Nyhm
|
|
July 17, 2012, 04:57:46 PM |
|
A vanity address generator can be used to reverse-engineer the private key from the (public) address. Take the Bitcoin address you accidentally mistyped (which now owns your bitcoins) and put it into a vanity address generator. The generator will create and test private keys until it finds one that produces a public address matching the one you're looking for.
What if there is only a single error (or two) in the address (and I know which character(s)). Can I vanitygen the key much faster? Generating key pairs is always a random process. There is no way to predict the length of time it will ever take to find any key/address. Likewise, there is no notion of progress toward finding any key/address. It's like you have a (very, very) big bin of ping-pong-balls whirling around (like for bingo or lottery drawings), each of which is a unique key pair. Generating a key pair (for vanity purposes or otherwise) is effectively like pulling a random ball from the bin. All the vanity generators are doing is pulling them out as fast as possible, looking at the public address for a matching string (your vanity word), and discarding any non-matches. More precisely, probabilistically speaking, each chosen ball (whether "discarded" or kept in your wallet) are actually thrown back into the bin (they're just numbers and can never go away). The bin is just so big that no one is ever likely to pull that same ball back out.
|
|
|
|
dacoinminster
Legendary
Offline
Activity: 1260
Merit: 1031
Rational Exuberance
|
|
July 17, 2012, 05:55:36 PM |
|
There is actually one legitimate reason someone might want to send bitcoins to a fake address, thereby destroying them.
People working on alt-coins who want to make sure bitcoin prices rise as the alt-coin is adopted may choose to release some of their coins in exchange for bitcoin destruction.
I proposed this in The Second Bitcoin Whitepaper as a method of ensuring that alt-coin adoptions built on top of bitcoin don't completely leave bitcoin values in the dust (since bitcoins must have enough value to provide incentive to miners to keep the block chain secure).
|
|
|
|
ribuck
Donator
Hero Member
Offline
Activity: 826
Merit: 1060
|
|
July 17, 2012, 06:43:52 PM Last edit: July 17, 2012, 07:53:05 PM by ribuck |
|
Also you "get rid of coins" by sending them to the address which received the block reward for block 0. This block starts everything off, and is hard-wired into Bitcoin. It was never actually "mined". As such, the 50 generated coins in that address cannot be redeemed. Additional payments to that address can be redeemed by Satoshi, if he still possesses the private key for that address. Since the date of that block (3 January 2009), people have sent almost 50 additional payments to that address, increasing its balance by more than 6 bitcoins. It's kind of like tossing coins into a fountain for good luck. You have lost the coins forever, but you had fun making a wish. If anyone wants to toss some coins into the Satoshi fountain, here is the address: 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa (edited to correct an error in my original post)
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5348
Merit: 13336
|
|
July 17, 2012, 06:59:17 PM |
|
The coins in that address cannot be redeemed.
Only the generation transaction to that address can't be redeemed. Other transactions could be redeemed by Satoshi if he still has the private key.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
July 17, 2012, 06:59:51 PM |
|
Reference for the sun enough energy in our star to brute force 256 bit keyspace http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.htmlNote that the energy calculated is to count to 2^256 nothing more. i.e. this code can't be completed even with a computer using all power of our star at perfect theoretical efficiency int256 i=0;
while (i < int256.MaxValue) { i++ } print "WE FINALLY COUNTED TO 2^256"
|
|
|
|
Nyhm
|
|
July 17, 2012, 07:08:17 PM |
|
Reference for the sun enough energy in our star to brute force 256 bit keyspace http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.htmlNote that the energy calculated is to count to 2^256 nothing more. i.e. this code can't be completed even with a computer using all power of our star at perfect theoretical efficiency int256 i=0;
while (i < int256.MaxValue) { i++ } print "WE FINALLY COUNTED TO 2^256"
Mathematicians overlook that computation is bounded by Physics. Computer Scientists lament it. Cryptographers depend on it. -- Nyhm(Is it pretentious to quote my own proverbs? Is it tactless to jingle my proverbial tip jar?) 1NYhM2pzT6PDfZyXbyFm3dVcoob4phrGc5
|
|
|
|
FreeMoney
Legendary
Offline
Activity: 1246
Merit: 1016
Strength in numbers
|
|
July 17, 2012, 07:24:19 PM |
|
Mathematicians overlook that computation is bounded by Physics. Computer Scientists lament it. Cryptographers depend on it. -- Nyhm
(Is it pretentious to quote my own proverbs? Is it tactless to jingle my proverbial tip jar?) 1NYhM2pzT6PDfZyXbyFm3dVcoob4phrGc5
Usually yes, but that one is ok.
