Bitcoin Forum
May 23, 2019, 12:37:04 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Every wallet address has just one private key which can be generated again?  (Read 278 times)
tesla80
Member
**
Offline Offline

Activity: 350
Merit: 76


View Profile
June 14, 2018, 10:47:22 AM
Last edit: June 16, 2018, 09:19:31 AM by tesla80
 #1

Hello,

There are bitcoin wallet addresses which are actually public keys, right?

Every public key has one private key.

There are bitcoin address generator programs which generates random addresses.
There is very little possibility to generate a public and private key of an already used wallet, correct?

When a user wants to create a bitcoin address, the same addres generator generates a pair of public & private keys. If another user wants to create a random bitcoin addres, the same generator algorithm can generate previous public & private keys once more.

This means, if there is a software (I know actually this exists) which generates random addresses and checks their balance, there is little possibility to find a wallet with balance in it.

This can be another bitcoin stealing algorithm, right?

I don't understand how we can sure that our bitcoins are safe in our wallets in such situation?
The probability is really small but there is a chance.

Am I correct?

Is there any prevention method agains random address generation?

Regards
1558615024
Hero Member
*
Offline Offline

Posts: 1558615024

View Profile Personal Message (Offline)

Ignore
1558615024
Reply with quote  #2

1558615024
Report to moderator
1558615024
Hero Member
*
Offline Offline

Posts: 1558615024

View Profile Personal Message (Offline)

Ignore
1558615024
Reply with quote  #2

1558615024
Report to moderator
1558615024
Hero Member
*
Offline Offline

Posts: 1558615024

View Profile Personal Message (Offline)

Ignore
1558615024
Reply with quote  #2

1558615024
Report to moderator
PLAY OVER 3000 GAMES
LIGHTNING FAST WITHDRAWALS
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1558615024
Hero Member
*
Offline Offline

Posts: 1558615024

View Profile Personal Message (Offline)

Ignore
1558615024
Reply with quote  #2

1558615024
Report to moderator
1558615024
Hero Member
*
Offline Offline

Posts: 1558615024

View Profile Personal Message (Offline)

Ignore
1558615024
Reply with quote  #2

1558615024
Report to moderator
1558615024
Hero Member
*
Offline Offline

Posts: 1558615024

View Profile Personal Message (Offline)

Ignore
1558615024
Reply with quote  #2

1558615024
Report to moderator
ranochigo
Legendary
*
Online Online

Activity: 1680
Merit: 1132

Somewhat inactive.


View Profile WWW
June 14, 2018, 10:58:13 AM
Merited by dbshck (1), HeRetiK (1), tesla80 (1)
 #2

There are bitcoin wallet addresses which are actually public keys, right?
The addresses are the hash of the public key.
Every public key has one private key.
There is actually 2^96 private key that corresponds to an address.
There is very little possibility to generate a public and private key of an already used wallet, correct?
Yes. Of an address that is generated by someone else already.
When a user wants to create a bitcoin address, the same addres generator generates a pair of public & private keys. If another user wants to create a random bitcoin addres, the same generator algorithm can generate previous public & private keys once more.

This means, if there is a software (I know actually this exists) which generates random addresses and checks their balance, there is little possibility to find a wallet with balance in it.

This can be another bitcoin stealing algorithm, right?
That's like finding a needle in an ocean of haysack. You can generate the same addresses again if your RNG is flawed and it isn't random. There are easier ways to steal coins than this.
I don't understand how we can sure that our bitcoins are safe in our wallets in such situation?
The probability is really small but there is a chance.

Am I correct?
Yes. Most people don't get the concept of the possibility. If something is possible, it doesn't mean that its remotely likely to happen. Its more likely for me to get struck by a lightning multiple times in consecutive years while sitting on a toilet bowl than anyone ever generating a collision of an address that is generated securely.
Is there any prevention method agains random address generation?
Make sure your address is truly generated randomly. /thread.

Lauda
GrumpyKitty
Legendary
*
Offline Offline

Activity: 2226
Merit: 2015


Red Trust Queen™️


View Profile WWW
June 14, 2018, 11:00:53 AM
 #3

The probability is really small but there is a chance.


You should worry about dying from a random heart attack or from a lightning strike, or even a meteor wiping our the planet before you worry about collisions.

Make sure your address is truly generated randomly. /thread.
This.

