Vanity Address for Altcoins, How are vanity addresses secure?

[smeagol]

Is it possible to make vanity addresses for altcoins?  If so, how?

Also, when people sell addresses, how is it secure?  Wouldn't they know the private key?

[1715102408]

1715102408

[1715102408]

1715102408

[1715102408]

1715102408

[TBCM]

Use Google to find modified vanity generators for altcoins. You'll find them. And if you don't, you'll find out you only have to change the value of two variables on the source code to adapt the address generated to any coin - https://bitcointalk.org/index.php?topic=293700.0

You are perfectly secure selling addresses. But it wouldn't be secure to buy them. Do people actually sell addresses? I didn't know.

[smeagol]

Use Google to find modified vanity generators for altcoins. You'll find them. And if you don't, you'll find out you only have to change the value of two variables on the source code to adapt the address generated to any coin - https://bitcointalk.org/index.php?topic=293700.0

You are perfectly secure selling addresses. But it wouldn't be secure to buy them. Do people actually sell addresses? I didn't know.

I see people selling vanity addresses.  Also, there are vanity pools

[smeagol]

Use Google to find modified vanity generators for altcoins. You'll find them. And if you don't, you'll find out you only have to change the value of two variables on the source code to adapt the address generated to any coin - https://bitcointalk.org/index.php?topic=293700.0

You are perfectly secure selling addresses. But it wouldn't be secure to buy them. Do people actually sell addresses? I didn't know.

Also - what are the variables I need to change?
https://github.com/samr7/vanitygen

[Wilhelm]

Use Google to find modified vanity generators for altcoins. You'll find them. And if you don't, you'll find out you only have to change the value of two variables on the source code to adapt the address generated to any coin - https://bitcointalk.org/index.php?topic=293700.0

You are perfectly secure selling addresses. But it wouldn't be secure to buy them. Do people actually sell addresses? I didn't know.

I see people selling vanity addresses.  Also, there are vanity pools

If someone sells you a vanity address they have your private key... you would be a fool to use it!!!

[kuverty]

Use Google to find modified vanity generators for altcoins. You'll find them. And if you don't, you'll find out you only have to change the value of two variables on the source code to adapt the address generated to any coin - https://bitcointalk.org/index.php?topic=293700.0

You are perfectly secure selling addresses. But it wouldn't be secure to buy them. Do people actually sell addresses? I didn't know.

I see people selling vanity addresses.  Also, there are vanity pools

If someone sells you a vanity address they have your private key... you would be a fool to use it!!!

There is a safe way to let someone generate you a vanity address so that only you get the private key. The wonders of cryptography! Too bad there isn't a working firstbits lookup any more.

[nocoin]

Also - what are the variables I need to change?
https://github.com/samr7/vanitygen

Check this https://github.com/llamasoft/securecoin-vanitygen/commit/9bba3e60c21960acc9ca8a280d1d193fe202a0dc
Also, information about secure generation can be found here: https://bitcointalk.org/index.php?topic=81865.msg901491#msg901491

[Nano Fiber]

Also - what are the variables I need to change?
https://github.com/samr7/vanitygen

EDIT: You actually don't need to modify the source code for most altcoins; you can use vanitygen's -X flag to generate addresses for altcoins (modifying the source code for Securecoin was necessary because the privtype variable is hardcoded to 128). Look at the Bitcoin Wiki page on Vanitygen (scroll down to the section titled "Vanity addresses for other crypto-coins") for instructions.

But if you want to modify the source code anyway, see the commit here:

https://github.com/llamasoft/securecoin-vanitygen/commit/9bba3e60c21960acc9ca8a280d1d193fe202a0dc

addrtype must be the value of PUBKEY_ADDRESS in the original source code (for example, in LottoCoin it's 49) and privtype is usually 128 + addrtype, except in the case of Securecoin where it was hardcoded to 128 (in LottoCoin it's the former).

[smeagol]

So all I would need to do is look in a coin's source, and replace it with the coin's values?

e.g. https://github.com/Smeagol-Gollum/securecoin-vanitygen/blob/master/vanitygen.c#L388

I could change

Code:

                 case 'N':
                        addrtype = 52;
                        privtype = 180;
                        scriptaddrtype = -1;
                        break;

to

Code:

                case 'L': //LottoCoin
                        addrtype = 49;
                        privtype = 180;
                        scriptaddrtype = -1;
                        break;

Where would I find privtype and scriptaddrtype?

[Nano Fiber]

All you would need to do is read the Bitcoin wiki's entry on vanitygen But yes, that's all you'd need to do. As I said, privtype is addrtype + 128 (so in the case of LottoCoin, privtype would be 177, because 49 + 128 = 177), with the exception of Securecoin where it's hardcoded to 128. scriptaddrtype, as far as I know, is -1 for everything other than Bitcoin.

[smeagol]

All you would need to do is read the Bitcoin wiki's entry on vanitygen But yes, that's all you'd need to do. As I said, privtype is addrtype + 128 (so in the case of LottoCoin, privtype would be 177, because 49 + 128 = 177), with the exception of Securecoin where it's hardcoded to 128. scriptaddrtype, as far as I know, is -1 for everything other than Bitcoin.

   Thanks!

1) You generate a random 256-bit integer less than the SECP256k1 generator. You keep this secret. (Effectively, an ECDSA private key.)

2) You compute the corresponding EC point on the SECP256k1 curve. You share this with whoever is finding the vanity address for you. (This is the ECDSA public key that corresponds to the private key you generated in step one.)

3) The person working out the vanity address for you tries various 256-bit integers also less than the SECP256k1 generator. They compute the corresponding EC point and add it to the EC point you sent them (from step two). They then hash this and see if it produces the desired vanity address. They repeat this over and over until they find a 256-bit integer that works. They give this integer to you. (And the world, it need not be kept secret.)

4) You add the 256-bit integer they found to the 256-bit integer you generated in step 1 and reduce it modulo the SECP256k1 generator.

5) You now have the private key, and they don't. (And you can prove that they cannot generate the private key from just the information you gave them unless ECDSA is fundamentally broken.)

In ECDSA, you convert a private key to a public key by multiplying by the generator. Division is impossible.

The vanity address generation scheme above works because: (A+B)*G = AG + BG

You generate A and AG, but give them only AG.

They try various different B's, calculating the AG+BG for each one to find the right one for the vanity address.

They give you B. You can now compute A+B (the secret key corresponding to the public key AG+BG) but nobody else can since they do not know A.

Computing A from AG would mean breaking ECDSA fundamentally. All you gave them is AG, an ECDSA public key. If they could figure out the private key to your new account (A+B), they could also figure out A. So if they could figure out the private key to your vanity account, they could also figure out the private key you created in step 1. But all you gave them was the corresponding public key. So any compromise of the vanity account would mean they could compromise a private key given only its corresponding public key.

Could anyone explain this to me in simpler terms?