Pages:
Author

Topic: Bitcoin private key BASE58 problem (Read 766 times)

sr. member
Activity: 310
Merit: 727
---------> 1231006505
December 04, 2021, 06:07:18 AM
#49
Take the public key, SHA256 it, RIPEMD-160 it, then add 0x00 to the start. Call this pubhash_prefix. SHA256 this twice, take the first 4 bytes, and then append these 4 bytes to pubhash_prefix. Convert to base58 and you have your address.

The same thing as described by o_e_l_e_o, this time in python code:

Code:
bin = binascii.unhexlify(public_key)

#Step 1: Create hash of public key:
hash_of_public_key  = hashlib.sha256(bin).digest()

#Step 2: Calculate RIPEMD-160 of the public key:
r = hashlib.new('ripemd160')
r.update(hash_of_public_key)
r.hexdigest()

#Step 3: Adding network bytes (00) to RIPEMD-160
networked =  binascii.unhexlify('00'+r.hexdigest())

#Step 4: Double hash the networked RIPEMD-160
sha4a   = hashlib.sha256(networked).digest()
sha4b  = hashlib.sha256(sha4a).digest()

#Step 5: Get the first four bytes of sha4b:
four_bytes = str(binascii.hexlify(sha4b).decode('utf-8'))[:8]

#Step 6: Adding the four_bytes to the end the RIPEMD-160 from step 3:
address_hex = str(binascii.hexlify(networked).decode('utf-8')) + four_bytes

#Step 7: Convert the hex_address using base58 to bitcoin adres
address_base58 = base58.b58encode(binascii.unhexlify(address_hex))
member
Activity: 351
Merit: 37
December 04, 2021, 05:01:24 AM
#48
really it's same one, yeah.
legendary
Activity: 2268
Merit: 18711
December 04, 2021, 04:09:48 AM
#47
there're two \0 bytes to be added . second one added to start right before base58 op.
There aren't. The reason that code adds 0x00 twice is because the second time it calls back to the RIPEMD-160 output, instead of calling back to the RIPEMD-160 output with the 0x00 already prepended.

Take the public key, SHA256 it, RIPEMD-160 it, then add 0x00 to the start. Call this pubhash_prefix. SHA256 this twice, take the first 4 bytes, and then append these 4 bytes to pubhash_prefix. Convert to base58 and you have your address.
member
Activity: 351
Merit: 37
December 04, 2021, 03:21:25 AM
#46
An uncompressed bitcoin public key is 65 bytes long, made up of "04", followed by the 32 byte x coordinate and then the 32 byte y coordinate.
A compressed public key is 33 bytes long, made up of either "02" or "03" depending on if the y coordinate is positive or negative, and then the 32 byte x coordinate.

An address is not simply a public key in Base58Check. To convert a public key to an address, you must first SHA-256 hash it, then RIPEMD-160 hash it, then add a 0x00 network byte to the start, SHA-256 hash it twice, take the first four bytes of this hash as a checksum and append it to the end, and then convert the whole thing to Base58Check. If you want to work backwards from an address, you can only strip the checksum and network byte to arrive at the RIPEMD-160 hash output. You can't go back any further to find the public key.
there're two \0 bytes to be added . second one added to start right before base58 op.
Code:
char *t = new char[1000]();
char *tbitaddr = new char[1000]();
size_t c = 1000;
size_t cbit = 1000;
unsigned char bitaddr[25] = {};
unsigned char pubhash_md[20] = {};
unsigned char pubhash_mdprefx[21] = {};

unsigned char pubhash[32] = {};
unsigned char hashtag[32] = {};
unsigned char hashtag_f[32] = {};

