Public Adresses - when do they start to exist? (The art of coin destruction)

[C. Bergmann]

Something I don't understand:

If I create I a brainwallet, I receive a public adress. Do I write the adress with this act into the blockchain (how??), or was the public adress there, before I created the brainwallet? Is every public adress availible to receive bitcoins, cause there's a limitation in possible public adresses, which can be calculated with the private key, so that it's impossible to type a valid public adress by randomly tipping?

(and do miner something like finding randomly public adresses?)

[jl2012]

Something I don't understand:

If I create I a brainwallet, I receive a public adress. Do I write the adress with this act into the blockchain (how??), or was the public adress there, before I created the brainwallet? Is every public adress availible to receive bitcoins, cause there's a limitation in possible public adresses, which can be calculated with the private key, so that it's impossible to type a valid public adress by randomly tipping?

(and do miner something like finding randomly public adresses?)

Simply speaking, all integers from 0 to 2^160-1 are valid bitcoin addresses. You can send bitcoin to any of these addresses. Miners don't know and don't care whether there is a corresponding private key for such address, until someone tries to spend.

(Read more at https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses . For example, my donation address 1CiZPrEJdN4FJcqdLdgVLzT8tgCXxT5ion is equivalent to the hexadecimal number 80857aaa19a17c0ef98fe525316ce131492a5c40)

[C. Bergmann]

thanks

Is it possible to create a valid adress without the private key?

[jl2012]

thanks

Is it possible to create a valid adress without the private key?

Please read carefully: all integers from 0 to 2^160-1 are valid bitcoin addresses.

[yogi]

thanks

Is it possible to create a valid adress without the private key?

Yes, but it's practically impossible to find the private key for it.

See - 1BitcoinEaterAddressDontSendf59kuE

[C. Bergmann]

thanks

Is it possible to create a valid adress without the private key?

Yes, but it's practically impossible to find the private key for it.

See - 1BitcoinEaterAddressDontSendf59kuE

Sorry, I don't understand the mathematics.
The BitcoineaterAdress - how was it created? Did someone created addresses to bruteforce the bitcoineater-public-adress?

[ProfMac]

Bitcoin uses public key cryptography.  Public key cryptography is based on a pair of mathematics operations that are inverses of each other, but where 1 is relatively easy and the other is relatively hard.

An example is multiplication and division by 29.  It is much easier to multiply by 29 than it is to divide by 29, using pencil and paper.

To be useful in a situation where everyone wants to steal your money, it is important for the inverse operation to be very difficult.  

A way to do this was published in the early 1980s (RSA).  An article was published in Byte magazine explaining it, and that article has some flaws.  The copies of the article at many libraries that I visited were unobtrusively removed, and there were rumors that the NSA did not like this knowledge becoming public.  I am afraid respectful of the NSA.  I suspect they owned the black helicopter that flew over my house one day, but I could not see the N number.

Now, this information is public.  Please see WikiPedia.  Note well, that step "5. Determine d as d ≡ e−1" is not what you think it is, unless you have studied mathematics.

There is a worked example on that WikiPedia page.

[ProfMac]

Of course, this is a great simplification.

To be useful to you, you must have the private key.  Your wallet has this key in it when you generate a new address.  That is why it is so important to protect your wallet.

Now, when you generate an address in your wallet, the blockchain does not, and does not need to know anything about it.  You may publish your (public) address anywhere.  When someone sends funds to your address, they are actually encrypting a message that only the private key can decrypt.  That private message is inside the transaction and it ends up in the blockchain.  So, lose your wallet, the funds cannot ever be spent again, until a currently unlikely advance in mathematics or computation power takes place.

[piotr_n]

thanks

Is it possible to create a valid adress without the private key?

Yes, but it's practically impossible to find the private key for it.

See - 1BitcoinEaterAddressDontSendf59kuE

Sorry, I don't understand the mathematics.
The BitcoineaterAdress - how was it created? Did someone created addresses to bruteforce the bitcoineater-public-adress?

The address (before getting 58 encoded)  is 25 bytes. First byte is always zero. Next 20 is the hash of a (hypothetical) public key.
The remaining 4 bytes is a checksum of the previous 21.
It's easy to brute force such strings to match a certain b58 text pattern.
Much more complex though is to generate random private keys, originate a public key from that and hashing the public key - bruteforcing such to meet a pattern takes much more time.

Yes, you can create a valid address without a private key, but you won't be able to spend from it.

[jl2012]

thanks

Is it possible to create a valid adress without the private key?

