Topic: Are “first bits” still frowned upon ? (Read 221 times)

The first few characters of the address. In the earlier days, putting the first few characters of the address into a blockexplorer will yield the intended address. It isn't really that applicable right now.

Just to be clear, I don't think the issue here is about the trust issues on the manufacturer. You will never ever know what does the private key correspond to unless you peel it, which is quite unlikely for most people to do. It only provides a shortened representation of the actual address, for which you will always need a list of the address.

Can somebody please clarify what exactly are first bits? I've never heard of it and it is an alien concept to me.

Are they talking about first bits of an address, a hash160, or a private or public key?

Your correct he did give a list, my bad. Originally when I asked about it when he was selling some on eBay he said he did not have a list.

In the  6+ years since then and the 4+ years it's been posted I never went and checked this thread: https://bitcointalksearch.org/topic/inforeference-master-makeraddresslists-of-lists-2022902 to see that yes he did publish a list with the addresses.

-Dave

If you have a physical coin with its first bits displayed, you are having to trust the manufacturer somewhat to do things such as to not retain private keys generated. If you have a funded coin that was funded prior to purchase (ie, the coin was funded by the manufacturer), you can review the blockchain, and reasonably be certain that you have found the entire address. Similarly, if you have an unfunded physical coin with its first bits displayed, if you are given a list of addresses, one of which matches the first bits displayed, you can be reasonably certain you know the full address, at least to the extent you are willing to trust the manufacturer.

It would be possible for a physical coin manufacturer to fund a coin to address 1CSn5SKix..., but have the private key behind the hologram to be associated with 1CSn5SKiz..., but IMO this is unlikely from a game theory perspective, as if the manufacturer did this, it would be easily verifiable by all their customers if they did this once and were caught because the victim should share photos of the coin with the hologram pealed that contains the private key for an unfunded address. A manufacturer whose intent is to scam their customers could simply retain private keys they generate, and there would at least be some ambiguity if the bitcoin is stolen from you.

If all you have is the first bits, and no signed statement from the manufacturer, and the coin is not funded, you should not attempt to fund the coin. There are many potential addresses the private key is associated with, only one of which is correct. 

Yeah, luckily some makers like Ravenbit provided lists with full addresses of their unfunded coins (as all of their's were unloaded/DIY)

That does not help with the other manufacturers that don't have lists like Lealana or Ravenbit edit: Ravenbit did supply a list.
So if you are making a coin today by default you have to have a lot of the address visible AND have a public address list for people to verify.
Good for collectors, probably looses some security but if you are putting a funded BTC coin in your display cabinet in your den then security has left the building.

Not 100% OT for this post, but since we are discussing funded collectables: https://bitcointalksearch.org/topic/bitcoin-value-keeps-climbing-make-sure-your-old-cold-storage-is-safe-5326757

-Dave

An address is a long list of characters with a checksum on the end.
Who owns that address, i.e. can spend it's contents, has nothing to do with knowing the address, it has only to do with having the private key.

Any two address could start with some of the same characters.
Thus e.g. one could create a physical coin, that shows the firstbits as 1LeH2Tj2 of the address 1LeH2Tj2jx...
but never put anything in that address, instead put the BTC value into an address that starts with 1LeH2Tj2kz...
Thus you might think it has BTC value, but it doesn't have any.

Very simple scam to perform since you can make sure only one address exists, the 2nd one,
but until you break the seal on the coin, to get the private key, then determine the actual address of the private key,
which could even be different to what's displayed on the coin, you wont know it's actually not the address that has the BTC.

Well he created Litecoin as a scam so he'd be the last person I'd suggest you should ask about anything.

