Is bitcoin address generation completely random?

[strasboug]

I am always wondering this question. Of course from the computer science point of view, nothing is really random. You have a random function which may use system timestamp as a seed, or combination of mac address, computer architecture etc. So if I try to generate the bitcoin address using the similar conditions that Satoshi once had, maybe I can generate his address with a larger probability and may succeed one day, and get his lost treasure, lol. Though sounds not easy, but it is still possible, right?

[greenclover]

I am always wondering this question. Of course from the computer science point of view, nothing is really random. You have a random function which may use system timestamp as a seed, or combination of mac address, computer architecture etc. So if I try to generate the bitcoin address using the similar conditions that Satoshi once had, maybe I can generate his address with a larger probability and may succeed one day, and get his lost treasure, lol. Though sounds not easy, but it is still possible, right?

Possible, but then you need to research what computers are most popularly used in 2009-2010, then what was the initial code to generate bitcoin address, and how the random seed is determined, then you can rewind the computer clock etc and start your experiments.

[Kprawn]

I am always wondering this question. Of course from the computer science point of view, nothing is really random. You have a random function which may use system timestamp as a seed, or combination of mac address, computer architecture etc. So if I try to generate the bitcoin address using the similar conditions that Satoshi once had, maybe I can generate his address with a larger probability and may succeed one day, and get his lost treasure, lol. Though sounds not easy, but it is still possible, right?

What conditions would that be? The combinations possible with the math involved is staggering and border on the impossible. You can read a

bit more about this here ---->  https://en.bitcoin.it/wiki/Main_Page .... or watch this video ---> https://www.youtube.com/watch?v=67uW07QDHxE Good lucky finding that exact key, after watching this.

[QuestionAuthority]

I am always wondering this question. Of course from the computer science point of view, nothing is really random. You have a random function which may use system timestamp as a seed, or combination of mac address, computer architecture etc. So if I try to generate the bitcoin address using the similar conditions that Satoshi once had, maybe I can generate his address with a larger probability and may succeed one day, and get his lost treasure, lol. Though sounds not easy, but it is still possible, right?

You will never successfully generate Satoshi's addresses besides you need the wallet private key not the public address. It's not possible. A Bitcoin address is effectively (not truly) random although it's derived using a 160-bit hash of the public portion of a public/private ECDSA keypair. Using public-key cryptography, you can "sign" data with your private key and anyone who knows your public key can verify that the signature is valid.

How to create Bitcoin Address
Take a private ECDSA key

Take the corresponding public key generated with the ECDSA key (65 bytes, 1 byte 0x04, 32 bytes corresponding to X coordinate, 32 bytes corresponding to Y coordinate)

Perform SHA-256 hashing on the public key

Perform RIPEMD-160 hashing on the result of SHA-256

Add version byte in front of RIPEMD-160 hash (0x00 for Main Network)

Perform SHA-256 hash on the extended RIPEMD-160 result

Perform SHA-256 hash on the result of the previous SHA-256 hash

Take the first 4 bytes of the second SHA-256 hash. This is the address checksum.

Add the 4 checksum bytes from the end of extended RIPEMD-160 hash. This is the 25-byte binary Bitcoin Address.

Convert the result from a byte string into a base58 string using Base58Check encoding. This is the most commonly used Bitcoin Address format.

Bitcoin addresses are the pubkeyhash (not pubkey) plus version and checksum information, encoded in base 58.
Bitcoin address = version + RIPEMD-160(SHA-256( Public Key )) + checksum

[strasboug]

I am always wondering this question. Of course from the computer science point of view, nothing is really random. You have a random function which may use system timestamp as a seed, or combination of mac address, computer architecture etc. So if I try to generate the bitcoin address using the similar conditions that Satoshi once had, maybe I can generate his address with a larger probability and may succeed one day, and get his lost treasure, lol. Though sounds not easy, but it is still possible, right?

You will never successfully generate Satoshi's addresses besides you need the wallet private key not the public address. It's not possible. A Bitcoin address is effectively (not truly) random although it's derived using a 160-bit hash of the public portion of a public/private ECDSA keypair. Using public-key cryptography, you can "sign" data with your private key and anyone who knows your public key can verify that the signature is valid.

