Bitcoin Forum
January 21, 2019, 07:13:01 PM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Matching public key with directory.io - why so difficult?  (Read 3494 times)
Agnosticus
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
September 17, 2017, 02:50:04 AM
Last edit: September 17, 2017, 03:05:25 AM by Agnosticus
 #21

Thanks for your detailed response. I'm sure others will find it useful too.


>>>>First of all, you are essentially sending your private key to a remote web server (directory.io).

Not if I'm doing the public-private key generation locally on an air-gapped, unconnected computer - one of the reasons for my posts above. I would like to get hold of that code for personal use, but the creator has hidden it, unlike other websites that randomly generate public-private key pairs. I actually think that I could create the code if I really put my mind to it, something I might consider if I can't get that code.

>>>>Secondly, you still need to load that private key into a wallet software in order to spend from it.

Not if I'm keeping it purely for storage and not transacting with it.

>>>>Thirdly, because the private key is in an unencrypted form, if the private key is stolen, then the thief can spend your coins immediately. With wallet encryption, if your coins are stolen, you still have time to move them as strong encryption and a strong password will protect your private keys.

How would a thief steal it if it's committed to memory and the public key has only ever been used once - to deposit the money? You're assuming I'm using it for transacting. That wallet is cold and the private key has never touched the Internet.

>>>>Lastly, you would be reusing the exact same address over and over again which will lead to significant privacy loss.

Not if I simply put the bitcoin there for long term storage.
-----------------------

The more I think about it, the better my idea becomes - for storage purposes, that is. Perhaps not for transacting.
1548097981
Hero Member
*
Offline Offline

Posts: 1548097981

View Profile Personal Message (Offline)

Ignore
1548097981
Reply with quote  #2

1548097981
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1548097981
Hero Member
*
Offline Offline

Posts: 1548097981

View Profile Personal Message (Offline)

Ignore
1548097981
Reply with quote  #2

1548097981
Report to moderator
1548097981
Hero Member
*
Offline Offline

Posts: 1548097981

View Profile Personal Message (Offline)

Ignore
1548097981
Reply with quote  #2

1548097981
Report to moderator
1548097981
Hero Member
*
Offline Offline

Posts: 1548097981

View Profile Personal Message (Offline)

Ignore
1548097981
Reply with quote  #2

1548097981
Report to moderator
achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 1652
Merit: 1982


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
September 17, 2017, 03:16:08 AM
 #22

Not if I'm doing the public-private key generation locally on an air-gapped, unconnected computer - one of the reasons for my posts above. I would like to get hold of that code for personal use, but the creator has hidden it, unlike other websites that randomly generate public-private key pairs. I actually think that I could create the code if I really put my mind to it, something I might consider if I can't get that code.
I don't understand why you are so fixated on choosing your own private key that is memorable. Why not instead generate random private keys until you generate something that you find memorable. That is far more secure than you choosing something memorable.

Not if I'm keeping it purely for storage and not transacting with it.

<snip>

How would a thief steal it if it's committed to memory and the public key has only ever been used once - to deposit the money? You're assuming I'm using it for transacting. That wallet is cold and the private key has never touched the Internet.

<snip>

Not if I simply put the bitcoin there for long term storage.
It can be stolen the moment you decide to spend the coins and have to enter you private key into some software. Even if you are keeping the coins in long term storage, at some point in the future you will want to move those coins out of storage to do something with them. Whenever you do that, you expose your private key and it can be stolen.

Similarly, the same argument can be made for randomly generating a private key and keeping it on a storage medium that never touches the internet.

There is also still a significant privacy loss even if you are only using that address for receiving. For starters, everyone that sends you money will know how much money you have. Furthermore you are reducing the privacy of everyone that transacts with you because anyone will be able to look at their transactions and immediately know who they were paying and how much.

Agnosticus
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
September 17, 2017, 03:45:20 AM
 #23

I don't understand why you are so fixated on choosing your own private key that is memorable. Why not instead generate random private keys until you generate something that you find memorable. That is far more secure than you choosing something memorable.