const unsigned char b[66] = "BurnItAll0000000000000000000000000000000000000000000000000000000b";
SHA256(b, 65, pubhash);
RIPEMD160(pubhash,32,pubhash_md);
pubhash_mdprefx[0] = 0x0;
memcpy(pubhash_mdprefx + 1, pubhash_md , 20);
SHA256(pubhash_mdprefx, 21, hashtag);
SHA256(hashtag, 32, hashtag_f);
bitaddr[0]  = 0x0;
memcpy(bitaddr + 1, pubhash_md, 20);
memcpy(bitaddr + 21, hashtag_f, 4);
b58enc(tbitaddr,&cbit,(void *)bitaddr,(size_t)(sizeof(bitaddr)));
b58enc(t,&c,(void *)b,(size_t)(sizeof(b)-1));
std::cout << "pubkey :" << std::endl << t << std::endl << "address:" << std::endl << tbitaddr << std::endl;
legendary
Activity: 2268
Merit: 18711
November 29, 2021, 08:15:08 AM
#45
I don't think they have either but theoretically speaking they could have. I agree that it is a bad example but there hasn't been any drastic changes to the protocol for any drastic example.
It does lead to an interesting thought experiment, though, with implication for the future. Let's say someone shows up today with a significantly valuable amount of bitcoin - say a few hundred - which is now unspendable because of some historical change that was made to the protocol. What does the community do, and what are the consequences of that decision?

The right thing to do would not be to deprive that user of their money, but that would require changing the protocol in some way (maybe even forking) to allow those coins to be spendable, which would be a significant undertaking for the sake of one user. Or do we simply shrug our shoulders and say "Well, sucks to be you"? What are the consequences of us essentially preventing a user from accessing money which is rightfully theirs? That makes us far too similar to a centralized bank or exchange for my liking.
legendary
Activity: 3472
Merit: 10611
November 29, 2021, 07:58:49 AM
#44
Correct me if I'm wrong, but I'm not aware of any coins being made unspendable by the removal of OP_CAT or by BIP 147. This is in stark contrast to the millions of coins owned by potentially hundreds of thousands of people which would be made unspendable by depreciating ECC.
I don't think they have either but theoretically speaking they could have. I agree that it is a bad example but there hasn't been any drastic changes to the protocol for any drastic example.
legendary
Activity: 2268
Merit: 18711
November 29, 2021, 04:23:38 AM
#43
Exactly. Therefore, if someone else then Satoshi is able to move Satoshi's early mined coins, so Satoshi has to react.
If anyone is going to prevent someone from stealing Satoshi's vulnerable P2PK coins, then it should be Satoshi and only Satoshi. We should not get to decide to deprive Satoshi of all their coins.

You see in bitcoin the majority has been making this kind of decisions for a very long time and it won't be any different for ECC in the far away future either.
Correct me if I'm wrong, but I'm not aware of any coins being made unspendable by the removal of OP_CAT or by BIP 147. This is in stark contrast to the millions of coins owned by potentially hundreds of thousands of people which would be made unspendable by depreciating ECC.
legendary
Activity: 3472
Merit: 10611
November 28, 2021, 11:38:29 PM
#42
It's not a case of hoping no one exploits the vulnerability. ECC will almost certainly be broken at some point in the future, and any coins protected by it will definitely eventually be stolen. We will absolutely move to a new algorithm, but it should not be the decision of the majority to lock coins which we do not own with no say from the true owner. I would much rather those coins are stolen than we set a precedent that the community can decide to lock your coins and there is nothing you can do about it.
Vulnerability in protocol is a very different thing than "locking other people's coins". Lets take OP codes that were disabled/removed from protocol. They had vulnerabilities and if anyone had any coins locked by an OP code like OP_CAT their coins would have been locked because such output can not be spent.
Or for example if you had any coins that were locked with a script like the following (pubkey script) they are unspendable now that BIP-147 is active because "majority decided".
Code:
OP_1 OP_0 OP_0 OP_CheckMultiSigVerify OP_DUP OPHASH160 OP_EqualVerify OP_CheckSig

You see in bitcoin the majority has been making this kind of decisions for a very long time and it won't be any different for ECC in the far away future either.
full member
Activity: 233
Merit: 253
November 28, 2021, 05:30:43 PM
#41
...
The only way I would be ok with coins being locked or frozen would be if there was some method for the true owner to prove their ownership and reclaim them.
Exactly. Therefore, if someone else then Satoshi is able to move Satoshi's early mined coins, so Satoshi has to react.

