Bitcoin Forum
December 09, 2016, 09:44:29 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Playing with Public Keys  (Read 1233 times)
wyager
Member
**
Offline Offline

Activity: 98



View Profile
July 24, 2012, 03:26:13 AM
 #1

I wrote a small/dirty python script that allows me to use an arbitrary value (like a string) as a "public key" in order to create a Bitcoin address.

This is the script:

Code:
#Wyager's quick and dirty arbitrary public key hasher

import binascii
import sys
import hashlib

code_string = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
###
pubkey = sys.argv[1]  #the "public key" is the first command line argument   
###
sha_pubkey = hashlib.sha256(pubkey).digest()# sha of the "public key"
###
ripe = hashlib.new("ripemd160")
ripe.update(sha_pubkey)
ripe_pubkey = ripe.digest()#ripemd of that
###
versioned_ripe_pubkey = "\x00" + ripe_pubkey#add a 00 to the beginning
###
sha_ripe_1 = hashlib.sha256(versioned_ripe_pubkey).digest()#sha that once
sha_ripe_2 = hashlib.sha256(sha_ripe_1).digest()#sha it twice
checksum_4_bytes = sha_ripe_2[0:4] #take the first 4 bytes of that
###
ripemd_and_checksum = versioned_ripe_pubkey + checksum_4_bytes#stick that on the end of the ripemd
###
integer_result = int(binascii.hexlify(ripemd_and_checksum), 16)
base58check_result = ""
while(integer_result > 0):#base58check encode that
    remainder = integer_result % 58
    integer_result = integer_result / 58
    base58check_result = base58check_result + code_string[remainder]#insert the base58 values
i = 0
while(ripemd_and_checksum[i]=="\x00"): #append a "1" for every leading zero byte
    base58check_result = base58check_result + "1"
    i = i + 1
###
reversechars = list(base58check_result)#flip the string around to make it big endian
reversechars.reverse()
base58check_result = ''.join(reversechars)
###
print base58check_result

I don't use python very often, so forgive my bad form.

My intention here was to make a simple system that allowed for proof of copyright or whatever. You treat your secret string/document as a "public key", and send money to the corresponding address, so it shows up on the blockchain. If you ever need to prove that you knew the string/document at some point, you can simply point to the transaction that has that address on the blockchain. This gives you a strong hash+timestamp. This is obviously not the only way to do this, this was just for fun.

Anyway, what I noticed was that someone else obviously had the same idea. I ran this script using "hello" as the public key, and that produces an address of 1HeqNjAst5TCQ63F7xhjg6bcTbDKrRk7sH. According to http://blockexplorer.com/address/1HeqNjAst5TCQ63F7xhjg6bcTbDKrRk7sH, someone has already sent money to "hello". I wonder what other addresses out there like this exist?  Tongue

OTC-WoT: 1BWF66DuVqBCSFksUgkLtdYmHucpBgPmVm
1481319869
Hero Member
*
Offline Offline

Posts: 1481319869

View Profile Personal Message (Offline)

Ignore
1481319869
Reply with quote  #2

1481319869
Report to moderator
1481319869
Hero Member
*
Offline Offline

Posts: 1481319869

View Profile Personal Message (Offline)

Ignore
1481319869
Reply with quote  #2

1481319869
Report to moderator
1481319869
Hero Member
*
Offline Offline

Posts: 1481319869

View Profile Personal Message (Offline)

Ignore
1481319869
Reply with quote  #2

1481319869
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
foo
Sr. Member
****
Offline Offline

Activity: 409



View Profile
July 24, 2012, 03:39:36 AM
 #2

This concept is usually known as "brain wallets".

I recently played around with this myself and found that SHA-256("test") has been used: http://blockchain.info/address/1HKqKTMpBTZZ8H5zcqYEWYBaaWELrDEXeE

BTW, the variable you named "sha_pubkey" actually contains the Bitcoin private key, so you should rename that one. Smiley

I know this because Tyler knows this.
wyager
Member
**
Offline Offline

Activity: 98



View Profile
July 24, 2012, 03:49:38 AM
 #3

This concept is usually known as "brain wallets".

I recently played around with this myself and found that SHA-256("test") has been used: http://blockchain.info/address/1HKqKTMpBTZZ8H5zcqYEWYBaaWELrDEXeE

BTW, the variable you named "sha_pubkey" actually contains the Bitcoin private key, so you should rename that one. Smiley

Interesting. I had heard the term before, but didn't realize that's what they were implying.

I'm also pretty sure that "sha_pubkey" is the public key. I based my code off of

https://en.bitcoin.it/w/images/en/9/9b/PubKeyToAddr.png


OTC-WoT: 1BWF66DuVqBCSFksUgkLtdYmHucpBgPmVm
Meni Rosenfeld
Donator
Legendary
*
Offline Offline

Activity: 1890



View Profile WWW
July 24, 2012, 03:51:49 AM
 #4

This concept is usually known as "brain wallets".
It's only a brain wallet if it's a private key/seed and it's memorized. The OP didn't say anything about private keys or memorization.

