Vanitygen: Vanity bitcoin address generator/miner [v0.22]

[deepceleron]

Is it necessary to let vanitygen run continuously in order to find the desired key, or can I stop it then start it again?

runeks: It's generating random keys, so yes - you can stop it anytime and it don't lower your chance to find proper address...

Unless you put in a custom seed, but you probably don't do that, anyway

It appears this is not a concern, that system entropy is still used in addition to the random seed file. We don't get the same addresses every execution:

E:\Bitcoin\vanitygen-0.17-win>vanitygen.exe -v -t 2 -s RandomNumbers 1ABCD
Read 959 bytes from RNG seed file
Prefix difficulty:              4476342 1ABCD
Difficulty: 4476342
Using 2 worker thread(s)
Pattern: 1ABCD
...
Address: 1ABCDRandomBitcoinAddress

E:\Bitcoin\vanitygen-0.17-win>vanitygen.exe -v -t 2 -s RandomNumbers 1ABCD
Address: 1ABCDRandomBitcoinAddress

E:\Bitcoin\vanitygen-0.17-win>vanitygen.exe -v -t 2 -s RandomNumbers 1ABCD
Address: 1ABCDRandomBitcoinAddress

E:\Bitcoin\vanitygen-0.17-win>vanitygen.exe -v -t 2 -s RandomNumbers 1ABCD
Address: 1ABCDRandomBitcoinAddress

So far RaTTuS seems to have set the bar for complexity with his public address....

It looks like we can use vanitygen itself to see how difficult the prefix was:

Case sensitive 1RaTTuS:

E:\Bitcoin\vanitygen-0.17-win>vanitygen.exe -v 1RaTTuS
Prefix difficulty:         888,446,610,538 1RaTTuS

Case insensitive 1firstbit (yes, I had to do it...):

E:\Bitcoin\vanitygen-0.17-win>vanitygen.exe -v -i 1FiRSTBiT
Prefix difficulty:        1,605,983,018,727 1firstbit

note: RaTTuS is harder than most 6 chars  -- case-sensitive prefixes starting with Q-Z or a-z are 59x harder than starting 1-9,A-P):

Prefix difficulty:         873,388,193,410 1Poooooo
Prefix difficulty:       51,529,903,411,245 1Qoooooo

CHALLENGE: post the highest difficulty prefix you've found (use -i if you didn't search case-sensitive.)

[1714144212]

1714144212

[BTCurious]

CHALLENGE: post the highest difficulty prefix you've found (use -i if you didn't search case-sensitive.)

I found a "12345678" which I quite like, and also the ones in my sig.

[deepceleron]

CHALLENGE: post the highest difficulty prefix you've found (use -i if you didn't search case-sensitive.)

I found a "12345678" which I quite like, and also the ones in my sig.

(case-sensitive)
Prefix difficulty:         888,446,610,538 12345678
Prefix difficulty:         873,388,193,410 1NaNoBit

12345678 is harder due to weirdness about the 0 bits in the underlying unencoded address to make a 2 (in Base58 1 = 0)

For a particular length, case-insensitive difficulty will be lower depending on how many Base58 case substitutions are possible in your phrase, e.g. n has N, but i can't be I; numbers have no substitution.

[deepceleron]

Would some one be interested in creating a 9 letter vanity address for a bounty? If so please PM

Also assuming you make the address for me, I would be able to use it with out too much trouble?

Thanks

Just to get near a 50% probability of generating a "1" plus nine case-insensitive letters would take about the same GPU processing time as mining 6 BTC...

If you put what you want here with the bounty, perhaps several people could add your phrase to their list of vanity addresses they are already searching for and you might get lucky. You have to trust that the person who gives you the vanity address is also relinquishing and completely deleting the matching private key, or they would also have access to any bitcoins sent to that address.

[runeks]

Would some one be interested in creating a 9 letter vanity address for a bounty? If so please PM

Also assuming you make the address for me, I would be able to use it with out too much trouble?

Thanks

Could you specify the exact 9 letter prefix you wish? Is it even a prefix, or does the text just have to appear somewhere in the address? Lower case is slowest, upper case is less slow and either upper case or lower case is the fastest, so this has an impact on the amount of time one has to use to find your desired string.

