Bitcoin private key BASE58 problem

[sky59sky59]

I try to learn something but I do not understand following:

It is said that bitcoin private keys from any generator are provided in BASE58 format

on this page I found many examples for private keys:  https://bitkeys.work/

It should be that bitcoin uses secp256k1 ECC  ?  So private key is 32 bytes?

here are some decoded private keys into hex from abovementioned page:

L52sDjGxf8Y5NHy5BjTpQHQUjHDjrqErHyTomskefFXrKPdjf7Di                                                        base58
80e91ed90e9a784499a4e37580de2f5d6b622ba96ff1f735f1992ce787575a44d9010c3e5e49               hex

L2HBA8KcR57PYoGCbZmKUNvmhu7SsrupYj172fQAGkgY75sGUjHQ
8096f833ea1ee11688ad8718e37b3ea81e76911eabed36bbeadb42b6e08b669ee4013cd4ac07

KwXvqELPvZUFgFZ5RhWWLQJQrPvEbk6WKktBk5smCqBeLc17uEvQ
80095f3f838b21709382525317062ada9231188e60304eaaf3d287ed7e7a8c825a01252f78ad

WTF, why private key is not 32 bytes long after decoding base58?  But it has got 6 bytes more?
Also 80 at the beginning seems to be very suspicious....

Any clarification will put me back to a sound sleep during the night...

[PawGo]

Read: https://learnmeabitcoin.com/technical/wif

First 2 characters (80/ef) marks real network or testnet.

At the end 8 characters are checksum generated by hashing private key.
Before checksum you may have also marker '01' which tells to produce compressed public key and produces WIF L.. or K.... Without '01' you receive WIF 5...

[NeuroticFish]

Although the previous link is not bad at all, I'll add this, from Bitcoin wiki, which may be more complete: https://en.bitcoin.it/wiki/Wallet_import_format
Also when you have such questions, these two sites (https://en.bitcoin.it and https://learnmeabitcoin.com/) are good places to look/research

[sky59sky59]

Almost sleeping but:  

I read somewhere that wallet address is the public key generated from private key:

34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo                               wallet address (richest in the world)
0523e522dfc6656a8fda3d47b4fa53f7585ac758cd7c0caa48         decoded wallet address

1P5ZEDWTKTFGxQjZphgWPQUpe554WKDfHQ
00f22f5563839ba6ba5aa8d3726fcbc675cb3e4c9e215b75ef

38UmuUqPCrFmQo4khkomQwZ4VbY2nZMJ67
054a782fe173a0b6718d39667b420d9c8b07e94262578fac8c


I know that public key for ecc secp256k1 is 64 bytes long, why then dcoded wallet has got only 25 bytes???

[o_e_l_e_o]

An uncompressed bitcoin public key is 65 bytes long, made up of "04", followed by the 32 byte x coordinate and then the 32 byte y coordinate.
A compressed public key is 33 bytes long, made up of either "02" or "03" depending on if the y coordinate is positive or negative, and then the 32 byte x coordinate.

An address is not simply a public key in Base58Check. To convert a public key to an address, you must first SHA-256 hash it, then RIPEMD-160 hash it, then add a 0x00 network byte to the start, SHA-256 hash it twice, take the first four bytes of this hash as a checksum and append it to the end, and then convert the whole thing to Base58Check. If you want to work backwards from an address, you can only strip the checksum and network byte to arrive at the RIPEMD-160 hash output. You can't go back any further to find the public key.

[sky59sky59]

Thanx!

I do not understand then, why whole crypto industry is in fear of an arrival of quantum computers?

Because what you write there is not known even public key to be cracked?

I read some articles and it is written that private key simply leaked from third-party-companies? Am I right?

So not using third parties one should be safe with cryptocurrency?

[TheArchaeologist]

Almost sleeping but:  

I read somewhere that wallet address is the public key generated from private key:

34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo                               wallet address (richest in the world)
0523e522dfc6656a8fda3d47b4fa53f7585ac758cd7c0caa48         decoded wallet address

1P5ZEDWTKTFGxQjZphgWPQUpe554WKDfHQ
00f22f5563839ba6ba5aa8d3726fcbc675cb3e4c9e215b75ef

38UmuUqPCrFmQo4khkomQwZ4VbY2nZMJ67
054a782fe173a0b6718d39667b420d9c8b07e94262578fac8c


I know that public key for ecc secp256k1 is 64 bytes long, why then dcoded wallet has got only 25 bytes???

It all depends on the address type. For P2PKH (Pay to Public Key Hash) addresses the address is indeed a representation of the public key. But as o_e_l_e_o already explained it is not simply taking the public key and apply base-58 encoding.

However two of the three addresses you linked start with a '3'. These are P2SH (Pay to Script Hash) addresses. The decoded wallet addresses refers in those cases to the hash of a redeem script, so it isn't based on a public key.

[BlackHatCoiner]

I do not understand then, why whole crypto industry is in fear of an arrival of quantum computers?

