There are more private keys than addresses ?

[bigvito19]

There are 2²⁵⁶ valid private keys and 2¹⁶⁰ valid addresses.

1 address can therefore have several private keys ?

Yes, every bitcoin address can be generated by 2⁹⁶ private keys, on average.

If every bitcoin address can be generated by 2^93 private keys, then chances of brute-forcing and finding private keys of that specific address are respectively higher?

Yes, 2^96 has a much higher chance to brute-forcing compared to 2^256, 2^160, and 2^128.

[1714970053]

1714970053

[1714970053]

1714970053

[1714970053]

1714970053

[1714970053]

1714970053

[BlackHatCoiner]

What is the real question? Or is this a purely academic exercise?

The answer is: it's impossible. Or rather, don't worry about it.

I would disagree with this one. If people are interested, they have to find out more about it. Humans cannot understand the huge range of 2²⁵⁶ and that's why it seems strange that every address has 2⁹⁶ different private keys which is also a huge number.
(It's 79,228,162,514,264,337,593,543,950,336 precisely)

If you understand the possibilities behind this, then you should not worry about it.

Yes, 2^96 has a much higher chance to brute-forcing compared to 2^256, 2^160, and 2^128.

But you're not brute forcing 2⁹⁶. You're brute forcing a base58 encoded RIPEMD-160 hash, which means 2¹⁶⁰.

For example if you generate a private ECDSA key that once you take the corresponding public key (compressed) and hash it with SHA-256 and then with RIPEMD-160 and after all you get this result:

Code:

f54a5851e9372b87810a8e60cdd2e7cfd80b6e31

Then you've found a private key for this address:

Code:

1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs

If not, you're trying different combinations until you find a collision to this RIPEMD-160.

[odolvlobo]

If every bitcoin address can be generated by 2^93 private keys, then chances of brute-forcing and finding private keys of that specific address are respectively higher?

This. video is appropriate: https://www.youtube.com/watch?v=zMRrNY0pxfM

[cajancharles]

why every  bitcoin public address have 2^96 private key and  how can i find my  (2^96- 1) private key for my bitcoin public address?
since Elliptical curve private key and public key has 1:1 ratio, and that public key is encoded & hashed with some operation to get bitcoin public address.

also is it possible to encrypt message with bitcoin public address and then decrypt with private key which is generated by ECC.

[Dabs]

If you understand the possibilities behind this, then you should not worry about it.

I meant "impossible" the way Peppa Pig would say it. She can't whistle, says it's impossible.

The accurate answer is, it's highly unlikely or very improbable. Your chances of getting hit by lightning or winning the lottery jackpot are higher.

There are addresses out there with more than 100 BTC. Feel free to try and guess a private key for them. There are 2^96 that could possibly work.

[o_e_l_e_o]

why every  bitcoin public address have 2^96 private key and  how can i find my  (2^96- 1) private key for my bitcoin public address?
since Elliptical curve private key and public key has 1:1 ratio, and that public key is encoded & hashed with some operation to get bitcoin public address.

There are 2²⁵⁶ private keys (actually just less than, but that is irrelevant to this discussion), 2²⁵⁶ public keys, and 2¹⁶⁰ addresses.

As you say, private and public keys have a 1:1 ratio, but since to turn a public key in to an address you have to pass it through a RIPEMD-160 function, which only has 2¹⁶⁰ possible outputs, then there cannot be 1 public key per address. There are 2²⁵⁶ inputs in to RIPEMD-160, but only 2¹⁶⁰ outputs, meaning that each output has 2⁹⁶ inputs.

also is it possible to encrypt message with bitcoin public address and then decrypt with private key which is generated by ECC.

It is possible to encrypt a message with a bitcoin public key and decrypt it with the associated private key, but not with the address. You need to either extract their public key from a transaction they have made, or ask them to share it with you directly.

[DannyHamilton]

EDIT: I say too much and take too long to type. o_e_i_e_o has responded with mostly thee same response, only faster.  I'll leave this here just in case anyone finds that it adds any interest.

why every  bitcoin public address have 2^96 private key

Because with a version 1 P2PKH address there are approximately 2²⁵⁶ unique private-public key pairs. An address is based on a RIPEMD160 HASH of the public key (actually a RIPEMD160 HASH of a SHA256 HASH of a public key) resulting in 2¹⁶⁰ unique version 1 P2PKH addresses.

2²⁵⁶ keys divided by 2¹⁶⁰ addresses equals an average of about 2⁹⁶ private keys PER address.

and  how can i find my  (2^96- 1) private key for my bitcoin public address?

To find just 1 of those private keys...

• Acquire access to enough computing power to calculate addresses from 10¹⁰ private keys per second.
• Run that computing power continuously for (on average) 2.3 * 10³⁰ years

To find ALL of those private keys...

• Acquire access to enough computing power to calculate addresses from 10¹⁰ private keys per second.
• Run that computing power continuously for (on average) 1.8 * 10⁵⁹ years

Alternatively...