BTW, the variable you named "sha_pubkey" actually contains the Bitcoin private key, so you should rename that one. Smiley
No, according to my understanding of the code sha_pubkey is (the hash of) the public key, the private key is nowhere to be found. If there was a conversion from private to public, we'd see a mention of ECDSA.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
wyager
Member
**
Offline Offline

Activity: 98



View Profile
July 24, 2012, 03:52:40 AM
 #5

This concept is usually known as "brain wallets".
It's only a brain wallet if it's a private key/seed and it's memorized. The OP didn't say anything about private keys or memorization.

BTW, the variable you named "sha_pubkey" actually contains the Bitcoin private key, so you should rename that one. Smiley
No, according to my understanding of the code sha_pubkey is (the hash of) the public key, the private key is nowhere to be found. If there was a conversion from private to public, we'd see a mention of ECDSA.

That is my understanding.

OTC-WoT: 1BWF66DuVqBCSFksUgkLtdYmHucpBgPmVm
foo
Sr. Member
****
Offline Offline

Activity: 409



View Profile
July 24, 2012, 03:53:44 AM
 #6

Ah, I think you're missing a step in your code, namely the one that makes the public key out of the private key. This explains why I was not able to verify your calculation for "hello". Smiley

I used this site for the hash: http://www.xorbin.com/tools/sha256-hash-calculator
and then plugged the hex string as a private key into https://www.bitaddress.org/
which gives the Bitcoin address.

I know this because Tyler knows this.
wyager
Member
**
Offline Offline

Activity: 98



View Profile
July 24, 2012, 03:54:43 AM
 #7

Ah, I think you're missing a step in your code, namely the one that makes the public key out of the private key. This explains why I was not able to verify your calculation for "hello". Smiley

I used this site for the hash: http://www.xorbin.com/tools/sha256-hash-calculator
and then plugged the hex string as a private key into https://www.bitaddress.org/
which gives the Bitcoin address.

Nope, it works fine for me...

This code is public key only. You are not able to spend the money at the address, only generate the address itself.

OTC-WoT: 1BWF66DuVqBCSFksUgkLtdYmHucpBgPmVm
foo
Sr. Member
****
Offline Offline

Activity: 409



View Profile
July 24, 2012, 03:58:52 AM
 #8

Ah, I think you're missing a step in your code, namely the one that makes the public key out of the private key. This explains why I was not able to verify your calculation for "hello". Smiley

I used this site for the hash: http://www.xorbin.com/tools/sha256-hash-calculator
and then plugged the hex string as a private key into https://www.bitaddress.org/
which gives the Bitcoin address.

Nope, it works fine for me...

This code is public key only. You are not able to spend the money at the address, only generate the address itself.
What would be the point of doing that instead of hashing the document to a private key? As you say, you'll destroy any coins sent there if you hash it to a public key.

I know this because Tyler knows this.
wyager
Member
**
Offline Offline

Activity: 98



View Profile
July 24, 2012, 04:02:22 AM
 #9

Ah, I think you're missing a step in your code, namely the one that makes the public key out of the private key. This explains why I was not able to verify your calculation for "hello". Smiley

I used this site for the hash: http://www.xorbin.com/tools/sha256-hash-calculator
and then plugged the hex string as a private key into https://www.bitaddress.org/
which gives the Bitcoin address.

Nope, it works fine for me...

This code is public key only. You are not able to spend the money at the address, only generate the address itself.
What would be the point of doing that instead of hashing the document to a private key? As you say, you'll destroy any coins sent there if you hash it to a public key.

If you just wanted proof-of-knowledge OR if you wanted to create a "black hole" that people could send BTC to, knowing those BTC could never be recovered until ECDSA was broken.

OTC-WoT: 1BWF66DuVqBCSFksUgkLtdYmHucpBgPmVm
foo
Sr. Member
****
Offline Offline

Activity: 409



View Profile
July 24, 2012, 04:06:14 AM
 #10


What would be the point of doing that instead of hashing the document to a private key? As you say, you'll destroy any coins sent there if you hash it to a public key.

If you just wanted proof-of-knowledge OR if you wanted to create a "black hole" that people could send BTC to, knowing those BTC could never be recovered until ECDSA was broken.

Hashing to a private key gives the same proof-of-knowledge, plus you can take your coin back.

I know this because Tyler knows this.
wyager
Member
**
Offline Offline

Activity: 98



View Profile
July 24, 2012, 05:04:26 AM
 #11


What would be the point of doing that instead of hashing the document to a private key? As you say, you'll destroy any coins sent there if you hash it to a public key.

If you just wanted proof-of-knowledge OR if you wanted to create a "black hole" that people could send BTC to, knowing those BTC could never be recovered until ECDSA was broken.

Hashing to a private key gives the same proof-of-knowledge, plus you can take your coin back.

I know... Read my OP:

Quote
This is obviously not the only way to do this, this was just for fun.

OTC-WoT: 1BWF66DuVqBCSFksUgkLtdYmHucpBgPmVm
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!