Because they are fearmonger. 

Joke asides, it's because when Bitcoin started in 2009, Satoshi chose to make the coinbase transaction payable in public key. The uttered “Pay-to-public-key” (P2PK). As a result, thousands of addresses containing this unspent output of 50 BTC have exposed their public key.

Besides that, every address that is reused has also exposed its public key. Currently, the one with the most bitcoins, Binance's, has revealed its public key.

[o_e_l_e_o]

I do not understand then, why whole crypto industry is in fear of an arrival of quantum computers?

Because what you write there is not known even public key to be cracked?

You cannot obtain a public key from knowledge of just the address. Further, quantum computers do not provide a significant advantage over conventional computers when trying to reverse a hash, and so even with quantum computers it will still remain impossible to obtain a public key from an address.

However, whenever you make a transaction in bitcoin, you must include the public key of whichever address the coins you are spending are stored on. This public key is then stored as part of your transaction data on the blockchain, and therefore is public knowledge which anyone can look up. Quantum computers provide an exponential speed up over conventional computers when attempting to reverse the ECDLP, which would potentially allow an attacker in the future to obtain a private key from knowledge of the public key.

If you never reuse an address, then this will not be a concern of yours ever. If you do reuse addresses, then you need to think about stopping doing that in maybe 20 years' time.

[BlackHatCoiner]

If you never reuse an address, then this will not be a concern of yours ever.

It will affect them, though, one way or another. Yes, if they take the necessary precautions then their private key isn't going to ever be calculated that way by an attacker. However, the ones who do have exposed their public key and do not take those precautions will affect them. The market will be disrupted once an attacker finds out the first ever rewarded addresses' private keys. Imagine being able to include a million of bitcoins into circulation.

Then, you need to ensure that the attacker can't make the calculations quickly. If they do and specifically faster than the time that takes your transaction to be confirmed, then they can even spend your own money.

Nonetheless, it's considered an improbable scenario, currently.

[o_e_l_e_o]

The market will be disrupted once an attacker finds out the first ever rewarded addresses' private keys. Imagine being able to include a million of bitcoins into circulation.

That could happen at any time that Satoshi or some other early miner with a large stack of dormant coins decides they wants to spend their coins. Assuming that coins which have not moved in 5 or 10 years are permanently lost is incorrect, as we regularly see coins like this move, or occasionally even sign messages.

Then, you need to ensure that the attacker can't make the calculations quickly. If they do and specifically faster than the time that takes your transaction to be confirmed, then they can even spend your own money.

It will be decades before we have a quantum computer powerful enough to reverse the ECDLP. It will be significantly longer than that until we have one which can solve it in <1 hour, or even <10 minutes. I suspect we will move to a quantum resistant algorithm before the former of those two events happen, which will be long before the latter is even within the realms of possibilities.

[DannyHamilton]

Thanx!

I do not understand then, why whole crypto industry is in fear of an arrival of quantum computers?

Whole crypto industry?  No.

Individuals that don't understand cryptography or don't understand quantum computing will often mistakenly believe that "quantum" is a magical word that means "able to instantly break ALL forms of cryptographic functions with as little as 1 qubit".  These people tend to be very vocal and like to hear themselves talk, so you see a lot of nonsense from them.

Because what you write there is not known even public key to be cracked?

As has been pointed out by others, not all bitcoin addresses or transactions are the same.  There are P2PK transactions where the public key is in the transaction (and there is no address).  There are addresses that are hashes of complex scripts that may not use ANY public key at all.

Additionally, in most cases, the public keys associated with the address are broadcast when the bitcoins are spent. This is why it is a best-practice to never use an address more than once to receive bitcoins. Instead, generate a new address for every transaction.

I read some articles and it is written that private key simply leaked from third-party-companies? Am I right?

In many cases bitcoins have been lost due to users trusting some third party to secure their private keys for them.

So not using third parties one should be safe with cryptocurrency?

Unless you fail to secure your private keys yourself.  Malware can capture private keys stored on your own computer. Thieves can gain access to any physical storage or trick people into revealing passwords. If you do not have exclusive access to all the private keys associated with a bitcoin address, then you do not have the bitcoins associated with that address.

[BlackHatCoiner]

That could happen at any time that Satoshi or some other early miner with a large stack of dormant coins decides they wants to spend their coins.

And yet, very few have recovered the 50 BTC. Being able to reverse the ECDLP means you'll get all the rest 90-95% that are considered gone for good. This will definitely upset the market. I don't know for how long or how much, but it'll definitely have an impact on your wealth. The fact that they haven't moved since the day they were mined shows that they're excluded from the ones into the actual, realistically assumed circulation.

The “90-95%” is pure speculation.

even sign messages.

For which incident does that go to? The one that says Craig Wright is a liar?

[mynonce]

That could happen at any time that Satoshi or some other early miner with a large stack of dormant coins decides they wants to spend their coins.

