Bitcoin Wallet generation by hand

[Dabs]

paid the bounty, now how can i get a public key with not using a computer, nearly impossible I gather?

Your best bet is to take your private key into an offline computer to calculate it for you.

That's what I've been saying. Offline computer to calculate it for you. Can be an offline Android smartphone or tablet. Dice is your entropy source.

.5 btc bounty for a program that will hash working bitcoin addresses and works on a TI-83+

Where can I get one of those? Is that a calculator? On googling, it is a discontinued model. Can you update your request to something I can get today?

And if you include today's smart phones, then we have the solution already. Grab the cheapest model, put bitaddress.org on it, then zap out the antenna or SIM card. Store it in the refrigerator. Cold storage.

http://www.thediceshoponline.com/dice/4411/Hexidice-D16-Hexadecimal-Dice

Hexadecimal Dice. 16 sided. Roll 64 times. Private key.

What am I, chopped liver? 

An alternative is to use your camera and take a picture of the dice, take a picture of the sky and some random things. Then download those pictures and run it through sha256sum.

[1715164545]

1715164545

[1715164545]

1715164545

[Dabs]

Although graphing calculators have been called inexpensive in education reform research,[4] the TI-84 Plus Silver Edition costs $139.00 as of 2013 on the TI online store.

I think I'm better off getting the cheapest android unit that can run bitaddress or some app that does the same thing.

[dserrano5]

An alternative is to use your camera and take a picture of the dice, take a picture of the sky and some random things. Then download those pictures and run it through sha256sum.

Actually a single dark picture (cover the lens with your hand) is good enough. The resulting noise and hot pixels in the image are a good source of entropy, coming directly from the sensor (ie hardware).

[digit]

Hashes are impossible by hand...
Wouldn't a LiveCD on an offline HDD-less PC enough?

I haven't looked at the details of the hashing algorithm used to generate the public address from the private key.  However, I don't think impossible is correct.  I mean, everything a computer does can (in principle) be simulated using a very long tape and a pencil (see universal Turing machine).

Im just saying, difficult/tedious != impossible.

You want to play with semantics?

Ok, let's play.

Let's take a human, the super-hero kind, who can:
 a/ Calculate a 32-bit operation in 10 seconds
 b/ Work from midnight to midnight everyday
 c/ Calculate a 32-bit operation without any errors

A hash takes about 5000 32-bit operations. So make it 10000 for ripemd160(sha256()).
That makes (10*10000) = 100k seconds = 38.4 hours = 1.6 day non-stop.
Possible.

Now here comes the fun.


This time we take a real human, the super smart kind.

A/ He calculates a 32-bit operation in 30 seconds (please try a 32-bit addition and tell me how much time it took)
This raises the total time to calculate one hash to 115.2 hours

B/ The guy must sleep, so he can "only" work from 8am to midnight.
This makes the total time to calculate one hash equal to 4.8 days.
Still possible.

C/ The lower brain failure rate in the best conditions is 5%. As he's super smart his is only 1%.
The probability of him finding the correct hash on one try is P = 1/2^(100000*1%) = 1/2^1000 ~ 1/10^300

D/ He starts the hashing calculation at birth and will stop at 100 years old.
This is (100*365) = 36500 days of calculation.
One try is 4.8 days, so he has 7604 tries available.
The odd of our super smart guy FINDING AT LEAST ONCE the correct hash in his entire lifetime is then:
  R = 1-Q where Q = (1-P)^7604 = ( 1 - 1/2^1000 )^7604

Basic maths gives that Q > 1 - 7604/2^1000 = 1 - 10^(-297.149) > 1 - 10^(-297)
So R < 10^(-297) < 1/2^986
Yes, R < 1/2^986


TLDR

It's easier to crack 6 different bitcoin addresses with only 6 guesses than to a human to calculate a correct bitcoin address hash in his lifetime
Yes, I call that impossible

well the math is above me lol, but couldn't your 'super-smart' be a little smarter and instead of doing the math himself, be allocated to to the of task simply breaking it up into easier micro chunks of math to be distributed amongst an army of mental sweatshop laborers and then supersmart guy checks over for errors and does the final math on it?  assuming a low amount of errors, it would reduce the time significantly would it not? In some countries right just paying the workers with food (some economical high protein stuff like peanut butter!) would be incentive enough.

note i'm am conscious of 3rd world war/global poverty issues and don't mean to be insensitive here, so please don't interpret as that.

[HostFat]

Is there some kind of "hash" that can be easily "calculated" from an human (even if takes some hours...) but not from computer?

[cp1]

Is there some kind of "hash" that can be easily "calculated" from an human (even if takes some hours...) but not from computer?

