Bitcoin Forum
November 03, 2024, 02:26:54 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: private key generation always in 256bit range or even lower ?  (Read 150 times)
citb0in (OP)
Hero Member
*****
Offline Offline

Activity: 840
Merit: 730


Bitcoin g33k


View Profile
December 01, 2022, 05:17:22 PM
 #1

I am aware that there are various wallet tools out there in the world and probably no one will know the exact behavior of each one by heart. But maybe you can answer the following question in general...

I wonder if wallet tools fundamentally and exclusively generate private keys in the 256 bit range. Or can it happen that such a tool generates a 103bit or 87bit private key when generating addresses/wallets? I would simply expect that the highest possible number of bits would always be used but do the common software/hardware wallets really do that?

Looking forward to your answers.

     _______.  ______    __        ______        ______  __  ___ .______     ______     ______    __          ______   .______        _______
    /       | /  __  \  |  |      /  __  \      /      ||  |/  / |   _  \   /  __  \   /  __  \  |  |        /  __  \  |   _  \      /  _____|
   |   (----`|  |  |  | |  |     |  |  |  |    |  ,----'|  '  /  |  |_)  | |  |  |  | |  |  |  | |  |       |  |  |  | |  |_)  |    |  |  __ 
    \   \    |  |  |  | |  |     |  |  |  |    |  |     |    <   |   ___/  |  |  |  | |  |  |  | |  |       |  |  |  | |      /     |  | |_ |
.----)   |   |  `--'  | |  `----.|  `--'  |  __|  `----.|  .  \  |  |      |  `--'  | |  `--'  | |  `----.__|  `--'  | |  |\  \----.|  |__| |
|_______/     \______/  |_______| \______/  (__)\______||__|\__\ | _|       \______/   \______/  |_______(__)\______/  | _| `._____| \______|
2% fee anonymous solo bitcoin mining for all at https://solo.CKpool.org
No registration required, no payment schemes, no pool op wallets, no frills, no fuss.
NotATether
Legendary
*
Offline Offline

Activity: 1778
Merit: 7357


Top Crypto Casino


View Profile WWW
December 01, 2022, 05:34:37 PM
Merited by ABCbits (1), krashfire (1)
 #2

I am aware that there are various wallet tools out there in the world and probably no one will know the exact behavior of each one by heart. But maybe you can answer the following question in general...

I wonder if wallet tools fundamentally and exclusively generate private keys in the 256 bit range. Or can it happen that such a tool generates a 103bit or 87bit private key when generating addresses/wallets? I would simply expect that the highest possible number of bits would always be used but do the common software/hardware wallets really do that?

Looking forward to your answers.

Statistically speaking, it is so rare for a wallet to generate keys with that many leading zeros that it can be considered an impossibility.

But provided that software gets 32 random bytes for each generation, then yes, it can be considered fully secure.

Because randomness comes in the form of bytes & dwords, it is very rare to see a list of random bits that is not divisive by 8, 16, 32, and so on.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
December 01, 2022, 07:26:58 PM
 #3

Keys are normally padded when they're generates so they'll all be 256 bit keys but some can be smaller. A quick calculation says the first 32 bits will be 0 every 4.3 billion keys (232).

Wallets that use nmemonics ONLY use 256 bit seeds (the number used to generate private keys) when there are 24 words in the phrase. 12 word nmemonics are a representation of 128 bit seeds. A lot of wallets use 24 words now but there's still enough that use 12, electrum used to vary its length too between ~10-15 word nmemonics which did add a lot more variance than just 128 bits but was probably considered redundant by them as it was removed iirc (not sure if it's been reinstated yet). Regardless the size of the seed used, a hashing operation derives all of the keys so they're still 256 bit.
PowerGlove
Hero Member
*****
hacker
Offline Offline

Activity: 608
Merit: 5249



View Profile
December 01, 2022, 07:28:48 PM
 #4

[...] I wonder if wallet tools fundamentally and exclusively generate private keys in the 256 bit range. Or can it happen that such a tool generates a 103bit or 87bit private key when generating addresses/wallets? I would simply expect that the highest possible number of bits would always be used but do the common software/hardware wallets really do that? [...]
Sometimes the best way to understand something is to make a scaled-down version of it. Imagine a toy cryptocurrency where private keys were between 1 and 10. As long as the process that chooses your private key is unbiased, then each one is as likely to come up as another. From a security perspective, there would be nothing inferior about the keys that are closer to 1, and nothing superior about the keys that are closer to 10.
NotATether
Legendary
*
Offline Offline

Activity: 1778
Merit: 7357


Top Crypto Casino


View Profile WWW
December 01, 2022, 09:05:22 PM
Merited by PowerGlove (1)
 #5

Sometimes the best way to understand something is to make a scaled-down version of it. Imagine a toy cryptocurrency where private keys were between 1 and 10. As long as the process that chooses your private key is unbiased, then each one is as likely to come up as another. From a security perspective, there would be nothing inferior about the keys that are closer to 1, and nothing superior about the keys that are closer to 10.