... The fact that they haven't moved since the day they were mined shows that they're excluded from the ones into the actual, realistically assumed circulation.

The fact that they can be moved shows that they will be moved. Bitcoin supply is 21 million and not more than that but also not less than that.

[BlackHatCoiner]

The fact that they can be moved shows that they will be moved.

No, it doesn't. If you throw away your seed phrase and delete your wallet, your balance will remain the same, but the coins will never be moved again. You can't consider those into circulation.

Bitcoin supply is 21 million and not more than that but also not less than that.

What about the provably burnt coins (OP_RETURN) or the unclaimed reward from some miners? It won't be 21 million, neither 20,999,999.9769 which is the precise number.

[o_e_l_e_o]

And yet, very few have recovered the 50 BTC.

And yet, we cannot for a minute say that the other 50 BTC outputs which haven't been moved since they were mined are lost, since we have absolutely no evidence to support that claim.

For which incident does that go to? The one that says Craig Wright is a liar?

That was the main one I was referring to, yes.

The fact that they can be moved shows that they will be moved. Bitcoin supply is 21 million and not more than that but also not less than that.

It is less than that for a number of reasons. There are coins which have been provably burnt due to sending to unspendable outputs. There have been times miners have not claimed the full block reward, and those coins will be lost forever. There have also been a couple of bugs which have resulted in coins being lost forever. The total number of coins provably lost isn't huge, somewhere in the range of a few thousand. But just because a coin has not been moved in a long time does not mean it lost, and certainly not provably lost.

If you throw away your seed phrase and delete your wallet, your balance will remain the same, but the coins will never be moved again. You can't consider those into circulation.

But we have absolutely no way to quantify the number of coins lost in this way, nor do we have any way to confirm that the owner really has lost access like they say they have, nor do we have any way to confirm that access will not be recovered in the future. Therefore, those coins can and should be considered part of the supply.

[BlackHatCoiner]

Therefore, those coins can and should be considered part of the supply.

About 244,000 metric tons of gold have been discovered as of 2021 and around 10% of that is owned by the governments of US, Germany, Italy, France, Russia, China, Switzerland and Japan. NASA's telescope captured a rare medal asteroid whose gold if brought down to Earth, would make the ounce's worth much much less.

So is the circulation ~244,000 metric tons of gold? No, but much more than that. Is it realistically effectively possible to reach that asteroid and start moving huge, golden rocks? No. So, why should you assume they are part of the supply?

I know that you can't make heads or tails of which bitcoins are lost. However, you can assume that possibly hundreds of thousands won't come into the market due to the same reason the asteroid won't come down to Earth. It's highly unlikely.

[mynonce]

It won't be 21 million, neither 20,999,999.9769 which is the precise number.

It won't be  20,999,999.9769, neither 20,999,949.9769 which is the precise number. Block 0's output can't be used. All others can and will.

edit: (OP_RETURN) excluded

[o_e_l_e_o]

It's highly unlikely.

But not impossible. Bitcoin which have simply not moved in a long time are not provably lost. The difference in your analogy is these bitcoin are already accounted for in the max supply. Capturing an asteroid filled with gold will inflate the supply of gold significantly.

All others can and will.

No, all others cannot.

The block rewards from block 91,722 and 91,812 were overwritten by the block rewards from blocks 91,880 and 91,842 respectively, due to a bug which was fixed in BIP 30. Those 100 BTC are irretrievable.

There have been numerous blocks which have failed to claim the full block reward they were allowed to. These unclaimed coins are also irretrievable. Notable examples include block 501,726 which destroyed 12.5 BTC and block 526,591 which destroyed 6.25 BTC, but there are hundreds of other blocks totaling several dozen more permanently lost BTC.

[mynonce]

All others can and will.

No, all others cannot.

The block rewards from block 91,722 and 91,812 were overwritten by the block rewards from blocks 91,880 and 91,842 respectively, due to a bug which was fixed in BIP 30. Those 100 BTC are irretrievable.

There have been numerous blocks which have failed to claim the full block reward they were allowed to. These unclaimed coins are also irretrievable. Notable examples include block 501,726 which destroyed 12.5 BTC and block 526,591 which destroyed 6.25 BTC, but there are hundreds of other blocks totaling several dozen more permanently lost BTC.

Yes, I know that. These coins are not the majority of the unmoved coins. What I mean are coins, where it is possible to move them. That means, if a valid signature would lead to a transaction.

... Therefore, those coins can and should be considered part of the supply.

... NASA's telescope captured a rare medal asteroid whose gold if brought down to Earth ... Is it realistically effectively possible to reach that asteroid and start moving huge, golden rocks? No. So, why should you assume they are part of the supply?

These coins aren't a far away medal asteroid that you have to bring down to Earth. They are here, and the distance is a signature. Therefore, those coins can and should be considered part of the supply.

If Satoshi signed a message with the Block 0 output address, that 'they won't move the 1.1 million coins', even then these coins were movable.