How to create Bitcoin Address
Take a private ECDSA key

Take the corresponding public key generated with the ECDSA key (65 bytes, 1 byte 0x04, 32 bytes corresponding to X coordinate, 32 bytes corresponding to Y coordinate)

Perform SHA-256 hashing on the public key

Perform RIPEMD-160 hashing on the result of SHA-256

Add version byte in front of RIPEMD-160 hash (0x00 for Main Network)

Perform SHA-256 hash on the extended RIPEMD-160 result

Perform SHA-256 hash on the result of the previous SHA-256 hash

Take the first 4 bytes of the second SHA-256 hash. This is the address checksum.

Add the 4 checksum bytes from the end of extended RIPEMD-160 hash. This is the 25-byte binary Bitcoin Address.

Convert the result from a byte string into a base58 string using Base58Check encoding. This is the most commonly used Bitcoin Address format.

Bitcoin addresses are the pubkeyhash (not pubkey) plus version and checksum information, encoded in base 58.
Bitcoin address = version + RIPEMD-160(SHA-256( Public Key )) + checksum

This is not the point and the question is not about it.

If you try to randomly generate a key, then it is impossible (or virtually impossible). But the key pair is not generated completely random. It uses a random number generator which depends on the seeds. So with these clues it will not be completely random any more.

[QuestionAuthority]

I am always wondering this question. Of course from the computer science point of view, nothing is really random. You have a random function which may use system timestamp as a seed, or combination of mac address, computer architecture etc. So if I try to generate the bitcoin address using the similar conditions that Satoshi once had, maybe I can generate his address with a larger probability and may succeed one day, and get his lost treasure, lol. Though sounds not easy, but it is still possible, right?

You will never successfully generate Satoshi's addresses besides you need the wallet private key not the public address. It's not possible. A Bitcoin address is effectively (not truly) random although it's derived using a 160-bit hash of the public portion of a public/private ECDSA keypair. Using public-key cryptography, you can "sign" data with your private key and anyone who knows your public key can verify that the signature is valid.

How to create Bitcoin Address
Take a private ECDSA key

Take the corresponding public key generated with the ECDSA key (65 bytes, 1 byte 0x04, 32 bytes corresponding to X coordinate, 32 bytes corresponding to Y coordinate)

Perform SHA-256 hashing on the public key

Perform RIPEMD-160 hashing on the result of SHA-256

Add version byte in front of RIPEMD-160 hash (0x00 for Main Network)

Perform SHA-256 hash on the extended RIPEMD-160 result

Perform SHA-256 hash on the result of the previous SHA-256 hash

Take the first 4 bytes of the second SHA-256 hash. This is the address checksum.

Add the 4 checksum bytes from the end of extended RIPEMD-160 hash. This is the 25-byte binary Bitcoin Address.

Convert the result from a byte string into a base58 string using Base58Check encoding. This is the most commonly used Bitcoin Address format.

Bitcoin addresses are the pubkeyhash (not pubkey) plus version and checksum information, encoded in base 58.
Bitcoin address = version + RIPEMD-160(SHA-256( Public Key )) + checksum

This is not the point and the question is not about it.

If you try to randomly generate a key, then it is impossible (or virtually impossible). But the key pair is not generated completely random. It uses a random number generator which depends on the seeds. So with these clues it will not be completely random any more.

There's no such thing as a computer generated truly random number but the difficulty of using brute force to find a computer generated Bitcoin private key would take : pow(2,128) / (15 * pow(2,40)) / 3600 / 24 / 365.25 / 1e9 / 1e9 or 0.65 billion years.

[Gatorelf]

this is going to be a dumb question but I am new to this, when my address is funded and can be seen by public is that always unique to my wallet ? what keeps someone from getting funds from the address such as a previous owner of a Casascius coin.

thanks for any help

[shorena]

-snip-
This is not the point and the question is not about it.

If you try to randomly generate a key, then it is impossible (or virtually impossible). But the key pair is not generated completely random. It uses a random number generator which depends on the seeds. So with these clues it will not be completely random any more.

Cryptographically secure random number generates are designed in a way that its seed is not predictable and is not stored or recoverable. There are is at least one known attack on them[1], but usually you or anyone else here is not worth an 0-day that is actually able to pull this attack off. Furthermore you will not be able to recover the state of satoshis machine when they created their keys. IF your scenario is that this is possible, no crypto that requires random numbers is secure.

[1] http://blog.cr.yp.to/20140205-entropy.html

[strasboug]

I am always wondering this question. Of course from the computer science point of view, nothing is really random. You have a random function which may use system timestamp as a seed, or combination of mac address, computer architecture etc. So if I try to generate the bitcoin address using the similar conditions that Satoshi once had, maybe I can generate his address with a larger probability and may succeed one day, and get his lost treasure, lol. Though sounds not easy, but it is still possible, right?

