Bitcoin Forum
June 17, 2024, 05:32:44 AM *
News: Voting for pizza day contest
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Why can't a private key be calculated from its address?  (Read 3008 times)
BitNerd (OP)
Full Member
***
Offline Offline

Activity: 131
Merit: 100


View Profile
January 31, 2015, 11:04:04 AM
 #1

If computers can calculate an address from its private key, then why can't they do the reverse and calculate a private key from an address?
OnkelPaul
Legendary
*
Offline Offline

Activity: 1039
Merit: 1004



View Profile
January 31, 2015, 11:17:33 AM
 #2

If computers can calculate an address from its private key, then why can't they do the reverse and calculate a private key from an address?

Because the "trapdoor" functions used in public key cryptography are designed with exactly that property.
In your question, the first implicit assumption is already wrong. If a function can be calculated, it does not necessarily follow that its inverse can be calculated with similar effort or can be calculated at all.
For example, the function "abs" returns the absolute value of its argument. Naturally, its inverse cannot be computed, because you don't know whether the original argument was positive or negative.
Other functions have a defined inverse but it's much harder to compute the inverse than computing the original function. Elliptic curve functions as used in bitcoin belong to this class, as well as the operations on large primes that are used in RSA public key crypto (Pretty Good Privacy).
"Much harder" in this case does not mean "requires a faster computer" but "impossible given the natural laws and available ressources of humankind."

Onkel Paul

Kazimir
Legendary
*
Offline Offline

Activity: 1176
Merit: 1003



View Profile
January 31, 2015, 11:23:06 AM
 #3

If computers can calculate an address from its private key, then why can't they do the reverse and calculate a private key from an address?
Not all calculations are reversible. Suppose private keys and address work like this: private keys are long numbers, and addresses are the sum of all digits. Obviously a simplification, but just as an example.

So if you have private key = 134505719542, then you can easily calculate the address: 1+3+4+5+0+5+7+1+9+5+4+2 = 46.

Now I have another address: 43. What's the private key?


In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
BitNerd (OP)
Full Member
***
Offline Offline

Activity: 131
Merit: 100


View Profile
January 31, 2015, 11:25:56 AM
 #4

If computers can calculate an address from its private key, then why can't they do the reverse and calculate a private key from an address?

Because the "trapdoor" functions used in public key cryptography are designed with exactly that property.
In your question, the first implicit assumption is already wrong. If a function can be calculated, it does not necessarily follow that its inverse can be calculated with similar effort or can be calculated at all.
For example, the function "abs" returns the absolute value of its argument. Naturally, its inverse cannot be computed, because you don't know whether the original argument was positive or negative.
Other functions have a defined inverse but it's much harder to compute the inverse than computing the original function. Elliptic curve functions as used in bitcoin belong to this class, as well as the operations on large primes that are used in RSA public key crypto (Pretty Good Privacy).
"Much harder" in this case does not mean "requires a faster computer" but "impossible given the natural laws and available ressources of humankind."

Onkel Paul
Thanks for the response. I like mathematics but never studied too much of it. I would like to understand in more detail both about functions that can't be reversed and the ones which reversion is much harder than the original, where can I read about that?

And if it's possible to create a non-reversible function, then why didn't they do that with bitcoin?
BitNerd (OP)
Full Member
***
Offline Offline

Activity: 131
Merit: 100


View Profile
January 31, 2015, 11:27:31 AM
 #5

If computers can calculate an address from its private key, then why can't they do the reverse and calculate a private key from an address?
Not all calculations are reversible. Suppose private keys and address work like this: private keys are long numbers, and addresses are the sum of all digits. Obviously a simplification, but just as an example.

So if you have private key = 134505719542, then you can easily calculate the address: 1+3+4+5+0+5+7+1+9+5+4+2 = 46.

Now I have another address: 43. What's the private key?



Any number of which the digits' sum is 43?

I don' think your example really explains why a btc private key (actually, as far as I know each address has something like 2^100 private keys), can't be calculated from the address.
Madness
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


My goal is becaming a billionaire.


View Profile WWW
January 31, 2015, 11:40:39 AM
 #6

If computers can calculate an address from its private key, then why can't they do the reverse and calculate a private key from an address?
Not all calculations are reversible. Suppose private keys and address work like this: private keys are long numbers, and addresses are the sum of all digits. Obviously a simplification, but just as an example.

So if you have private key = 134505719542, then you can easily calculate the address: 1+3+4+5+0+5+7+1+9+5+4+2 = 46.

Now I have another address: 43. What's the private key?



Any number of which the digits' sum is 43?

I don' think your example really explains why a btc private key (actually, as far as I know each address has something like 2^100 private keys), can't be calculated from the address.

His example does explain a lot to be honest , I personally got it Wink
Thanks for the information Kazimir , really helpful

~ Madness

BitNerd (OP)
Full Member
***
Offline Offline

Activity: 131
Merit: 100


View Profile
January 31, 2015, 11:53:41 AM
 #7

If computers can calculate an address from its private key, then why can't they do the reverse and calculate a private key from an address?
Not all calculations are reversible. Suppose private keys and address work like this: private keys are long numbers, and addresses are the sum of all digits. Obviously a simplification, but just as an example.

