How many possibly bitcoin addresses are there exactly? And how long does it...

[gigabytecoin]

How many possibly bitcoin addresses are there exactly?

How long does it take to generate one?

[FreeMoney]

I heard 2^160.

A fast setup could do thousands each second.

[JoelKatz]

And if you're thinking what I think you're thinking, remember that you don't actually have to find their private key to claim someone else's bitcoins. All you have to do is find any one of the roughly 2^96 private keys whose corresponding public key hashes to that address.

[kjj]

There are exactly 2^160 possible addresses as long as we keep using RIPE-MD160.

2^160 is 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976.

[Rob P.]

The total address space is 2^160

To put that in perspective, there are only 2^63 grains of sand on all of the beaches of the Earth (http://www.hawaii.edu/suremath/jsand.html)

Before you run out and build an RPC program to generate addresses, do some math first.

Or read this:  http://forum.bitcoin.org/index.php?topic=1387.0

The total pool of Bitcoin addresses in use is so minuscule compared to the total population of addresses you *could* create, that the odds of you creating a private key for an address that is already in use is so small (near zero), that you'd be better off just writing malware to infect computers and just steal them.

[Ian Maxwell]

A more profitable way to make money from generating random numbers would be the state lottery.

[gigabytecoin]

And if you're thinking what I think you're thinking, remember that you don't actually have to find their private key to claim someone else's bitcoins. All you have to do is find any one of the roughly 2^96 private keys whose corresponding public key hashes to that address.

Ok so for somebody to be lucky enough to steal the bitcoins out of my main backup address...

They first need to generate my address which could be any one of 2^160 possibilities. And then they must generate the corresponding public key that gives them access to the bitcoins in my address? Of where there at 2^96 possibilities?

Or must they simple generate 2^96 bitcoin keys... at which point they would control every single bitcoin address in the world?

[JoelKatz]

And if you're thinking what I think you're thinking, remember that you don't actually have to find their private key to claim someone else's bitcoins. All you have to do is find any one of the roughly 2^96 private keys whose corresponding public key hashes to that address.

Ok so for somebody to be lucky enough to steal the bitcoins out of my main backup address...

They first need to generate my address which could be any one of 2^160 possibilities. And then they must generate the corresponding public key that gives them access to the bitcoins in my address? Of where there at 2^96 possibilities?

Generating the public key is trivial.

Or must they simple generate 2^96 bitcoin keys... at which point they would control every single bitcoin address in the world?

The most sensible way to attempt the attack (which is still insane) is to generate random private keys, calculate the corresponding addresses, and then see if that address has a non-zero balance. I believe there are 2^160 possible addresses. So even if there are 1,000,000,000 addresses with non-zero balances, your odds of getting a non-zero balance on a single key are 1 in 2^128.

So brute-forcing a single bitcoin address with a non-zero balance (assuming there are a billion of them, which is generous), is as hard as, say, brute-forcing a given 128-bit AES key.

[theymos]

Bitcoin already supports OP_HASH256 in script, so it would be trivial to increase the number of addresses if it ever became a problem.

[schnuber]

So there are 2^160 public keys but only 2^96 private keys? Ho does that add up?
Are there private keys than unlock more than one public key?

[cr1776]

So there are 2^160 public keys but only 2^96 private keys? Ho does that add up?
Are there private keys than unlock more than one public key?

This discussion might help:   :-)

https://bitcointalk.org/index.php?topic=199212.0

[JoelKatz]

So there are 2^160 public keys but only 2^96 private keys? Ho does that add up?
Are there private keys than unlock more than one public key?

There are just under 2^256 private keys, just under 2^256 public keys, and 2^160 addresses. There are some addresses that have more than one corresponding public key and thus more than one corresponding private key.

[schnuber]

Ok so the quote that there are 2^96 private keys is wrong then

[bitpop]

More than atoms in the universe

[ktorn]

More than atoms in the universe

That is not correct, not even close.
The estimated number of atoms in the observable universe (10^80) is 71 million trillion trillion times greater than 2^160.

[PGSystemTester]

Ok so the quote that there are 2^96 private keys is wrong then

I realize this is an old discussion but this thread now appears towards the top of searches for "How many Bitcoin addresses are there" and I wanted to add some exact numbers along with some "color" that might make more sense than exact numbers.

The Answer
The total possible number of addresses is exactly 2¹⁶⁰, or more commonly expressed as 2^160 which is 2 multiplied by itself 160 times.
As a decimal number (what most people consider "normal") this is 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976.

Why THAT Number
If I were to ask you how many possible numbers could be shown on a 2-digit scoreboard under the HOME team section, the answer would be 100. Don't feel bad if you thought 99, we're all incorrectly taught to start counting at one instead of zero, but the range of 0 to 99 = 100 possible numbers.

Similarly, a Bitcoin address must be a whole number that can be displayed on a "scoreboard" that uses binary numbers and extends 160 digits. If you can wrap your head around hexadecimal numbering, it offers a good illustration of the range of possible numeric addresses being from:  0 to FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF

Private Key Possibilities
The total number of possible private keys is frequently listed as 2^256 and for all sensible discussion, this is correct.

