Private Key by 256 coin flips

[MrFreeDragon]

Some weeks ago I made a visual tool to create a bitcoin private key. The most secure way for key generation is to flip a physical coin 256 times. I flipped a coin 256 times, and made a video how to create the bitcoin private key with my tool.

Here is the video instruction: https://youtu.be/WyBdYhwweaE

The total time just for flipping a coin was 16 minutes, plus some minutes to fill the cells in my key generator. So, the fastest way to create a safe bitcoin private key with the physical 256 coin flips is appox. 15-20 minutes.

Enjoy! 

PS. The project discussion is also available here: https://bitcointalk.org/index.php?topic=5187401.0

[1714010272]

1714010272

[1714010272]

1714010272

[1714010272]

1714010272

[odolvlobo]

What about flipping 256 coins all at once? I would expect that to be a lot faster.

[MrFreeDragon]

What about flipping 256 coins all at once? I would expect that to be a lot faster.

I do not think that it is easier. In practice, flipping one coin 256 times is faster than flipping all 256 coins at once (in the terms of the private key generation).
1) As you flip 256 coins at once, they will fly to different corners of the room. Difficult to collect without losing some of them.
2) Flipping is only one step, you still need to enter the outcome of each coin (find every coin, collect it, etc) --> time
3) I used 2EUR (it is 8.5gr, 1.95mm width, 25.75mm dia). So, 256 coins are 2.2kg weight - no very easy to flip   {1EUR is 7.5gr, so the total weight is like the same 1.92kg}
4) As for me i do not have 256 equal coins :-) 256 of 2EUR coins is 512 EUR. Usually prefer notes for such amounts  

But i do not 100% sure that flipping one coin (as in my video) is faster. And will be very glad if somebody makes such experiment: flip 256 coins at once, and make a private key based on their outcomes.

[Kyraishi]

Haha, very interesting way to generate a private key, 20 minutes well spent mate!

Not sure if it's the safest way to generate a private key, but it's definetly the most fun way to do something like that.

Flipping at once would be easier if you could contain the flip, it saves you the motion of flipping them one by one and going around and recording the results is easier then flipping them all one by one.

[MrFreeDragon]

Not sure if it's the safest way to generate a private key, but it's definetly the most fun way to do something like that.

If you generate 256 bit of your private key flipping a coin, you can 100% be sure that all your 256 bits are absolutely random.
If you generate a private key with the help of some software/wallet/other service, you can not be sure in their random algorythm. In some cases they also could be pseudorandom, generating the predefined keys within the predefined range (even if you use them offline).

[hatshepsut93]

The most secure way for key generation is to flip a physical coin 256 times.

This is misleading, physical things like coins or dice can have a lot non-randomness if they were not designed specifically for the purpose of generating random numbers - https://www.schneier.com/blog/archives/2009/08/non-randomness.html

If you are paranoid about your computer being backdoored to generate non-random keys, you should probably just stop using Bitcoin, since backdoored system can cause harm in many other ways - for example, generating non-random k parameter in ECDSA.

Also, generating private key inside the browser is much less secure compared to software, especially if it's done online.

[Kyraishi]

Not sure if it's the safest way to generate a private key, but it's definetly the most fun way to do something like that.

If you generate 256 bit of your private key flipping a coin, you can 100% be sure that all your 256 bits are absolutely random.
If you generate a private key with the help of some software/wallet/other service, you can not be sure in their random algorythm. In some cases they also could be pseudorandom, generating the predefined keys within the predefined range (even if you use them offline).

That's true, but it depends on the software. For example, using ledgers software which randomally creates private keys it would be impossible for you to backdoor your way into it, due to limited internet connection and you needing to actually access the ledger wallet.

RNG is a weird topic and it's too advanced for this thread. But dice and coin flips are not completely random all the time.

[MrFreeDragon]

RNG is a weird topic and it's too advanced for this thread. But dice and coin flips are not completely random all the time.

Ok, for fun there is also a "pattern" way of key generation: https://youtu.be/0Ug4YBEyRFQ
This is like brain wallet, but use logos, patterns, symbols and other visual ideas  

Such pattern keys could be used for small gifts and funny presents to others.

[pooya87]

So, the fastest way to create a safe bitcoin private key with the physical 256 coin flips is appox. 15-20 minutes.

since your tool supports it, try finding a 16 sided dice and roll that. these dies are also a popular way of creating random numbers (in hexadecimal format) and they are specially designed to be unbiased and produce a truly random result. the befit of it is that you only need to roll it 64 times which is a lot less than 256 times flipping a coin.

