All existing bitcoins can be in your wallet (where is my mind?)

[Forsyth Jones]

Do you believe in address/private key collision?
e.g.

Wallet A with or without Passphrase
Wallet B of 12 to 24 words with or without passphrase generate the same xpriv or the same addresses? I know it's such an absurd probability that we don't even need to worry about it.

It's true that the number of possible private keys corresponds to the same as each atom in the Universe.
Hence the importance of generating a random number, as these will be the entropy used to discover a bitcoin wallet/addresses.

Before the seed phrase pattern was so well known, wallets like Bitcoin-Qt (before it was renamed to Core) were known to generate 100 random keys by default, so you had to make a backup to avoid the risk of the wallet generating a change address in that you didn't make a backup, BIP-32 solved this, creating the concept of "seed", a single random number gen a root key and following a standardized process, this root key gen the child keys infinitely in a deterministic way.

In other words, just a random atom from the universe is chosen but the path to the next numbers is pre-determined by this process.

It didn't take long, someone came up with the idea of ​​converting this seed into words (BIP-39), making users' lives easier, a single list of words would protect the user's wallet so that he only needed that to restore his coins.



As the algorithms used in this process generate infinite child keys, is it possible to generate all existing private keys in the universe, considering other derivation paths?

If you create addresses infinitely, one day you may generate an address with balance, and this address probably belongs to another seed

And even if you don't find it, we still have the possibility of using infinite passphrases with the same seed, which you will eventually find.

Do you folks consider this possibility?

And finally, as I was writing another question came to mind, addresses created randomly without seeds, are they possibly associated with a seed?

I know it is possible for two xpriv to generate the same addresses

[pooya87]

Do you believe in address/private key collision?

It's not something you can choose to believe in or not. It is pure math. According to Pigeonhole Principle when we have 2²⁵⁶ keys and usually 2¹²⁸ hash in the address, there is going to be addresses (pigeonhole) that correspond to more than one key (hold more than one pigeon).

Wallet B of 12 to 24 words with or without passphrase generate the same xpriv or the same addresses?

At the heart of BIP32 as a KDF we are using hashes and hashes can have collision meaning there can be same key being derived from two unequal seeds.

I know it's such an absurd probability that we don't even need to worry about it.

So what exactly is your question here?

Before the seed phrase pattern was so well known, wallets like Bitcoin-Qt (before it was renamed to Core) were known to generate 100 random keys by default, ~ BIP-32 solved this, creating the concept of "seed",

Seed is different from "seed phrase". Seed is the entropy entered into a KDF to derive a "tree of keys". Seed phrase is a set of words that represent that seed.
Bitcoin core still doesn't use any seed phrases (BIP39, etc.) algorithm.

As the algorithms used in this process generate infinite child keys, is it possible to generate all existing private keys in the universe, considering other derivation paths?

Theoretically it should be possible. There may be unforeseen exceptions in the implementations of BIP32 considering it is not designed to derive 2²⁵⁶ keys (like the depth field that is limited to one byte and is encoded into the base58 extended key).

If you create addresses infinitely, one day you may generate an address with balance, and this address probably belongs to another seed

The universe would end before you can generate that many keys.

And finally, as I was writing another question came to mind, addresses created randomly without seeds, are they possibly associated with a seed?

That's the same question as the collision above. It is theoretically possible for an address generated randomly to also be generated in a deterministic way but the possibility of it is so small it can be considered zero (aka impossible).

[ABCbits]

It didn't take long, someone came up with the idea of ​​converting this seed into words (BIP-39), making users' lives easier, a single list of words would protect the user's wallet so that he only needed that to restore his coins.

It's the opposite, where BIP 39 let you convert words to seed. If you check https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki, there's section "From mnemonic to seed".

Do you folks consider this possibility?

Technically possible, but not probable.

And finally, as I was writing another question came to mind, addresses created randomly without seeds, are they possibly associated with a seed?

Not associated, but theorically the same address could be generated from certain seed.

[bitmover]

Do you folks consider this possibility?

Technically possible, but not probable.

I always like to share this. The power of math

As the algorithms used in this process generate infinite child keys, is it possible to generate all existing private keys in the universe, considering other derivation paths?

As I recently shared in our local board, the key generation is exponential in HD wallets and you basically save billions of keys when saving a single Seed.



