Bitcoin Forum
November 09, 2024, 03:33:58 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Noobish public/private key question  (Read 2964 times)
neilol (OP)
Sr. Member
****
Offline Offline

Activity: 302
Merit: 250


View Profile
August 27, 2013, 07:16:24 PM
 #1

Noob question here but I made a paper wallet today and had a thought I couldn't quite work through in my head, or sort out with some searching.

When restoring a cold wallet (or importing keys into a new wallet) is it true that all one needs to do is enter in a private key to gain access to the balance? What would stop someone from just trying a private keys forever until one hits? Surely the probability goes down as more private keys are generated (thinking out 100+ years)

I was under the impression that the private key needed to MATCH the public key – which means you would essentially have no chance of guessing this on the first try – so brute forcing was essentially useless.

Since this is fairly straight forward I must be missing a key piece of how it works – someone care to explain as if I were 5? I thought I had  a pretty good handle on public-private key – guess not.


Also - what if two people are assigned the SAME private key..this is possible (although i understand overwhelmingly unlikely). This breaks the system? I cant believe that - again I thought the private key had to match something, and was only associated with one address.


Anon136
Legendary
*
Offline Offline

Activity: 1722
Merit: 1217



View Profile
August 27, 2013, 07:23:02 PM
 #2

there are too many possible combinations for it to be practical.

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
Rannasha
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
August 27, 2013, 07:23:11 PM
 #3

Noob question here but I made a paper wallet today and had a thought I couldn't quite work through in my head, or sort out with some searching.

When restoring a cold wallet (or importing keys into a new wallet) is it true that all one needs to do is enter in a private key to gain access to the balance? What would stop someone from just trying a private keys forever until one hits? Surely the probability goes down as more private keys are generated (thinking out 100+ years)

I was under the impression that the private key needed to MATCH the public key – which means you would essentially have no chance of guessing this on the first try – so brute forcing was essentially useless.

Since this is fairly straight forward I must be missing a key piece of how it works – someone care to explain as if I were 5? I thought I had  a pretty good handle on public-private key – guess not.


Also - what if two people are assigned the SAME private key..this is possible (although i understand overwhelmingly unlikely). This breaks the system? I cant believe that - again I thought the private key had to match something, and was only associated with one address.



If all the computers in the world do nothing but generate private/public keypairs all day long (and we multiply their power by 1000, for good measure) then the chances of having run into a duplicate before the sun is extinguished are still negligibly small. There are *that many* possible keypairs.
pmelt
Newbie
*
Offline Offline

Activity: 25
Merit: 0



View Profile WWW
August 27, 2013, 07:23:55 PM
 #4

This is what someone explained to me, from a math perspective:

If 137 Billion people generated 137 Billion addresses per year for 137 Billion years, there would still be only a 1 in 35 Billion chance that ANY of them were the same.

Regardless if those numbers are true (someone smarter than me can tell us), for all intents and purposes, the odds are really, really, really, really, really, really, really, really small. Really.
jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1280


May Bitcoin be touched by his Noodly Appendage


View Profile
August 27, 2013, 07:27:32 PM
 #5

Breaks the system? No.
If two people have the same private key, it's EXACTLY like if you put your private key in bitcoin-qt and in your smartphone for instance. The first to redeem the coins redeems the coins.
But.
100+ years IS EXTREMELY FAR from being even a beginning of what time would be needed

Hint: the Sun doesn't contain enough energy to count to 2^256
And your estimate of how long a brute force attack on SHA-256 would take is wrong, it isn't centuries, it is billions and billions of years, minimum.  If you converted the entire mass of the sun into energy, and used all of that energy to increment a counter using the absolute limit of physics for minimum energy used to flip a bit, you'd get to around 2225.  You'd need 231 suns of similar mass to finish just iterating through all of the possible inputs.  So, billions of stars, or trillions or quadrillions if you want to actually perform the hashes too.

