Noobish public/private key question

[neilol]

Noob question here but I made a paper wallet today and had a thought I couldn't quite work through in my head, or sort out with some searching.

When restoring a cold wallet (or importing keys into a new wallet) is it true that all one needs to do is enter in a private key to gain access to the balance? What would stop someone from just trying a private keys forever until one hits? Surely the probability goes down as more private keys are generated (thinking out 100+ years)

I was under the impression that the private key needed to MATCH the public key – which means you would essentially have no chance of guessing this on the first try – so brute forcing was essentially useless.

Since this is fairly straight forward I must be missing a key piece of how it works – someone care to explain as if I were 5? I thought I had  a pretty good handle on public-private key – guess not.


Also - what if two people are assigned the SAME private key..this is possible (although i understand overwhelmingly unlikely). This breaks the system? I cant believe that - again I thought the private key had to match something, and was only associated with one address.

[Anon136]

there are too many possible combinations for it to be practical.

[Rannasha]

Noob question here but I made a paper wallet today and had a thought I couldn't quite work through in my head, or sort out with some searching.

When restoring a cold wallet (or importing keys into a new wallet) is it true that all one needs to do is enter in a private key to gain access to the balance? What would stop someone from just trying a private keys forever until one hits? Surely the probability goes down as more private keys are generated (thinking out 100+ years)

I was under the impression that the private key needed to MATCH the public key – which means you would essentially have no chance of guessing this on the first try – so brute forcing was essentially useless.

Since this is fairly straight forward I must be missing a key piece of how it works – someone care to explain as if I were 5? I thought I had  a pretty good handle on public-private key – guess not.


Also - what if two people are assigned the SAME private key..this is possible (although i understand overwhelmingly unlikely). This breaks the system? I cant believe that - again I thought the private key had to match something, and was only associated with one address.

If all the computers in the world do nothing but generate private/public keypairs all day long (and we multiply their power by 1000, for good measure) then the chances of having run into a duplicate before the sun is extinguished are still negligibly small. There are *that many* possible keypairs.

[pmelt]

This is what someone explained to me, from a math perspective:

If 137 Billion people generated 137 Billion addresses per year for 137 Billion years, there would still be only a 1 in 35 Billion chance that ANY of them were the same.

Regardless if those numbers are true (someone smarter than me can tell us), for all intents and purposes, the odds are really, really, really, really, really, really, really, really small. Really.

[jackjack]

Breaks the system? No.
If two people have the same private key, it's EXACTLY like if you put your private key in bitcoin-qt and in your smartphone for instance. The first to redeem the coins redeems the coins.
But.
100+ years IS EXTREMELY FAR from being even a beginning of what time would be needed

Hint: the Sun doesn't contain enough energy to count to 2^256

And your estimate of how long a brute force attack on SHA-256 would take is wrong, it isn't centuries, it is billions and billions of years, minimum.  If you converted the entire mass of the sun into energy, and used all of that energy to increment a counter using the absolute limit of physics for minimum energy used to flip a bit, you'd get to around 2²²⁵.  You'd need 2³¹ suns of similar mass to finish just iterating through all of the possible inputs.  So, billions of stars, or trillions or quadrillions if you want to actually perform the hashes too.

This is about the number of private keys, I'm sure calculations can be done for addresses too. But let's say this for now:
 - There are 3 times more bitcoin addresses (10^48) than water molecules on Earth (in the sea, in your dog's eye, in Putin's car)
 - A human being contains 10^27 water molecules



By the way, there are:
~2^256 possible private keys
2^160 bitcoin addresses
This means that there are ~2^94 private keys correspond to the same bitcoin address

[BurtW]

It does not matter much to your point that "lots and lots of private keys map to each Bitcoins address" but 256-160=96.

Also since every private key actually maps to two different forms of public key, which then map to Bitcoin addresses:

For every Bitcoin address there are about 2(2⁹⁶) = 2⁹⁷ possible private keys.

The about above is due to the fact the private key space is not exactly 2²⁵⁶ (it is a bit less).

[kik1977]

By the way, there are:
~2^256 possible private keys
2^160 bitcoin addresses
This means that there are ~2^94 private keys correspond to the same bitcoin address

Guys, I don't get this. If there are 2^256 possible privkeys and 2^160 possible addresses, shouldn't that mean that there is more than one possible address which can be opened by the same privkey? In other words, since there are more possible privkeys than addresses, how can  it be that there is more than one privkey for each address? It seems illogical and mathematically impossible. Thanks for your help in understanding

[BurtW]

By the way, there are:
~2^256 possible private keys
2^160 bitcoin addresses
This means that there are ~2^94 private keys correspond to the same bitcoin address

Guys, I don't get this. If there are 2^256 possible privkeys and 2^160 possible addresses, shouldn't that mean that there is more than one possible address which can be opened by the same privkey? In other words, since there are more possible privkeys than addresses, how can  it be that there is more than one privkey for each address? It seems illogical and mathematically impossible. Thanks for your help in understanding

In Bitcoinland we do not use the public key directly, we use a special hash of the public key called the "Bitcoin address".  Since it is the hash of the public key and it has an address space smaller than the public/private key pair address space that means that multiple public/private key pairs map to the same Bitcoin address.

