same public key

[schnuber]

I have a stupid question.
How is it prevented that there are accidentally two identical bitcoin addresses in the system? Of course the probability is small but if it happened it would be disastrous, wouldn't it?

[1714201734]

1714201734

[1714201734]

1714201734

[1714201734]

1714201734

[1714201734]

1714201734

[Remember remember the 5th of November]

I have a stupid question.
How is it prevented that there are accidentally two identical bitcoin addresses in the system? Of course the probability is small but if it happened it would be disastrous, wouldn't it?

It wouldn't really be that disastrous. But no, there is no system to prevent two addresses from colliding. If it ever happened, it would mean you can steal the money in there.

[justusranvier]

How do you prevent yourself from being simultaneously struck by lightening and a meteorite while also being bitten by a mosquito that gives you West Nile virus as your house is being swallowed by a sinkhole caused by an earthquake?

[BurtW]

From another thread just yesterday, there are exactly:

p = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F

    = 2^256 − 2^32 − 2^9 − 2^8 − 2^7 − 2^6 − 2^4 − 1

possible key pairs in the Bitcoin system.  

However, because of the way Bitcoin addresses are calculated there are "only" 2^160 possible Bitcoin addresses.

So 2^160 is the number you are dealing with when talking about Bitcoin address collisions.  

This number is big.  Really, really big.  The probablity of a collision is so small that it will never happen.

[grue]

From another thread just yesterday, there are exactly:

p = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F

    = 2^256 − 2^32 − 2^9 − 2^8 − 2^7 − 2^6 − 2^4 − 1

possible key pairs in the Bitcoin system. 

However, because of the way Bitcoin addresses are calculated there are "only" 2^160 possible Bitcoin addresses.

So 2^160 is the number you are dealing with when talking about Bitcoin address collisions. 

This number is big.  Really, really big.  The probablity of a collision is so small that it will never happen.

Yep, 2^160 ~ 1.46x10^48 = 48 zeros!

[jackjack]

Number of water molecules on Earth: 4.68 x 10⁴⁶
Number of keys possible: 2 ^ 160 = 1.5 x 10⁴⁸ = 30 * Number of water molecules on Earth


Imagine you choose one water molecule on Earth (anywhere: in ocean, your kitchen, your cat's lung, Kim Jung Il's hair, etc) and I do the same without us communicating
The possibility of address collision is 30 times lower than the possibility of us chosing the same water molecule


Even if choose billions of water molecules (which is 1000000000000000 tinier than a glass of water) instead of just one, do you realize how ridiculously impossible it is for us to have even one shared molecule?

[schnuber]

Many commercial entities will use a new address for each transaction. If bitcoin will be widely adopted someday the amount of used bitcoin addresses will be also very big. Of course the probability of two identical addresses will still be very small... but it will be there, nonetheless.
I simply wonder what the implications would be if that happened.

[grue]

Many commercial entities will use a new address for each transaction. If bitcoin will be widely adopted someday the amount of used bitcoin addresses will be also very big. Of course the probability of two identical addresses will still be very small... but it will be there, nonetheless.
I simply wonder what the implications would be if that happened.

has been discussed 9001 times. please search for answer kthx

[threeip]

Many commercial entities will use a new address for each transaction. If bitcoin will be widely adopted someday the amount of used bitcoin addresses will be also very big. Of course the probability of two identical addresses will still be very small... but it will be there, nonetheless.
I simply wonder what the implications would be if that happened.

Chance would be the address was used 10 years ago by someone, and they've lost the privkey by now anyway. Always a good idea to empty old addresses right?

[jackjack]

Many commercial entities will use a new address for each transaction. If bitcoin will be widely adopted someday the amount of used bitcoin addresses will be also very big. Of course the probability of two identical addresses will still be very small... but it will be there, nonetheless.
I simply wonder what the implications would be if that happened.

Obvious lack of sense of proportion
Did you ever wonder about the implications of being hit by 3 lightnings simultaneously on the right eye, the left feet and the belly button?