This is about the number of private keys, I'm sure calculations can be done for addresses too. But let's say this for now:
 - There are 3 times more bitcoin addresses (10^48) than water molecules on Earth (in the sea, in your dog's eye, in Putin's car)
 - A human being contains 10^27 water molecules



By the way, there are:
~2^256 possible private keys
2^160 bitcoin addresses
This means that there are ~2^94 private keys correspond to the same bitcoin address

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
August 27, 2013, 07:38:32 PM
 #6

It does not matter much to your point that "lots and lots of private keys map to each Bitcoins address" but 256-160=96.

Also since every private key actually maps to two different forms of public key, which then map to Bitcoin addresses:

For every Bitcoin address there are about 2(296) = 297 possible private keys.

The about above is due to the fact the private key space is not exactly 2256 (it is a bit less).

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
kik1977
Hero Member
*****
Offline Offline

Activity: 593
Merit: 505


Wherever I may roam


View Profile
August 27, 2013, 08:15:54 PM
 #7

By the way, there are:
~2^256 possible private keys
2^160 bitcoin addresses
This means that there are ~2^94 private keys correspond to the same bitcoin address

Guys, I don't get this. If there are 2^256 possible privkeys and 2^160 possible addresses, shouldn't that mean that there is more than one possible address which can be opened by the same privkey? In other words, since there are more possible privkeys than addresses, how can  it be that there is more than one privkey for each address? It seems illogical and mathematically impossible. Thanks for your help in understanding Smiley

We are like butterflies who flutter for a day and think it is forever
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
August 27, 2013, 08:20:50 PM
 #8

By the way, there are:
~2^256 possible private keys
2^160 bitcoin addresses
This means that there are ~2^94 private keys correspond to the same bitcoin address

Guys, I don't get this. If there are 2^256 possible privkeys and 2^160 possible addresses, shouldn't that mean that there is more than one possible address which can be opened by the same privkey? In other words, since there are more possible privkeys than addresses, how can  it be that there is more than one privkey for each address? It seems illogical and mathematically impossible. Thanks for your help in understanding Smiley
In Bitcoinland we do not use the public key directly, we use a special hash of the public key called the "Bitcoin address".  Since it is the hash of the public key and it has an address space smaller than the public/private key pair address space that means that multiple public/private key pairs map to the same Bitcoin address.

Public/Private key pairs -> (multiple hash functions applied to the public key) -> Bitcoin address

a little less than 2256 possible public/private key pairs -> (three hashes of the public key) -> 2160 possible Bitcoin addresses

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
kik1977
Hero Member
*****
Offline Offline

Activity: 593
Merit: 505


Wherever I may roam


View Profile
August 27, 2013, 08:26:50 PM
 #9

By the way, there are:
~2^256 possible private keys
2^160 bitcoin addresses
This means that there are ~2^94 private keys correspond to the same bitcoin address

Guys, I don't get this. If there are 2^256 possible privkeys and 2^160 possible addresses, shouldn't that mean that there is more than one possible address which can be opened by the same privkey? In other words, since there are more possible privkeys than addresses, how can  it be that there is more than one privkey for each address? It seems illogical and mathematically impossible. Thanks for your help in understanding Smiley
In Bitcoinland we do not use the public key directly, we use a special hash of the public key called the "Bitcoin address".  Since it is the hash of the public key and it has an address space smaller than the public key address space that means that multiple public keys map to the same Bitcoin address.

Public key -> (multiple hash functions) -> Bitcoin address

a little less than 2256 possibilites -> (three hashes) -> 2160 possibilities

Thanks BurtW, I know that. What wasn't clear to me is the sentence "~2^94 private keys correspond to the same bitcoin address", this is the piece of information I don't get, seems like there are 2^94 (more or less, ok) different possible privkeys for any bitcoin address..
It sounds wrong to me, but it's possibly my ignorance..

ps. JackJack, the Flying Spaghetti Monster's pic is tooooo nice!

We are like butterflies who flutter for a day and think it is forever
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
August 27, 2013, 08:47:43 PM
 #10

Let's say you had 10,000 possible public/private key pairs but only 1,000 possible "addresses" then for every address there would be 10,000 / 1,000 = 10 possible key pairs which would have to map to the very same address.

Make sense?

In our case the number of key pairs that map to each Bitcoin Address is huge, for now, for simplicity, lets call it 2256 / 2160 = 296.

This means there are 296 key pairs that have the very same Bitcoin address.