.FORTUNE.JACK.
      ▄▄███████▄▄
   ▄████▀▀ ▄ ██████▄
  ████ ▄▄███ ████████
 █████▌▐███▌ ▀▄ ▀█████
███████▄██▀▀▀▀▄████████
█████▀▄▄▄▄█████████████
████▄▄▄▄ █████████████
 ██████▌ ███▀████████
  ███████▄▀▄████████
   ▀█████▀▀███████▀
      ▀▀██████▀▀
         
         █
...FortuneJack.com                                             
...THE BIGGEST BITCOIN GAMBLING SITE
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██
█████████▀███████████▄
██████████▀   ▀██████████
█████████▀       ▀█████████
████████           ████████
████████▄   ▄ ▄   ▄████████
██████████▀   ▀██████████
 ▀██
█████████████████████▀
  ▀██
███████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
#JACKMATE
WIN 1 BTC
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████▀█████▀██████████
███████▀░░▀░░░░░▀░░▀███████
██████▌░░░░░░░░░░░░░▐██████
██████░░░░██░░░██░░░░██████
█████▌░░░░▀▀░░░▀▀░░░░▐█████
██████▄░░▄▄▄░░░▄▄▄░░▄██████
████████▄▄███████▄▄████████

███████████████████████████
███████████████████████████
▀█████████████████████████▀
TryNinja
Legendary
*
Online Online

Activity: 1022
Merit: 1255


ChipMixer's Badge of Honor


View Profile
June 14, 2018, 11:01:43 AM
 #4

You are correct in saying that it's possible. Whoever, the chances of a colission are astronomically low.

Quote
The odds in colliding with a specific address is 1 in 2^160.

If there are a billion users and each have one million active addresses (1 quadrillion funded addresses in the blockchain) the odds in colliding with any address would be roughly 1 in 2^110 (1*10^33).

Vanitygen can produce 20 million keypairs per second.  Lets say you build a super ASIC on 12nm (4 generations ahead of current tech) process that could create, validate, and steal one trillion keypairs per second (1 TK/s). That would be about 50,000x more powerful than faster GPU today.  Lets also say you built a thousand of them and ran them continually with no downtime 24/7/365.   In 1 year you could brute force 3*10^28 possible addresses.  

If there are 1 quadrillion funded addresses you would still have a ~1% chance of colliding with a random funded address in the next 1,000 years.
https://bitcointalk.org/index.php?topic=104461.msg1143828#msg1143828

bob123
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1014



View Profile WWW
June 14, 2018, 11:21:52 AM
 #5

There are bitcoin wallet addresses which are actually public keys, right?

No. The address is derived from the public key. It is the RIPEMD160 hash of the SHA-256 hash of the public key.



Every public key has one private key. EDIT : this is wrong : There is actually 2^96 private key that corresponds to an address.

This actually is TRUE.
Each public key only corresponds to ONE private key.

296 private keys (2256 / 2160) do result in the same address (Note that address do NOT exist on a technical level) and this is NOT a security threat).



There are bitcoin address generator programs which generates random addresses.

They generate random private-/public- keys and derive the address, yes.



There is very little possibility to generate a public and private key of an already used wallet, correct?

Pretty much impossible (if there are no implementation errors).



When a user wants to create a bitcoin address, the same addres generator generates a pair of public & private keys. If another user wants to create a random bitcoin addres, the same generator algorithm can generate previous public & private keys once more.

Such a 'generator' either uses a seed to derive private keys or generates private keys itself.
A private key basically is just a really really big (random) number.



This means, if there is a software (I know actually this exists) which generates random addresses and checks their balance, there is little possibility to find a wallet with balance in it.

Practically no chance.



This can be another bitcoin stealing algorithm, right?

 Huh
Something like a 'bitcoin stealing algorithm' doesn't exist.



Is there any prevention method agains random address generation?

You can't forbid someone to pick a random number, can you ?

Thirdspace
Hero Member
*****
Offline Offline

Activity: 994
Merit: 652


Mixing reinvented for your privacy | chipmixer.com


View Profile
June 14, 2018, 11:57:20 AM
 #6

This means, if there is a software (I know actually this exists) which generates random addresses and checks their balance, there is little possibility to find a wallet with balance in it.
---snip---
Is there any prevention method agains random address generation?

You can't forbid someone to pick a random number, can you ?