Also, search

[DeathAndTaxes]

Many commercial entities will use a new address for each transaction. If bitcoin will be widely adopted someday the amount of used bitcoin addresses will be also very big. Of course the probability of two identical addresses will still be very small... but it will be there, nonetheless.
I simply wonder what the implications would be if that happened.

Nope.  Very big and 2^160 big are two different things.   It is like saying if we can go to mars (very far away from the earth) in a year then obviously we could just keep going and get to the nearest star "soon" doing the same thing.

Maybe this helps:
if a billion people, each used a billion new addresses, every second continuously for the next billion years that would be less than 1/460,000,000,000th of 1% of possible addresses in 2^160.

[cbeast]

It would be much easier to crack that SHA256 address. The solution to both is to not keep all your coins in one address.

[kokjo]

give up people.

some people just cannot comprehend so big numbers.

[jackjack]

give up people.

some people just cannot comprehend so big numbers.

I guess so
So disappointing

[kjj]

Hashing takes far less work than generating keypairs, and so far the bitcoin network has done something like 2⁷⁰ hashes in 4.5 years.

[kokjo]

Hashing takes far less work than generating keypairs, and so far the bitcoin network has done something like 2⁷⁰ hashes in 4.5 years.

noob response: oh, we are already half way.

[threeip]

Hashing takes far less work than generating keypairs, and so far the bitcoin network has done something like 2⁷⁰ hashes in 4.5 years.

noob response: oh, we are already half way.

For noobs;

2^70=22 digits
2^140=43 digits

[schnuber]

Amazing how one gets bashed and degraded simply because for asking a legitimate question.

I wasn't asserting that the theoretical possibility of two identical addresses is an imminent weakness of bitcoin.

If you read my post carefully you probably recognize that I am simply asking whether there is a mechanism in the software that somehow prevents two identical addresses (meanwhile I found out from your responses that there's not) and secondly, I wonder what the implications would be if  there were two identical addresses in the system. To this question you have failed to provide a profound answer yet, since you obviously prefer to bash people than to provide instructive explanations (which of course requires more intelligence and respect for other people that don't share the same level of knowledge yet).

I think this attitude is not beneficial for mainstream adoption of bitcoin.

[jackjack]

Amazing how one gets bashed and degraded simply because for asking a legitimate question.

I wasn't asserting that the theoretical possibility of two identical addresses is an imminent weakness of bitcoin.

If you read my post carefully you probably recognize that I am simply asking whether there is a mechanism in the software that somehow prevents two identical addresses (meanwhile I found out from your responses that there's not) and secondly, I wonder what the implications would be if  there were two identical addresses in the system. To this question you have failed to provide a profound answer yet, since you obviously prefer to bash people than to provide instructive explanations (which of course requires more intelligence and respect for other people that don't share the same level of knowledge yet).

I think this attitude is not beneficial for mainstream adoption of bitcoin.

You were bashed for not using the search function

It wouldn't really be that disastrous. But no, there is no system to prevent two addresses from colliding. If it ever happened, it would mean you can steal the money in there.

has been discussed 9001 times. please search for answer kthx

Also, search

[edd]

Amazing how one gets bashed and degraded simply because for asking a legitimate question.

I wasn't asserting that the theoretical possibility of two identical addresses is an imminent weakness of bitcoin.

If you read my post carefully you probably recognize that I am simply asking whether there is a mechanism in the software that somehow prevents two identical addresses (meanwhile I found out from your responses that there's not) and secondly, I wonder what the implications would be if  there were two identical addresses in the system. To this question you have failed to provide a profound answer yet, since you obviously prefer to bash people than to provide instructive explanations (which of course requires more intelligence and respect for other people that don't share the same level of knowledge yet).

I think this attitude is not beneficial for mainstream adoption of bitcoin.

Your question was answered though it might not have been very obvious. The result of such an astronomically unlikely event would be the same as if you were struck by lightning, hit by a car, and attacked by a great white shark in the middle of the Sahara desert at the same time: it would be (potentially) very bad for you, the victim, it would get a lot of attention and many others would probably worry about the same thing happening to them despite the odds against it while the rest of us and our descendants would happily use bitcoins until the universe ended without ever experiencing anything similar.