So if you have private key = 134505719542, then you can easily calculate the address: 1+3+4+5+0+5+7+1+9+5+4+2 = 46.

Now I have another address: 43. What's the private key?



Any number of which the digits' sum is 43?

I don' think your example really explains why a btc private key (actually, as far as I know each address has something like 2^100 private keys), can't be calculated from the address.

His example does explain a lot to be honest , I personally got it Wink
Thanks for the information Kazimir , really helpful

~ Madness

In his example, it is extremely easy to calculate not just one, but many and all the possible private keys of an address, with nearly the same difficulty of the reverse, it surely doesn't explain bitcoin at all.
Vessko
Full Member
***
Offline Offline

Activity: 139
Merit: 100



View Profile
January 31, 2015, 11:59:10 AM
 #8

The examples given here are wrong and misleading.

The problem is not that it is not possible to compute the private key, because there is more than one solution (like in the case of abs() or the sum of numbers). The problem is that it is possible, in theory, to compute it, but the computation is so hard that it is practically infeasible.

Do not confuse asymmetrical cryptography with hashes. A hash is impossible to reverse, because many different inputs can result in the same output. (It's just that there is no easy way of finding all of them - or even any one of them.) A private key can be computed from the public one - but it is very, very hard - hard enough to be practically impossible.

For instance, if I ask you what is the product of 31 and 37, the answer is easy - 1147. But if I ask you what are the prime factors of 1147, that's a hard question. The easiest way to answer it is by trial and error - you try to divide 1147 by every prime number smaller than the integer part of its square root until you find a number that divides it exactly (the first such number is 31). When the numbers involved are very large it becomes practically impossible to answer such questions. (With large numbers there are faster methods than trial division, but they are still too slow to be practical.)
Bitcoinexp
Hero Member
*****
Offline Offline

Activity: 544
Merit: 500


View Profile
January 31, 2015, 12:15:14 PM
 #9

The examples given here are wrong and misleading.

The problem is not that it is not possible to compute the private key, because there is more than one solution (like in the case of abs() or the sum of numbers). The problem is that it is possible, in theory, to compute it, but the computation is so hard that it is practically infeasible.

Do not confuse asymmetrical cryptography with hashes. A hash is impossible to reverse, because many different inputs can result in the same output. (It's just that there is no easy way of finding all of them - or even any one of them.) A private key can be computed from the public one - but it is very, very hard - hard enough to be practically impossible.

For instance, if I ask you what is the product of 31 and 37, the answer is easy - 1147. But if I ask you what are the prime factors of 1147, that's a hard question. The easiest way to answer it is by trial and error - you try to divide 1147 by every prime number smaller than the integer part of its square root until you find a number that divides it exactly (the first such number is 31). When the numbers involved are very large it becomes practically impossible to answer such questions. (With large numbers there are faster methods than trial division, but they are still too slow to be practical.)

The first few explanations gave me a conceptual idea, this explained everything.  Smiley
DannyHamilton
Legendary
*
Offline Offline

Activity: 3430
Merit: 4660



View Profile
January 31, 2015, 04:39:57 PM
 #10

Thanks for the response. I like mathematics but never studied too much of it. I would like to understand in more detail both about functions that can't be reversed and the ones which reversion is much harder than the original,
- snip -

http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/1/
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1520


No I dont escrow anymore.


View Profile WWW
January 31, 2015, 04:50:34 PM
 #11

Thanks for the response. I like mathematics but never studied too much of it. I would like to understand in more detail both about functions that can't be reversed and the ones which reversion is much harder than the original,
- snip -

http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/1/

I hear the young ones like video, so Ill add this: http://media.ccc.de/browse/congress/2014/31c3_-_6369_-_en_-_saal_1_-_201412272145_-_ecchacks_-_djb_-_tanja_lange.html#video

Im not really here, its just your imagination.
phillipsjk
Legendary
*
Offline Offline

Activity: 1008
Merit: 1001

Let the chips fall where they may.


View Profile WWW
January 31, 2015, 06:32:09 PM
 #12

In his example, it is extremely easy to calculate not just one, but many and all the possible private keys of an address, with nearly the same difficulty of the reverse, it surely doesn't explain bitcoin at all.

Nope, that does explain Bitcoin. Each address represents around 2^96 possible private keys. It is believed to be computationally infeasible to generate a collision.

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1004


Core dev leaves me neg feedback #abuse #political


View Profile
January 31, 2015, 08:24:05 PM
 #13



And if it's possible to create a non-reversible function, then why didn't they do that with bitcoin?

Basically they did.  (although no one has been able to mathematically PROVE the
existence of one way functions). 

Hashing is a non reversible function.   Think of like this:  You can turn a cow into
hamburgers, but you cannot turn hamburgers into a cow.

miffman
Legendary
*
Offline Offline

Activity: 1904
Merit: 1005


PGP ID: 78B7B84D


View Profile
January 31, 2015, 11:13:04 PM
 #14

If you watch a video on a pen and paper SHA256 hash, it might become more clear. It's pretty neat.