You will never successfully generate Satoshi's addresses besides you need the wallet private key not the public address. It's not possible. A Bitcoin address is effectively (not truly) random although it's derived using a 160-bit hash of the public portion of a public/private ECDSA keypair. Using public-key cryptography, you can "sign" data with your private key and anyone who knows your public key can verify that the signature is valid.

How to create Bitcoin Address
Take a private ECDSA key

Take the corresponding public key generated with the ECDSA key (65 bytes, 1 byte 0x04, 32 bytes corresponding to X coordinate, 32 bytes corresponding to Y coordinate)

Perform SHA-256 hashing on the public key

Perform RIPEMD-160 hashing on the result of SHA-256

Add version byte in front of RIPEMD-160 hash (0x00 for Main Network)

Perform SHA-256 hash on the extended RIPEMD-160 result

Perform SHA-256 hash on the result of the previous SHA-256 hash

Take the first 4 bytes of the second SHA-256 hash. This is the address checksum.

Add the 4 checksum bytes from the end of extended RIPEMD-160 hash. This is the 25-byte binary Bitcoin Address.

Convert the result from a byte string into a base58 string using Base58Check encoding. This is the most commonly used Bitcoin Address format.

Bitcoin addresses are the pubkeyhash (not pubkey) plus version and checksum information, encoded in base 58.
Bitcoin address = version + RIPEMD-160(SHA-256( Public Key )) + checksum

This is not the point and the question is not about it.

If you try to randomly generate a key, then it is impossible (or virtually impossible). But the key pair is not generated completely random. It uses a random number generator which depends on the seeds. So with these clues it will not be completely random any more.

There's no such thing as a computer generated truly random number but the difficulty of using brute force to find a computer generated Bitcoin private key would take : pow(2,128) / (15 * pow(2,40)) / 3600 / 24 / 365.25 / 1e9 / 1e9 or 0.65 billion years.

Your computation is fraud. again this is NOT about randomly generate bitcoin address and then match. If you look at how the address is generated, the GetNewAdress() function, eventually call certain random function, the random seeding is generated using a utility function:

inline int64_t GetPerformanceCounter()
{
    int64_t nCounter = 0;
#ifdef WIN32
    QueryPerformanceCounter((LARGE_INTEGER*)&nCounter);
#else
    timeval t;
    gettimeofday(&t, NULL);
    nCounter = (int64_t) t.tv_sec * 1000000 + t.tv_usec;
#endif
    return nCounter;
}

which gets its seed from the system time. If I set system time back to 2009/2010, and repetitively generating bitcoin address using these seeds, my chances hitting one of the addresses used that time is definitely much higher than your computation, which assumes I pick up a random seed.

Got it now??

Here is the GetNewAddress function:

CPubKey CWallet::GenerateNewKey()
{
    bool fCompressed = CanSupportFeature(FEATURE_COMPRPUBKEY);

    RandAddSeedPerfmon(); <== which will eventually call the GetPerformanceCounter
    CKey key;
    key.MakeNewKey(fCompressed);
     ... ... ...
    return key.GetPubKey();
}

[Gatorelf]

ah there's my answer a private key for transfers

[QuestionAuthority]

I am always wondering this question. Of course from the computer science point of view, nothing is really random. You have a random function which may use system timestamp as a seed, or combination of mac address, computer architecture etc. So if I try to generate the bitcoin address using the similar conditions that Satoshi once had, maybe I can generate his address with a larger probability and may succeed one day, and get his lost treasure, lol. Though sounds not easy, but it is still possible, right?

You will never successfully generate Satoshi's addresses besides you need the wallet private key not the public address. It's not possible. A Bitcoin address is effectively (not truly) random although it's derived using a 160-bit hash of the public portion of a public/private ECDSA keypair. Using public-key cryptography, you can "sign" data with your private key and anyone who knows your public key can verify that the signature is valid.

How to create Bitcoin Address
Take a private ECDSA key

Take the corresponding public key generated with the ECDSA key (65 bytes, 1 byte 0x04, 32 bytes corresponding to X coordinate, 32 bytes corresponding to Y coordinate)

Perform SHA-256 hashing on the public key

Perform RIPEMD-160 hashing on the result of SHA-256

Add version byte in front of RIPEMD-160 hash (0x00 for Main Network)

Perform SHA-256 hash on the extended RIPEMD-160 result

Perform SHA-256 hash on the result of the previous SHA-256 hash

Take the first 4 bytes of the second SHA-256 hash. This is the address checksum.

