Is it possible to send BTC to an address that doesn't exist?

[DeathAndTaxes]

That is correct.  The stength of private keys from a brute force attack is 2^160th.  An attacker doesn't need the exact private key they simply need any private key which produces the same address.  Still 2^160th is very large many many many magnitudes larger than what could be brute forced even with all the computing power on the planet AND a century of Moore's law at work.

[1714932284]

1714932284

[jgarzik]

The ECDSA private key behind it all is 256 bits.

Yes, but since the end-result is a 160-bit address, there's a certain loss of information. IOW, multiple 256-bit private keys could map to any given 160-bit address, so really only () 2^160 bits worth of work needs to be done to crack any given address.

The bitcoin address is basically a 160-bit hash, yes, but you need the private key to actually spend the bitcoins.

[westkybitcoins]

The ECDSA private key behind it all is 256 bits.

Yes, but since the end-result is a 160-bit address, there's a certain loss of information. IOW, multiple 256-bit private keys could map to any given 160-bit address, so really only () 2^160 bits worth of work needs to be done to crack any given address.

The bitcoin address is basically a 160-bit hash, yes, but you need the private key to actually spend the bitcoins.

Not trying to be picky, I'm just wanting to know exactly how this works....

Would you need the original private key to spend the coins, or just any private key that ultimately hashes to the address?

[dooglus]

Would you need the original private key to spend the coins, or just any private key that ultimately hashes to the address?

You don't need the original private key to spend payments to a bitcoin address.  Any private key with the same bitcoin address will work.

We can see this by looking at the script on a random recent transaction.  In order to spend the 50 BTC output of that transaction, we need to provide an input such that this script is satisfied:

OP_DUP OP_HASH160 f88b720031b65505f853bce809d4f4641744d2ae OP_EQUALVERIFY OP_CHECKSIG

ie. we need to put two values on the stack, one of which is a public key which has a hash160 of f88b720031b65505f853bce809d4f4641744d2ae, and the other of which is the signature obtained when signing the spending transaction with the corresponding private key.

At no point is there anything to distinguish the sender's private key - all we can see is the 160 bit hash of the sender's public key and so any suitable private key will do.

[DeathAndTaxes]

Not trying to be picky, I'm just wanting to know exactly how this works....

Would you need the original private key to spend the coins, or just any private key that ultimately hashes to the address?

Any.  To spend coins sent to an address you need a private key which can sign the transaction.  Any private key which produces the same public address can properly sign a transaction.  For all intents and purposes Bitcoin addresses have 160bits of cryptographic strength.  Still there are certain advantages to making the keys 256bit.