Bitcoin Addresses: What happens after 20 years?

[tertius993]

If you are trying to find a private key that will allow you to spend the bitcoins associated with a particular bitcoin address...

There are 2¹⁶⁰ possible addresses.
2¹⁶⁰ = 1.46 X 10⁴⁸

So, the odds of finding such a private key are 1 in 1.46 X 10⁴⁸

The odds of winning the NY lottery 6 numbers Y times in a row are:
1 in 45,057,474^Y

45,057,474⁶ = 8.37 X 10⁴⁵

45,057,474⁷ = 3.77 X 10⁵³

So the odds of finding such a private key are a bit better than winning the NY lottery 7 times in a row.

Math is awesome, thanks!!  I wish I was better at it. I thought the odds were actually going to be a lot more distant than that...but then when I thought about it, Those are the odds of a single person buying a single ticket on 7 different drawings and winning every time.  That person cannot ever have purchased a ticket in the past, or ever again in the future...Or as you put it, 7 times in a row.

This would be why I generally don't bother playing the lottery.  People don't realize how much the odds are stacked against them.  Winning multiple times on a single ticket each time multiplies those already astonomical odds to dizzying heights.

The best description I've heard of for government run lotteries is:

"A lottery is a government tax levied on the absence of mathematical skills."

Or as my brother puts it "The lottery is a tax on imbeciles."

[S4VV4S]

If you are trying to find a private key that will allow you to spend the bitcoins associated with a particular bitcoin address...

There are 2¹⁶⁰ possible addresses.
2¹⁶⁰ = 1.46 X 10⁴⁸

So, the odds of finding such a private key are 1 in 1.46 X 10⁴⁸

The odds of winning the NY lottery 6 numbers Y times in a row are:
1 in 45,057,474^Y

45,057,474⁶ = 8.37 X 10⁴⁵

45,057,474⁷ = 3.77 X 10⁵³

So the odds of finding such a private key are a bit better than winning the NY lottery 7 times in a row.

Math is awesome, thanks!!  I wish I was better at it. I thought the odds were actually going to be a lot more distant than that...but then when I thought about it, Those are the odds of a single person buying a single ticket on 7 different drawings and winning every time.  That person cannot ever have purchased a ticket in the past, or ever again in the future...Or as you put it, 7 times in a row.

This would be why I generally don't bother playing the lottery.  People don't realize how much the odds are stacked against them.  Winning multiple times on a single ticket each time multiplies those already astonomical odds to dizzying heights.

The best description I've heard of for government run lotteries is:

"A lottery is a government tax levied on the absence of mathematical skills."

Or as my brother puts it "The lottery is a tax on imbeciles."

And as true as what you said may be, a lot of people "gamble" on it and quite a few actually become (multi)-millionaires from it....
If your lucky then your lucky.....
That being said, I don't gamble.

[tertius993]

Or as my brother puts it "The lottery is a tax on imbeciles."

And as true as what you said may be, a lot of people "gamble" on it and quite a few actually become (multi)-millionaires from it....
If your lucky then your lucky.....
That being said, I don't gamble.

Of course, and I'm happy to be an imbecile myself from time to time, but it's still worryingly true ...

[foggyb]

But you'll never win if you don't play!

You miss 100% of the chances you don't take!

and other platitudes.

[DannyHamilton]

And as true as what you said may be, a lot of people "gamble" on it and quite a few actually become (multi)-millionaires from it....

Compared to the number of people that play, I wouldn't call the number of winners "quite a few", but that's a matter of personal opinion.

Regardless, as with any tax, the government takes some of the revenue gathered and spreads it around to make people feel more comfortable with paying it.  In the case of the lottery, they just don't spread it quite a thinly.  Instead, they take a big chunk of the revenue, and give it all to one person (or small group of people) every now and then to discourage learning about math, and encourage others to keep paying the tax.

If I told you that sales tax was a tax levied on the purchase of merchandise, you wouldn't respond with "As true as what you said might be, a lot of people still make purchases, and the government spends some of that revenue on services for citizens".

[DannyHamilton]

But you'll never win if you don't play!

Of course you will.

I know someone that's bought five $1 lottery tickets every week for the past 20 years that I've known them.  They haven't won the jackpot yet.

Relative to them, I've already "won" $5200.

I suppose they've won some smaller amounts occasionally.  If we assume they've won back about 10% of the total they've spent, then I've "won" about $4,680 more than them.

[Meuh6879]

adress are generate with a random function ... random function is a variable based on the time and date.
you can't have duplicate adress "over the time".

[DannyHamilton]

random function is a variable based on the time and date.

No. It isn't.  That wouldn't be "random", that would be "deterministic", since the value could be "determined" based on the time and date.

The bitcoin random function is NOT based on time and date.

[HowGudAmI]

How does one even say this number: 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976  

I bet it would be a whole paragraph  

Rounded somewhat (actually, quite a lot).

The number is one point four six one five quindecillion if you use the short scale for numbers or one point four six one five Octillion if you use the long scale.

Source: http://en.wikipedia.org/wiki/Names_of_large_numbers

[JorgeStolfi]

As the previous posts have explained, there are so many possible accounts the chances of two people creating the same account is too small to worry about.  The chances of the Sun exploding next week are much higher, for example.

However, there is a non-negligible risk that the software that one uses to generate the key/address pair is malicious, so that it will pick one among only 10 billion different address (say), rather than among the full set of 2^160.  Without inspecting the code, there is no way to tell that one's address has been generated in that fashion.  indeed, the malicious code may even erase itself after a certain time, putting the correct software in its place; so that not even code inspection would work.