These are just ideas and this is just a discussion. I'm the type of person that delves and delves until I find myself answering other people's questions on whatever it is I'm investigating.

A random private key will never be as memorable to me as something I create myself. So there's a trade-off either way you go.

It can be stolen the moment you decide to spend the coins and have to enter you private key into some software. Even if you are keeping the coins in long term storage, at some point in the future you will want to move those coins out of storage to do something with them. Whenever you do that, you expose your private key and it can be stolen.

Similarly, the same argument can be made for randomly generating a private key and keeping it on a storage medium that never touches the internet.

There is also still a significant privacy loss even if you are only using that address for receiving. For starters, everyone that sends you money will know how much money you have. Furthermore you are reducing the privacy of everyone that transacts with you because anyone will be able to look at their transactions and immediately know who they were paying and how much.

Once again, you're assuming I'm reusing this public address over-and-over again or that I'm advertising it. This is my storage wallet and not an address for people to send me funds. True, if I bring them out of hibernation it increases their vulnerability. Then I go down the path of p2p wallets, etc and find a new cold address to send my savings to.
AGD
Legendary
*
Offline Offline

Activity: 1775
Merit: 1044


Keeper of the Private Key


View Profile
September 17, 2017, 09:32:49 AM
 #24

I don't understand why you are so fixated on choosing your own private key that is memorable. Why not instead generate random private keys until you generate something that you find memorable. That is far more secure than you choosing something memorable.

These are just ideas and this is just a discussion. I'm the type of person that delves and delves until I find myself answering other people's questions on whatever it is I'm investigating.

A random private key will never be as memorable to me as something I create myself. So there's a trade-off either way you go.

It can be stolen the moment you decide to spend the coins and have to enter you private key into some software. Even if you are keeping the coins in long term storage, at some point in the future you will want to move those coins out of storage to do something with them. Whenever you do that, you expose your private key and it can be stolen.

Similarly, the same argument can be made for randomly generating a private key and keeping it on a storage medium that never touches the internet.

There is also still a significant privacy loss even if you are only using that address for receiving. For starters, everyone that sends you money will know how much money you have. Furthermore you are reducing the privacy of everyone that transacts with you because anyone will be able to look at their transactions and immediately know who they were paying and how much.

Once again, you're assuming I'm reusing this public address over-and-over again or that I'm advertising it. This is my storage wallet and not an address for people to send me funds. True, if I bring them out of hibernation it increases their vulnerability. Then I go down the path of p2p wallets, etc and find a new cold address to send my savings to.

At the very first moment when you visit directory.io to find the page number of your offline created private key, it will be very easy for the admin of the page to steal your funds immediately PLUS your offline generated key is not offline anymore. There is no need to repeat the visit, because the attacker (admin) can simply check all visited directory.io pages and check the balance of all private keys on that very page.

Bitcoin is not a bubble, it's the pin!
+++ GPG Public key FFBD756C24B54962E6A772EA1C680D74DB714D40 +++ http://pgp.mit.edu/pks/lookup?op=get&search=0x1C680D74DB714D40
Agnosticus
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
September 21, 2017, 09:21:12 AM
 #25

At the very first moment when you visit directory.io to find the page number of your offline created private key, it will be very easy for the admin of the page to steal your funds immediately PLUS your offline generated key is not offline anymore. There is no need to repeat the visit, because the attacker (admin) can simply check all visited directory.io pages and check the balance of all private keys on that very page.

You obviously didn't read my posts! I was thinking about USING directory.io as an offline wallet generator - IF I could get the code offline. Unfortunately, the creator hasn't made the code downloadable.

AGD
Legendary
*
Offline Offline

Activity: 1775
Merit: 1044


Keeper of the Private Key


View Profile
September 22, 2017, 10:58:10 AM
 #26

At the very first moment when you visit directory.io to find the page number of your offline created private key, it will be very easy for the admin of the page to steal your funds immediately PLUS your offline generated key is not offline anymore. There is no need to repeat the visit, because the attacker (admin) can simply check all visited directory.io pages and check the balance of all private keys on that very page.