EDIT: You would need to install pywallet to import the private key into your wallet. I'm not sure how difficult this is on Windows; on Linux it's fairly easy.

[runeks]

It seems like pywallet doesn't support the encrypted wallet format used in the v0.4 Bitcoin client. At least that's what appears to me to be the case from reading the pywallet-thread. Perhaps it would be a good idea to add this information to the first post of this thread, on importing the private key, that pywallet doesn't support an encrypted wallet.dat, since I imagine most people are using this feature.

[runeks]

Code:

user@linuxcoin:~/Desktop/vanitygen$ ./oclvanitygen -k -d 0 -s /dev/random "1TyGrrTech"
Read 32 bytes from RNG seed file
Difficulty: 173346595075428786
[31.21 Mkey/s][total 1292369920][Prob 0.0%][50% in 122.1y]  

So in 122 years there will be a 50% chance it has been found .

I have added your prefix to my pattern file. I will probably find the pattern I'm looking for ("1runeks") Saturday (5.5 hrs for 50% prob.), but don't keep your hopes up on me finding yours .

Can the authors elaborate on what exactly "difficulty" refers to? And how you, from the difficulty, calculate that the probability is x of finding the key in y hours/days/years.

[avoid3d]

Can anyone think of a clever way to distribute this: to let us search for the vanity phrases others want aswell as our own

[BurtW]

TyGrrTech is pretty long, but other, shorter versions (for example http://firstbits.com/1TGTech) are still available.

This whole idea of finding accounts for others would be pretty cool except for one thing:  security of the private key.

For example if I did find 1TyGrrTech (or more likely 1TGTech) I would now know the private key.  If I give/sell the keypair to you then there is really no way you can be sure I don't keep a copy of it so I can go in and steal all your coins once I see you have a bunch on the account.

The best option I can think of is that if you were to get/buy one of these keys where you are unsure of the security of the private key then import the private key into Mt. Gox and set it to immediately sweep any coins sent to the account off the account into another account.

Even doing that you still would have to "race" with anyone else who had the same private key and see who could sweep the coins out first.

[deepceleron]

CHALLENGE: post the highest difficulty prefix you've found (use -i if you didn't search case-sensitive.)

New difficulty challenge to beat: 3,317,130,297,283 (see my signature!)

[BurtW]

I was quite sad when I found out that http://firstbits.com/1bitcoin had been wasted on a dead end account.  I have created quite a few vanity addresses and I think my favorite so far is http://firstbits.com/1zaphod  Also, and this might date me, I own http://firstbits.com/1xyzzy (the magic word in one of the first computer games called Adventure)

[btc_artist]

Would some one be interested in creating a 9 letter vanity address for a bounty? If so please PM

Also assuming you make the address for me, I would be able to use it with out too much trouble?

Thanks

It would need to be someone trustworthy, as they would also have access to the private key associated with it, no?

[jackjack]

Would some one be interested in creating a 9 letter vanity address for a bounty? If so please PM

Also assuming you make the address for me, I would be able to use it with out too much trouble?

Thanks

It would need to be someone trustworthy, as they would also have access to the private key associated with it, no?

Absolutely, it's a huge mistake to use an address if somebody else knows the private key

[runeks]

Can anyone think of a clever way to distribute this: to let us search for the vanity phrases others want aswell as our own

As far as I can tell we can't make this distributed in a safe manner. Whoever finds a particular address will need to have had the public part of the EC key pair, which is only valuable with the matching private key. They are always created together, and so, anyone finding a particular address (and it's corresponding key) will have had the opportunity to save the private.

I'd love to be proven wrong on this though.

[btc_artist]

I'd love to be proven wrong on this though.

I don't think you can be.

[runeks]

^ Me neither. Unless we invent a homomorphic encryption scheme to accompany this distributed vanity address generator. But maybe that'd be just a liiitle too much work for cool Bitcoin addresses .

[BTCurious]

Can anyone think of a clever way to distribute this: to let us search for the vanity phrases others want aswell as our own

As far as I can tell we can't make this distributed in a safe manner. Whoever finds a particular address will need to have had the public part of the EC key pair, which is only valuable with the matching private key. They are always created together, and so, anyone finding a particular address (and it's corresponding key) will have had the opportunity to save the private.

I'd love to be proven wrong on this though.

Wrong.

