Paper Wallets How Doth It Work?

[ipoomyself]

I am thinking about storing all my bitcoin savings in a paper wallet but I'm confused how it works.

How does the software know how many coins that have been sent to that "cold storage" address since it is permanently offline.

I am hopelessly confused.

I just generated an offline address using bitaddress.org (saved the webpage to my pc for offline generation) and wtf that exact address exists on blockchain.info site how is this possibollll magic?

[1715448879]

1715448879

[shaobao88]

Maybe this will help you - http://www.reddit.com/r/Bitcoin/comments/1c9xr7/

[softron]

The blockchain holds all bitcoins stored in different wallet addresses, just make sure to keep yr private keys safe, you can also print a QR code of your private keys

[softron]

Are there any bitcoins in that wallet?

[DannyHamilton]

I just generated an offline address using bitaddress.org (saved the webpage to my pc for offline generation) and wtf that exact address exists on blockchain.info site how is this possibollll magic?

As long as the bitcoin address is in the standard format (starts with a 1, has a proper checksum in the last 4 bytes, contains only base58check encoding characters), blockchain.info will display the address.  You type the address in when you search for it, and blockchain.info echoes that same address back at you when they display their "address" page.

I am thinking about storing all my bitcoin savings in a paper wallet but I'm confused how it works.

How does the software know how many coins that have been sent to that "cold storage" address since it is permanently offline.

Bitcoins are not stored in wallets, bitcoins are not stored at addresses.  If you want to get literal about it, there is no such object or representation of a specific bitcoin, but we'll ignore that for this conversation.  (The concept "a bitcoin" is an abstraction we humans use to make it easier to discuss the action of transfering control of value).

Sticking with the abstraction and avoiding the really technical details for a moment, the representation of how much bitcoin you control exists in the publicly shared blockchain that every full node on the entire bitcoin network has a complete copy of.  Transferring control of those bitcoins to someone else is accomplished by digitally signing a message that references some "bitcoins" in the blockchain and indicating in that message which new address now has control of those bitcoins.  That digital signature is calculated using a "private key", so you can think of the "private key" as being a bit like a password that gives you permission to transfer the bitcoins to a new address.

The private key is mathematically linked to the bitcoin address in such a way that each private key has exactly one bitcoin address that it is associated with.  It is fast and easy for a computer to calculate the address if you have the private key.  However, it is for all practical purposes currently impossible to calculate the private key if have the address.

The address and the bitcoins sent to the address are stored in the blockchain, but there are no private keys stored in the blockchain.  The private key is in your wallet (or in the case of a paper wallet, the private key is printed on a piece of paper).

When you use any wallet program, the wallet calculates all the addresses for all the private keys that it knows about.  Then it scans through the entire blockchain looking for all the bitcoins that have been sent to any of those addresses.  It sums up all those bitcoins that haven't been spent yet, and it displays that total to you as the total bitcoins controlled by the wallet.

So, if you create a "paper wallet" completely offline, then the private key only exists on that paper wallet.  Anybody can create a transaction to send bitcoins to the address that you tell them to send it to.  There is no verification in the bitcoin system to make sure that a bitcoin address that is receiving bitcoins has been generated by anyone.  As long as the bitcoin address is in the right format, the sender's wallet will create a transaction and broadcast it.  All peers will verify that the bitcoins being spent exist, but they won't care where they are being sent.  This transaction will eventually be added to the blockchain.  At that time, you (or anyone that knows of the address) can scan the blockchain for the transactions that were sent to that address.  By summing up all those transactions, it can be determined how many bitcoins are at that address without the "wallet" ever having been online.  Blockchain.info will be able to do this for you.

[ipoomyself]

thank you for you help youve been a big help.

