Question regarding Multi Signature Addresses

[NytHawk]

Greetings BTC Forum.

I have a question regarding multi signature addresses.

For example, I have just generated a multi signature address using three public keys which requires all three signatures to release the coins. The address for this is: 3BsFPGPTCfjmFpiE3K8M29wuxvq1UjDE8T

Considering that (correct me if I am wrong) there are around 160 possible private keys that can map to one single address, my question is, is it possible that a single private key could map to this multi signature address?

[1714168581]

1714168581

[DannyHamilton]

Considering that (correct me if I am wrong) there are around 160 possible private keys that can map to one single address,

That is NOT correct.  Where did you get that number from?

my question is, is it possible that a single private key could map to this multi signature address?

Addresses that start with 3 are a P2SH address.  This means that you need 2 things to spend the value that is "sent to that address".

1. You need a script that hashes to the value associated with the address

2. You need to supply the necessary data for that script to evaluate successfully.

Note, that there is no requirement for a signature or private key at all unless required by the script that hashes to the value associated with the address.

You have created a multi-sig script and then used the hash value of that script to build the transaction.  Therefore, you know of exactly 1 script that definitely hashes to the value needed.  If anyone else has that script, then they can use it, however they then need to satisfy the requirements of that script if they want to spend the value.  So, if your script requires signatures from more than one private key, then they will need access to more than one private key to use that script.

If they can create a different script that hashes to the same value as your script, then they won't need to satisfy the requirements of your script. Instead they'll need to satisfy the requirements of THEIR script.  The good news is that any script that they create has on average a 1 in 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976 chance of hashing to the same value as your script. As such, they could spend the entire rest of the existence of the universe creating and hashing scripts, and they still wouldn't have a reasonable chance of accessing your bitcoins.

[Lauda]

Considering that (correct me if I am wrong) there are around 160 possible private keys that can map to one single address

No. If that were the case, it would take less than a second to bruteforce. The security of P2SH is 160 bits. There are different attack vectors that you could try. If I wanted to generate any collision, then I'd need to do 2^80 work to generate a different script that hashes to the same hash160 value.
An alternative would be: Attempting to grind a different script and get the same hash as your 3 of 3 multisig script ("<big random> <my pubkey> CHECKSIG"), then I could redeem it. This would require 2^159 work.

my question is, is it possible that a single private key could map to this multi signature address?

"When using p2sh, the script is given by the redeemer and then checked against a predetermined hash value."
I suggest reading up on how  P2SH exactly works, as this is the result of a lack of understanding.
Source: Personal knowledge and a discussion with arubi.
Update: Danny beat me to it while I was still writing. I left the post as it adds some other information.

[NytHawk]

That is NOT correct.

So one private key can generate only one public key and that one public key can generate only one address?

[Lauda]

That is NOT correct.

So one private key can generate only one public key and that one public key can generate only one address?

The private key in Wallet Import Format (WIF) as most of us are used to seeing it actually has 3 important parts.

https://en.bitcoin.it/wiki/Wallet_import_format

• (1 byte) A version number.
• (32 bytes) The ECDSA private key.
• (4 bytes) A checksum.

By changing the version number, you can generate different bitcoin addresses (one for an uncompressed public key, and the other for a compressed public key) with the same ECDSA private key.  This will result in a different WIF (both the version number and the checksum will be affected) for that private key though, so when viewed in the typical format it will appear to be a different private key.

You are correct.  There are potentially nearly 2²⁵⁶ public keys, and there can't be more than 2¹⁶⁰ bitcoin addresses.  Therefore, there are likely to be multiple public keys (and therefore multiple private keys) that all result in the same bitcoin address.  Fortunately, there is no known way to find these additional keys that result in the same address.