[naska21]

snip

Looked at  video and should say the private key you generated via shaking a disposable cup is not random but rather pseudorandom in fact is the coin in the cup has the limits in  all directions.  IMHO, you would get the better results with  flipping   the coin up by the snap of two fingers.

[MrFreeDragon]

If you are paranoid about your computer being backdoored to generate non-random keys, you should probably just stop using Bitcoin, since backdoored system can cause harm in many other ways - for example, generating non-random k parameter in ECDSA.

Yes, non-random k value in digital signatures is much much bigger problem! It is like appear on public absolutely nude with the clear private key written on the body 

[MrFreeDragon]

snip

Looked at  video and should say the private key you generated via shaking a disposable cup is not random but rather pseudorandom in fact is the coin in the cup has the limits in  all directions.  IMHO, you would get the better results with  flipping   the coin up by the snap of two fingers.

Thank you for your feedback. Probably you are right.
There are different ways of flipping the coin - https://www.wikihow.com/Flip-a-Coin
And iI beleive that every human flipping a coin makes it in some pseudorandom way because of his habits, physical conditions, etc. And in fact, all these different singularities would add the additional entropy for the key generation process (like one man will make the flips with 51%/49% odds, another with 48%/52% odds, etc

[MrFreeDragon]

So, the fastest way to create a safe bitcoin private key with the physical 256 coin flips is appox. 15-20 minutes.

since your tool supports it, try finding a 16 sided dice and roll that. these dies are also a popular way of creating random numbers (in hexadecimal format) and they are specially designed to be unbiased and produce a truly random result. the befit of it is that you only need to roll it 64 times which is a lot less than 256 times flipping a coin.

Cool idea! You are right, my tool allows to input the HEX value of the private key.
I searched 16side HEX dices and found a lot of them in internet for 1-3USD. Will order this dice for my experiments, nice thing.
Thank you!

[Mandoy]

If I have more time and I am bored then I will try doing that entertaining way of creating a private key. But given that time is crucial for me I guess Ill just pass and just be contented to the private key attached to the generated address on websites that host webwallets. Though it will take a long time to make a private key but I imagine it to be fun. I do thank you for sharing it in this forum and it really adds another folder to my knowledge about crypto.

[Ucy]

Some weeks ago I made a visual tool to create a bitcoin private key. The most secure way for key generation is to flip a physical coin 256 times. I flipped a coin 256 times, and made a video how to create the bitcoin private key with my tool.

Here is the video instruction: https://youtu.be/WyBdYhwweaE

The total time just for flipping a coin was 16 minutes, plus some minutes to fill the cells in my key generator. So, the fastest way to create a safe bitcoin private key with the physical 256 coin flips is appox. 15-20 minutes.

Enjoy! 

PS. The project discussion is also available here: https://bitcointalk.org/index.php?topic=5187401.0

Nice. I guess it safer to do this offline as you suggested in your other thread. And a clean or brand new pc would be more suitable for even better security.
Generating a private keys in this way can be quite intimidating. The next thing would probably be to make it easier for even a 10year old kid to generate his own private keys in this way.

[bitmover]

Not sure if it's the safest way to generate a private key, but it's definetly the most fun way to do something like that.

If you generate 256 bit of your private key flipping a coin, you can 100% be sure that all your 256 bits are absolutely random.
If you generate a private key with the help of some software/wallet/other service, you can not be sure in their random algorythm. In some cases they also could be pseudorandom, generating the predefined keys within the predefined range (even if you use them offline).

I don't agree that the results are absolutely random. The coin weight might be a little biased, and you may have some muscular memory also which may lead to less randomness. Ofc this it is enough random for a private key generationg...... But I believe that are some better computer-based methods.

I still think the most secure way of generating a private key is through a hardware wallet. However, for educational purposes, this flipping method is amazing.

[MrFreeDragon]

Not sure if it's the safest way to generate a private key, but it's definetly the most fun way to do something like that.

If you generate 256 bit of your private key flipping a coin, you can 100% be sure that all your 256 bits are absolutely random.
If you generate a private key with the help of some software/wallet/other service, you can not be sure in their random algorythm. In some cases they also could be pseudorandom, generating the predefined keys within the predefined range (even if you use them offline).