NOW I UNDERSTAND.

all this bitcoin evolves on the blochain so...

bitcoin-qt client refers to blochain so paper and software wollets arent really offline they are stored in the blochain everything is connected to the blochain no matter wot you use so paper or software makes no difference

so... only difference is that paper wollets dont have to worry about malware/keyloggers etc becase they dont have to talk to the internet, they only talk when u have to put their private key in to make payments which is more secure than keeping a software wallet using up internet resources syncing all the time.


so.. if the blochain is hacked or corrupted then everyone is fucked?

so then... the bankers and goverment that hate bitcoin will corrupt it and force everyone back to fiat money so really its a timebomb waiting to happen and my investment is a waste of moni and i had better get out fast before the ponzi scheme collapses

ahhehrha i get it now i rill hath wot do i do now

[DannyHamilton]

so.. if the blochain is hacked or corrupted then everyone is fucked?

The consensus design makes it essentially impossible to "hack" the blockchain.  There is nothing there to "hack".  You would have to hack every single node on the entire bitcoin network.

Every node contains a complete copy of the blockchain.  Many people make regular offline backups of the blockchain.  For all practical purposes, it would be impossible for every single copy of the blockchain in the entire world to suddenly becom "corrupted".

so then... the bankers and goverment that hate bitcoin will corrupt it

Please explain how they can do this?

[DannyHamilton]

bitcoin-qt client refers to blochain so paper and software wollets arent really offline they are stored in the blochain everything is connected to the blochain no matter wot you use so paper or software makes no difference

It does make a difference.

With a software wallet, your private keys are stored on a computer that is connected to the internet.

If a hacker, or a virus, or a trojan, or any other malware accesses those private keys on the computer, then a digital signature can be created to spend (steal) all the bitcoins that the wallet controlls.  If you don't have a backup and the computer hard drive crashes, you can permanently lose access to the private keys and never again be able to spend any of the bitcoins you own.  They will be permanently lost to you.

With a paper wallet, there is nothing for anyone to hack.  No software can "steal" your private key.  You can easily and cheaply make multiple copies of the paper wallet and store it in multiple locations so that if one copy is accidentally destroyed, you can still access your bitcoins.

[shawshankinmate37927]

Where's a good place to learn how to recover funds from a paper wallet?  Some folks have lost bitcoins because they misunderstood the proper procedure.  It's not enough to successfully transfer the funds to a paper wallet. You have to also be able to successfully recover those funds.

Edit: By "recover funds" I mean "transfer the bitcoins to an online wallet" or "import the private keys from the paper wallet to an online wallet".

[kjj]

A good understanding of bitcoin in general seems to be both a necessary and a sufficient condition for redeeming properly designed paper wallets.

You must understand that bitcoin spends old transactions into new transactions.
You must understand that transactions are redeemed in entirety.

A firm grasp on those two concepts will be sufficient for most people.  Things get a bit more complicated if your paper wallet uses P2SH multisig (which it totally should).

[ninveh]

@kjj
Now I'm concerned. I thought to prepare a paper wallet for my local hot wallet, but from what you say I realize that it is not enough to blindly use one of the paper-wallet generating ustilities, lest I could not properly retrieve the funds when the time comes.  Need to learn more about the transaction mechanism. Thanks for the warning.

@DannyHamilton
Thank you for a great explanation. Just to make sure that I understand the robustness of the blockchain, here is a scenario that although it carries a negligible small chance of happaning, it is still a technical possibility:
Let's assume that the US gov wants to corrupt the blockchain and destroy the whole Bitcoin economy. Since the gov has much more hashing power (cracking machines at the NSA, number crunchers at the DOE) than the whole mining community, it can easily take over more than 50% of the hashing rate of the Bitcoin ecosystem, thus controlling the blockchain and be able to corrupt it. Is this (fictional) scenario, i.e. the ability to corrupt the blockchain if one has more than 50% hashrate than the rest, technically correct?