Hope that satisfies you.

[jackjack]

Your question was answered though it might not have been very obvious.

Isn't the following extremely clear?

If it ever happened, it would mean you can steal the money in there.

[DeathAndTaxes]

Exactly it is that simple.  The Bitcoin network has no concept of "ownership" only authentication.  If one can sign a transaction with a valid private key they can spend the coins.  If someone generates an address which produces the same public key as your address then they can spend your coins.

[TECHICENINE]

Exactly it is that simple.  The Bitcoin network has no concept of "ownership" only authentication.  If one can sign a transaction with a valid private key they can spend the coins.  If someone generates an address which produces the same public key as your address then they can spend your coins.

yes we will see how beta testing the lightning generator(key sniffer)works out in the shark think tank..lol


http://tesladownunder.com/Tesla18Week2FullBright3000_small.jpg

[schnuber]

Exactly it is that simple.  The Bitcoin network has no concept of "ownership" only authentication.  If one can sign a transaction with a valid private key they can spend the coins.  If someone generates an address which produces the same public key as your address then they can spend your coins.

And what would happen with money that is transferred to an address that exists twice? would this money be doubled?

[TECHICENINE]

Exactly it is that simple.  The Bitcoin network has no concept of "ownership" only authentication.  If one can sign a transaction with a valid private key they can spend the coins.  If someone generates an address which produces the same public key as your address then they can spend your coins.

And what would happen with money that is transferred to an address that exists twice? would this money be doubled?

imo it's going to get/\hairy if the geek foundation itself throws a monkey\/wrench reboot type command..thanks

[MarpleTrading]

Exactly it is that simple.  The Bitcoin network has no concept of "ownership" only authentication.  If one can sign a transaction with a valid private key they can spend the coins.  If someone generates an address which produces the same public key as your address then they can spend your coins.

And what would happen with money that is transferred to an address that exists twice? would this money be doubled?

Why would it get doubled? It is the same address, only more than one person has access to it. It is like sharing your wallet with your brother or whomever.

[jackjack]

Exactly it is that simple.  The Bitcoin network has no concept of "ownership" only authentication.  If one can sign a transaction with a valid private key they can spend the coins.  If someone generates an address which produces the same public key as your address then they can spend your coins.

And what would happen with money that is transferred to an address that exists twice? would this money be doubled?

Why would it get doubled? It is the same address, only more than one person has access to it. It is like sharing your wallet with your brother or whomever.

Are you saying that if I share my wallet with my brother the money isn't doubled? Crap!

[MarpleTrading]

Exactly it is that simple.  The Bitcoin network has no concept of "ownership" only authentication.  If one can sign a transaction with a valid private key they can spend the coins.  If someone generates an address which produces the same public key as your address then they can spend your coins.

And what would happen with money that is transferred to an address that exists twice? would this money be doubled?

Why would it get doubled? It is the same address, only more than one person has access to it. It is like sharing your wallet with your brother or whomever.

Are you saying that if I share my wallet with my brother the money isn't doubled? Crap!

If I have a wallet with 1 BTC and I share it with my brother I still have 1BTC. No doubling there. Only now my brother can spend it and when he does, I cannot.

EDIT:
prolly misunderstand doubling?

[Remember remember the 5th of November]

You can't double money in bitcoin.

[BurtW]

Are you saying that if I share my wallet with my brother the money isn't doubled? Crap!

If I have a wallet with 1 BTC and I share it with my brother I still have 1BTC. No doubling there. Only now my brother can spend it and when he does, I cannot.

EDIT:
prolly misunderstand doubling?

jackjack was being sarcastic.

[MarpleTrading]

Are you saying that if I share my wallet with my brother the money isn't doubled? Crap!

If I have a wallet with 1 BTC and I share it with my brother I still have 1BTC. No doubling there. Only now my brother can spend it and when he does, I cannot.

EDIT:
prolly misunderstand doubling?

jackjack was being sarcastic.