-snip-
I still think the most secure way of generating a private key is through a hardware wallet. However, for educational purposes, this flipping method is amazing.

Can you explain the algorithm and the process of private key generation by a hardware wallet (ley's say by Ledger)?

[bitmover]

Can you explain the algorithm and the process of private key generation by a hardware wallet (ley's say by Ledger)?

Ledger nano does not generate private keys, but a BIP 39 24 word mnemonic seed. Different from what you are doing, because generating private keys directly (however, this allows you to create just one address)

I was able to find this information regarding randomness of the process (i think this is what you are looking for)

Here’s how a BIP 39 24-word mnemonic seed is generated:

The device generates a sequence of 256 random bits using the true random number generator (TRNG) built into the device’s Secure Element.
The first 8 bits of the SHA-256 hash of the initial 256 bits is appended to the end, giving us 264 bits.
All 264 bits are split into 24 groups of 11 bits.
Each group of 11 bits is interpreted as a number in the range 0 - 2047, which serves as an index to the BIP 39 wordlist, giving us 24 words.
https://ledger.readthedocs.io/en/latest/background/master_seed.html

Ledger devices also generate secrets securely with a large amount of entropy using an AIS-31 compliant true random number generator (TRNG). As such, it is more secure to use the device’s internally generated secrets rather than importing a secret from elsewhere which could have been compromised before being loaded onto the device.
https://ledger.readthedocs.io/en/latest/background/personal_security_devices.html#personal-security-devices

If you think their entropy is not good enough, you can also add a passphrase to your seed, it will add an additional entropy to your private keys generation.

[MrFreeDragon]

Can you explain the algorithm and the process of private key generation by a hardware wallet (ley's say by Ledger)?

Ledger nano does not generate private keys, but a BIP 39 24 word mnemonic seed. Different from what you are doing, because generating private keys directly (however, this allows you to create just one address)
-snip-

Here’s how a BIP 39 24-word mnemonic seed is generated:
The device generates a sequence of 256 random bits using the true random number generator (TRNG) built into the device’s Secure Element.
The first 8 bits of the SHA-256 hash of the initial 256 bits is appended to the end, giving us 264 bits.
All 264 bits are split into 24 groups of 11 bits.
Each group of 11 bits is interpreted as a number in the range 0 - 2047, which serves as an index to the BIP 39 wordlist, giving us 24 words.
https://ledger.readthedocs.io/en/latest/background/master_seed.html

Actually the same random number: 256bit number - they still generate a 256bit number (like 256 coin flips in my case). They just use this number in a different way: they append 8 first bits (actually repeat them) to receive 264bits in order to present it by 24 words. So, first of all they generate 256bit number, and later present this number by 24 words from 2,048 determined words list.

Hence, the common thing in "coin flip" and "hardware wallet" is a 256bit number generation. My visual tool makes it visually flipping a coin 256 times with 50%/50% chances for every bit, and I evaluated these 256 bits as absolutely random. Howeve you argued this and said that:

-snip-
I still think the most secure way of generating a private key is through a hardware wallet.
-snip-

Probably we compare the different things: randomness and security. If you mean the most secure way, i also beleive that the hardware wallet could be better (at least the user does not know the key and does not have some parts of it in memory). For security we should consider more things, not only randomness.

But I was talking about randomness saying that the coin flip method is absolutely random. If you still beleive that hardware wallet generates "more random" number rather than a physical coin flip, can you please describe why? In other words, why the AIS-31 compliant true random number generator (TRNG) generates a more random 256bit number rather than physical coin fliped 256 times?

[bitmover]

In other words, why the AIS-31 compliant true random number generator (TRNG) generates a more random 256bit number rather than physical coin fliped 256 times?

I do not understand the limitations on AIS-31 compliant. Maybe someone who has more knowledge can help us better ( i would move this topic to technical discussion board for better inputs from community and less yobit spammers).

But there are limitations on randomness of flipping a coin over and over again.

1 - muscular memory -  i don't know if that expression is correct, I am talking about you doing the exactly same movement 256 times is not totally random. Your movement may not be 50-50, but 30-70, as it is the same over and over again. Maybe if you asked to different 256 people flip the coin once, it would have a better randomness.

2 - coin may have not be completely balanced, which could also lead to biased results (not 50-50).

But anyway, as I said before, I think it is enough randomness for a priavate key generation. Don't know if it is better or not than AIS-31. But flipping a coin is not perfectly random imo.