Public/Private key pairs -> (multiple hash functions applied to the public key) -> Bitcoin address

a little less than 2²⁵⁶ possible public/private key pairs -> (three hashes of the public key) -> 2¹⁶⁰ possible Bitcoin addresses

[kik1977]

By the way, there are:
~2^256 possible private keys
2^160 bitcoin addresses
This means that there are ~2^94 private keys correspond to the same bitcoin address

Guys, I don't get this. If there are 2^256 possible privkeys and 2^160 possible addresses, shouldn't that mean that there is more than one possible address which can be opened by the same privkey? In other words, since there are more possible privkeys than addresses, how can  it be that there is more than one privkey for each address? It seems illogical and mathematically impossible. Thanks for your help in understanding

In Bitcoinland we do not use the public key directly, we use a special hash of the public key called the "Bitcoin address".  Since it is the hash of the public key and it has an address space smaller than the public key address space that means that multiple public keys map to the same Bitcoin address.

Public key -> (multiple hash functions) -> Bitcoin address

a little less than 2₂₅₆ possibilites -> (three hashes) -> 21⁶⁰ possibilities

Thanks BurtW, I know that. What wasn't clear to me is the sentence "~2^94 private keys correspond to the same bitcoin address", this is the piece of information I don't get, seems like there are 2^94 (more or less, ok) different possible privkeys for any bitcoin address..
It sounds wrong to me, but it's possibly my ignorance..

ps. JackJack, the Flying Spaghetti Monster's pic is tooooo nice!

[BurtW]

Let's say you had 10,000 possible public/private key pairs but only 1,000 possible "addresses" then for every address there would be 10,000 / 1,000 = 10 possible key pairs which would have to map to the very same address.

Make sense?

In our case the number of key pairs that map to each Bitcoin Address is huge, for now, for simplicity, lets call it 2²⁵⁶ / 2¹⁶⁰ = 2⁹⁶.

This means there are 2⁹⁶ key pairs that have the very same Bitcoin address.

Any one of the 2⁹⁶ key pairs can claim the Bitcoins stored at that address.

Big number.

What makes it work is that there are 2²⁵⁶ possible key pairs, which is an even bigger number.

[kik1977]

Let's say you had 10,000 possible public/private key pairs but only 1,000 possible "addresses" then for every address there would be 10,000 / 1,000 = 10 possible key pairs which would have to map to the very same address.

Make sense?

In our case the number of key pairs that map to each Bitcoin Address is huge, for now, for simplicity, lets call it 2²⁵⁶ / 2¹⁶⁰ = 2⁹⁶.

This means there are 2⁹⁶ key pairs that have the very same Bitcoin address.

Any one of the 2⁹⁶ key pairs can claim the Bitcoins stored at that address.

Big number.

What makes it work is that there are 2²⁵⁶ possible key pairs, which is an even bigger number.

Yes, thanks, it makes a lot of sense! But now going back to what OP said at the beginning, if you have a paper wallet for cold storage, when you want to use it, do you simply import the private key on blockchain (or whatever service you want to use)? Following what you said, I now understand you must import both keys, even if my previous understanding was you only need to import the privkey..

[BurtW]

Let's say you had 10,000 possible public/private key pairs but only 1,000 possible "addresses" then for every address there would be 10,000 / 1,000 = 10 possible key pairs which would have to map to the very same address.

Make sense?

In our case the number of key pairs that map to each Bitcoin Address is huge, for now, for simplicity, lets call it 2²⁵⁶ / 2¹⁶⁰ = 2⁹⁶.

This means there are 2⁹⁶ key pairs that have the very same Bitcoin address.

Any one of the 2⁹⁶ key pairs can claim the Bitcoins stored at that address.

Big number.

What makes it work is that there are 2²⁵⁶ possible key pairs, which is an even bigger number.

Yes, thanks, it makes a lot of sense! But now going back to what OP said at the beginning, if you have a paper wallet for cold storage, when you want to use it, do you simply import the private key on blockchain (or whatever service you want to use)? Following what you said, I now understand you must import both keys, even if my previous understanding was you only need to import the privkey..

Given the private key you can directly calculate the public key.  Given the public key you cannot "in a million years" calculate the private key.  So, all you need is the private key since the public key (and therefore the Bitcoin address) is easily derived from the private key.

[Abdussamad]

Yes, thanks, it makes a lot of sense! But now going back to what OP said at the beginning, if you have a paper wallet for cold storage, when you want to use it, do you simply import the private key on blockchain (or whatever service you want to use)? Following what you said, I now understand you must import both keys, even if my previous understanding was you only need to import the privkey..

No just the private key is sufficient. The public key is actually derived from the private key. The reverse is not possible. The address is derived from the public key. So as long as you have the private key you are good. Of course this also means that you don't reveal the private key to anyone or they can take your coins.

The problem with importing your private key into your regular blockchain.info wallet is that it bc.info might use that priv key's address as a change address. So you might think that you've emptied the funds in that private key's address but that might not be the case. Or it might be that future transactions send change to that address.

So it is better to create a temporary wallet, import the private key and send all the coins to an address in your regular wallet. Then never use that temporary wallet again.

[hayek]

If you took the ENTIRE universe and broke it up in to even parts.

If the number of parts equaled the number of possible bitcoin addresses then each "part" of the universe would be roughly 900 atoms large.

"Astronomical" is used too often. With bitcoin addresses it's true.

[jackjack]

If you took the ENTIRE universe and broke it up in to even parts.

If the number of parts equaled the number of possible bitcoin addresses private keys then each "part" of the universe would be roughly 900 atoms large.

"Astronomical" is used too often. With bitcoin addresses it's true.