(The explanation assumes you know something about EC cryptography)
Person 1 makes a private key Priv1, and calculates the public key Pub1. Person 2 gets Pub1, creates a new private key Priv2, and adds (EC source point) * Priv2 to it, creating Pub2. Now, if Pub2 hashes to a nice vanity address Vnice, then Person 2 sends Priv2 to Person 1. Person 1 then adds Priv1 to Priv2, getting Privnice.

This is a way for Person 2 to help generating an address for Person 1. At the same time, Person 2 can search for his own stuff, and if he finds one of his own vanity targets first, he will instead request Priv1 from Person 1. Now Person 1 doesn't know Privnice. For further search, both Persons generate a new random private key, and they start over.

[runeks]

^ Cool! I'm glad you proved me wrong . I don't know anything about EC cryptography but I'll take your word for it.
It means that we could begin building websites where users can buy vanity addresses securely for Bitcoins.

[BurtW]

I am no expert but I have done a fair amount of work creating and debugging standard PKI code.  I am very curious about your post and need a bit more help in understanding it.  Given a bit more understanding I think I could write the code and then maybe we could eventually get it included into the vanitygen project.

Person 1 makes a private key Priv1, and calculates the public key Pub1.

Person1 creates the Pub1(n1, r1) Priv1(n1, r1, p1, q1, s1) keypair.

Person 2 gets Pub1, creates a new private key Priv2, and adds (EC source point) * Priv2 to it, creating Pub2.

I assume this it the search loop of the program:
1) Create a new keypair PubN(nN, rN) PrivN(nN, rN, pN, qN, sN) [I assume we can make rN=r1, are there any other restrictions to this keypair generation?]
2) Create the public key to test PubT where PubT is a function of Pub1 and the new keypair:  PubT(nT, rT) = F1(n1, r1, nN, rN, pN, qN, sN)
3) Hash and test PubT for the vanity criteria, if it does not match then go to step 1), if it does match then continue

Now, if Pub2 hashes to a nice vanity address Vnice, then Person 2 sends Priv2 to Person 1

Assuming PubT matches the vanity criteria then send the keypair PubN(nN, rN) PrivN(nN, rN, pN, qN, sN) from Person2 to Person1 [this could be encrypted using Pub1]

Person 1 then adds Priv1 to Priv2, getting Privnice.

PrivNice(nNice, rNice, pNice, qNice, sNice) = F2(n1, r1, p1, q1, s1, nN, rN, pN, qN, sN)

So my question is can you give me the details for the two functions:

PubT(nT, rT) = F1(n1, r1, nN, rN, pN, qN, sN) and
PrivNice(nNice, rNice, pNice, qNice, sNice) = F2(n1, r1, p1, q1, s1, nN, rN, pN, qN, sN)

or point me to a site or paper that can give me these details?

[BTCurious]

Hmm, I'm on my phone right now, so I can't really check what your variables meant exactly. I'll however explain it in the terms I usually reason in, maybe that will help.

Bitcoin uses a field with some standard, predefined settings. A point in this field is given by two coordinates. A public key is actually just 0x04, and then the two coordinates. You can generate a random point in this field by taking a random number R (smaller than the field size), and adding the field source point to itself R times. The source point (or zero point or something, I'm not sure) is one of the predefined field settings. The random number R is more commonly known as the private key.

So we have a random int as a private key, and this gives a point in the field as a public key.
Now, Person 1 creates Priv1, and subsequently Pub1, and gives Pub1 to Person 2. Person 2 generates a random Priv2, and adds the source point Priv2 times to Pub1. This creates a new point in the field, which is actually the public key associated with the random number (Priv1+Priv2). So that would make it Pub(1+2).

Now, Person 2 can find the address for Pub12, but he'll never be able to claim any bitcoins on the address, because he'd have to sign his transactions with Priv(1+2), but he doesn't have Priv1.


Anyway, the loop here starts after Person 1 sends Pub1 to Person 2. Person 2 can keep generating a new Priv2 to check for niceness, and only has to report back to Person 1 after he has actually found a nice address.

Now, I haven't found a way to generate addresses for a lot of people at the same time though, since everyone gives you a different public key. But it might be possible. The problems involved sound a bit like multiple key authentication, which is being worked on right now. But yeah, for now at least, having one person generating a vanity address for someone else securely is not impossible.