Add the 4 checksum bytes from the end of extended RIPEMD-160 hash. This is the 25-byte binary Bitcoin Address.

Convert the result from a byte string into a base58 string using Base58Check encoding. This is the most commonly used Bitcoin Address format.

Bitcoin addresses are the pubkeyhash (not pubkey) plus version and checksum information, encoded in base 58.
Bitcoin address = version + RIPEMD-160(SHA-256( Public Key )) + checksum

This is not the point and the question is not about it.

If you try to randomly generate a key, then it is impossible (or virtually impossible). But the key pair is not generated completely random. It uses a random number generator which depends on the seeds. So with these clues it will not be completely random any more.

There's no such thing as a computer generated truly random number but the difficulty of using brute force to find a computer generated Bitcoin private key would take : pow(2,128) / (15 * pow(2,40)) / 3600 / 24 / 365.25 / 1e9 / 1e9 or 0.65 billion years.

Your computation is fraud. again this is NOT about randomly generate bitcoin address and then match. If you look at how the address is generated, the GetNewAdress() function, eventually call certain random function, the random seeding is generated using a utility function:

inline int64_t GetPerformanceCounter()
{
    int64_t nCounter = 0;
#ifdef WIN32
    QueryPerformanceCounter((LARGE_INTEGER*)&nCounter);
#else
    timeval t;
    gettimeofday(&t, NULL);
    nCounter = (int64_t) t.tv_sec * 1000000 + t.tv_usec;
#endif
    return nCounter;
}

which gets its seed from the system time. If I set system time back to 2009/2010, and repetitively generating bitcoin address using these seeds, my chances hitting one of the addresses used that time is definitely much higher than your computation, which assumes I pick up a random seed.

Got it now??

Here is the GetNewAddress function:

CPubKey CWallet::GenerateNewKey()
{
    bool fCompressed = CanSupportFeature(FEATURE_COMPRPUBKEY);

    RandAddSeedPerfmon(); <== which will eventually call the GetPerformanceCounter
    CKey key;
    key.MakeNewKey(fCompressed);
     ... ... ...
    return key.GetPubKey();
}

You realize you stopped just short of answering your own question, right?

    void RandAddSeed()
    {
        // Seed with CPU performance counter
        int64_t nCounter = GetPerformanceCounter();
        RAND_add(&nCounter, sizeof(nCounter), 1.5);
        memory_cleanse((void*)&nCounter, sizeof(nCounter));
    }
   
    static void RandAddSeedPerfmon()
    {
        RandAddSeed();
   
    #ifdef WIN32
     
 On Linux, OpenSSL automatically uses /dev/urandom
       
        static int64_t nLastPerfmon;
        if (GetTime() < nLastPerfmon + 10 * 60)
            return;
    nLastPerfmon = GetTime();
   
Performance counters depend on the configuration of the computer being used and will not be the same just because you "turn back the clock" which will do absolutely nothing for you. Did you come across Satoshi's original 2009 computer because that's the only way you could come even close to finding the original seed. You could waste the rest of your life trying and never even come close.

[marseille]

Well, the code says if it is not windows, then use time of the day as the seed:

    int64_t nCounter = 0;
#ifdef WIN32
    QueryPerformanceCounter((LARGE_INTEGER*)&nCounter);
#else
    timeval t;
    gettimeofday(&t, NULL);
    nCounter = (int64_t) t.tv_sec * 1000000 + t.tv_usec;
#endif
    return nCounter;

Therefore, if a linux machine is used, say, you do have a larger chance to get the seed right.

For windows, I don't know what is QueryPerformanceCounter function do.

[Soros Shorts]

Well, the code says if it is not windows, then use time of the day as the seed:

   int64_t nCounter = 0;
#ifdef WIN32
    QueryPerformanceCounter((LARGE_INTEGER*)&nCounter);
#else
    timeval t;
    gettimeofday(&t, NULL);
    nCounter = (int64_t) t.tv_sec * 1000000 + t.tv_usec;
#endif
    return nCounter;

Therefore, if a linux machine is used, say, you do have a larger chance to get the seed right.

For windows, I don't know what is QueryPerformanceCounter function do.

QueryPerformanceCounter() in Windows just returns a high-resolution timestamp with microsecond precision.