Ofc you potentially can find some address with balance or from other wallets, but the chances are virtually zero. You don't have to worry about that...


I think it is always good to read Mastering Bitcoin, which explains all those basic concepts of bitcoin and keys generation
https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05_wallets.adoc

[Forsyth Jones]

So what exactly is your question here?

Just curiosity

Seed is different from "seed phrase". Seed is the entropy entered into a KDF to derive a "tree of keys". Seed phrase is a set of words that represent that seed.
Bitcoin core still doesn't use any seed phrases (BIP39, etc.) algorithm.

Yes, I'm aware of that. Seed is actually a hexadecimal combination whereas BIP39 takes this set and encodes them in word/mnemonic form.

The universe would end before you can generate that many keys.

Yes, that reminds me how incredible this topic about entropy is, so many things are possible with encryption algorithms.

I know it is possible for two xpriv to generate the same addresses

See this example, I gen a wallet for testing:
BIP39 example mnemonic:

Code:

enemy sport sock wink gentle tooth expose damage tube opera trash ball

This is the bip32 root key:

Code:

xprv9s21ZrQH143K2fVBZn1X9FGXH8WYN2Kb6i4dohJiKBTJ9iAhK83bcfhB5HXEKE9PuNzQbPcYMFHfn62yH1DUNudBdxPgNRnS1w4yuUH2pvc

I will use the BIP84 derivation path for this example, the same applies to the standard BIP39 derivation paths, this bip32 root key generates this set of addresses in BIP84:



In Account Extended Private Key we have an xpriv that specifically derives this same set of addresses, but at the account level:

Account Extended Private Key:

Code:

zprvAe77Vi8i8ATMyvWQ29w7T42ZgWvfXBUwviQMyp493WSjgKjcESdEnLE5LLR5UQg4GfjfYzMBZszFLjpeUYdGANjGRQqsv8B2FwpfewJt9KP

Same Account Extended Private Key in a Legacy Format:

Code:

xprv9zSatNnspoNQHL8AMSMs2sqZLadmdwVx6VMvR2GNHVgya879j8J7YCuoHvVuUbNDTPW443A4eZH9aAbX39oEZuN4gjT2kJY3iVhNsjp1ygu

I took this Account Extended Private Key and put it in the BIP32 Root Key field, I changed to the BIP141 tab and selected the P2WPKH type for the bech32 addresses, it resulted in the same set of addresses as that BIP32 root key:



What I get is that the BIP32 root key is for an entire set of addresses in a standard wallet, while the Account Extended Private Key is for the account level.

Two xprivs are capable of generating the same set of addresses, thanks to mathematics and cryptography.

[odolvlobo]

As the algorithms used in this process generate infinite child keys, is it possible to generate all existing private keys in the universe, considering other derivation paths?
If you create addresses infinitely, one day you may generate an address with balance, and this address probably belongs to another seed
And even if you don't find it, we still have the possibility of using infinite passphrases with the same seed, which you will eventually find.
Do you folks consider this possibility?

Questions regarding "infinity" are not related to reality. Ask a question about something real and you will get a real answer. Ask a question about infinity and you will get an answer that is only relevant within the scope of mathematics.

[NeuroticFish]

In other words, just a random atom from the universe is chosen but the path to the next numbers is pre-determined by this process.

I think that I understand your point. However, the path is not as restrictive as you fear, hence the result is still from a big enough set of values. It was built to be wide and it was checked too.

Even more, nobody forces you use HD wallet if you don't trust it. You can still generate a private key in the old fashion way. Just you will not gain anything in security (you will get numbers from the same range as from a HD wallet actually).


However, if you think you want to become really technical with real numbers, you may want to move this topic to "Development & Technical Discussion"

[bitmover]

Even more, nobody forces you use HD wallet if you don't trust it. You can still generate a private key in the old fashion way. Just you will not gain anything in security (you will get numbers from the same range as from a HD wallet actually).

I think you will lose privacy by doing so, as it will be very hard to generate many new addresses (specially change) .

You will probably reuse addresses by doing so..

[hatshepsut93]

And even if you don't find it, we still have the possibility of using infinite passphrases with the same seed, which you will eventually find.

Do you folks consider this possibility?

That's right, but we don't have infinite time. Even our Universe will not last infinitely. But on practice, you will not find any keys with balance in you lifetime, even in ten or hundred lifetimes, even if you use a supercomputer.