Do you mean a hash that a computer can't perform or one that it would take longer than a human?  It would probably have to involve some sort of riddle.  Though the computer in the van in midnight madness could do it quickly...

[chriswen]

I am offering a 1btc bounty for someone who can demonstrate a repeatable method for calculating a private key using only paper pencil and brain

Bounty noted.  I am actually working on it right now.

EDIT: Okay, I am ready to claim.  Since you said private key, and not a WIF key or public key, its actually pretty easy.

Here is the method, which requires two dice or any other randomizing method.  Roll the two six sided dice 64 times.  Right down the numbers like this:

If the number is 0-9 right now the number.  If the number is 10-12 right now a-c.  Do this with each roll of the dice and you will get a valid hex private key, such as A9 87 3C 79 B6 D8 70  A0 1B 61 57 78 63 33 89 B4 45 32 13 30 3A A6 1C 20 CC 67 2C 23 36 B3 32 62

This is a valid bitcoin private key.  Note that this does not use all the hex characters, and as such can not generate all possible private keys, but its easy to do with just two dice.

You could also buy a 16 sided dice or something and use 0-F which would be more proper.  If you do it this way, the max address you can use is FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141

I don't think this qualifies for a claim.

[chriswen]

I am offering a 1btc bounty for someone who can demonstrate a repeatable method for calculating a private key using only paper pencil and brain

Bounty noted.  I am actually working on it right now.

EDIT: Okay, I am ready to claim.  Since you said private key, and not a WIF key or public key, its actually pretty easy.

Here is the method, which requires two dice or any other randomizing method.  Roll the two six sided dice 64 times.  Right down the numbers like this:

If the number is 0-9 right now the number.  If the number is 10-12 right now a-c.  Do this with each roll of the dice and you will get a valid hex private key, such as A9 87 3C 79 B6 D8 70  A0 1B 61 57 78 63 33 89 B4 45 32 13 30 3A A6 1C 20 CC 67 2C 23 36 B3 32 62

This is a valid bitcoin private key.  Note that this does not use all the hex characters, and as such can not generate all possible private keys, but its easy to do with just two dice.

You could also buy a 16 sided dice or something and use 0-F which would be more proper.  If you do it this way, the max address you can use is FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141

I don't think this qualifies for the bounty.

[Dabs]

well the math is above me lol, but couldn't your 'super-smart' be a little smarter and instead of doing the math himself, be allocated to to the of task simply breaking it up into easier micro chunks of math to be distributed amongst an army of mental sweatshop laborers and then supersmart guy checks over for errors and does the final math on it?  assuming a low amount of errors, it would reduce the time significantly would it not? In some countries right just paying the workers with food (some economical high protein stuff like peanut butter!) would be incentive enough.

note i'm am conscious of 3rd world war/global poverty issues and don't mean to be insensitive here, so please don't interpret as that.

You risk all those workers will somehow know the private keys. Someone will take notes and eventually figure out what they are used for.

Just use an offline computer or an offline smartphone.

[Abdussamad]

Is there some kind of "hash" that can be easily "calculated" from an human (even if takes some hours...) but not from computer?

captcha

[BombaUcigasa]

I was going to write the order of operations to be made on paper, then I got to RIPEMD-160. No way someone can complete the process (EC generation, EC point conversion, RIPEMD-160 hashing, SHA-256 hashing, base58 conversion and address building) and remain sane.

You would need something like 100-200 pages of paper with boxes printed of them to help you complete the operations, and many many hours...

[jackjack]

I was going to write the order of operations to be made on paper, then I got to RIPEMD-160. No way someone can complete the process (EC generation, EC point conversion, RIPEMD-160 hashing, SHA-256 hashing, base58 conversion and address building) and remain sane.

You would need something like 100-200 pages of paper with boxes printed of them to help you complete the operations, and many many hours...

The EC part seems possible if you are really motivated

[BombaUcigasa]

I was going to write the order of operations to be made on paper, then I got to RIPEMD-160. No way someone can complete the process (EC generation, EC point conversion, RIPEMD-160 hashing, SHA-256 hashing, base58 conversion and address building) and remain sane.

You would need something like 100-200 pages of paper with boxes printed of them to help you complete the operations, and many many hours...

The EC part seems possible if you are really motivated

There are less operations but the operands are bigger. The hashing though, it will take some time to complete. I will try again later to see if I can write the operations in order.

[Dabs]

Write an Android / iOS version of it. Publish source code or make it open source. Problem solved for most people.

If you really want to do it on paper ... Good luck.

[flatfly]

Given that doing it purely by hand is practically unfeasible, how about this as a next best option: using our NoBrainr python script (only 25-30 lines of code) on an offline raspberry pi? This can be used with or without dice.

