it. I actually have not much clues about Elliptic Curves stuff. This is as much as I get of it.

Would be great there was a torrent file of all referenced materials of the paper: "How to Build Time-Lock Encryption" by Tibor Jager. And having its magnet link published on bitcoin blockchain!
prezbo
Sr. Member
****
Offline Offline

Activity: 430


View Profile
March 23, 2013, 11:24:45 AM
 #5

I didn't know there were any that cannot be used. Hmm now you have me wondering why some cannot be used.

I don't know enough about elliptic curves to make you more clear on that.
But note that the public key is made of 65 bytes. The first byte is always 0x04, I think, and the next pair of 32 bytes correspond to the (x,y) coordinates of a point in the curve.
So the reason must be that because not all points (x,y) can be used, so that not all public keys can be used and therefore not all private keys.
Just my thoughts about it. I actually have not much clues about Elliptic Curves stuff. This is as much as I get of it.

Elliptic curves form a group under addition. The private key is an integer, while the public key is a point on the group, so if n is a private key, and G is the "base" point, then n*G = G+G+...+G would be the public key corresponding to n. There is no bound on how large n can be, since a group is closed under it's operator.

Having said that, even though every number *can* be used as a private key, the set of numbers {n, n+R, n+2R, ...} will have the same corresponding public keys, where R is the order of the base element G (and usually also the order of the group itself).
remotemass
Legendary
*
Offline Offline

Activity: 934



View Profile
March 23, 2013, 11:42:42 AM
 #6

Elliptic curves form a group under addition. The private key is an integer, while the public key is a point on the group, so if n is a private key, and G is the "base" point, then n*G = G+G+...+G would be the public key corresponding to n. There is no bound on how large n can be, since a group is closed under it's operator.

Can the G that you mention, the "base" point, be expressed with (X,Y) coordinates?

I barely understand Elliptic Curves with real numbers, but I suppose ECDSA uses Elliptic Curves over Finite Fileds (or is it over Prime Field?!).

I'm still trying to figure if we use a curve or a set of curves.

Can you, give me an idea of how secp256k1 curve and its relevant points look like in a cartesian way? Or it does not work like that at all?!  Huh Roll Eyes

Would be great there was a torrent file of all referenced materials of the paper: "How to Build Time-Lock Encryption" by Tibor Jager. And having its magnet link published on bitcoin blockchain!
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
March 23, 2013, 11:50:04 AM
 #7

I didn't know there were any that cannot be used. Hmm now you have me wondering why some cannot be used.

-MarkM-

its because the prime number chosen for secp256k1 is just a little less then 2^256

0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141 is that prime number in hexadecimal.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
prezbo
Sr. Member
****
Offline Offline

Activity: 430


View Profile
March 23, 2013, 11:51:41 AM
 #8

Elliptic curves form a group under addition. The private key is an integer, while the public key is a point on the group, so if n is a private key, and G is the "base" point, then n*G = G+G+...+G would be the public key corresponding to n. There is no bound on how large n can be, since a group is closed under it's operator.

Can the G that you mention, the "base" point, be expressed with (X,Y) coordinates?

I barely understand Elliptic Curves with real numbers, but I suppose ECDSA uses Elliptic Curves over Finite Fileds (or is it over Prime Field?!).

I'm still trying to figure if we use a curve or a set of curves.

Can you, give me an idea of how secp256k1 curve and its relevant points look like in a cartesian way? Or it does not work like that at all?!  Huh Roll Eyes


Certainly. secp256k1 is defined over one, predefined elliptic curve. The base point is also predetermined, usually a group generator. The group operator (+) is defined in a purely geometric way as shown in this picture
,
here P1+P2 = P3.

You can find some more information on secp256k1 in this pdf. Note that the order of base point G is exactly the number you specified in your OP.
remotemass
Legendary
*
Offline Offline

Activity: 934



View Profile
March 23, 2013, 11:57:26 AM
 #9



what is u and v, in that image?
I am so glad I am learning this stuff  Cheesy

Would be great there was a torrent file of all referenced materials of the paper: "How to Build Time-Lock Encryption" by Tibor Jager. And having its magnet link published on bitcoin blockchain!
prezbo
Sr. Member
****
Offline Offline

Activity: 430


View Profile
March 23, 2013, 12:09:41 PM
 #10

what is u and v, in that image?
I am so glad I am learning this stuff  Cheesy
Probably just line identifiers. This was the best picture I could find quickly Smiley
remotemass
Legendary
*
Offline Offline

Activity: 934



View Profile
March 23, 2013, 12:17:24 PM
 #11

How many points does secp256k1 curve actually have?
And what is this (+), as defined, used for? (regarding them)

The image you provide is very good to understand the (+) operation but still gives me with no clue of how secp256k1 curve and its points look like  Sad

Would be great there was a torrent file of all referenced materials of the paper: "How to Build Time-Lock Encryption" by Tibor Jager. And having its magnet link published on bitcoin blockchain!
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!