No, at least not for Cas coins... there is a full list of full addresses of the Casascius coins: http://www.casascius.com/fulllist.txt

I've never even touched a collectible coin, so I don't know the exact details of how it works. I'll have to make some assumptions from this example:
Does it only show "1CSn5SKi" on the outside? In that case, it's easy to find all funded addresses with those characters, and 1CSn5SKia479RNaK6eeEXTtS7RYyCKxz6S is the only possibility.
However, if I use oclvanitygen to create an address starting with 1CSn5SKi, I'll probably find it within a day on my old laptop. A modern GPU would find several of those addresses per hour!
That means anyone selling such a collectible could move the funds from 1CSn5SKia479RNaK6eeEXTtS7RYyCKxz6S to 1CSn5SKixxxxxxxxxxxxxxxxxxxvUMq1V (a burn address for the sake of argument), and if you'd search for the firstbit, you'd find that funded address. The only giveaway is that it's funded in 2021 instead of 2013.

It has been discussed in the collectables, not sure where. But yes, IMO it's going to be a problem.
I have a bunch of coins from 2014/15 that I have the full address for but, on the back only shows the 1st 8 (including the 1)
So if I wanted to do a fake Lealana based on these I could probably blow out about 1 address every day with the hardware I could get my hands on.
They are all BTC0.1 so that's $6000 a coin. Not an small amount. When BTC was $400 and it would take months and months to get those firstbits it was a different story.

Probably worth a new thread. But as I said say 9 or 10 firstbits and then 7 or 8 'lastbits'.
I think you can get 18 characters across a coin in a readable font. Not 100% sure.

-Dave

Thanks guys! As you guys know (at least Dave and Quick) I’m a physical coin enthusiast so referring to those mainly, though I wanted to educate myself about them, pros/cons.

So this begs the question, is there an inevitable problem coming soon for all coins with holos using first bits, like Casascius coins?  I’ve never had an issue verifying funds on wallet explorer myself, nor has anyone ever mentioned having issues on the collectibles board that I know of. I guess perhaps this would be a good topic to post about.

(Quick haven’t seen you around in a bit, hope you’re well)

When using firstbits, you're likely to get quite a few results and potentially being unable to differentiate them from each other, assuming that it remains funded. If you have the private key, then there is no issues as you're probably still going to recover the entire key and if you don't have it then there is no point finding the address anyways.

Firstbits is useful if you're for example, someone who uses the addresses in a constraint space, where you have a limited number of characters to do so. Then it would be fine to differentiate them according to the first bits provided that you can maintain that there will not be any collision within your own firstbits and maintain an index of it.

If you are talking about the first bits of an address that has never been used, there is no way of knowing for sure what the full address is. If you have the private key, you can calculate the entire address.

Bitcoin addresses have a checksum to confirm it is valid. It is possible that if you are missing only a small number of characters, there is only one valid address, but most of the time, if you don’t have the entire address, you might not have the correct address.

If you know for sure the address has previously received a transaction, the above changes (most of the time) because the set of potential addresses goes way down.

Firstbits are NOT secure unless you use a lot of them.
In the old days, you could give an address of 1a2b3c4d5e and really not worry about someone generating an address that starts with that.
With Vanitysearch https://bitcointalksearch.org/topic/vanitysearch-yet-another-address-prefix-finder-5112311 it's now possible. So you wind up having to give a very large portion of the address anyway.
Otherwise I can give you a token with 1a2b3c4d5e as the firstbits. The rest is xxxxxxxxxxxx but I tell you the rest is zzzzzzzzzzzzz so you fund my address and till you peel it you will never know.

-Dave

I recently found out that if your address is not funded, and you only have the first bits and no longer have the full key, then you’re sol to ever fund it. Someone posted about a litecoin wallet with only access to first bits trying to find the full key so I asked Charlie Lee and he confirmed to me it’s not possible. So just curious, is there a way to change this, or is that not a good idea? I did some reading and also learned first bits are frowned upon as they cause some issues..is this still the case? (not sure of the articles date I read).  Just curious is all, wanting to learn a bit more about this. 

Also, I once read somewhere that technically “first bits” is not the proper term, but can’t find where I read it ..anyone know if that’s true ?