When objects of value are found in a ship wreck at the bottom of the sea, should those that managed to find the wreck be allowed to profit from that find?  Or should a government agency take evderything salvaged and destroy it?
legendary
Activity: 2268
Merit: 18711
November 28, 2021, 07:47:32 AM
#40
That's an entirely different situation.
But the outcome was the same - the majority decided what to do to someone else's coins, which violates one of the main tenets of bitcoin.

In any ways, I have argued before that if there is a vulnerability it should be removed instead of us letting it exist and hope nobody uses it. In this case if ECC were broken it must be removed completely which would effectively lock any coin that is not moved to new algorithm before a certain deadline.
It's not a case of hoping no one exploits the vulnerability. ECC will almost certainly be broken at some point in the future, and any coins protected by it will definitely eventually be stolen. We will absolutely move to a new algorithm, but it should not be the decision of the majority to lock coins which we do not own with no say from the true owner. I would much rather those coins are stolen than we set a precedent that the community can decide to lock your coins and there is nothing you can do about it.
legendary
Activity: 3472
Merit: 10611
November 28, 2021, 05:42:49 AM
#39
I completely disagree with that approach and think it makes use little better than a coin like Ethereum, which forked itself to make sure the "wrong" people didn't have access to certain coins.
That's an entirely different situation. Ethereum forked to roll back blocks so that they can get their money back that was lost in a buggy smart contract which didn't get fixed either (If they had fixed the bugs of their protocol then it would at least make a little sense!).

In any ways, I have argued before that if there is a vulnerability it should be removed instead of us letting it exist and hope nobody uses it. In this case if ECC were broken it must be removed completely which would effectively lock any coin that is not moved to new algorithm before a certain deadline.
legendary
Activity: 2268
Merit: 18711
November 28, 2021, 04:48:15 AM
#38
Unfortunately people have different opinion on this matter. For example, few people think it's better to freeze vulnerable UTXO rather than letting thief stole it and potentially manipulate Bitcoin price.
I completely disagree with that approach and think it makes use little better than a coin like Ethereum, which forked itself to make sure the "wrong" people didn't have access to certain coins. As soon as a small group of users start deciding who is and is not allowed to access certain coins, then we have turned bitcoin in to something it isn't. I would much rather the market takes the hit from a few million coins re-entering active circulation and ultimately recovers from the hit with the principles of bitcoin still intact, than we change the principles of bitcoin (that no third parties have any say over your money) to avoid such a hit.

The only way I would be ok with coins being locked or frozen would be if there was some method for the true owner to prove their ownership and reclaim them. The only way I can think of doing this would be by showing that the relevant private keys were derived from a seed phrase in their possession, but obviously this does not help with all the P2PK addresses or any non-HD reused addresses.

I'm hopeful that someone much smarter than me comes up with a better solution before it is necessary.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
November 28, 2021, 04:31:56 AM
#37
They are even less secure, because instead of just "knowing public key", you also know a lot of correct signatures, where d-value is the same. That means you have a lot of "d=(s/r)k-(z/r)" equations, so a lot of "d=number*k-number2" expressions.
So?
ECDSA: Revealing the private key, from four signed messages, two keys and shared nonces (SECP256k1)
https://billatnapier.medium.com/ecdsa-revealing-the-private-key-from-four-signed-message-two-keys-and-shared-nonces-secp256k1-5758f1258b1d

https://www.youtube.com/watch?v=6ssTlSSIJQE

True, but it requires user to use vulnerable software. Reusing k value (also called nonce) is well-known problem, so it's unlikely you could someone private key that way.

The decision also won't be unilateral, whatever the decision may be. It will be a fork that like any other fork requires support from the majority.
I meant unilateral in respect to the owner of the coins. The majority shouldn't get to decide what to do with the coins belonging to someone else, even if we think those coins have been lost or abandoned.

