wyager (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
July 24, 2012, 03:26:13 AM |
|
I wrote a small/dirty python script that allows me to use an arbitrary value (like a string) as a "public key" in order to create a Bitcoin address. This is the script: #Wyager's quick and dirty arbitrary public key hasher
import binascii import sys import hashlib
code_string = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz" ### pubkey = sys.argv[1] #the "public key" is the first command line argument ### sha_pubkey = hashlib.sha256(pubkey).digest()# sha of the "public key" ### ripe = hashlib.new("ripemd160") ripe.update(sha_pubkey) ripe_pubkey = ripe.digest()#ripemd of that ### versioned_ripe_pubkey = "\x00" + ripe_pubkey#add a 00 to the beginning ### sha_ripe_1 = hashlib.sha256(versioned_ripe_pubkey).digest()#sha that once sha_ripe_2 = hashlib.sha256(sha_ripe_1).digest()#sha it twice checksum_4_bytes = sha_ripe_2[0:4] #take the first 4 bytes of that ### ripemd_and_checksum = versioned_ripe_pubkey + checksum_4_bytes#stick that on the end of the ripemd ### integer_result = int(binascii.hexlify(ripemd_and_checksum), 16) base58check_result = "" while(integer_result > 0):#base58check encode that remainder = integer_result % 58 integer_result = integer_result / 58 base58check_result = base58check_result + code_string[remainder]#insert the base58 values i = 0 while(ripemd_and_checksum[i]=="\x00"): #append a "1" for every leading zero byte base58check_result = base58check_result + "1" i = i + 1 ### reversechars = list(base58check_result)#flip the string around to make it big endian reversechars.reverse() base58check_result = ''.join(reversechars) ### print base58check_result
I don't use python very often, so forgive my bad form. My intention here was to make a simple system that allowed for proof of copyright or whatever. You treat your secret string/document as a "public key", and send money to the corresponding address, so it shows up on the blockchain. If you ever need to prove that you knew the string/document at some point, you can simply point to the transaction that has that address on the blockchain. This gives you a strong hash+timestamp. This is obviously not the only way to do this, this was just for fun. Anyway, what I noticed was that someone else obviously had the same idea. I ran this script using "hello" as the public key, and that produces an address of 1HeqNjAst5TCQ63F7xhjg6bcTbDKrRk7sH. According to http://blockexplorer.com/address/1HeqNjAst5TCQ63F7xhjg6bcTbDKrRk7sH, someone has already sent money to "hello". I wonder what other addresses out there like this exist?
|
OTC-WoT: 1BWF66DuVqBCSFksUgkLtdYmHucpBgPmVm
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
foo
|
|
July 24, 2012, 03:39:36 AM |
|
This concept is usually known as "brain wallets". I recently played around with this myself and found that SHA-256("test") has been used: http://blockchain.info/address/1HKqKTMpBTZZ8H5zcqYEWYBaaWELrDEXeEBTW, the variable you named "sha_pubkey" actually contains the Bitcoin private key, so you should rename that one.
|
I know this because Tyler knows this.
|
|
|
wyager (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
July 24, 2012, 03:49:38 AM |
|
Interesting. I had heard the term before, but didn't realize that's what they were implying. I'm also pretty sure that "sha_pubkey" is the public key. I based my code off of https://en.bitcoin.it/w/images/en/9/9b/PubKeyToAddr.png
|
OTC-WoT: 1BWF66DuVqBCSFksUgkLtdYmHucpBgPmVm
|
|
|
Meni Rosenfeld
Donator
Legendary
Offline
Activity: 2058
Merit: 1054
|
|
July 24, 2012, 03:51:49 AM |
|
This concept is usually known as "brain wallets".
It's only a brain wallet if it's a private key/seed and it's memorized. The OP didn't say anything about private keys or memorization. BTW, the variable you named "sha_pubkey" actually contains the Bitcoin private key, so you should rename that one. No, according to my understanding of the code sha_pubkey is (the hash of) the public key, the private key is nowhere to be found. If there was a conversion from private to public, we'd see a mention of ECDSA.
|
|
|
|
wyager (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
July 24, 2012, 03:52:40 AM |
|
This concept is usually known as "brain wallets".
It's only a brain wallet if it's a private key/seed and it's memorized. The OP didn't say anything about private keys or memorization. BTW, the variable you named "sha_pubkey" actually contains the Bitcoin private key, so you should rename that one. No, according to my understanding of the code sha_pubkey is (the hash of) the public key, the private key is nowhere to be found. If there was a conversion from private to public, we'd see a mention of ECDSA. That is my understanding.
|
OTC-WoT: 1BWF66DuVqBCSFksUgkLtdYmHucpBgPmVm
|
|
|
foo
|
|
July 24, 2012, 03:53:44 AM |
|
Ah, I think you're missing a step in your code, namely the one that makes the public key out of the private key. This explains why I was not able to verify your calculation for "hello". I used this site for the hash: http://www.xorbin.com/tools/sha256-hash-calculatorand then plugged the hex string as a private key into https://www.bitaddress.org/which gives the Bitcoin address.
|
I know this because Tyler knows this.
|
|
|
wyager (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
July 24, 2012, 03:54:43 AM |
|
Nope, it works fine for me... This code is public key only. You are not able to spend the money at the address, only generate the address itself.
|
OTC-WoT: 1BWF66DuVqBCSFksUgkLtdYmHucpBgPmVm
|
|
|
foo
|
|
July 24, 2012, 03:58:52 AM |
|
Nope, it works fine for me... This code is public key only. You are not able to spend the money at the address, only generate the address itself. What would be the point of doing that instead of hashing the document to a private key? As you say, you'll destroy any coins sent there if you hash it to a public key.
|
I know this because Tyler knows this.
|
|
|
wyager (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
July 24, 2012, 04:02:22 AM |
|
Nope, it works fine for me... This code is public key only. You are not able to spend the money at the address, only generate the address itself. What would be the point of doing that instead of hashing the document to a private key? As you say, you'll destroy any coins sent there if you hash it to a public key. If you just wanted proof-of-knowledge OR if you wanted to create a "black hole" that people could send BTC to, knowing those BTC could never be recovered until ECDSA was broken.
|
OTC-WoT: 1BWF66DuVqBCSFksUgkLtdYmHucpBgPmVm
|
|
|
foo
|
|
July 24, 2012, 04:06:14 AM |
|
What would be the point of doing that instead of hashing the document to a private key? As you say, you'll destroy any coins sent there if you hash it to a public key.
If you just wanted proof-of-knowledge OR if you wanted to create a "black hole" that people could send BTC to, knowing those BTC could never be recovered until ECDSA was broken. Hashing to a private key gives the same proof-of-knowledge, plus you can take your coin back.
|
I know this because Tyler knows this.
|
|
|
wyager (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
July 24, 2012, 05:04:26 AM |
|
What would be the point of doing that instead of hashing the document to a private key? As you say, you'll destroy any coins sent there if you hash it to a public key.
If you just wanted proof-of-knowledge OR if you wanted to create a "black hole" that people could send BTC to, knowing those BTC could never be recovered until ECDSA was broken. Hashing to a private key gives the same proof-of-knowledge, plus you can take your coin back. I know... Read my OP: This is obviously not the only way to do this, this was just for fun.
|
OTC-WoT: 1BWF66DuVqBCSFksUgkLtdYmHucpBgPmVm
|
|
|
|