[DannyHamilton]

Let's assume that the US gov wants to corrupt the blockchain and destroy the whole Bitcoin economy. Since the gov has much more hashing power (cracking machines at the NSA, number crunchers at the DOE) than the whole mining community, it can easily take over more than 50% of the hashing rate of the Bitcoin ecosystem, thus controlling the blockchain and be able to corrupt it. Is this (fictional) scenario, i.e. the ability to corrupt the blockchain if one has more than 50% hashrate than the rest, technically correct?

Supplying more than the combined hashing power of the entire world without access to your own ASIC design and manufacturing is a lot more difficult and expensive that you would think.  There are much faster, easier, and cheaper ways for a government like the U.S. to interfere with bitcoin.

If for some reason they did decide to try to mount a 50%+ attack, they could not submit "corrupt" blocks.  Every node on the network would simply reject their corrupt blocks and the blocks would never make it into the blockchain.  The entire hashing effort would be wasted.

For as long as they could maintain more hashing power than the entire world, they would be able to choose which transactions become confirmed (leaving the rest of the transactions unconfirmed until their attack ends).  They would also be able to prevent any other miners or mining pools from confirming any blocks and earning any newly mined bitcoins (the U.S. govt. would get all the newly mined blocks until they stopped their attack, or until the network increased its hash power beyond the capabilities of the U.S. govt)

Perhaps one of the more destructive things they could do would be to mine blocks in secret, building their own alternative blockchain for a few days without broadcasting it to anyone.  By then, some of the newly mined bitcoins from the past few days would have been spent by the miners or pools that mined them.  Those spent "new bitcoins" will have been re-spent, and re-spent again (perhaps multiple times).  If they then suddenly released their longer blockchain, the blockchain would reorganize orphaning all the recently created blocks.  All the transactions that could be traced back to recently mined bitcoins would suddenly become invalid and would be rejected by the network.  Payments that people thought they had received would suddenly vanish out of their wallet.

Of course, that sort of attack would be pretty easy to identify.  An unplanned blockchain reorganization that goes back a few hundred blocks would be immediately obvious to most users.  There are a few potential solutions that could restore the commonly accepted blockchain and reject the U.S. govt. submitted blockchain.  It would require an update to the software, and none of the solutions would be great, but given the choice between fighting an attacker or accepting the damaging blocks, I suspect a consensus would be reached on one of the unpleasant solutions.

[ninveh]

Of course, that sort of attack would be pretty easy to identify.  An unplanned blockchain reorganization that goes back a few hundred blocks would be immediately obvious to most users.  There are a few potential solutions that could restore the commonly accepted blockchain and reject the U.S. govt. submitted blockchain.  It would require an update to the software, and none of the solutions would be great, but given the choice between fighting an attacker or accepting the damaging blocks, I suspect a consensus would be reached on one of the unpleasant solutions.

Thank you for the detailed response. I am pleased to see that the blockchain infrastructure is fairly robust even when facing such an theoretical enormous attack.

Regarding the pools hashrates vs. NSA/DOE computing power, I looked up some numbers. It appears that the aggregate commercial pools' current 50% hashrate is about 12 petahash/sec. One of the fastest supercomputers today in NSA hands is the Cray XK6, clocking at about 15 Petaflops (estimated to go x1000 speedup by 2018.)
Since one SHA256 pass requires several hundreds operations (integer though, but for supercomputer they are processed at about the same speed as floating point), I concur with you that the mining pools possess formidable amount of computing power...

[DannyHamilton]

It appears that the aggregate commercial pools' current 50% hashrate is about 12 petahash/sec.

It wouldn't be enough to have 50% of the current hashrate, because the additional hashing power added by the govt. would add to the total global hash rate.

If the total global hashrate is 24 petahash/sec, then the attacking entity would have to supply more than 24 petahash/sec.  This would raise the global hash rate to 48 (or more) and provide the attacking entity with 50% (or more) of that global hash rate.

A 50% attack doesn't mean "more than 50% of the honest network".  It means more hashing power than the entire combined honest network.

[ninveh]

@DannyHamilton
You explain things very clearly. Thanks again.