@tesla80 maybe you should ask differently on the 'random address generation' matter
something like, "Is there any guarantee the software (generator) would generate completely random address everytime?"
we depend on machine algorithm to randomize and so far I think it's (randomness) quite strong

bitmover
Hero Member
*****
Online Online

Activity: 490
Merit: 700



View Profile
June 14, 2018, 12:45:51 PM
 #7

Make sure your address is truly generated randomly. /thread.

Yes, this is the most important.

A private key is just a random generated number. This number is then hashed using SHA256.

But you can hash words, phrases, small numbers and this will generate valid private keys. Just put these hashes in bitaddress.org and you will get the public keys too.

If you want to find a collision, the best way is to try to find poorly generated private keys.

If you try to hash some words like "wallet" "satoshi" "bitcoin" you will find some addresses which doesn't have balances now, but they used to have. I tried many already, but manually. Never had any luck.

Maybe if you can make a program that can try millions of inputs per second, hash those inputs and check the balance of them, you may have some luck.

You will only find poorly generated private keys this way.

Edit: I read a post by butka few months ago about this, couldn´t find it now

bob123
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1014



View Profile WWW
June 14, 2018, 02:02:06 PM
 #8

A private key is just a random generated number. This number is then hashed using SHA256.

The private key is NOT being hashed.
The private key is used to calculate the public key through multiplication on the elliptic curve.

This public key is afterwards being SHA-256 hashed and afterwards RIPEMD160 hashed to get the address.


Mining, on the other hand, does rely on double-SHA256-hashing a block with a nonce which does result in a hash below the given target.

boulderchain
Jr. Member
*
Offline Offline

Activity: 59
Merit: 5


View Profile
June 15, 2018, 04:33:38 AM
 #9

The probability is really small but there is a chance.


You should worry about dying from a random heart attack or from a lightning strike, or even a meteor wiping our the planet before you worry about collisions.

Make sure your address is truly generated randomly. /thread.
This.

Can someone post the article to this image? I would like to have it with a better resolution, it's hard to read the text.

Back to the topic, I think the only way is to bruteforce the private key, which is according to the description above nearly impossible.

★ PRiVCY ➢ Own Your Privacy! ➢ Best privacy crypto-market! ★
✈✈✈[PoW/PoS]✅[Tor]✅[Airdrop]✈✈✈ (https://privcy.io/)
nc50lc
Sr. Member
****
Offline Offline

Activity: 602
Merit: 396


Self-proclaimed Genius ㊙️


View Profile WWW
June 15, 2018, 09:14:50 AM
 #10

Can someone post the article to this image? I would like to have it with a better resolution, it's hard to read the text.

Back to the topic, I think the only way is to bruteforce the private key, which is according to the description above nearly impossible.
Drag and drop it to a new tab or window to view full screen, (after checking) that image has 1920x1200 dimensions which is pretty big to blur.
Here's a link of the full screen version: Right Click->Open Link New Tab

You can try using Vanitygen or Oclavanitygen to waste your electricity, time and dignity; but the chance to bruteforce a loaded address is almost impossible.

You can't forbid someone to pick a random number, can you ?
Yes, of course. Anyone can pick a random number manually even without a computer.

███████████
██
██
██
██
██
██
██
██
██
██
██
███████████
#1
███████████
██
██
██
██
██
██
██
██
██
██
██
███████████
BTC 
  ●
   BTC
  BTC   
.
    ▄▄▄▀▀▀▀
 ▄██▀
███        ▄▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄▄▄
▀███▄▄▄▄▀▀▀                 ▀▀▄▄
  ▀▀▀██████████████████████████▀
   ▄█▄     ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀██▄▄█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀▀
      ▄  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
      ▀██▄  ▄▀▀▀▀▀▀▀▀▀▀▀▀▄
        ▀█▀██████████████▀▀
         ▀█▄▄ ▄▄▄▄▄▄▄▄▄▄
            █▀▄▄▄▄▄▄▄▄▄▄▀
             ▀▀▄▄▄▄▄▄▄
.
     BTC
  BTC   
  ●
  BTC   
███████████
██
██
██
██
██
██
██
██
██
██
██
███████████
███████████
██
██
██
██
██
██
██
██
██
██
██
███████████
tesla80
Member
**
Offline Offline

Activity: 350
Merit: 76


View Profile
June 16, 2018, 09:25:43 AM
 #11

Every public key has one private key. EDIT : this is wrong : There is actually 2^96 private key that corresponds to an address.
This actually is TRUE.
Each public key only corresponds to ONE private key.
Actually I removed the EDIT part, because it is not logical to me. One public key must have one private key always. Bu one address can correspond to more keys because of hashing.