|
Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
|
|
|
Nyhm
|
|
July 17, 2012, 07:31:40 PM Last edit: July 18, 2012, 02:54:49 PM by Nyhm |
|
Mathematicians overlook that computation is bounded by Physics. Computer Scientists lament it. Cryptographers depend on it. -- Nyhm
(Is it pretentious to quote my own proverbs? Is it tactless to jingle my proverbial tip jar?) 1NYhM2pzT6PDfZyXbyFm3dVcoob4phrGc5
Usually yes, but that one is ok. Why, thank you for your compliment, fine Sir! ... *eagerly awaits new transactions* Bitcoin - Ushering in a new era of online begging. -- Nyhm
|
|
|
|
ribuck
Donator
Hero Member
Offline
Activity: 826
Merit: 1060
|
|
July 17, 2012, 07:46:34 PM |
|
The coins in that address cannot be redeemed.
Only the generation transaction to that address can't be redeemed. Other transactions could be redeemed by Satoshi if he still has the private key. Thank you theymos for clarifying (again). I'll edit my post to get it right this time.
|
|
|
|
caveden
Legendary
Offline
Activity: 1106
Merit: 1004
|
|
July 17, 2012, 08:55:44 PM |
|
Why can't the very first 50 bitcoins be spent?
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
July 17, 2012, 09:15:34 PM |
|
Why can't the very first 50 bitcoins be spent?
Early versions of the client consider them unspendable to maintain compatibility all current versions also consider them unspendable. If that were to change now it has the potential to cause a permanent fork in the network where some nodes see a block as valid and some as invalid when it contains block0 coins. I think it was an oversight in the early code base but it is a "limitation" we are stuck with now. Given the potential for hard fork I doubt it will ever be patched.
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
July 17, 2012, 09:21:29 PM |
|
Why can't the very first 50 bitcoins be spent?
Early versions of the client consider them unspendable to maintain compatibility all current versions also consider them unspendable. If that were to change now it has the potential to cause a permanent fork in the network where some nodes see a block as valid and some as invalid when it contains block0 coins. I think it was an oversight in the early code base but it is a "limitation" we are stuck with now. Given the potential for hard fork I doubt it will ever be patched. I am amazed we worry much about the earliest clients and that there isn't a mechanism to deactivate them. The earliest clients also allow for the creation of new bitcoins just by summing two numbers together in an overflow, but we assume everyone has upgraded. I am guessing the original 50 BTC doesn't ever get added to the blkindex.dat and that's the reason it is unspendable.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
TangibleCryptography
|
|
July 17, 2012, 09:36:18 PM |
|
I am amazed we worry much about the earliest clients and that there isn't a mechanism to deactivate them. The earliest clients also allow for the creation of new bitcoins just by summing two numbers together in an overflow, but we assume everyone has upgraded. I am guessing the original 50 BTC doesn't ever get added to the blkindex.dat and that's the reason it is unspendable. I think the issue isn't just earliest clients anymore. The "rule" (unintended or not) of block zero unintended or not has been carried forward this long. There are now what 8 different clients in active development. Changing the rule now while possible has the potential for huge disruptions if some/all clients don't implement it. Given almost all of Satoshi early blocks have never been spent it doesn't seem like a huge issue. Either Satoshi has no intention of spending them, or the private key is lost. Even if it was spendable Satoshi (IMHO a group of people) mined thousands of blocks so it isn't like they NEED to spend that particular block. Given the extremely tiny benefit is simply doesn't warrant disruption to the network.
|
|
|
|
caveden
Legendary
Offline
Activity: 1106
Merit: 1004
|
|
July 18, 2012, 12:00:42 PM |
|
Why can't the very first 50 bitcoins be spent?
Early versions of the client consider them unspendable to maintain compatibility all current versions also consider them unspendable. I understand this, I just wonder if some rationale was given for this "weird" rule. Given the potential for hard fork I doubt it will ever be patched.