Yes, but it's practically impossible to find the private key for it.

See - 1BitcoinEaterAddressDontSendf59kuE

Sorry, I don't understand the mathematics.
The BitcoineaterAdress - how was it created? Did someone created addresses to bruteforce the bitcoineater-public-adress?

Ok, let me do it again

1. "Bitcoin address" is just a human readable expression of a number.

For example, my donation address 1CiZPrEJdN4FJcqdLdgVLzT8tgCXxT5ion is equivalent to the hexadecimal number 80857aaa19a17c0ef98fe525316ce131492a5c40; 1BitcoinEaterAddressDontSendf59kuE is equivalent to 759d6677091e973b9e9d99f19c68fbf43e3f05f9; 1111111111111111111114oLvT2 is equivalent to 0000000000000000000000000000000000000000


2. All integers from 0 to 2^160-1 are valid bitcoin addresses

So 0000000000000000000000000000000000000000 = 0 is a valid bitcoin address. Do you need a private key to generate a "0"? Obviously no.

[Light]

Sorry, I don't understand the mathematics.
The BitcoineaterAdress - how was it created? Did someone created addresses to bruteforce the bitcoineater-public-adress?

The mathematics is complicated - it takes quite a bit of knowledge to actually understand the whole process. If you want to start out I would suggest reading about ECDSA (as nearly all cryptography is based on that at the moment) and this article will give you a good insight to start with - http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/3/.

As to your second question, it's already been answered above - that address is considered valid (as the miner's do not care whether someone has the private key) but in all probability someone doesn't have it so it cannot be spent.

[C. Bergmann]

Thanks for all the great answers.

Yes, you can create a valid address without a private key, but you won't be able to spend from it.

Yes, that's what I want. Just for experimentation. I want to destroy bitcoins without loosing the private key (that would be too easy), so I need an adress nobody has the priv key.

I think this thing gets complicated and I need to read something about ECDSA (thank you for the link).

I just tried by random to find something on blockchain.info with

0000001020000400000000000000010

but no, doesn't work.

If I find a never-used public adress and search for it on blockchain.info - do I find something? I think I should,

look here

1MrutCLR2raaijByukG9FSXhtPXaW8ue7L

Nobody will ever know the priv key for this adress, I just created it with brainwallet by randomly tipping a passphrase and closing the window (but that's too easy, as I said)

So - some easy step-by-step guide to find a public adress without the priv key?


--- this is for an article "How to destroy Bitcoins", and I think it leads quiet funny into cryptography

[jl2012]

So - some easy step-by-step guide to find a public adress without the priv key?

1. buy a hexadecimal dice

2. throw 40 times

3. for example the result is 0123456789abcdef0123456789abcdef00000000, get the address from https://blockchain.info/address/0123456789abcdef0123456789abcdef00000000

4. the address is 171vsZ3PsK9vcyajd3FW1m2AfLzs68Z8o

"How to destroy Bitcoins"

The easiest way is send your bitcoin to 1111111111111111111114oLvT2 or 1BitcoinEaterAddressDontSendf59kuE

[C. Bergmann]

thank you. That's a great trick, I will use it

About 11111 and bitcoineater:

I somewhere read you need millions of years to find a public adress like bitcoineaterdontsend by random. So I am curious how it is done and I don't trust it to be a real coin-destruction.

[piotr_n]

Thanks for all the great answers.

Yes, you can create a valid address without a private key, but you won't be able to spend from it.

Yes, that's what I want. Just for experimentation. I want to destroy bitcoins without loosing the private key (that would be too easy), so I need an adress nobody has the priv key.

I don't know why you'd want to conduct such an experiment, but to achieve your goal, you do not need to read about ECDSA.

You do it like this:

1.
Pick up any random 20 bytes (e.g 112233445566778899AA112233445566778899AA) and put the version byte (00), in front of it:

Code:

00112233445566778899AA112233445566778899AA

2.
Calculate the check sum - run sha256 over the 21 bytes and then again over the result:

Code:

echo "00112233445566778899AA112233445566778899AA" | xxd -p -r | openssl sha256 -binary | openssl sha256

This will give you the double sha256 of the 21 byes:

Code:

c1255966acaa9359140af8c13bce4c5639481f73a3ed7fde097d596e7cb102c9

The first 4 bytes (c1255966) is the checksum you need - just append it at the end of your previous 21:

Code:

00112233445566778899AA112233445566778899AAc1255966

3.
Use any base58 encoder to convert these 25 bytes (that represent a 200-bit big integer, MSB encoded) into a string.
For instance, you can do it with such a simple python script: http://codepad.org/mVzFVQpu (put the hex-encoded 25 bytes in the first line)
Executing the script above will output the base58 encoded string - that is a valid bitcoin address, for which most likely nobody knows a private key.


