Bitcoin Forum
September 23, 2018, 01:19:13 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: probability of cross privkey for holders  (Read 382 times)
Potent
Full Member
***
Offline Offline

Activity: 230
Merit: 100


View Profile
December 01, 2017, 10:18:36 AM
 #1

If 10 billions people use bitcoin and everyone makes 1000 addresses, how much is probability of cross privkey between them?
I am uncomfortable for holding bitcoin because of this for long time.
1537708753
Hero Member
*
Offline Offline

Posts: 1537708753

View Profile Personal Message (Offline)

Ignore
1537708753
Reply with quote  #2

1537708753
Report to moderator
1537708753
Hero Member
*
Offline Offline

Posts: 1537708753

View Profile Personal Message (Offline)

Ignore
1537708753
Reply with quote  #2

1537708753
Report to moderator
1537708753
Hero Member
*
Offline Offline

Posts: 1537708753

View Profile Personal Message (Offline)

Ignore
1537708753
Reply with quote  #2

1537708753
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537708753
Hero Member
*
Offline Offline

Posts: 1537708753

View Profile Personal Message (Offline)

Ignore
1537708753
Reply with quote  #2

1537708753
Report to moderator
ranochigo
Legendary
*
Offline Offline

Activity: 1554
Merit: 1090


View Profile WWW
December 01, 2017, 10:45:06 AM
 #2

There are 2^160 (1.46x10^48) addresses that can possibly exist. That's an INCREDIBLY HUGE number. Just for reference, there are more addresses that can be made than the number of grains in the world. Also, you are more likely to be striked by a lightning while sitting on a toilet bowl for 17 years in a row before a collision can be made. In that scenario that you've described, you have generated 1x10^13 addresses. That's way too far off.

Well, obviously, there are 2^256 private keys that can exist but even after factoring that, the above is what is true.

Test User
Member
**
Offline Offline

Activity: 86
Merit: 10

Miner and technician


View Profile
December 01, 2017, 09:45:27 PM
 #3

If 10 billions people use bitcoin and everyone makes 1000 addresses, how much is probability of cross privkey between them?
I am uncomfortable for holding bitcoin because of this for long time.
The probability of colliding addresses is very low.

For 10 billion people with 1000 addresses each, the probability of 2 addresses colliding is less than 0.000000000000000000001%

Donations welcome - BTC: 1f52PwRLHkN4w5uBY6EccKiDYqpLkh13y     DOGE: DCg65AKPG76X5LEtWCqfyRj4a6apYRHR8j
Trust: https://bitcointalk.org/index.php?topic=432215.0
haltingprobability
Member
**
Offline Offline

Activity: 98
Merit: 20


View Profile
December 02, 2017, 05:12:12 AM
 #4

If 10 billions people use bitcoin and everyone makes 1000 addresses, how much is probability of cross privkey between them?
I am uncomfortable for holding bitcoin because of this for long time.

Let's start with the binomial distribution:

Given a private key K, the event of interest is independently generating a matching private key, K'=K. So, we're just looking for the probability of any given private key. According to this source, the following range are valid private keys: "any 256-bit number from 0x1 to 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4140"

Rounding the upper bound down to 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE 0000 0000 0000 0000 0000 0000 0000 0000 gives the following decimal number:

U = 2256-1 - 2129-1

(U for "Upper Bound") Simplifying exponents, changing the base to 10 and rounding:

U ~= 1076-1039 = 1038(1038-10)

This bound is quite approximate but it will work for back-of-the-envelope calculations. And since we're approximating anyway, we ignore the lower bound of 1, because it is negligible.

Our range has size 1038(1038-10) and every private key is equally probable. Thus, the probability of any given private key K' is p(K') = 1/(1038(1038-10)). Since we can represent the key-collision as a binomial experiment, to find the average number of collisions after n experiments, we just multiply n x p(K'). Let's find the average number of attempts we have to make at finding a key collision in order to have the same odds of success as winning the Powerball (1 in 175,000,000):

175 x 10-6 = n x 1/(1038 x (1038-10))
n = 175 x 10-6 x (1038 x (1038-10))
n = 175 x 1032 x (1038-10) = 175 x (1070 - 1033) ~= 1072-1035

To avoid bignums, we reduce the largest exponent by one and throw away the error term:

n = 1071

This number has no standardized name - using standardized names it's about 100 septillion septillion sextillion. So, after making 100 septillion septillion sextillion attempts, the probability that you will find a private key collision is about the same probability as winning the Powerball. Note that the key fingerprint collision is not nearly as hard, I think we just have to divide the number of attempts by 296 ~= 1029, so you'd only have to make about 1042 attempts, or a trillion nonillion attempts. Not bad odds when you think about it. I think I'll get to work on this right now.

(Apologies to the math professors... this is the kind of chainsaw arithmetic we use in engineering.)
Xynerise
Sr. Member
****
Offline Offline

Activity: 280
Merit: 280

39twH4PSYgDSzU7sLnRoDfthR6gWYrrPoD


View Profile
December 02, 2017, 02:39:48 PM
 #5

In order to spend money sent to a Bitcoin address, you just need to find a ECDSA public key that hashes to the same 160-bit value. That will take, on average, 2^160 key generations.

Supposing you could generate a billion (2^30) per second, you need 2^130 seconds.

Doing this in parallel using a billion machines requires only 2^100 seconds.

Getting a billion of your richest friends to join you gets it down to only 2^70 seconds.

There are about 2^25 seconds per year, so you need 2^45 years.

The age of the Universe is about 2^34 years so far — better get cracking!
https://bitcoin.stackexchange.com/questions/22/is-it-possible-to-brute-force-bitcoin-address-creation-in-order-to-steal-money
Potent
Full Member
***
Offline Offline

Activity: 230
Merit: 100


View Profile
December 03, 2017, 01:28:30 PM
 #6

Great answers guys. I am a bitcoin holder with high confident now
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!