Bitcoin private key BASE58 problem | Bitcointalksearch.org

TheArchaeologist

sr. member

Activity: 310

Merit: 727

---------> 1231006505

Quote from: o_e_l_e_o on December 04, 2021, 05:09:48 AM

Take the public key, SHA256 it, RIPEMD-160 it, then add 0x00 to the start. Call this pubhash_prefix. SHA256 this twice, take the first 4 bytes, and then append these 4 bytes to pubhash_prefix. Convert to base58 and you have your address.

The same thing as described by o_e_l_e_o, this time in python code:

Code:

bin = binascii.unhexlify(public_key)

#Step 1: Create hash of public key:
hash_of_public_key = hashlib.sha256(bin).digest()

#Step 2: Calculate RIPEMD-160 of the public key:
r = hashlib.new('ripemd160')
r.update(hash_of_public_key)
r.hexdigest()

#Step 3: Adding network bytes (00) to RIPEMD-160
networked = binascii.unhexlify('00'+r.hexdigest())

#Step 4: Double hash the networked RIPEMD-160
sha4a = hashlib.sha256(networked).digest()
sha4b = hashlib.sha256(sha4a).digest()

#Step 5: Get the first four bytes of sha4b:
four_bytes = str(binascii.hexlify(sha4b).decode('utf-8'))[:8]

#Step 6: Adding the four_bytes to the end the RIPEMD-160 from step 3:
address_hex = str(binascii.hexlify(networked).decode('utf-8')) + four_bytes

#Step 7: Convert the hex_address using base58 to bitcoin adres
address_base58 = base58.b58encode(binascii.unhexlify(address_hex))

alexeyneu

member

Activity: 313

Merit: 30

really it's same one, yeah.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18587

Quote from: alexeyneu on December 04, 2021, 04:21:25 AM

there're two \0 bytes to be added . second one added to start right before base58 op.

There aren't. The reason that code adds 0x00 twice is because the second time it calls back to the RIPEMD-160 output, instead of calling back to the RIPEMD-160 output with the 0x00 already prepended.

Take the public key, SHA256 it, RIPEMD-160 it, then add 0x00 to the start. Call this pubhash_prefix. SHA256 this twice, take the first 4 bytes, and then append these 4 bytes to pubhash_prefix. Convert to base58 and you have your address.

alexeyneu

member

Activity: 313

Merit: 30

Quote from: o_e_l_e_o on November 24, 2021, 07:29:29 AM

An uncompressed bitcoin public key is 65 bytes long, made up of "04", followed by the 32 byte x coordinate and then the 32 byte y coordinate.
A compressed public key is 33 bytes long, made up of either "02" or "03" depending on if the y coordinate is positive or negative, and then the 32 byte x coordinate.

An address is not simply a public key in Base58Check. To convert a public key to an address, you must first SHA-256 hash it, then RIPEMD-160 hash it, then add a 0x00 network byte to the start, SHA-256 hash it twice, take the first four bytes of this hash as a checksum and append it to the end, and then convert the whole thing to Base58Check. If you want to work backwards from an address, you can only strip the checksum and network byte to arrive at the RIPEMD-160 hash output. You can't go back any further to find the public key.

there're two \0 bytes to be added . second one added to start right before base58 op.

Code:

char *t = new char[1000]();
char *tbitaddr = new char[1000]();
size_t c = 1000;
size_t cbit = 1000;
unsigned char bitaddr[25] = {};
unsigned char pubhash_md[20] = {};
unsigned char pubhash_mdprefx[21] = {};

unsigned char pubhash[32] = {};
unsigned char hashtag[32] = {};
unsigned char hashtag_f[32] = {};

const unsigned char b[66] = "BurnItAll0000000000000000000000000000000000000000000000000000000b";
SHA256(b, 65, pubhash);
RIPEMD160(pubhash,32,pubhash_md);
pubhash_mdprefx[0] = 0x0;
memcpy(pubhash_mdprefx + 1, pubhash_md , 20);
SHA256(pubhash_mdprefx, 21, hashtag);
SHA256(hashtag, 32, hashtag_f);
bitaddr[0] = 0x0;
memcpy(bitaddr + 1, pubhash_md, 20);
memcpy(bitaddr + 21, hashtag_f, 4);
b58enc(tbitaddr,&cbit,(void *)bitaddr,(size_t)(sizeof(bitaddr)));
b58enc(t,&c,(void *)b,(size_t)(sizeof(b)-1));
std::cout << "pubkey :" << std::endl << t << std::endl << "address:" << std::endl << tbitaddr << std::endl;

o_e_l_e_o

legendary

Activity: 2268

Merit: 18587

Quote from: pooya87 on November 29, 2021, 08:58:49 AM

I don't think they have either but theoretically speaking they could have. I agree that it is a bad example but there hasn't been any drastic changes to the protocol for any drastic example.

It does lead to an interesting thought experiment, though, with implication for the future. Let's say someone shows up today with a significantly valuable amount of bitcoin - say a few hundred - which is now unspendable because of some historical change that was made to the protocol. What does the community do, and what are the consequences of that decision?