For sure, definitely not worth the trouble. Particularly since it was Satoshi himself who created this rule, which only concerns his own coins.
|
|
|
|
Rygon
|
|
July 18, 2012, 02:04:13 PM |
|
Under the original post's scenario, that private key may be unknown to anyone. If anyone ever does generate that key pair (against astronomically incomprehensible odds), they mathematically and cryptographically "own" (because this is how the Bitcoin system is defined) any associated bitcoin value assigned to them by a transaction in the blockchain!
What exactly are those odds? Is there a reference somewhere? I was trying to explain the finer details of Bitcoin to someone with a solid mathematics background, and I was having trouble finding the odds. is it like 1 in 2^50, or 1 in 2^100? Thanks!
|
|
|
|
westkybitcoins
Legendary
Offline
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
|
|
July 18, 2012, 02:34:49 PM |
|
Under the original post's scenario, that private key may be unknown to anyone. If anyone ever does generate that key pair (against astronomically incomprehensible odds), they mathematically and cryptographically "own" (because this is how the Bitcoin system is defined) any associated bitcoin value assigned to them by a transaction in the blockchain!
What exactly are those odds? Is there a reference somewhere? I was trying to explain the finer details of Bitcoin to someone with a solid mathematics background, and I was having trouble finding the odds. is it like 1 in 2^50, or 1 in 2^100? Thanks! IIRC, Bitcoin addresses rely on a hash called RIPEMD-160, giving 160-bit results, so the odds are about 1 in 2^160.
|
Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
... ... In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber... ... ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)... ... The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
|
|
|
westkybitcoins
Legendary
Offline
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
|
|
July 18, 2012, 02:35:47 PM |
|
Mathematicians overlook that computation is bounded by Physics. Computer Scientists lament it. Cryptographers depend on it. -- Nyhm
(Is it pretentious to quote my own proverbs? Is it tactless to jingle my proverbial tip jar?) 1NYhM2pzT6PDfZyXbyFm3dVcoob4phrGc5
Usually yes, but that one is ok. Yeah, it's good enough to refer to at some point.
|
Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
... ... In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber... ... ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)... ... The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
|
|
|
jgarzik
Legendary
Offline
Activity: 1596
Merit: 1099
|
|
July 18, 2012, 07:14:43 PM |
|
Under the original post's scenario, that private key may be unknown to anyone. If anyone ever does generate that key pair (against astronomically incomprehensible odds), they mathematically and cryptographically "own" (because this is how the Bitcoin system is defined) any associated bitcoin value assigned to them by a transaction in the blockchain!
What exactly are those odds? Is there a reference somewhere? I was trying to explain the finer details of Bitcoin to someone with a solid mathematics background, and I was having trouble finding the odds. is it like 1 in 2^50, or 1 in 2^100? Thanks! IIRC, Bitcoin addresses rely on a hash called RIPEMD-160, giving 160-bit results, so the odds are about 1 in 2^160. The ECDSA private key behind it all is 256 bits.
|
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own. Visit bloq.com / metronome.io Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
Rygon
|
|
July 18, 2012, 08:33:19 PM |
|
Thanks! That's good enough for me!
|
|
|
|
westkybitcoins
Legendary
Offline
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
|
|
July 18, 2012, 09:20:58 PM |
|
Under the original post's scenario, that private key may be unknown to anyone. If anyone ever does generate that key pair (against astronomically incomprehensible odds), they mathematically and cryptographically "own" (because this is how the Bitcoin system is defined) any associated bitcoin value assigned to them by a transaction in the blockchain!
What exactly are those odds? Is there a reference somewhere? I was trying to explain the finer details of Bitcoin to someone with a solid mathematics background, and I was having trouble finding the odds. is it like 1 in 2^50, or 1 in 2^100? Thanks! IIRC, Bitcoin addresses rely on a hash called RIPEMD-160, giving 160-bit results, so the odds are about 1 in 2^160. The ECDSA private key behind it all is 256 bits. Yes, but since the end-result is a 160-bit address, there's a certain loss of information. IOW, multiple 256-bit private keys could map to any given 160-bit address, so really only ( ) 2^160 bits worth of work needs to be done to crack any given address. I'm not a cryptographer, but that's what I've read. Can anyone else confirm (or disprove) this?
|
Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
... ... In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber... ... ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)... ... The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
|
|
|
|