IC. LOL

[DeathAndTaxes]

Exactly it is that simple.  The Bitcoin network has no concept of "ownership" only authentication.  If one can sign a transaction with a valid private key they can spend the coins.  If someone generates an address which produces the same public key as your address then they can spend your coins.

And what would happen with money that is transferred to an address that exists twice? would this money be doubled?

No.  If you make a backup of your wallet the address exists twice but it doesn't double your money.

Imagine you had a safety deposit box which only had one key and you put $500 into it.  Thus only you can spend the $500, and to do so requires the key.  
Now imagine the bank screwed up and gave a second copy of your key to someone else by mistake.  Same deposit box, same $500 inside it but now two keys which open the box.  Has the money been doubled?  Can it be spent twice?  Of course not it simply means whoever use the box first can spend it and once spent the funds are gone.

Bitcoin works the same way.  Your client/wallet doesn't have any coins.  It has a set of keys which allow it to transfer ownership of coins in the blockchain.  Instead of one safety deposit box "your coins" are distributed across tens of thousands of nodes all over the planet.  When you spend coins you send a message to the network saying "hey those coins at address 1xyz... please transfer control of them to 1abc...  I have signed this message with the private key for 1xyz so you know it is a valid request".  The bitcoin network includes the transaction in the next block and the global consensus on where coins are located has been updated.  All nodes now agree the coins are not at 1xyz... they are at 1abc... .

[schnuber]

Thanks guys, now I think I understand this topic

[TECHICENINE]

Exactly it is that simple.  The Bitcoin network has no concept of "ownership" only authentication.  If one can sign a transaction with a valid private key they can spend the coins.  If someone generates an address which produces the same public key as your address then they can spend your coins.

And what would happen with money that is transferred to an address that exists twice? would this money be doubled?

Why would it get doubled? It is the same address, only more than one person has access to it. It is like sharing your wallet with your brother or whomever.

Are you saying that if I share my wallet with my brother the money isn't doubled? Crap!

If I have a wallet with 1 BTC and I share it with my brother I still have 1BTC. No doubling there. Only now my brother can spend it and when he does, I cannot.

EDIT:
prolly misunderstand doubling?

easy just print out two or IC3/\physical bitcoins with the same addy and we are all\/good ..thanks

[TECHICENINE]

Exactly it is that simple.  The Bitcoin network has no concept of "ownership" only authentication.  If one can sign a transaction with a valid private key they can spend the coins.  If someone generates an address which produces the same public key as your address then they can spend your coins.

And what would happen with money that is transferred to an address that exists twice? would this money be doubled?

No.  If you make a backup of your wallet the address exists twice but it doesn't double your money.

Imagine you had a safety deposit box which only had one key and you put $500 into it.  Thus only you can spend the $500, and to do so requires the key.  
Now imagine the bank screwed up and gave a second copy of your key to someone else by mistake.  Same deposit box, same $500 inside it but now two keys which open the box.  Has the money been doubled?  Can it be spent twice?  Of course not it simply means whoever use the box first can spend it and once spent the funds are gone.

Bitcoin works the same way.  Your client/wallet doesn't have any coins.  It has a set of keys which allow it to transfer ownership of coins in the blockchain.  Instead of one safety deposit box "your coins" are distributed across tens of thousands of nodes all over the planet.  When you spend coins you send a message to the network saying "hey those coins at address 1xyz... please transfer control of them to 1abc...  I have signed this message with the private key for 1xyz so you know it is a valid request".  The bitcoin network includes the transaction in the next block and the global consensus on where coins are located has been updated.  All nodes now agree the coins are not at 1xyz... they are at 1abc... .

fact is/\people don't trust computers in general and without some kind of physical backup=\/fail..thanks

[elements]

Even though it is highly improbable I think there are actually two questions to this:

a) what happens if the same address (public key) gets created
b) what happens if the same private key gets created

a)
As far as I know a certain address usually holds only parts of your wallets Bitcoins (worst case scenario all),
so if the same address gets created but the private keys are different only the amount assigned to that address can be spent by both people (because their different private keys are locked with the same address).

b)
If the private keys are identical all the funds of each wallet could be spent by each user.