You can repeat this procedure for any random 20 bytes you can think of.
A chance of someone having a private key for 20 bytes that you'd choose randomly is always bigger than zero, but astronomically low.

In theory there is no single address that would not refer to a specific private key.
That's because the hash in the address is 200 bits long while a private key is 256-bits.
So statistically for each valid bitcoin address there are 2^56 matching private keys.

[C. Bergmann]

So - some easy step-by-step guide to find a public adress without the priv key?

1. buy a hexadecimal dice

2. throw 40 times

3. for example the result is 0123456789abcdef0123456789abcdef00000000, get the address from https://blockchain.info/address/0123456789abcdef0123456789abcdef00000000

4. the address is 171vsZ3PsK9vcyajd3FW1m2AfLzs68Z8o

Great! So I just have to variate a chain of 40 numbers with hexadecimal signs and search blockchain.info for it ... this is not completely self-made, but it's a good way to do it.

@piotr_n - thank you for the descriptions. Unfortunately I have zero experience with python or any other coding-software.

[piotr_n]

@piotr_n - thank you for the descriptions. Unfortunately I have zero experience with python or any other coding-software.

I changed the code into the link to a webpage that can run the script for you.

Of course much easier is to use blockchain.info to evaluate all the 3 steps for you, from the random 20 bytes: https://blockchain.info/address/112233445566778899AA112233445566778899AA
But then you won't learn anything

[C. Bergmann]

Ok, I tried it

your code is

v = '00112233445566778899AA112233445566778899AAc1255966'.decode('hex_codec')

__b58chars = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
__b58base = len(__b58chars)
long_value = int(v.encode("hex_codec"), 16)

result = ''
while long_value >= __b58base:
    div, mod = divmod(long_value, __b58base)
    result = __b58chars[mod] + result
    long_value = div
result = __b58chars[long_value] + result

nPad = 0
for c in v:
    if c == '\0': nPad += 1
    else: break

print (__b58chars[0]*nPad) + result

I just changed the first line and submited the code again

v = '00132233445566778899AA112233445566778899AAc1255966'.decode('hex_codec')

__b58chars = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
__b58base = len(__b58chars)
long_value = int(v.encode("hex_codec"), 16)

result = ''
while long_value >= __b58base:
    div, mod = divmod(long_value, __b58base)
    result = __b58chars[mod] + result
    long_value = div
result = __b58chars[long_value] + result

nPad = 0
for c in v:
    if c == '\0': nPad += 1
    else: break

print (__b58chars[0]*nPad) + result

This created the adress

12kAovPuREtsCckGsZePjFfNMFaN6AhPf3

which is no valid adress ...

btw, one more question, something about high-school mathematics:
There are 62! possibilities to type a random sign-chain which matches the adress-formular (34 signs consisting of the alphabet, up and down, plus numbers 0-9)? This means it are

3.1469973 * 10^85 possibilites?

But it are just

16^40 (=2^160) possible public adresses, which are

1,461*10^48

So I need to try

5*10^36 times to randomly find a public adress?

[I want to write an article about the art of coin destruction, and I think this will be some kind of fun with cryptographic background]

[piotr_n]

Ok, I tried it

[...]

I just changed the first line and submited the code again

v = '00132233445566778899AA112233445566778899AAc1255966'.decode('hex_codec')

This created the adress

which is no valid adress ...

It's because after changing anything in the fist 21 bytes, you must recalculated the checksum (the last 4 bytes).

Code:

> echo "00132233445566778899AA112233445566778899AA" | xxd -p -r | openssl sha256 -binary | openssl sha256
(stdin)= 0fdea213764e1ab31be82f35da547fab8a65d3118bbd96a99086d232767509d9

So the first line should be:

v = '00132233445566778899AA112233445566778899AA0fdea213'.decode('hex_codec')
[...]

And then you get: 12kAovPuREtsCckGsZePjFfNMFaN1dsq7g - this one is valid.

[C. Bergmann]

How can I run this? Is it on my system? I tried the prompt, it is annoying to type, it know "echo", but it doesn't know -xxd

(sorry, as I said, I don't know anything about coding and so)

edit: can someone explain how is it possible to find a public adress like bitcoineaterdontsend? It seems to me that this is the highest degree in the art of destroying bitcoins, so I want to explain how to do it (theoretically).