However, technically there are fewer due to usage of the secp256k1 Curve usage. Words cannot express how insignificant of a difference the actual number is from 2^256. Imagine all of Earth's beaches. Now imagine them with one less grain of sand. Even THAT example is overstating the difference (though the actual numeric difference is far greater than the actual number of grains of sand on Earth's beaches  )

But since we're talking exact numbers, here's an illustration (compared to 2^256)

Code:

Total Numbers As Decimals
115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336 (exact private key maximum)
115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936 (2^256)

Maximum Value as a Hexadecimal
FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4140 (exact private key maximum)
FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF (2^256)

Overall Security
Going back to the discussion of how long it would take to brute force attack a specific address -- quite simply not possible with today's technology. A few years ago, I posted this question in the mathematics section on the stack exchange trying to figure out how many trials would be needed to even have a 1% probability. Suffice to say... it's pretty safe.

https://math.stackexchange.com/questions/2845598/how-to-calculate-binomial-distribution-of-really-small

If you or someone you know still finds themselves worried about the idea of someone randomly guessing your private key code, it might be worth noting that we all face similarly improbable odds on a regular basis. It would be far more likely for a cybercriminal to find a recycled password or some other vulnerability to access our financial records. A three-year-old might accidentally hit the precise keystrokes to miraculously log into your account. These are risks we inherently accept and don't lose sleep over yet they are more likely to occur than anyone guessing your private key combination. While there is a possibility it is just too low to consider existent. But to quote dumb and dumber... SO YOU'RE SAYING THERE'S A CHANCE.....

[vit05]

Ok so the quote that there are 2^96 private keys is wrong then

I realize this is an old discussion but this thread now appears towards the top of searches for "How many bitcoin addresses are there."

Here are some exact numbers for Bitcoin and Ethereum... and all of their relatives.

The total possible number of addresses is exactly 2^160.
As a decimal number (what most people consider "normal") this is 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,975.
As a hexidecimal, this number is: FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF

The total possible private keys is frequently listed as 2^256 and for all sensible discussion, this is correct.
However, technically there are a few less because of the secp256k1 Curve usage. Below is the exact amount of private keys that can be used.
(I'm comparing them against the 2^256 just to illustrate how inconsequential the difference is)

Code:

Decimal
115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336 (actual private key maximum)
115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,935 (2^256)

Hexidecimal
FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4140 (actual private key maximum)
FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF (2^256)

Going back to the discussion of how long it would take to brute force attack a specific address -- quite simply not possible with today's technology. The quote of 2^96 represented how many potential PRIVATE keys would work for a single PUBLIC key (not how many total private keys were there). A brute force attack would require an approach of using all 2^256 since there's no way to tell if a private key will generate an address that's been used or not. At some point (2^200?) all 2^160 addresses would be accounted for, but again, impossible with today's technology.

I hope it's not a totally stupid question. But has bech32 changed anything about this number of public addresses? I think the private keys do not change anything, right? Since they follow the same pattern.

[theymos]

I hope it's not a totally stupid question. But has bech32 changed anything about this number of public addresses? I think the private keys do not change anything, right? Since they follow the same pattern.

Short-style bech32 addresses have the same maximum possible addresses of 2¹⁶⁰. There is also a long-style bech32 address format (used for multisig and other more complex scripts) which has 2²⁵⁶ possible addresses.

[Devawnm367]

So is that the total number of possibilities, or is that the total number of addresses? If I use a phrase and unlock one would that mean it was being used or are all of the wallets pre created with prestored key phrases,  lets say if I typed random words for days and somehow unlock one would that mean that it is of use or I just found a random address?

I guess running a program would be simpler,  just saying I never knew that... your odds would be less than one unlock in a million years!!!!

[Coding Enthusiast]

In case you are wondering where are these numbers coming from, you should know that these aren't magic numbers or constants anywhere. These are simply the size of the "data" that represent an address! The first thing you should ask is "what is an address?" This will also clarify things for the question above regarding Bech32 and @theymos answer regarding 2¹⁶⁰ and 2²⁵⁶ number of addresses.

An address such as 1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH or bc1qw508d6qejxtdg4y5r3zarvary0c5xw7kv8f3t4 is simply the "human readable" encoding of some data. Now that data simply has a fixed size. In case of P2PKH and P2WPH address examples above this data is RIPEMD160(SHA256(publickey)). Basically you are encoding (to be human readable) the result of RIPEMD160 cryptographic hash function. The encoding can be anything, in bitcoin we use Base58 encoding for first address example and use bech32 for the second.
This hash function as its name suggests is 160 bits in size. So the number of possible results it can have is 2¹⁶⁰.
Math:

Code:

1 bit (2^1): 
0
1

2 bit (2^2):
00
01
10
11

160 bit (2^160)
...

What about 2²⁵⁶ then?
That "data" is not always the same. We have different types of addresses. For instance it can be a scriptHash, in which case it is the result of a SHA256 cryptographic hash function which is obviously 256 bits of data hence the 2²⁵⁶ possible addresses.