After distributing that malicious software to one or more unsuspecting users, the hacker generates all those 10 billion pairs, and monitors the block chain until one of those addresses shows up with a large enough balance.  Then she issues a transfer of the whole balance to her own address.  The victim would not be able to prevent that, and would not even be able to prove that he did not issue the transaction himself.  Note that this attack works even if the victim is careful to run the address/key generation software in a separate computer that is isolated from the internet, and never takes the keys out of there.

In fact, there is no way of telling whether such a hack has occurred already.  Maybe some hacker out there has a large file of address/key pairs that includes the the private keys of many unsuspecting victims, and she is only waiting for the best moment to strike.

A variant of this scam is feasible also if the key/address generation software is legitimate but has a bug in its random number generator that limits it to, say, 10 billion different addresses.  A hacker that discovers the bug could then exploit it as described above.  The chances of such a bug being introduced by accident and then discovered by a hacker are certainly small -- but still bigger than those of a collision among 2^160 addresses.  

(Actually, such a stupid "bad random generator" bug was found recently in the Brazilian electronic voting machines.  It could allow anyone to discover someone else's vote using only data files that must be public by law and the time when that person voted.  Ironically, that bug was put in by the developers in order to "strengthen" the machine's security.)

In yet another variant, the malicious code is distributed through a "trojan horse", some apparently unrelated software such as a solitaire game.  When executed, the malicious program silently scans the computer's file system for some popular key/address generation software, and modifies it by weakening its random number generator, as above.

The moral of this tale is that one cannot be careful enough when choosing, downloading, and running the key/address generation software.  It is one of the soft spots that hackers are going to aim for.

[sgravina]

Possibility of abiogenesis (life created on earth without God) has been calculated:

1 out of 10,000,...,000

So don't think we'll run out of wallets

This is wrong.  The probability is 1.0.  For every earth observed life exists.  Abiogenesis occurred.

[Littleshop]

I assume this factors in the fact that many people are trying to get vanity addresses?  how fast can these generators generate new addys?

It doesn't matter.  It isn't a concern.

Many people seem to have a very difficult time comprehending just how big the numbers we are dealing with are.

These numbers are Carl Sagan big. 

We can effectively say it is not possible to run out of addresses.

[JorgeStolfi]

These numbers are Carl Sagan big. 

They are not.  Even the largest numbers in astronomy are MUCH MUCH smaller than 2^160.

[leopard2]

I agree that finding private keys via brute force is not possible 

But what if an agency such as the NSA simply goes ahead and reserves all 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976 addresses for themselves? That would kill BTC wouldn't it? 

[DannyHamilton]

I agree that finding private keys via brute force is not possible 

But what if an agency such as the NSA simply goes ahead and reserves all 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976 addresses for themselves? That would kill BTC wouldn't it? 

You're joking, right?

[S4VV4S]

I agree that finding private keys via brute force is not possible 

But what if an agency such as the NSA simply goes ahead and reserves all 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976 addresses for themselves? That would kill BTC wouldn't it? 

Sorry you lost me.
What do you mean?

Actually generating all these addresses??

That wont happen.

Basically the reason I asked this question is that I am working on a project that uses a new (disposable) address for each transaction.

I wanted to know what are the chances of.....

The chances are well, non existant.

[bitgold]

I agree that finding private keys via brute force is not possible  

But what if an agency such as the NSA simply goes ahead and reserves all 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976 addresses for themselves? That would kill BTC wouldn't it?  

Your NSA will most definitely need to build a memory storage bigger than this planet to store this amount of data.

[edd]

I agree that finding private keys via brute force is not possible 

But what if an agency such as the NSA simply goes ahead and reserves all 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976 addresses for themselves? That would kill BTC wouldn't it? 

There's a difference between knowing the number of possible combinations and actually doing anything with them. We've established that even just generating them, a process that takes just a fraction of a second for each, would require more time than we have before the heat death of the universe.

[Meuh6879]

No. It isn't.

with no time reference, you can't create a random formula ...

i build microprocessor for industrial use (without NTP chip) ... and random is only possible because crytal frequency is not "regulary the same in identical chip".

the adress of bitcoin must be generate in random and "row" strategy.
only based time/date strategy do this.

that why, in log of bitcoin-qt, you can see NTP mark regulary to correct the main process of mining/RPC orders.

[DeathAndTaxes]

No. It isn't.

with no time reference, you can't create a random formula ...

i build microprocessor for industrial use (without NTP chip) ... and random is only possible because crytal frequency is not "regulary the same in identical chip".

the adress of bitcoin must be generate in random and "row" strategy. only based time/date strategy do this.

Yeah that is still wrong no matter how many times you repeat it.   There are plenty of entropy sources which don't involve time.  

that why, in log of bitcoin-qt, you can see NTP mark regulary to correct the main process of mining/RPC orders.

If you are referring to entries like this:

2014-06-13 15:37:50 receive version message: /Satoshi:0.8.6/: version 70001, blocks=305596, us=<nope>, them=59.13.18.204:8333, peer=59.13.18.204:8333
2014-06-13 15:37:50 Added time data, samples 4, offset +24 (+0 minutes)
2014-06-13 15:37:50 receive version message: /Satoshi:0.8.6/: version 70001, blocks=305596, us=<nope>, them=46.4.105.239:8333, peer=46.4.105.239:8333
2014-06-13 15:37:50 Added time data, samples 5, offset +25 (+0 minutes)
2014-06-13 15:37:50 nTimeOffset = +24  (+0 minutes)

They are not references to NTP.  It is comparisons of the local machine clock against the network median time.  It isn't used to seed the PRNG but to limit how far miners can drift the timestamps of blocks.