Actually, I like that idea. Toy bitcoins that make the protocol look really simple. A whole set could be built around it like LEGO. And not just protocol sets, there could also be policy (how the rest of the world interacts with bitcoin) sets as well.

Maybe even make a Monopoly clone but with a decentralization theme instead of running to the bank. Smiley

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
citb0in (OP)
Hero Member
*****
Offline Offline

Activity: 840
Merit: 730


Bitcoin g33k


View Profile
December 01, 2022, 09:20:39 PM
 #6

From a security perspective, there would be nothing inferior about the keys that are closer to 1, and nothing superior about the keys that are closer to 10.
I am not entirely sure that this is true. One might think that the keys from the lower range tend to be found much sooner than their counterparts further up. With the simple reason that most cracking tools and their developers naturally start counting at one and increment linearly. Only a small exception would come up with the idea to start counting at eg 30% of a range, or to start counting backwards, or randomly. As for the rest, I'm with you.

     _______.  ______    __        ______        ______  __  ___ .______     ______     ______    __          ______   .______        _______
    /       | /  __  \  |  |      /  __  \      /      ||  |/  / |   _  \   /  __  \   /  __  \  |  |        /  __  \  |   _  \      /  _____|
   |   (----`|  |  |  | |  |     |  |  |  |    |  ,----'|  '  /  |  |_)  | |  |  |  | |  |  |  | |  |       |  |  |  | |  |_)  |    |  |  __ 
    \   \    |  |  |  | |  |     |  |  |  |    |  |     |    <   |   ___/  |  |  |  | |  |  |  | |  |       |  |  |  | |      /     |  | |_ |
.----)   |   |  `--'  | |  `----.|  `--'  |  __|  `----.|  .  \  |  |      |  `--'  | |  `--'  | |  `----.__|  `--'  | |  |\  \----.|  |__| |
|_______/     \______/  |_______| \______/  (__)\______||__|\__\ | _|       \______/   \______/  |_______(__)\______/  | _| `._____| \______|
2% fee anonymous solo bitcoin mining for all at https://solo.CKpool.org
No registration required, no payment schemes, no pool op wallets, no frills, no fuss.
PowerGlove
Hero Member
*****
hacker
Offline Offline

Activity: 608
Merit: 5249



View Profile
December 01, 2022, 10:29:54 PM
 #7

From a security perspective, there would be nothing inferior about the keys that are closer to 1, and nothing superior about the keys that are closer to 10.
I am not entirely sure that this is true. One might think that the keys from the lower range tend to be found much sooner than their counterparts further up. With the simple reason that most cracking tools and their developers naturally start counting at one and increment linearly. Only a small exception would come up with the idea to start counting at eg 30% of a range, or to start counting backwards, or randomly. As for the rest, I'm with you.
I see why you might think that. But, by trying to avoid being near the beginning, you'll introduce a bias into the key selection process which will cause more security problems than it solves. I know it feels wrong, but provided you have a good source of entropy (and you know how to use it properly), then the best that you can do is to select a key at random and not worry about where it sits on the "number line".
odolvlobo
Legendary
*
Offline Offline

Activity: 4494
Merit: 3401



View Profile
December 01, 2022, 11:30:55 PM
Last edit: December 01, 2022, 11:52:03 PM by odolvlobo
 #8

I wonder if wallet tools fundamentally and exclusively generate private keys in the 256 bit range. Or can it happen that such a tool generates a 103bit or 87bit private key when generating addresses/wallets?

Bitcoin private keys have exactly 256 bits. A private key with fewer would require that the remaining bits be set to something.

From a security perspective, there would be nothing inferior about the keys that are closer to 1, and nothing superior about the keys that are closer to 10.
I am not entirely sure that this is true. One might think that the keys from the lower range tend to be found much sooner than their counterparts further up. With the simple reason that most cracking tools and their developers naturally start counting at one and increment linearly. Only a small exception would come up with the idea to start counting at eg 30% of a range, or to start counting backwards, or randomly. As for the rest, I'm with you.
That is true. Brute force attempts that check a range generally prioritize ranges that are likely to have more use. Due to bugs or laziness, the low end of the 256-bit range probably deserves a higher priority. If the attempt assumes that any key is equally likely, then there is no benefit to start at the beginning of the 256-bit range, but on the other hand, starting at 1 is as good as any number, so why not.

Thus, most brute force attempts checking a range start at 1, making the low end of the 256-bit range more vulnerable simply because it is the range checked most often.

On the other hand, since there are so many people already checking the low end, an attacker might want to choose a different range that does not have as much attention in order to avoid the competition.

In the end, a randomly generated private key is extremely unlikely to be in a range that any attacker is searching, so there is no practical reason to be concerned.

Join an anti-signature campaign: Click ignore on the members of signature campaigns.
PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!