Bitcoin Forum
December 07, 2016, 12:37:54 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3]  All
  Print  
Author Topic: Is it possible to send BTC to an address that doesn't exist?  (Read 3688 times)
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
July 18, 2012, 09:31:04 PM
 #41

That is correct.  The stength of private keys from a brute force attack is 2^160th.  An attacker doesn't need the exact private key they simply need any private key which produces the same address.  Still 2^160th is very large many many many magnitudes larger than what could be brute forced even with all the computing power on the planet AND a century of Moore's law at work.
1481114274
Hero Member
*
Offline Offline

Posts: 1481114274

View Profile Personal Message (Offline)

Ignore
1481114274
Reply with quote  #2

1481114274
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481114274
Hero Member
*
Offline Offline

Posts: 1481114274

View Profile Personal Message (Offline)

Ignore
1481114274
Reply with quote  #2

1481114274
Report to moderator
jgarzik
Legendary
*
Offline Offline

Activity: 1470


View Profile
July 18, 2012, 09:38:57 PM
 #42

The ECDSA private key behind it all is 256 bits.

Yes, but since the end-result is a 160-bit address, there's a certain loss of information. IOW, multiple 256-bit private keys could map to any given 160-bit address, so really only (Roll Eyes) 2^160 bits worth of work needs to be done to crack any given address.

The bitcoin address is basically a 160-bit hash, yes, but you need the private key to actually spend the bitcoins.


Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
westkybitcoins
Legendary
*
Offline Offline

Activity: 980

Firstbits: Compromised. Thanks, Android!


View Profile
July 18, 2012, 09:45:16 PM
 #43

The ECDSA private key behind it all is 256 bits.

Yes, but since the end-result is a 160-bit address, there's a certain loss of information. IOW, multiple 256-bit private keys could map to any given 160-bit address, so really only (Roll Eyes) 2^160 bits worth of work needs to be done to crack any given address.

The bitcoin address is basically a 160-bit hash, yes, but you need the private key to actually spend the bitcoins.



Not trying to be picky, I'm just wanting to know exactly how this works....

Would you need the original private key to spend the coins, or just any private key that ultimately hashes to the address?

Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
...
...
In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber
...
...
ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)
...
...
The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
dooglus
Legendary
*
Offline Offline

Activity: 2002



View Profile
July 18, 2012, 10:11:10 PM
 #44

Would you need the original private key to spend the coins, or just any private key that ultimately hashes to the address?

You don't need the original private key to spend payments to a bitcoin address.  Any private key with the same bitcoin address will work.

We can see this by looking at the script on a random recent transaction.  In order to spend the 50 BTC output of that transaction, we need to provide an input such that this script is satisfied:

OP_DUP OP_HASH160 f88b720031b65505f853bce809d4f4641744d2ae OP_EQUALVERIFY OP_CHECKSIG

ie. we need to put two values on the stack, one of which is a public key which has a hash160 of f88b720031b65505f853bce809d4f4641744d2ae, and the other of which is the signature obtained when signing the spending transaction with the corresponding private key.

At no point is there anything to distinguish the sender's private key - all we can see is the 160 bit hash of the sender's public key and so any suitable private key will do.

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
July 18, 2012, 10:11:16 PM
 #45

Not trying to be picky, I'm just wanting to know exactly how this works....

Would you need the original private key to spend the coins, or just any private key that ultimately hashes to the address?

Any.  To spend coins sent to an address you need a private key which can sign the transaction.  Any private key which produces the same public address can properly sign a transaction.  For all intents and purposes Bitcoin addresses have 160bits of cryptographic strength.  Still there are certain advantages to making the keys 256bit.
Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!