You obviously didn't read my posts! I was thinking about USING directory.io as an offline wallet generator - IF I could get the code offline. Unfortunately, the creator hasn't made the code downloadable.



No?
https://github.com/saracen/directory.io

Bitcoin is not a bubble, it's the pin!
+++ GPG Public key FFBD756C24B54962E6A772EA1C680D74DB714D40 +++ http://pgp.mit.edu/pks/lookup?op=get&search=0x1C680D74DB714D40
Agnosticus
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
October 05, 2017, 06:11:42 AM
 #27

Wow! Thanks heaps.

At the very first moment when you visit directory.io to find the page number of your offline created private key, it will be very easy for the admin of the page to steal your funds immediately PLUS your offline generated key is not offline anymore. There is no need to repeat the visit, because the attacker (admin) can simply check all visited directory.io pages and check the balance of all private keys on that very page.

You obviously didn't read my posts! I was thinking about USING directory.io as an offline wallet generator - IF I could get the code offline. Unfortunately, the creator hasn't made the code downloadable.



No?
https://github.com/saracen/directory.io
cr1776
Legendary
*
Offline Offline

Activity: 2128
Merit: 1014


View Profile
October 10, 2017, 05:30:05 PM
 #28

Hi everyone,

I've read up on the close-to-impossibility of randomly generating a private key which matches a given public address (e.g. grains of sand analogy). I'm still trying to answer a few of my own questions, however.

My current questions relate to this: http://directory.io/

- What's to stop someone simply using this website to look up a particular address and find the corresponding private key?
- Is the list simply so large that it would take an eternity to actually find the relevant address with a computer program?
- I'm assuming this list has code behind it and it generates each page as required - i.e. it's not a static list?
- Why did this database require such a huge amount of computing power if the list is dynamically populated?

I find this list totally fascinating! I might even send a donation at some point...

Thanks for any help.

Agnosticus

Ok, you have to understand what that website is. It is not a page after page list of key pairs, it is a real time calculation of those pairs. If you trying to crawl the site, there would be only one page, not millions. The page calculates and lists the page worth of key pairs, using the page number as a reference point. Each requested page is created at the moment the client requests the page from the server. Therefore, there is no parsing the site as a whole or searching it in that way. Look up how the page number is used in the equation and maybe that will be a starting point for you.

No, if you try and crawl that site there will be a (practically) infinite number of pages.  Google alone has about 45000 pages index, all dynamically generated. 
https://www.google.com/search?source=hp&q=site%3Adirectory.io&oq=site%3Adirectory.io

Kind of like Google has about 42 million pages from finance.yahoo.com indexed.  Most are dynamically generated for various stock symbols and the related pages for each, etc:
https://www.google.com/search?q=site%3Afinance.yahoo.com
directoryio
Newbie
*
Offline Offline

Activity: 46
Merit: 0


View Profile
November 17, 2017, 03:11:35 PM
 #29

would it be possible to create the same site by not generating private keys but hash160?
BurtW
Legendary
*
Offline Offline

Activity: 2366
Merit: 1015

All paid signature campaigns should be banned.


View Profile WWW
November 17, 2017, 05:18:00 PM
 #30

would it be possible to create the same site by not generating private keys but hash160?

Generating a private key takes very little time.  In the case of directory.io the private keys for the page are simply calculated from the page number.  In the case of a real key pair generation the private key is a secure random 256 bit number.  In the case of the LBC the private key started at 1 and incremented from there (they are currently creating and testing key pairs with the private keys around 253.22 or 10,490,987,492,010,478).

Once you have the private key, which is very easy, then you have to calculate the public key which is a point on an elliptic curve.  The equation looks simple (Public Key) = (Private Key) * G but it is a bit involved since G is a point on a curve and * is the scalar multiplication function defined over the points on the curve.

Remember all public keys are point on a curve so they are X, Y coordinates.  For elliptic curves for every X coordinate there are exactly two possible Y coordinates which are easy to calculate so to "remember" a specific point on the curve we can either remember the X and the Y coordinate or just the X coordinate and a single bit to tell us which of the two possible Y coordinates to use.  This means there is a "compressed" form of the public key (the X coordinate and one additional bit = 256 + 1 = 257 bits) and and "uncompressed" form of the public key (the X coordinate and the Y coordinate = 256 + 256 = 512 bits).