• Study advanced mathematics
• Become the top expert in the entire world in the mathematics related to ECDSA, SHA256, and RIPEMD160
• Discover a mathematical weakness that nobody else in the world has ever discovered related to those algorithms
• Use that mathematical weakness to calculate your private keys

since Elliptical curve private key and public key has 1:1 ratio, and that public key is encoded & hashed with some operation to get bitcoin public address.

Correct.

also is it possible to encrypt message with bitcoin public address and then decrypt with private key which is generated by ECC.

Don't bother. It's not worth the effort.  There are better systems to encrypt and decrypt messages. I believe that some have created some software to do it (with the public key, it can't be done with the address), but I wouldn't use any of it.

[bigvito19]

EDIT: I say too much and take too long to type. o_e_i_e_o has responded with mostly thee same response, only faster.  I'll leave this here just in case anyone finds that it adds any interest.

why every  bitcoin public address have 2^96 private key

Because with a version 1 P2PKH address there are approximately 2²⁵⁶ unique private-public key pairs. An address is based on a RIPEMD160 HASH of the public key (actually a RIPEMD160 HASH of a SHA256 HASH of a public key) resulting in 2¹⁶⁰ unique version 1 P2PKH addresses.

2²⁵⁶ keys divided by 2¹⁶⁰ addresses equals an average of about 2⁹⁶ private keys PER address.

and  how can i find my  (2^96- 1) private key for my bitcoin public address?

To find just 1 of those private keys...

• Acquire access to enough computing power to calculate addresses from 10¹⁰ private keys per second.
• Run that computing power continuously for (on average) 2.3 * 10³⁰ years

To find ALL of those private keys...

• Acquire access to enough computing power to calculate addresses from 10¹⁰ private keys per second.
• Run that computing power continuously for (on average) 1.8 * 10⁵⁹ years

Alternatively...

• Study advanced mathematics
• Become the top expert in the entire world in the mathematics related to ECDSA, SHA256, and RIPEMD160
• Discover a mathematical weakness that nobody else in the world has ever discovered related to those algorithms
• Use that mathematical weakness to calculate your private keys

since Elliptical curve private key and public key has 1:1 ratio, and that public key is encoded & hashed with some operation to get bitcoin public address.

Correct.

also is it possible to encrypt message with bitcoin public address and then decrypt with private key which is generated by ECC.

Don't bother. It's not worth the effort.  There are better systems to encrypt and decrypt messages. I believe that some have created some software to do it (with the public key, it can't be done with the address), but I wouldn't use any of it.

You already know that its software that find keys with the public key

https://bitcointalk.org/index.php?topic=5244940.0
https://bitcointalk.org/index.php?topic=5304368.0
https://github.com/JeanLucPons/Kangaroo
https://github.com/JeanLucPons/BSGS
https://github.com/WanderingPhilosopher/BSGS

[BASE16]

You already know that its software that find keys with the public key

https://bitcointalk.org/index.php?topic=5244940.0
https://bitcointalk.org/index.php?topic=5304368.0
https://github.com/JeanLucPons/Kangaroo
https://github.com/JeanLucPons/BSGS
https://github.com/WanderingPhilosopher/BSGS

And have you had any success with those ?

[bigvito19]

You already know that its software that find keys with the public key

https://bitcointalk.org/index.php?topic=5244940.0
https://bitcointalk.org/index.php?topic=5304368.0
https://github.com/JeanLucPons/Kangaroo
https://github.com/JeanLucPons/BSGS
https://github.com/WanderingPhilosopher/BSGS

And have you had any success with those ?

Yes, very small success. That's why I always promote the kangaroo, it just need some modifications to it.

[BASE16]

You already know that its software that find keys with the public key

https://bitcointalk.org/index.php?topic=5244940.0
https://bitcointalk.org/index.php?topic=5304368.0
https://github.com/JeanLucPons/Kangaroo
https://github.com/JeanLucPons/BSGS
https://github.com/WanderingPhilosopher/BSGS

And have you had any success with those ?

Yes, very small success. That's why I always promote the kangaroo, it just need some modifications to it.

And why don't you modify it then ? 
What would you modify ?

[cajancharles]

Alternatively...

• Study advanced mathematics
• Become the top expert in the entire world in the mathematics related to ECDSA, SHA256, and RIPEMD160
• Discover a mathematical weakness that nobody else in the world has ever discovered related to those algorithms
• Use that mathematical weakness to calculate your private keys

Thanks for the answer and i'll go for 2nd one.

And ECC is interesting and i prefer this over pgp because you can use it for two things, encryption and bitcoin address.
It provides same level of security as rsa with much smaller key size and it is faster that rsa, but ECDSA is vulnerable to  k-reuse attack. what's the solution to this problem of nonce reuse attack.
so does it takes computational power to generate  unique random number k everytime and it can't be done on mobile phone?

and why RSA is not vulnerable to nonce reuse attack? , so why satoshi didn't chose RSA instead of ECC (because it provides same security with smaller key length?)