[Abdussamad]

Given that doing it purely by hand s practically unfeasible, how about this as a next best option: using our NoBrainr python script (only 25-30 lines of code) on an offline raspberry pi? This can be used with or without dice.

Can I ask why you promote nobrainr so much? Lots of people share scripts on this site but I've never seen someone promote their opensource script quite as much as you do.

[flatfly]

Given that doing it purely by hand s practically unfeasible, how about this as a next best option: using our NoBrainr python script (only 25-30 lines of code) on an offline raspberry pi? This can be used with or without dice.

Can I ask why you promote nobrainr so much? Lots of people share scripts on this site but I've never seen someone promote their opensource script quite as much as you do.

Because I think it can help users and hits a sweet spot between security and transparency? Also, I only mention it when it's appropriate to.

Although now you mention it, you may be right, I seem to be a little obsessed with it!  Probably due to the fact that I have a little too much free time on my hands right now. Won't last for long, though...

[DeathAndTaxes]

There seems to be some confusion between ADDRESS and PUBLIC KEY.

The PUBLIC KEY is computed from the PRIVATE KEY using ECDSA.

The ADDRESS is the PUBLIC KEY triple hashed and checksumed.

It is utterly impossible for a human in any reasonable amount of time and with any reasonable accuracy (don't want to be sending funds to the wrong address) to perform the hashing necessary to create the ADDRESS.

However the OP asked about the PUBLIC KEY.  It would seem difficulty but possible to compute the PUBLIC KEY from the PRIVATE KEY.  Then transfer only the PUBLIC KEY to a computer and use a simple program to compute the full ADDRESS.

Sorry for the annoying caps but seems many people can't grasp the difference between PRIVATE KEY, PUBLIC KEY, and ADDRESS.  If you are one of them they are three distinct things. ADDRESS =/= PUBLIC KEY.

[tspacepilot]

There seems to be some confusion between ADDRESS and PUBLIC KEY.

The PUBLIC KEY is computed from the PRIVATE KEY using ECDSA.

The ADDRESS is the PUBLIC KEY triple hashed and checksumed.

It is utterly impossible for a human in any reasonable amount of time and with any reasonable accuracy (don't want to be sending funds to the wrong address) to perform the hashing necessary to create the ADDRESS.

However the OP asked about the PUBLIC KEY.  It would seem difficulty but possible to compute the PUBLIC KEY from the PRIVATE KEY.  Then transfer only the PUBLIC KEY to a computer and use a simple program to compute the full ADDRESS.

Sorry for the annoying caps but seems many people can't grasp the difference between PRIVATE KEY, PUBLIC KEY, and ADDRESS.  If you are one of them they are three distinct things. ADDRESS =/= PUBLIC KEY.

Yes, I needed this education.  I thank you death and taxes.

[blub]

your math is flawed:
assuming 5% error rate per step and 30 secs per step, it takes about 800hours to finish the hashing, doing as following:
calculate each step 5 times, if the 5 results match continue, else start the step again.
the probability to get the right result from this is:
99.999999%,

You want to play with semantics?

Ok, let's play.

Let's take a human, the super-hero kind, who can:
 a/ Calculate a 32-bit operation in 10 seconds
 b/ Work from midnight to midnight everyday
 c/ Calculate a 32-bit operation without any errors

A hash takes about 5000 32-bit operations. So make it 10000 for ripemd160(sha256()).
That makes (10*10000) = 100k seconds = 38.4 hours = 1.6 day non-stop.
Possible.

Now here comes the fun.


This time we take a real human, the super smart kind.

A/ He calculates a 32-bit operation in 30 seconds (please try a 32-bit addition and tell me how much time it took)
This raises the total time to calculate one hash to 115.2 hours

B/ The guy must sleep, so he can "only" work from 8am to midnight.
This makes the total time to calculate one hash equal to 4.8 days.
Still possible.

C/ The lower brain failure rate in the best conditions is 5%. As he's super smart his is only 1%.
The probability of him finding the correct hash on one try is P = 1/2^(100000*1%) = 1/2^1000 ~ 1/10^300

D/ He starts the hashing calculation at birth and will stop at 100 years old.
This is (100*365) = 36500 days of calculation.
One try is 4.8 days, so he has 7604 tries available.
The odd of our super smart guy FINDING AT LEAST ONCE the correct hash in his entire lifetime is then:
  R = 1-Q where Q = (1-P)^7604 = ( 1 - 1/2^1000 )^7604

Basic maths gives that Q > 1 - 7604/2^1000 = 1 - 10^(-297.149) > 1 - 10^(-297)
So R < 10^(-297) < 1/2^986
Yes, R < 1/2^986


TLDR

It's easier to crack 6 different bitcoin addresses with only 6 guesses than to a human to calculate a correct bitcoin address hash in his lifetime
Yes, I call that impossible