Once you have the public key you can now generate the Bitcoin address which is defined as a specific ASCII encoding of the triple hashing of the public key plus some check bytes.

Since for every public key there are two ways we can represent it (compressed and uncompressed) this means that for every public key there will be two possible forms for the Bitcoin address.  If you start with the compressed form of the public key you end up with the compressed version of the Bitcoin address.  If you start with the uncompressed form of the public key you end up with the uncompressed form of the Bitcoin address.

What was your question again?

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
directoryio
Newbie
*
Offline Offline

Activity: 46
Merit: 0


View Profile
November 19, 2017, 01:09:23 PM
 #31

would it be possible to create the same site by not generating private keys but hash160?

Generating a private key takes very little time.  In the case of directory.io the private keys for the page are simply calculated from the page number.  In the case of a real key pair generation the private key is a secure random 256 bit number.  In the case of the LBC the private key started at 1 and incremented from there (they are currently creating and testing key pairs with the private keys around 253.22 or 10,490,987,492,010,478).

Once you have the private key, which is very easy, then you have to calculate the public key which is a point on an elliptic curve.  The equation looks simple (Public Key) = (Private Key) * G but it is a bit involved since G is a point on a curve and * is the scalar multiplication function defined over the points on the curve.

Remember all public keys are point on a curve so they are X, Y coordinates.  For elliptic curves for every X coordinate there are exactly two possible Y coordinates which are easy to calculate so to "remember" a specific point on the curve we can either remember the X and the Y coordinate or just the X coordinate and a single bit to tell us which of the two possible Y coordinates to use.  This means there is a "compressed" form of the public key (the X coordinate and one additional bit = 256 + 1 = 257 bits) and and "uncompressed" form of the public key (the X coordinate and the Y coordinate = 256 + 256 = 512 bits).

Once you have the public key you can now generate the Bitcoin address which is defined as a specific ASCII encoding of the triple hashing of the public key plus some check bytes.

Since for every public key there are two ways we can represent it (compressed and uncompressed) this means that for every public key there will be two possible forms for the Bitcoin address.  If you start with the compressed form of the public key you end up with the compressed version of the Bitcoin address.  If you start with the uncompressed form of the public key you end up with the uncompressed form of the Bitcoin address.

What was your question again?

the addresses are they really random or say that we could find an address of the type "11111" every X private key?
ranochigo
Legendary
*
Offline Offline

Activity: 1624
Merit: 1124

Somewhat inactive.


View Profile WWW
November 19, 2017, 01:23:28 PM
 #32

the addresses are they really random or say that we could find an address of the type "11111" every X private key?
They are unpredictable, unless your wallet has a severely flawed random number generator and ends up generating the same address over and over again. Else, the addresses generated are random. Vanity address generators have an estimated time since there is a fixed range of characters for which an address can have. They can effectively give a very vague estimate of the time based on the probability.

BurtW
Legendary
*
Offline Offline

Activity: 2366
Merit: 1015

All paid signature campaigns should be banned.


View Profile WWW
November 19, 2017, 02:45:11 PM
Last edit: November 19, 2017, 03:03:29 PM by BurtW
 #33

the addresses are they really random or say that we could find an address of the type "11111" every X private key?

Are Bitcoin addresses random?  You tell me:

The private key is huge random number.  
The public key is therefore basically a random point on a huge elliptic curve.
The public key is then hashed, this creates a random number based on the random point on the curve.
The result of the hash is then hashed again, creating a random number based on the first hash.
The result is then hashed again creating a random number based on the result of the second hash.

Finally the result of the third hash is encoded into an ASCII string starting with 1 or 3.

Do you see now?

You can search for "vanity address generation" here on the forums.