 

 

█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
BitBlender 

 













 















 












 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
RawDog
Legendary
*
Offline Offline

Activity: 1596
Merit: 1026



View Profile WWW
January 31, 2015, 11:25:32 PM
 #15

If computers can calculate an address from its private key, then why can't they do the reverse and calculate a private key from an address?
Not all calculations are reversible. Suppose private keys and address work like this: private keys are long numbers, and addresses are the sum of all digits. Obviously a simplification, but just as an example.

So if you have private key = 134505719542, then you can easily calculate the address: 1+3+4+5+0+5+7+1+9+5+4+2 = 46.

Now I have another address: 43. What's the private key?



Any number of which the digits' sum is 43?

I don' think your example really explains why a btc private key (actually, as far as I know each address has something like 2^100 private keys), can't be calculated from the address.

His example does explain a lot to be honest , I personally got it Wink
Thanks for the information Kazimir , really helpful

~ Madness

In his example, it is extremely easy to calculate not just one, but many and all the possible private keys of an address, with nearly the same difficulty of the reverse, it surely doesn't explain bitcoin at all.

Stupid people should just be happy with the fact that we let them remain here with us on Earth and they get to benefit from all the smart people who make cool shit.  BitNerd, Don't try to figure out math.  You are annoying the numbers.

*Image Removed* *Expletive Removed*  *Obsenity Removed*
What's going on - Slavetards?!!!
Watch my videos: https://www.youtube.com/watch?v=oE43M1Z8Iew  1FuckYouc6zrtHbnqcHdhrSVhcxgpJgfds
BusyBeaverHP
Full Member
***
Offline Offline

Activity: 209
Merit: 100


View Profile
February 01, 2015, 06:53:14 AM
Last edit: February 01, 2015, 08:01:35 AM by BusyBeaverHP
 #16

I tried to watch the video, and I gotta say, it was extremely IRRITATING to have the math-intensive lecture slides dissapear at the WORST possible timing to only cut to the lecturer in person. What. The. Fuck.

Whoever edited the video needs to be stuffed into a cannon and shot. What is supposed to be an informative learning video is ruined by moronic decision making that killed my concentration.
Nagle
Legendary
*
Offline Offline

Activity: 1204
Merit: 1000


View Profile WWW
February 01, 2015, 08:28:33 AM
 #17

Because the "trapdoor" functions used in public key cryptography are designed with exactly that property. In your question, the first implicit assumption is already wrong. If a function can be calculated, it does not necessarily follow that its inverse can be calculated with similar effort or can be calculated at all.
Trapdoor functions are invertible; the question is how hard they are to invert. There's a long history of crypto functions which were thought to be too hard to solve, but were solved. Sometimes by advances in mathematics, sometimes by sheer computational power, and sometimes by a combination of the two. The ones used for Bitcoin are generally considered strongly resistant to solution, and they're functions which have been examined thoroughly. But SHA-1 and DES were once thought to be highly resistant, too. Now they're routinely solved.
bitbaby
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1000



View Profile WWW
February 01, 2015, 08:37:31 AM
 #18

If computers can calculate an address from its private key, then why can't they do the reverse and calculate a private key from an address?
Not all calculations are reversible. Suppose private keys and address work like this: private keys are long numbers, and addresses are the sum of all digits. Obviously a simplification, but just as an example.

So if you have private key = 134505719542, then you can easily calculate the address: 1+3+4+5+0+5+7+1+9+5+4+2 = 46.

Now I have another address: 43. What's the private key?



Any number of which the digits' sum is 43?

I don' think your example really explains why a btc private key (actually, as far as I know each address has something like 2^100 private keys), can't be calculated from the address.
Roll Eyes
It was a simple example just to understand how difficult it would be determine the key from an address, hence the emphasis on 'suppose', he never implied that it was the concept the bitcoin address generation is based on.

shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1520


No I dont escrow anymore.


View Profile WWW
February 01, 2015, 08:49:17 AM
 #19

I tried to watch the video, and I gotta say, it was extremely IRRITATING to have the math-intensive lecture slides dissapear at the WORST possible timing to only cut to the lecturer in person. What. The. Fuck.

Whoever edited the video needs to be stuffed into a cannon and shot. What is supposed to be an informative learning video is ruined by moronic decision making that killed my concentration.

Its a live capture from the conference, the editing was done on the fly and frankly: yes it sucks for many videos.

Im not really here, its just your imagination.
BitNerd (OP)
Full Member
***
Offline Offline

Activity: 131
Merit: 100


View Profile
February 01, 2015, 09:57:04 AM
 #20

In his example, it is extremely easy to calculate not just one, but many and all the possible private keys of an address, with nearly the same difficulty of the reverse, it surely doesn't explain bitcoin at all.

Nope, that does explain Bitcoin. Each address represents around 2^96 possible private keys. It is believed to be computationally infeasible to generate a collision.


But all of the 2^96 possible private keys of an address work, don't they? Or only one works?
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!