There are many people work on resolving and emptying the used wallets.

Especially they claim that addresses which start with "1" and addresses generated with secret words (thus brain wallet) are not secure at all. I'm not familiar with the details that much but this seems dangerous to me, because almost every system generates addresses using brain wallet method with 7-8 words. This makes the most addresses weak. There are really good DEFCON briefs in youtube about this subject if anyone is interested.
bob123
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1014



View Profile WWW
June 16, 2018, 10:05:37 AM
 #12

Especially they claim that addresses which start with "1" and addresses generated with secret words (thus brain wallet) are not secure at all. I'm not familiar with the details that much but this seems dangerous to me, because almost every system generates addresses using brain wallet method with 7-8 words. This makes the most addresses weak.

No, you misunderstood this.

A private key is a 256 bit random number. And the hash function SHA-256 does produce a 'random-looking' output (depending on the input).
So quite a few people came to the idea to hash a 'password' to generate a 'random looking' number.

5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 <-- This may look random. But it is the output of sha256('password').

So people started using passwords to generate private keys (thefore 'brain wallet').
Then smarter people started to program bots who create hashes of the most common passwords, most common prases, books, etc... to collect all the money stored in such 'brain wallets'.


While you think you may be able to find a 'random' input, it will always be less random than using a machines entropy pool. A human brain is very very far away from 'random'.

Now wallets nowadays do use entropy to achieve randomness. A random seed is generated, which is then being encoded into 12/24 words (this makes it easier for user to backup / memorize the seed and it is less error-prone when typing).
Those are NOT brain wallets. And NEITHER can they be bruteforced or hacked.
It is just a differend form of representing the random seed which is used to derive all of the public-/private- keypairs.

tesla80
Member
**
Offline Offline

Activity: 350
Merit: 76


View Profile
June 16, 2018, 03:16:40 PM
 #13

Is there any prevention method agains random address generation?
Make sure your address is truly generated randomly. /thread.
Now I understand this suggestion more deeply. Actually brain wallets have low randomness and should be avoided for security reasons.
Which address generation tool do you recommend? It should not a brain-wallet and should use hardware random generator of the computer.
ranochigo
Legendary
*
Online Online

Activity: 1680
Merit: 1132

Somewhat inactive.


View Profile WWW
June 16, 2018, 03:33:39 PM
 #14

Now I understand this suggestion more deeply. Actually brain wallets have low randomness and should be avoided for security reasons.
Which address generation tool do you recommend? It should not a brain-wallet and should use hardware random generator of the computer.
Bitaddress.org, bip38.org or Electrum. Generating anything with only a passphrase to access it is incredibly insecure. If you really do want to use something like Brainwallet but more secure, try going to keybase.io/warp/. You are to select your own secure passphrase and add an email with your salt. I wouldn't say that its super secure but its definitely more secure than typical brainwallet since the attack has to be specific at you.

CptWhsikeyjack
Member
**
Offline Offline

Activity: 79
Merit: 10

ERC20 Address:0x09b9b7032c3ad01E42aD8A185D765a6d03


View Profile
June 17, 2018, 02:55:09 AM
 #15

Okay, this is something new to me. I only thought there were private keys. What are these public keys?

GenesisP2P Payment Ecosystem  │ GITHUBPOOLSEXPLORERBLOCK TRACKER☑ No ICO/Auction   
Equihash 192.7 ● ─[ Secure & Private Cryptocurrency ]─ ● ────[ ForumFaucetExchangeAirdrops & Bounties ]──── ● ☑ No pre-mine       
 POW/MNs     │SOLUTION FOR BUSINESSES AND E-COMMERCE│           ANNTWITTERDISCORDREDDIT           │ ☑ Fair Launch     
boulderchain
Jr. Member
*
Offline Offline

Activity: 59
Merit: 5


View Profile
June 17, 2018, 04:19:37 AM
 #16

Okay, this is something new to me. I only thought there were private keys. What are these public keys?

Every private key has its own public key, which is basically your address. You can search for 'public private key cryptography' to find more info about this, there are many good, pictured, explanations available.