Vanity address generation:

Let's say I want to find a Bitcoin address that looks like this "1BurtWxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Code:
1 Generate a random private key
2 Calculate the public key
3 Hash the result of step 2
4 Hash the result of step 3
5 Hash the result of step 4
6 Encode the result of step 5 as a Bitcoin address
7 Compare the first 6 characters to "1BurtW"
8 If the strings do not match go to step 1

Else you have found one of the almost infinite number of private keys that happen by chance to have "1BurtW" as the first 6 characters of the Bitcoin address.

I did this years ago.

Here is the result:   1BurtWEejbnKeBRsvcydJvsNztB1bXV5iQ

NOTICE that I have the private key and the Bitcoin Address so this is a valid Bitcoin Address and I have the private key so any Bitcoins sent to this address are "mine" in the sense that I can spend them - since I know the private key.

Here is another possibility:

Code:
1 START with the ASCII string you want, for example 1BitcoinEaterAddressDontSend
2 Calculate the proper checksum f59kuE
3 Add it to the end and you get 1BitcoinEaterAddressDontSendf59kuE

Notice that this is a valid Bitcoin address in that you can send Bitcoins to it and people have, to the tune of 13.1251233 BTC (!)

https://blockchain.info/address/1BitcoinEaterAddressDontSendf59kuE

However, in this case, the private key is not know, for all practical purposes it is impossible to find the private key, the private key will never be found so these 13.1251233 BTC are lost forever.

Back in the old days when it did not cost anything to do a transaction and Bitcoins were only worth a couple of dollars each I actually placed one of my favorite poems into the blockchain, there to reside forever.  Here it is:

Code:
11When1DieBuryMeDeepLayTwoXVEY5jv - (Unspent) 0.00000001 BTC
11SpeakersAtMyFeetAPairofXXTyrHor - (Unspent) 0.00000001 BTC
11HeadphonesonMyHeadAndXXXXYUSvnd - (Unspent) 0.00000001 BTC
11ALwaysPLayTheGratefuLDeadWdq4Xo - (Unspent) 0.00000001 BTC

As noted above the private keys for these addresses cannot be found, ever, so these 0.00000004 BTC are lost forever.

Two more interesting points:

1) If you take any Bitcoin address, for example 1BitcoinEaterAddressDontSendf59kuE then, by design, there is not just one possible private key that will give you this exact Bitcoin address.  There are approximately 296 = 79,228,162,514,264,337,593,543,950,336 different private keys that will give you this exact Bitcoin address!  Even though there are that many different private keys that would allow you to own and spend the 13.1251233 BTC at that address it is, for all practical purposes, impossible to find even one of them!

Blows the mind, right?

2) Very long vanity addresses have been found.  Here are the records.  Note that the private keys for these addresses are known by the owners because they were found, by chance, by generating trillions of random valid private keys and then checking the Bitcoin addresses calculated from the private keys.


Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
directoryio
Newbie
*
Offline Offline

Activity: 46
Merit: 0


View Profile
November 19, 2017, 02:56:54 PM
 #34

How calcul checksum of address ?
BurtW
Legendary
*
Offline Offline

Activity: 2366
Merit: 1015

All paid signature campaigns should be banned.


View Profile WWW
November 19, 2017, 03:06:11 PM
 #35

How calcul checksum of address ?
See https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses specifically step 7.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
directoryio
Newbie
*
Offline Offline

Activity: 46
Merit: 0


View Profile
November 19, 2017, 03:12:47 PM
 #36

thank you all I stay on the wire because I test and come bring my results here
directoryio
Newbie
*
Offline Offline

Activity: 46
Merit: 0


View Profile
November 20, 2017, 09:29:29 AM
 #37

Would it be possible to use LBC for personal purposes, ie without connecting to the LBC servers?
BurtW
Legendary
*
Offline Offline

Activity: 2366
Merit: 1015

All paid signature campaigns should be banned.


View Profile WWW
November 20, 2017, 01:35:37 PM
 #38

Would it be possible to use LBC for personal purposes, ie without connecting to the LBC servers?
Try asking that in an LBC thread.

For example here:  https://bitcointalk.org/index.php?topic=1877935.0;topicseen

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Bitcointalk.org is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!