(What happens if both have different amounts of BTC in their wallets - what would show on the client)

Or did I get something wrong here?

[DannyHamilton]

Or did I get something wrong here?

Yes, you did.

The results of generating the same address or the same private key are exactly the same.  In either case you can spend any bitcoins that exist in an unspent output that requires a signature from a valid private key.

[threeip]

a) what happens if the same address (public key) gets created
b) what happens if the same private key gets created

The pub is derived from the priv, so if you had the pub you would also have the priv.

[elements]

In other words if Alice has a wallet that contains the address xyz and Bob has a wallet that contains the same address xyz
both have the same private key?

(And thus all individual addresses of Alice and Bob can be signed with their own or the other one's private key?)

[elements]

ok, so having the same adress means actually the same private key.

That makes sense.

Thank you!

[davout]

You can't double money in bitcoin.

Yes you can, happened back in march

[davout]

ok, so having the same adress means actually the same private key.

No, to be precise it is not the case.

[DeathAndTaxes]

In other words if Alice has a wallet that contains the address xyz and Bob has a wallet that contains the same address xyz
both have the same private key?

(And thus all individual addresses of Alice and Bob can be signed with their own or the other one's private key?)

Well it is slightly more complex.  It is possible that Alice and Bob have different private keys which produce the same address because addresses are a hash of the public key.  If that happens (essentially 0% chance) either private key can sign a transaction to spend coins sent to the address in question.

[DannyHamilton]

The pub is derived from the priv, so if you had the pub you would also have the priv.

More than one private key can technically result in the same bitcoin address.

Therefore, if you have the same private key then you have the same address, but if you have the same address, you don't necessarily have the same private key.

In other words if Alice has a wallet that contains the address xyz and Bob has a wallet that contains the same address xyz
both have the same private key?

(And thus all individual addresses of Alice and Bob can be signed with their own or the other one's private key?)

Not necessarily, but they both have a private key that will create a valid signature for spending bitcoins that are associated with address xyz.  Not all individual addresses, only address xyz.

ok, so having the same adress means actually the same private key.

That makes sense.

Thank you!

No, having the same private key means having the same address.  Having the the same address does not necessarily mean having the same private key, but as long as you have a private key that is a valid private key for the address you are able to spend the bitcoins at that address.

[elements]

Ok, so in other words: if the private keys are different but the addresses are the same that means that only the amount assigned to that address (balance on that particular address) can be spent by both parties NOT the total amount of the wallets of each party. Correct?

[DannyHamilton]

Ok, so in other words: if the private keys are different but the addresses are the same that means that only the amount assigned to that address (balance on that particular address) can be spent by both parties NOT the total amount of the wallets of each party. Correct?

Correct.  Also, if the private keys ARE the same, that means that only the amount assigned to that address (balance on that particular address) can be spent by both parties NOT the total amount of the wallets of each party.

It doesn't matter if the private keys are the same or not.  It only matters if the private keys result in the same address.

[elements]

But if the private keys are the same, doesn't that also mean that they will create the same "universe" of public keys?

What I mean is this: if you create a new wallet it has one address and the private key. When you create new addresses for that wallet all derive from the same private key. If two private keys are identical won't they eventually create the same addresses? (Whether they show in your address book or not (yet))?

[DannyHamilton]

But if the private keys are the same, doesn't that also mean that they will create the same "universe" of public keys?

It was never stated, but I've been working off the assumption that we are talking about the Bitcoin-Qt wallet.  The Bitcoin-Qt wallet does not use a deterministic algorithm for generating bitcoin private keys or addresses.  Every new address is generated completely at random and has no mathematical association with any of the other addresses or private keys in the wallet.

What I mean is this: if you create a new wallet it has one address and the private key. When you create new addresses for that wallet all derive from the same private key.

No.  Regardless of the wallet you are using, each address has it's own private key.  When you create new addresses for the wallet, the wallet creates a new private/public key pair, and then computes the address from this new keypair.  In a deterministic wallet (such as Electrum), a deterministic algorithm is used to generate the next private key in the sequence instead of generating a random private key, but it is still a new private key.