Any one of the 296 key pairs can claim the Bitcoins stored at that address.

Big number.

What makes it work is that there are 2256 possible key pairs, which is an even bigger number.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
kik1977
Hero Member
*****
Offline Offline

Activity: 593
Merit: 505


Wherever I may roam


View Profile
August 27, 2013, 09:29:04 PM
 #11

Let's say you had 10,000 possible public/private key pairs but only 1,000 possible "addresses" then for every address there would be 10,000 / 1,000 = 10 possible key pairs which would have to map to the very same address.

Make sense?

In our case the number of key pairs that map to each Bitcoin Address is huge, for now, for simplicity, lets call it 2256 / 2160 = 296.

This means there are 296 key pairs that have the very same Bitcoin address.

Any one of the 296 key pairs can claim the Bitcoins stored at that address.

Big number.

What makes it work is that there are 2256 possible key pairs, which is an even bigger number.

Yes, thanks, it makes a lot of sense! But now going back to what OP said at the beginning, if you have a paper wallet for cold storage, when you want to use it, do you simply import the private key on blockchain (or whatever service you want to use)? Following what you said, I now understand you must import both keys, even if my previous understanding was you only need to import the privkey..

We are like butterflies who flutter for a day and think it is forever
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
August 27, 2013, 11:31:04 PM
 #12

Let's say you had 10,000 possible public/private key pairs but only 1,000 possible "addresses" then for every address there would be 10,000 / 1,000 = 10 possible key pairs which would have to map to the very same address.

Make sense?

In our case the number of key pairs that map to each Bitcoin Address is huge, for now, for simplicity, lets call it 2256 / 2160 = 296.

This means there are 296 key pairs that have the very same Bitcoin address.

Any one of the 296 key pairs can claim the Bitcoins stored at that address.

Big number.

What makes it work is that there are 2256 possible key pairs, which is an even bigger number.

Yes, thanks, it makes a lot of sense! But now going back to what OP said at the beginning, if you have a paper wallet for cold storage, when you want to use it, do you simply import the private key on blockchain (or whatever service you want to use)? Following what you said, I now understand you must import both keys, even if my previous understanding was you only need to import the privkey..
Given the private key you can directly calculate the public key.  Given the public key you cannot "in a million years" calculate the private key.  So, all you need is the private key since the public key (and therefore the Bitcoin address) is easily derived from the private key.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Abdussamad
Legendary
*
Offline Offline

Activity: 3682
Merit: 1580



View Profile
August 27, 2013, 11:42:04 PM
 #13


Yes, thanks, it makes a lot of sense! But now going back to what OP said at the beginning, if you have a paper wallet for cold storage, when you want to use it, do you simply import the private key on blockchain (or whatever service you want to use)? Following what you said, I now understand you must import both keys, even if my previous understanding was you only need to import the privkey..

No just the private key is sufficient. The public key is actually derived from the private key. The reverse is not possible. The address is derived from the public key. So as long as you have the private key you are good. Of course this also means that you don't reveal the private key to anyone or they can take your coins.

The problem with importing your private key into your regular blockchain.info wallet is that it bc.info might use that priv key's address as a change address. So you might think that you've emptied the funds in that private key's address but that might not be the case. Or it might be that future transactions send change to that address.

So it is better to create a temporary wallet, import the private key and send all the coins to an address in your regular wallet. Then never use that temporary wallet again.
hayek
Sr. Member
****
Offline Offline

Activity: 370
Merit: 250


View Profile
August 28, 2013, 08:07:13 PM
 #14

If you took the ENTIRE universe and broke it up in to even parts.

If the number of parts equaled the number of possible bitcoin addresses then each "part" of the universe would be roughly 900 atoms large.

"Astronomical" is used too often. With bitcoin addresses it's true.
jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1280


May Bitcoin be touched by his Noodly Appendage


View Profile
August 28, 2013, 08:19:13 PM
 #15

If you took the ENTIRE universe and broke it up in to even parts.

If the number of parts equaled the number of possible bitcoin addresses private keys then each "part" of the universe would be roughly 900 atoms large.

"Astronomical" is used too often. With bitcoin addresses it's true.

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!