Bitcoin Forum
December 05, 2016, 02:39:26 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Using alphabet/number beads for private keys  (Read 2983 times)
netrin
Sr. Member
****
Offline Offline

Activity: 322


FirstBits: 168Bc


View Profile
December 26, 2011, 07:44:20 PM
 #21

Quote
The typical address is a hash and truncated version of the private key.

OK got it & fxd ur typo

No. The address is a hash of the PUBLIC key. The public key is derived from the private key.

Greenlandic tupilak. Hand carved, traditional cursed bone figures. Sorry, polar bear, walrus and human remains not available for export.
1480905566
Hero Member
*
Offline Offline

Posts: 1480905566

View Profile Personal Message (Offline)

Ignore
1480905566
Reply with quote  #2

1480905566
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Otoh
Donator
Legendary
*
Offline Offline

Activity: 1918



View Profile
December 26, 2011, 07:54:04 PM
 #22

sry - I'm getting lost trying to get my head round this, I assumed that the public key was the btc address

Node40.com is a leader in DASH hosting, dedicated exclusively to fully managed masternode hosting. Professional, organized, and responsive. I have many dozens of nodes with them.    
BTC = $c²     BTC = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc      DASH, Digital Cash = www.dash.org   
   CHARITY | MY REP | DICE
netrin
Sr. Member
****
Offline Offline

Activity: 322


FirstBits: 168Bc


View Profile
December 26, 2011, 08:05:15 PM
 #23

Smiley No worries. It's pretty abstract and technical stuff. But understanding it all should be necessary only if you are fascinated by the underlying tech. As far as I understand the reason the public key is not used directly is so that the algorithm can be changed in the future. Perhaps we'll need stronger keys. The hash address is only a representation of the key - whatever type of key that might be.

Greenlandic tupilak. Hand carved, traditional cursed bone figures. Sorry, polar bear, walrus and human remains not available for export.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 26, 2011, 08:07:42 PM
 #24

...the reason the public key is not used directly is so that the algorithm can be changed in the future...

that, and the public key is ridiculously long, over three times the length of a bitcoin address.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
netrin
Sr. Member
****
Offline Offline

Activity: 322


FirstBits: 168Bc


View Profile
December 26, 2011, 08:09:35 PM
 #25

...the reason the public key is not used directly is so that the algorithm can be changed in the future...

that, and the public key is ridiculously long, over three times the length of a bitcoin address.

I'm hoping the firstbits becomes the 'standard' address... thus I've wondered if the hash is really a necessary middle-abstraction. We can convert the public key to base36 and refer to the firstbits (or ~10 character prefix before confirmation). Of course, that's probably too late now.

Greenlandic tupilak. Hand carved, traditional cursed bone figures. Sorry, polar bear, walrus and human remains not available for export.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
December 26, 2011, 08:11:21 PM
 #26

sry - I'm getting lost trying to get my head round this, I assumed that the public key was the btc address

No problem it is confusing the first time for everyone.

You start with a private key.  It is simply a random number (an integer) that is between 0 and 2^256 (two raised to the 256th) in other words a 256 bit number.  2^256 ~= 1.15792E77 (1 with 77 zeroes behind it).

Now since private key as a number is long, difficulty to copy, easy to make errors, etc we take that number and convert it into wallet import format which is in base-58 begins and has a checksum.

From the raw PRIVAE KEY we use Elliptical Curve Cryptography to generate a PUBLIC KEY.  Now the PUBLIC KEY is also long, easy to make errors, difficulty to copy so we take a hash of it, add a checksum, and prefix a 1.  That is the address.

So simplified
PRIVATE KEY = 256bit random number
PRIVATE KEY -> ECC = PUBLIC KEY

PRIVATE KEY -> Base 58 formatting w/ checksum = Wallet Import Format
PUBLIC KEY -> hash w/ checksum in base 58 formatting = PUBLIC ADDRESS



coblee
Donator
Legendary
*
Offline Offline

Activity: 1078


firstbits.com/1ce5j


View Profile WWW
December 26, 2011, 08:14:04 PM
 #27

The numbers on beads would scare me...if the chain breaks and the letters fall to the floor, the bitcoins evaporate.

If you used a 22 chars mini private key and that happens, how long would it take to brute force the right key. Since it starts with S, you have 21 characters to try. So 21! or 5.1 × 10^19. How long would that take?

netrin
Sr. Member
****
Offline Offline

Activity: 322


FirstBits: 168Bc


View Profile
December 26, 2011, 08:16:20 PM
 #28

If you used a 22 chars mini private key and that happens, how long would it take to brute force the right key. Since it starts with S, you have 21 characters to try. So 21! or 5.1 × 10^19. How long would that take?

About 317 years with a single processor running at a billion checks per second.

But of course, machines will get faster and faster throughout that time, so I don't know, you could probably retrieve your bitcoins before you die.

Greenlandic tupilak. Hand carved, traditional cursed bone figures. Sorry, polar bear, walrus and human remains not available for export.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
December 26, 2011, 08:18:30 PM
 #29

...the reason the public key is not used directly is so that the algorithm can be changed in the future...

that, and the public key is ridiculously long, over three times the length of a bitcoin address.