If two private keys are identical won't they eventually create the same addresses? (Whether they show in your address book or not (yet))?

A private key only has one address associated with it.  (Well technically two, but that's due to the difference between the address that you get when you use a compressed public key and the one you get with an uncompressed public key)  If two private keys are identical, the address they create will be the same.

[DeathAndTaxes]

But if the private keys are the same, doesn't that also mean that they will create the same "universe" of public keys?

What I mean is this: if you create a new wallet it has one address and the private key. When you create new addresses for that wallet all derive from the same private key. If two private keys are identical won't they eventually create the same addresses? (Whether they show in your address book or not (yet))?

There is no such thing as a "universe of private keys".  Your wallet contains 1 private key for each public key (and address).

There are deterministic wallets which use a seed to produce multiple addresses but the seed isn't the private key.  The seed allows one to create multiple private keys (one private key for each address) from a single seed.

You likely are (incorrectly) assuming a wallet has only one single private key for all the addresses. If your wallet has 1000 addresses you have 1,000 unique private keys.

[DannyHamilton]

D&T,

You're getting slow.

 

[elements]

Thank you both for the clarification. Your assumptions were correct: a) I was referring to the Qt client and b) I thought there was just one private key from which all public keys derived.

Learned something! Thanks again!

[DeathAndTaxes]

D&T,

You're getting slow.

 

Yeah I am slipping in my old (forum) age.

[justusranvier]

There are deterministic wallets which derive all the private keys from a 256 bit root key and a 256 bit chain code for a total  of 512 bits of entropy.

The odds of a collision that would allow an attacker to derive the entire sequence of private keys is even more unpossible than finding one of the 2⁹⁶ private keys whose public key generates the same hash as a known bitcoin address.

[leijurv]

ok, so having the same adress means actually the same private key.

That makes sense.

Thank you!

However, there could be a RIPEMD-160 hash collision of two different ECDSA pubkey point. That would have two different privkeys with one pubkey.

[davout]

However, there could be a RIPEMD-160 hash collision of two different ECDSA pubkey point. That would have two different privkeys with one pubkey.

Re-read yourself :-)

[jackjack]

I want to repeat something:

An address corresponds to around 2^96 (around 8e28) different private keys

[kokjo]

However, there could be a RIPEMD-160 hash collision of two different ECDSA pubkey point. That would have two different privkeys with one pubkey.

their would be 2 keypairs, where the hash of the public keys would be equal.

keypair A: (Apub, Apriv)
keypair B: (Bpub, Bpriv)

Apub != Bpub and Apriv != Bpriv

BUT!!!!!

hash(Apub) == hash(Bpub)

[leijurv]

However, there could be a RIPEMD-160 hash collision of two different ECDSA pubkey point. That would have two different privkeys with one pubkey.

their would be 2 keypairs, where the hash of the public keys would be equal.

keypair A: (Apub, Apriv)
keypair B: (Bpub, Bpriv)

Apub != Bpub and Apriv != Bpriv

BUT!!!!!

hash(Apub) == hash(Bpub)

Yes. However, that would mean that the bitcoin address itself would be the same. Funds sent to that bitcoin address could be spent by either private key; the txout script only checks the hash of the pubkey key, not the public key itself.

[Remember remember the 5th of November]

You can't double money in bitcoin.

Yes you can, happened back in march

Really? Is there more information on this?

[davout]

Really? Is there more information on this?

March's fork.

[DoomDumas]

How do you prevent yourself from being simultaneously struck by lightening and a meteorite while also being bitten by a mosquito that gives you West Nile virus as your house is being swallowed by a sinkhole caused by an earthquake?

Speaking probability, this is quite, to be more accurate, I would add : at the exact same moment of all those event, you hear at the radio the you have won the big prize at the lottery, and you turn blind in an instant, because of a mysterious unknow disease !

[BurtW]

Really? Is there more information on this?

March's fork.

The fallout from that fork was "healed" a long time ago.