★ PRiVCY ➢ Own Your Privacy! ➢ Best privacy crypto-market! ★
✈✈✈[PoW/PoS]✅[Tor]✅[Airdrop]✈✈✈ (https://privcy.io/)
Xynerise
Sr. Member
****
Offline Offline

Activity: 322
Merit: 293

39twH4PSYgDSzU7sLnRoDfthR6gWYrrPoD


View Profile
June 17, 2018, 04:31:27 AM
 #17

Every private key has its own public key, which is basically your address. You can search for 'public private key cryptography' to find more info about this, there are many good, pictured, explanations available.
Public key is not the address -- the address is a HASH of the public key.
HeRetiK
Legendary
*
Offline Offline

Activity: 1106
Merit: 1049


the forkings will continue until morale improves


View Profile
June 17, 2018, 09:37:30 AM
 #18

[...]

There are many people work on resolving and emptying the used wallets.

Especially they claim that addresses which start with "1" and addresses generated with secret words (thus brain wallet) are not secure at all. I'm not familiar with the details that much but this seems dangerous to me, because almost every system generates addresses using brain wallet method with 7-8 words. This makes the most addresses weak. There are really good DEFCON briefs in youtube about this subject if anyone is interested.

Not quite. Addresses starting with "1" merely indicate P2PKH (Pay-to-PubkeyHash) addresses [1], the format used for single-sig, pre-SegWit addresses.

[1] https://en.bitcoin.it/wiki/Address


Brain wallets are a type of address that in which the private key is directly derived from a secret word or phrase. Their insecurity stems from people's inherent disability to generate and remember phrases that are random and long enough as to outwit automatized approaches. Brain wallets are usually P2PKH addresses because most of them were generated long before SegWit. In theory one should be able to generate a SegWit P2SH or Bech32 as well, meaning the address type has little to do with whether the corresponding private key is generated randomly or within a human mind.

They are not to be confused with the seed words used by HD wallets [2], based on the BIP-0039 wordlist [3]. For this standard most wallets use 24 words and upwards, which should be sufficiently secure for the foreseeable future.

[2] https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
[3] https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md


Okay, this is something new to me. I only thought there were private keys. What are these public keys?

Read up on public-key cryptocgraphy, also known as asymetric cryptography:

https://en.wikipedia.org/wiki/Public-key_cryptography

TLDR; For cryptocurrencies this means that public keys are what enables people to verify people's coins while not being able to steal them.

HCP
Legendary
*
Offline Offline

Activity: 980
Merit: 1507

<insert witty quote here>


View Profile
June 18, 2018, 03:45:45 AM
Merited by HeRetiK (1)
 #19

They are not to be confused with the seed words used by HD wallets [2], based on the BIP-0039 wordlist [3]. For this standard most wallets use 24 words and upwards, which should be sufficiently secure for the foreseeable future.
Minor correction... BIP39 specifies that:
The mnemonic must encode entropy in a multiple of 32 bits. With more entropy security is improved but the sentence length increases. We refer to the initial entropy length as ENT. The allowed size of ENT is 128-256 bits.
As it must be in multiples of 32 bits, this equates to a mnemonic sentence length between 12-24 words in 3 word "steps"... so 12, 15, 18, 21 or 24 words.

HeRetiK
Legendary
*
Offline Offline

Activity: 1106
Merit: 1049


the forkings will continue until morale improves


View Profile
June 18, 2018, 08:49:08 AM
 #20

They are not to be confused with the seed words used by HD wallets [2], based on the BIP-0039 wordlist [3]. For this standard most wallets use 24 words and upwards, which should be sufficiently secure for the foreseeable future.
Minor correction... BIP39 specifies that:
The mnemonic must encode entropy in a multiple of 32 bits. With more entropy security is improved but the sentence length increases. We refer to the initial entropy length as ENT. The allowed size of ENT is 128-256 bits.
As it must be in multiples of 32 bits, this equates to a mnemonic sentence length between 12-24 words in 3 word "steps"... so 12, 15, 18, 21 or 24 words.

Ah, good catch, thank you for correcting me.

I was thinking about hardware wallets and for some reason I misremembered Ledger using 32 seed words as opposed to Trezor's 24 seed words Turns out Ledger also uses 24 seed words and it's just the custom passphrase that is longer than Trezor's (100 characters [1] vs 50 characters [2]).

[1] https://support.ledgerwallet.com/hc/en-us/articles/115005214529-Advanced-Passphrase-options
[2] https://blog.trezor.io/hide-your-trezor-wallets-with-multiple-passphrases-f2e0834026eb

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!