Therefore nCounter is computed identically under Linux and Windows. Correction, it is not the same for Linux and Windows. The baseline is not the same (the zero value of the timestamps refers to different points in time). Therefore even though the computation is conceptually similar the seeds returned by Windows or Linux would be different for a given point in time. You need to figure out which OS Satoshi was using.

[Jester.]

its completely random but depending on algorithm 

[topesis]

I'm not a technical person but I have seen someone BTC address that contain the person's name. I know most are generated randomly but I think it can be guided to generate a customized address

[franky1]

if i remember rightly,

the initial "random" generator was flawed and in later years we moved bitcoin to a better mechanism with more entropy. i certainly remember their being flaws in the java and other versions

secondly you dont need to try every second from 2009-2010. you just have to pick a 10 minute interval before a block was solved to aim for a particular key.

because knowing how the earlier versions were made. it generated a keypair right at the point it created the coinbase tx to add to a block to be solved. so grabbing a certain range of timestamps should be easier.
after all its not like he made thousands of keys on january 9th. the keys were generated at the same time as forming a block. which would be after the previous block but before the next block(your target) was solved.

for instance
block two has the timestamp of
2009-01-09 02:55:44
and block one has timestamp of
2009-01-09 02:54:25

so if you want to try to get block 2's coinbase privkey. you only need to search between 02:54:25 - 02:55:44

you could refine the search by taking the possibility that the timestamp of when the coinbase was created was within seconds of the creation of the keypair used to create it.

but with all that said. good luck trying. and i hope your great great grandkids have fun trying all the possibilities when you pass your project down your lineage

[shorena]

Well, the code says if it is not windows, then use time of the day as the seed:

    int64_t nCounter = 0;
#ifdef WIN32
    QueryPerformanceCounter((LARGE_INTEGER*)&nCounter);
#else
    timeval t;
    gettimeofday(&t, NULL);
    nCounter = (int64_t) t.tv_sec * 1000000 + t.tv_usec;
#endif
    return nCounter;

Therefore, if a linux machine is used, say, you do have a larger chance to get the seed right.

For windows, I don't know what is QueryPerformanceCounter function do.

Thats not the entire code.

Code:

void GetStrongRandBytes(unsigned char* out, int num)
{
    assert(num <= 32);
    CSHA512 hasher;
    unsigned char buf[64];

    // First source: OpenSSL's RNG
    RandAddSeedPerfmon();
    GetRandBytes(buf, 32);
    hasher.Write(buf, 32);

    // Second source: OS RNG
    GetOSRand(buf);
    hasher.Write(buf, 32);

    // Produce output
    hasher.Finalize(buf);
    memcpy(out, buf, num);
    memory_cleanse(buf, 64);
}

-> https://github.com/bitcoin/bitcoin/blob/cdfb7755a6af2e95e8598ca8e8d6896c745bcd72/src/random.cpp#L133

[Xester]

I'm not a technical person but I have seen someone BTC address that contain the person's name. I know most are generated randomly but I think it can be guided to generate a customized address

I have experience the same. But a persons name appearing on the address is not applicable to all. Possibly it is only within a site that you can see a name attached and if send outside of that wallets site then it will not appear. Bitcoins address is random and the name attached to it has no relation to the bitcoin address generation but a feature placed by a certain site to please their customers.

[calkob]

I am always wondering this question. Of course from the computer science point of view, nothing is really random. You have a random function which may use system timestamp as a seed, or combination of mac address, computer architecture etc. So if I try to generate the bitcoin address using the similar conditions that Satoshi once had, maybe I can generate his address with a larger probability and may succeed one day, and get his lost treasure, lol. Though sounds not easy, but it is still possible, right?

Ok maybe not impossible but so totally improbable that it boards on the improbable with today's technology,  do abit more reading, and if videos are more your thing search youtube, bitcoin mathematics.

[nara1892]

I am always wondering this question. Of course from the computer science point of view, nothing is really random. You have a random function which may use system timestamp as a seed, or combination of mac address, computer architecture etc. So if I try to generate the bitcoin address using the similar conditions that Satoshi once had, maybe I can generate his address with a larger probability and may succeed one day, and get his lost treasure, lol. Though sounds not easy, but it is still possible, right?

I also wonder and in doubt about how random bitcoin address is. I think it should have a formula to create those addresses.

well, I think you should find the formula first. but it should be related to how Satoshi's computer random an address. eve. if you find it, how do you assure yourself that it belongs to real satoshi?