I'm hoping the firstbits becomes the 'standard' address... thus I've wondered if the hash is really a necessary middle-abstraction. We can convert the public key to base36 and refer to the firstbits (or ~10 character prefix before confirmation). Of course, that's probably too late now.

There are three good reasons for not using public key directly.

1) Since public key of a previously unused private key is unknown to an attacker it is IMMUNE to Quantum Cryptography and Shor's algorithm.  Shor's algorithm can vastly speed up attacks on public keys but it requires knowledge of public key.  Either Satoshi was very lucky or he was a genious because the method he uses provides significant resistance to even quantum computing attacks.

2) If ECC became compromised having addresses decoupled from private key allows a seemless transistion to new encryption methods while still allowing legacy addresses to exist.  For example address begins w/ 1 = based on ECC public key.  Address begins with 2 = based on alternate private key system. As long as client understands both 1 & 2 it can seamlessly deal w/ dual encryption algorithms. 

3) Sending funds directly to public address would be error prone.  Leave one digit off the end (or reverse a digit) = oops you sent funds to nowhere.  Being irreversable they are lost forever.  The bitcoin public addresss has a 32bit checksum in it.  That makes the odds of accidentally typing a valid but wrong address roughly 1 in 4 billion.  If you left one digit off end of a Bitcoin address you have a 4 billion to once chance that the client will simply say "invalid address" rather than send your funds to "nowhere".
Otoh
Donator
Legendary
*
Offline Offline

Activity: 1918



View Profile
December 26, 2011, 08:19:52 PM
 #30

ah thanks for explaining I never even suspected it's like looking in to the rabbit hole I guess, also I'm not sure if I've got this bit yet:

that the public key (&/or?) address can be found (derived) from any private key, I'd assumed they were like a lock (public address) & a key (private key), that you needed to know both & which went together in order to send funds but now am seem to hear that if you have a private key you also own the public address even if                                   

Node40.com is a leader in DASH hosting, dedicated exclusively to fully managed masternode hosting. Professional, organized, and responsive. I have many dozens of nodes with them.    
BTC = $c²     BTC = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc      DASH, Digital Cash = www.dash.org   
   CHARITY | MY REP | DICE
Otoh
Donator
Legendary
*
Offline Offline

Activity: 1918



View Profile
December 26, 2011, 08:20:43 PM
 #31

.. it hasn't been given to you

keyboard batteries seem about to give up may have to post later though seems just got some juice left...                          

Node40.com is a leader in DASH hosting, dedicated exclusively to fully managed masternode hosting. Professional, organized, and responsive. I have many dozens of nodes with them.    
BTC = $c²     BTC = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc      DASH, Digital Cash = www.dash.org   
   CHARITY | MY REP | DICE
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
December 26, 2011, 08:21:14 PM
 #32

If you used a 22 chars mini private key and that happens, how long would it take to brute force the right key. Since it starts with S, you have 21 characters to try. So 21! or 5.1 × 10^19. How long would that take?

About 317 years with a single processor running at a billion checks per second.

But of course, machines will get faster and faster throughout that time, so I don't know, you could probably retrieve your bitcoins before you die.

The good news is if you had funds linked to a 22 digit private key as computers get faster you could move them when the timeframe to compromise became measured in years instead of centuries.  Moving to a 30 digit private key would increase the timeframe by a factor of 256x (i.e. if a 22 digit mini-private key could be broken on average in 10 years it would take 2560 years to break a 30 digit one).
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
December 26, 2011, 08:25:14 PM
 #33

ah thanks for explaining I never even suspected it's like looking in to the rabbit hole I guess, also I'm not sure if I've got this bit yet:

that the public key (&/or?) address can be found (derived) from any private key, I'd assumed they were like a lock (public address) & a key (private key), that you needed to know both & which went together in order to send funds but now am seem to hear that if you have a private key you also own the public address even if itit hasn't been given.                    

Correct.

Computing public key from a private key is trivially easy (as in millionths of a second).  Computing private key from public key can't currently be brute forced.

In cryptography we call that a trapdoor functions.

Private Key -> Public Key = trivial
Public Key -> Private Key = computationally infeasible.

In Bitcoin you actually have an intermediate step but it follows the same logic.

Private Key -> Public Key = trivial
Public Key -> Public Address = trivial
thus
Private Key -> Public Address = trivial

Public Key -> Private Key = computationally infeasible.
Public Address -> Public Key = also computationally infeasible.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 26, 2011, 08:28:39 PM
 #34

If you used a 22 chars mini private key and that happens, how long would it take to brute force the right key. Since it starts with S, you have 21 characters to try. So 21! or 5.1 × 10^19. How long would that take?