Unfortunately people have different opinion on this matter. For example, few people think it's better to freeze vulnerable UTXO rather than letting thief stole it and potentially manipulate Bitcoin price.
legendary
Activity: 2268
Merit: 18711
November 27, 2021, 07:51:50 AM
#36
You forgot that we aren't talking about some abandoned coins in a P2PK output. We are also talking about a much bigger amount of bitcoin (in total) in reused addresses, like a lot of the addresses in the bitcoin rich-list.
And in those cases, where addresses are being constantly reused, then almost all of those users will be able to move their coins to whatever quantum resistant algorithm we end up with, which will probably be in place years before the coins on reused addresses are at any meaningful risk.

The decision also won't be unilateral, whatever the decision may be. It will be a fork that like any other fork requires support from the majority.
I meant unilateral in respect to the owner of the coins. The majority shouldn't get to decide what to do with the coins belonging to someone else, even if we think those coins have been lost or abandoned.
legendary
Activity: 3472
Merit: 10611
November 27, 2021, 07:44:31 AM
#35
Still, I agree it is obviously theft, but I still don't think we should take any steps to prevent it. If coins have been abandoned or lost or the owners are ignoring them, and they end up being stolen, then so be it. The last thing we want is for nodes/miners/devs/the community to unilaterally decide to make some coins unspendable or remove them from circulation.
You forgot that we aren't talking about some abandoned coins in a P2PK output. We are also talking about a much bigger amount of bitcoin (in total) in reused addresses, like a lot of the addresses in the bitcoin rich-list.
The decision also won't be unilateral, whatever the decision may be. It will be a fork that like any other fork requires support from the majority.
legendary
Activity: 2268
Merit: 18711
November 27, 2021, 07:29:52 AM
#34
Whale Alert
Think what you like about the Patoshi data, but Whale Alert are one of the stupidest and click baity organizations in the whole of crypto. They tweet complete trash without doing even the most basic of research or investigation. If you are going to read about the Patoshi data, I suggest you read the original research directly. I wouldn't read a single word associated with Whale Alert.

That makes bitcoin obsolete overnight.
I wouldn't call it a "short step". Look at things like CPUs, GPUs, or even ASICs, as comparison. It will take years between the first quantum computer which can solve the ECDLP, and the first quantum computer which can solve it in <10 minutes.

Still, I agree it is obviously theft, but I still don't think we should take any steps to prevent it. If coins have been abandoned or lost or the owners are ignoring them, and they end up being stolen, then so be it. The last thing we want is for nodes/miners/devs/the community to unilaterally decide to make some coins unspendable or remove them from circulation.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
November 26, 2021, 03:06:40 PM
#33
If they really wanted to stop it. They would have stopped it. We wouldn't have Bitcoin.
Devil's advocate speaking: And if the people really wanted to rebel we would have it. They wouldn't have stopped Bitcoin.

If they really wanted to know who Satoshi is ...
You must be really afraid of the government, but let me tell you that they are humans just like you and me.
full member
Activity: 233
Merit: 253
November 26, 2021, 03:00:47 PM
#32
That will happen.
The acceptance of the inevitable or the allowance?

Let me answer this so:

Governments allowed Satoshi to 'print' Bitcoin.
Or rather couldn't stop Satoshi from inventing Bitcoin.

If they really wanted to stop it. They would have stopped it. We wouldn't have Bitcoin.
If they really wanted to know who Satoshi is ... (My opinion: They know who Satoshi is and Satoshi knows it.)
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
November 26, 2021, 02:39:15 PM
#31
That will happen.

The acceptance of the inevitable or the allowance?
full member
Activity: 233
Merit: 253
November 26, 2021, 02:18:10 PM
#30
...
...
Governments will allow it.
Or maybe they'll have to accept they cannot forbid it.
That will happen.
Pages:
Jump to: