Why are private keys safe?

[mvdheuvel1983]

I'm trying to understand why cryptocurrency private keys are safe. Maybe it's a n00b question, but here I go.

I understand that if you know someone's private key, this is means you can transfer the coins. I tried this with my CGA wallet, I used dumpprivkey to get my private key, deleted my wallet file, restarted the client, and all I needed to to to get my balance back was entering "importprivkey <privatekey>". You don't need anything else than the private key.

What if someone ran a powerful computer which runs a program that does nothing else than:

1) generate random key
2) importprivkey <randomlygeneratedkey>
3) return to 1

Wouldn't that mean that this program could randomly pick up users balances, like some lottery?

[Gabi]

Here is why


https://i.imgur.com/fYFBsqp.jpg

[rmines]

I'm no cryptography expert myself, but I believe what you describe is known as 'rainbow 'tables'.
In short, there's no use in trying to generate rainbow tables for SHA-256 (the hash algorithm Bitcoin uses) as it would take way too much computing power and storage space.

[turvarya]

Here is why

nice one.

[OnkelPaul]

Yes. But...
The probability that you hit an existing private key is so small that the time and energy invested into finding one key would cost more than the total market cap of bitcoin (in fact, as Gabi has pointed out, more than the available energy output of our sun over its entire lifetime).
This is pretty similar to a lottery where you buy all the tickets - of course you will win the lottery, but it's not really cost-effective, and in the case of bitcoin, you can't buy enough tickets to even get a chance of winning a little bit...

Onkel Paul

Actually, there's a small exception to this rule: If you look at deterministic keys generated from a passphrase instead of random keys, and the passphrase can be guessed, it's much easier of course.
Example: There's a private key generated from "correct horse battery staple" (corresponding public key is 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T) which is a passphrase that wasn't too hard to guess (actually, if xkcd had kept its mouth shut, it would be pretty hard to guess...). Everybody can spend contents of this address, which is why its balance is almost always zero...

[jl2012]

This is asked every two days. Please search before you ask

[mvdheuvel1983]

Yes. But...
The probability that you hit an existing private key is so small that the time and energy invested into finding one key would cost more than the total market cap of bitcoin (in fact, as Gabi has pointed out, more than the available energy output of our sun over its entire lifetime).
This is pretty similar to a lottery where you buy all the tickets - of course you will win the lottery, but it's not really cost-effective, and in the case of bitcoin, you can't buy enough tickets to even get a chance of winning a little bit...

Onkel Paul

Actually, there's a small exception to this rule: If you look at deterministic keys generated from a passphrase instead of random keys, and the passphrase can be guessed, it's much easier of course.
Example: There's a private key generated from "correct horse battery staple" (corresponding public key is 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T) which is a passphrase that wasn't too hard to guess (actually, if xkcd had kept its mouth shut, it would be pretty hard to guess...). Everybody can spend contents of this address, which is why its balance is almost always zero...

OK, I get that. Chances you hit a private key are too small. And if people are smart enough to store their balances in small amounts over multiple private keys its even less effective for hackers.

But I have another question.

If I use my private key to make a transaction, the network needs to match this private key to the public key (which is derived from the private key). Doesn't this mean that all the private keys are stored on the network? And how safe is this? Why can the network easily verify the private keys but can't someone else look into them? And can't someone simply "listen" to the network and pick up those private keys?

And if I make a wallet address with the QT client, does the cliënt generate a private key? And is I encrypt my wallet, what does that mean? Does that mean my passphrase is the new private key?

[Gabi]

You should have stopped at the first question, the answer to that answer the other too The transaction is SIGNED by using the private key, this means that anyone can prove it is valid but no one can get the private key. So, no problem!  

[mvdheuvel1983]

You should have stopped at the first question, the answer to that answer the other too The transaction is SIGNED by using the private key, this means that anyone can prove it is valid but no one can get the private key. So, no problem!  

So the private key you use to sign the transaction isn't compared to some list of private keys which are on the network to verify if it is an existing private key?

[OnkelPaul]

So the private key you use to sign the transaction isn't compared to some list of private keys which are on the network to verify if it is an existing private key?

If there were a list of private keys they would not be private keys.
It's really easier to learn crypto basics by reading some introductory texts on the net.
Do you know how to google? Enter "private key signature" into the search bar. Don't come back before you've read and understood at least 5 of the pages that come up

Onkel Paul

[odolvlobo]

You should have stopped at the first question, the answer to that answer the other too The transaction is SIGNED by using the private key, this means that anyone can prove it is valid but no one can get the private key. So, no problem!  

So the private key you use to sign the transaction isn't compared to some list of private keys which are on the network to verify if it is an existing private key?

mvdheuvel,

You can find the answers to your questions much more quickly by doing some research rather than waiting for people to answer them. Try this site: https://en.bitcoin.it/wiki/

[Gabi]

You should have stopped at the first question, the answer to that answer the other too The transaction is SIGNED by using the private key, this means that anyone can prove it is valid but no one can get the private key. So, no problem!  

So the private key you use to sign the transaction isn't compared to some list of private keys which are on the network to verify if it is an existing private key?

There is no need for that. Also there is no "list of existing private key".
The network just uses the public key and match it against the signed transaction, that confirms that yes, the transaction was signed with that private key. "signing" a transaction=get the transaction and make some operations on it with the private key, the output is the "signed" transaction. From a signed output you CANNOT get the private key so it is secure.

[mvdheuvel1983]

Thanks everyone!

I promise I will do more research myself 

[Kazimir]

So the private key you use to sign the transaction isn't compared to some list of private keys which are on the network to verify if it is an existing private key?

Bitcoin uses ECDSA to cryptographically sign transactions.

This is also the reason why you can keep your private keys offline, and sign transaction on a dedicated offline system, to keep them completely off the internet and have exactly ZERO risk of your keys being stolen (even if that machine would be infect with malware). For example Electrum and Armory offer this feature.

Works like this:
1. setup the transaction (you need internet access for this, it involves getting the history for the involved addresses from the blockchain)
2. sign the transction (this can be done entirely offline, it only requires the data from step 1 + your private key, no blockchain or internet or connection involved) and save it on a USB flash drive or something
3. push the signed transaction from step 2 on the network (this requires a connection of course)

Note that creating the data in step 2 requires the private key, but the result does NOT include the key in any way.

Even if ALL machines would be infected by malware, there is still no risk: the offline system which contains your private keys can't send or leak the keys, and the online system (which you use to setup and push the transaction) can't modify the transaction without the signature becoming invalid.

[cp1]

I do not believe any more in private key safety. As two days ago I realize someone is in posses of my private key...
And what is funny - I believe they stole it from Blockchain.info due to those attacks from 1/28/2014.

And Blockchain.info support is not really helping in my case.
 

It's because you stored a backup of your blockchain wallet in your email or dropbox, or you entered your info into one of the fake blockchain websites.

[DeathAndTaxes]

If there were a list of private keys they would not be private keys.

This.

A private key is only private if only you know it.  There is no such thing as a private key that everyone knows (but promises not to use because it doesn't belong to them).

The super simplified version is that there is a mathematical relationship between private key and public key such that a message signed with a private key can be verified with the public key.



Just replace email with bitcoin transaction and the process (at a high level) is similar.

[DeathAndTaxes]

We will see. I think it might be due to RIPEMD-160 collision and if I am right - this will be huge case.

You aren't.

Of course it is very easy to prove.

Supply the tx id and YOUR public key (PubKey) for the address in question.  If there is a PubKeyHash collision the tx will be signed by a pubkey which is different than yours (i.e spending tx signed with PubKey A and you provide PubKey B and both of them hash to the same PubKeyHash.

Since a 160 bit hash collision would be incredible news (beyond just bitcoin) and you have all the information to prove it publicly you of course will do so promptly right?

Hint: here is the part where you makeup reasons as to why you can't do that.

[slaveforanunnak1]

Yes. But...
The probability that you hit an existing private key is so small that the time and energy invested into finding one key would cost more than the total market cap of bitcoin (in fact, as Gabi has pointed out, more than the available energy output of our sun over its entire lifetime).
This is pretty similar to a lottery where you buy all the tickets - of course you will win the lottery, but it's not really cost-effective, and in the case of bitcoin, you can't buy enough tickets to even get a chance of winning a little bit...

Onkel Paul

Actually, there's a small exception to this rule: If you look at deterministic keys generated from a passphrase instead of random keys, and the passphrase can be guessed, it's much easier of course.
Example: There's a private key generated from "correct horse battery staple" (corresponding public key is 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T) which is a passphrase that wasn't too hard to guess (actually, if xkcd had kept its mouth shut, it would be pretty hard to guess...). Everybody can spend contents of this address, which is why its balance is almost always zero...

OK, I get that. Chances you hit a private key are too small. And if people are smart enough to store their balances in small amounts over multiple private keys its even less effective for hackers.

But I have another question.

If I use my private key to make a transaction, the network needs to match this private key to the public key (which is derived from the private key). Doesn't this mean that all the private keys are stored on the network? And how safe is this? Why can the network easily verify the private keys but can't someone else look into them? And can't someone simply "listen" to the network and pick up those private keys?

And if I make a wallet address with the QT client, does the cliënt generate a private key? And is I encrypt my wallet, what does that mean? Does that mean my passphrase is the new private key?

Please take cryptography 101
https://www.khanacademy.org/search?page_search_query=cryptography

thanks

[jonald_fyookball]

If I use my private key to make a transaction, the network needs to match this private key to the public key (which is derived from the private key). Doesn't this mean that all the private keys are stored on the network? And how safe is this? Why can the network easily verify the private keys but can't someone else look into them? And can't someone simply "listen" to the network and pick up those private keys?
 

No.  a cryptographic hash is a one-way function. 

A simplified example of how this works is a password for a website.

The website's database has a HASH of your password..when you enter
the password, it hashes your input, compares it to the stored hash,
and if its correct, it lets you in.

It can never determine the original password from the hash itself.

If you forgot your password, you'll get a password reset (Not a password reminder).

[cp1]

That is what they told me too. But it looks not like this. It looks like RIPEMD-160 collision .... I am telling you ... as Nothing was stolen from my wallet, just another public address wwas created without letting me know, and someone is using it's private key, as I can see his transactions ... and even this second person with same pvt key was keeping here for example 0.1 BTC for less than a day, I could just transfer it to another address ... so you think some hackers would be so stupid?

We will see. I think it might be due to RIPEMD-160 collision and if I am right - this will be huge case.

Now I'm confused.  Are you saying that someone else has created a new address inside your blockchain.info online web wallet and it's being used by someone else?  Are you sure it's just not a change address of some sort?