Factorial is the wrong operation.  A base58 mini private key of 22 characters would be more like 58^21, or 1.08 x 10^37.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
netrin
Sr. Member
****
Offline Offline

Activity: 322


FirstBits: 168Bc


View Profile
December 26, 2011, 08:30:17 PM
 #35

I'd assumed they were like a lock (public address) & a key (private key)

Yeah. Here's a magical analogy for public key cryptography: I generate a private key and numerous public unlocked treasure chests. I give these open treasure chests to all of my friends (it's easy to copy them). Whenever a friend wants to send me a message, they just put the message in my public treasure chest and close the lid. Now even they can not open it again. Only I, with my unique private key, can open the chest.

After I generated the public keys, I don't really need them any more, unless I want to send messages to myself. But no one needs the private key to lock a message. The private key is only required to open a message.

Factorial is the wrong operation.  A base58 mini private key of 22 characters would be more like 58^21, or 1.08 x 10^37.

Factorial is correct if using a non-repeating permutation, such as the shuffled deck of cards or beads.

Greenlandic tupilak. Hand carved, traditional cursed bone figures. Sorry, polar bear, walrus and human remains not available for export.
coblee
Donator
Legendary
*
Offline Offline

Activity: 1078


firstbits.com/1ce5j


View Profile WWW
December 26, 2011, 08:32:16 PM
 #36

If you used a 22 chars mini private key and that happens, how long would it take to brute force the right key. Since it starts with S, you have 21 characters to try. So 21! or 5.1 × 10^19. How long would that take?

Factorial is the wrong operation.  A base58 mini private key of 22 characters would be more like 58^21, or 1.08 x 10^37.

I'm not trying to brute force a key. Just the order of the 21 beads. So factorial is correct.

One solution to the bead string breaking and leaving you a mess is to just include a piece of paper with the mini key on it. Put both together in a bank safe. If the bead string breaks somehow, you still have the paper backup. And if the paper/ink fades, you will have the beads backup.

Otoh
Donator
Legendary
*
Offline Offline

Activity: 1918



View Profile
December 26, 2011, 08:33:08 PM
 #37

wow I am shocked that I've never come across this, private key is all you need to access any funds linked to it, for a non techy this is not at all intuitive, thank goodness my intuition has kept me away from managing my own wallet as yet because this is such a fatal flaw in my understanding

edit: haven't read the last 2 replys here yet as my keyboard is playing up & makes things slow atm...

Node40.com is a leader in DASH hosting, dedicated exclusively to fully managed masternode hosting. Professional, organized, and responsive. I have many dozens of nodes with them.    
BTC = $c²     BTC = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc      DASH, Digital Cash = www.dash.org   
   CHARITY | MY REP | DICE
Otoh
Donator
Legendary
*
Offline Offline

Activity: 1918



View Profile
December 26, 2011, 09:01:14 PM
 #38

I'd assumed they were like a lock (public address) & a key (private key)

Yeah. Here's a magical analogy for public key cryptography: I generate a private key and numerous public unlocked treasure chests. I give these open treasure chests to all of my friends (it's easy to copy them). Whenever a friend wants to send me a message, they just put the message in my public treasure chest and close the lid. Now even they can not open it again. Only I, with my unique private key, can open the chest.

After I generated the public keys, I don't really need them any more, unless I want to send messages to myself. But no one needs the private key to lock a message. The private key is only required to open a message.

OK I think I get that, but I still don't follow exactly how bitcoins works in practice, I can send them to various bit coin addresses easily via the exchanges that hold them & so they use their private keys to do this but never having risked my own wallet I don't have experience in doing this & was completely unaware that a private key gives away the public address, i.e. the key is not just a key in real life terms it's also full access to the safe where the valuables are stored so perhaps key is a confusing term - it's basically open sesame to the vault

Another reason, apart from this one that I didn't even know about, for not starting a wallet yet is that I haven't been able to master the weirdness of if you send some Btc out from it the rest don't just sit there but do some relocation which means you may end up loosing them unless you have looked very deeply in to how this all works & realise that your backed up wallet is now obsolete as it gets reinvented ever time you do a transaction - I'm prob wrong on this exactly but it's my general impression of how it may work & reflects maybe the confusion of other new adapters to Bitcoin world

I've managed to master very fast how to loose vast amounts on Bitcoinica though - go me!

Node40.com is a leader in DASH hosting, dedicated exclusively to fully managed masternode hosting. Professional, organized, and responsive. I have many dozens of nodes with them.    
BTC = $c²     BTC = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc      DASH, Digital Cash = www.dash.org   
   CHARITY | MY REP | DICE
byronbb
Legendary
*
Offline Offline

Activity: 1400


HODL OR DIE


View Profile
December 26, 2011, 09:32:54 PM
 #39

just get a tattoo.

PrintCoins
Hero Member
*****
Offline Offline

Activity: 524



View Profile WWW
December 27, 2011, 12:20:38 AM
 #40

Print on paper ... then laminate. It will last a lifetime.

Bitmessage.org: BM-2cT3oFVj68gugBD5JFvP3qmoBHWXJQ6ZkT
BTC Addr:18AA1hq6DVHn5WuK1fQhr5CdkqeG5Mj2ZL <--did you like my post? Send some encouragement here.
Print bitcoin bills: http://print.printcoins.com/
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!