The right thing to do would not be to deprive that user of their money, but that would require changing the protocol in some way (maybe even forking) to allow those coins to be spendable, which would be a significant undertaking for the sake of one user. Or do we simply shrug our shoulders and say "Well, sucks to be you"? What are the consequences of us essentially preventing a user from accessing money which is rightfully theirs? That makes us far too similar to a centralized bank or exchange for my liking.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: o_e_l_e_o on November 29, 2021, 05:23:38 AM

Correct me if I'm wrong, but I'm not aware of any coins being made unspendable by the removal of OP_CAT or by BIP 147. This is in stark contrast to the millions of coins owned by potentially hundreds of thousands of people which would be made unspendable by depreciating ECC.

I don't think they have either but theoretically speaking they could have. I agree that it is a bad example but there hasn't been any drastic changes to the protocol for any drastic example.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18587

Quote from: mynonce on November 28, 2021, 06:30:43 PM

Exactly. Therefore, if someone else then Satoshi is able to move Satoshi's early mined coins, so Satoshi has to react.

If anyone is going to prevent someone from stealing Satoshi's vulnerable P2PK coins, then it should be Satoshi and only Satoshi. We should not get to decide to deprive Satoshi of all their coins.

Quote from: pooya87 on November 29, 2021, 12:38:29 AM

You see in bitcoin the majority has been making this kind of decisions for a very long time and it won't be any different for ECC in the far away future either.

Correct me if I'm wrong, but I'm not aware of any coins being made unspendable by the removal of OP_CAT or by BIP 147. This is in stark contrast to the millions of coins owned by potentially hundreds of thousands of people which would be made unspendable by depreciating ECC.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: o_e_l_e_o on November 28, 2021, 08:47:32 AM

It's not a case of hoping no one exploits the vulnerability. ECC will almost certainly be broken at some point in the future, and any coins protected by it will definitely eventually be stolen. We will absolutely move to a new algorithm, but it should not be the decision of the majority to lock coins which we do not own with no say from the true owner. I would much rather those coins are stolen than we set a precedent that the community can decide to lock your coins and there is nothing you can do about it.

Vulnerability in protocol is a very different thing than "locking other people's coins". Lets take OP codes that were disabled/removed from protocol. They had vulnerabilities and if anyone had any coins locked by an OP code like OP_CAT their coins would have been locked because such output can not be spent.
Or for example if you had any coins that were locked with a script like the following (pubkey script) they are unspendable now that BIP-147 is active because "majority decided".

Code:

OP_1 OP_0 OP_0 OP_CheckMultiSigVerify OP_DUP OPHASH160 OP_EqualVerify OP_CheckSig

You see in bitcoin the majority has been making this kind of decisions for a very long time and it won't be any different for ECC in the far away future either.

mynonce

full member

Activity: 233

Merit: 253

Quote from: o_e_l_e_o on November 28, 2021, 05:48:15 AM

...
The only way I would be ok with coins being locked or frozen would be if there was some method for the true owner to prove their ownership and reclaim them.

Exactly. Therefore, if someone else then Satoshi is able to move Satoshi's early mined coins, so Satoshi has to react.

Quote from: DannyHamilton on January 10, 2020, 11:43:08 AM

When objects of value are found in a ship wreck at the bottom of the sea, should those that managed to find the wreck be allowed to profit from that find? Or should a government agency take evderything salvaged and destroy it?

o_e_l_e_o

legendary

Activity: 2268

Merit: 18587

Quote from: pooya87 on November 28, 2021, 06:42:49 AM

That's an entirely different situation.

But the outcome was the same - the majority decided what to do to someone else's coins, which violates one of the main tenets of bitcoin.

Quote from: pooya87 on November 28, 2021, 06:42:49 AM

In any ways, I have argued before that if there is a vulnerability it should be removed instead of us letting it exist and hope nobody uses it. In this case if ECC were broken it must be removed completely which would effectively lock any coin that is not moved to new algorithm before a certain deadline.

It's not a case of hoping no one exploits the vulnerability. ECC will almost certainly be broken at some point in the future, and any coins protected by it will definitely eventually be stolen. We will absolutely move to a new algorithm, but it should not be the decision of the majority to lock coins which we do not own with no say from the true owner. I would much rather those coins are stolen than we set a precedent that the community can decide to lock your coins and there is nothing you can do about it.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: o_e_l_e_o on November 28, 2021, 05:48:15 AM

I completely disagree with that approach and think it makes use little better than a coin like Ethereum, which forked itself to make sure the "wrong" people didn't have access to certain coins.

That's an entirely different situation. Ethereum forked to roll back blocks so that they can get their money back that was lost in a buggy smart contract which didn't get fixed either (If they had fixed the bugs of their protocol then it would at least make a little sense!).

In any ways, I have argued before that if there is a vulnerability it should be removed instead of us letting it exist and hope nobody uses it. In this case if ECC were broken it must be removed completely which would effectively lock any coin that is not moved to new algorithm before a certain deadline.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18587

Quote from: ABCbits on November 28, 2021, 05:31:56 AM

Unfortunately people have different opinion on this matter. For example, few people think it's better to freeze vulnerable UTXO rather than letting thief stole it and potentially manipulate Bitcoin price.

I completely disagree with that approach and think it makes use little better than a coin like Ethereum, which forked itself to make sure the "wrong" people didn't have access to certain coins. As soon as a small group of users start deciding who is and is not allowed to access certain coins, then we have turned bitcoin in to something it isn't. I would much rather the market takes the hit from a few million coins re-entering active circulation and ultimately recovers from the hit with the principles of bitcoin still intact, than we change the principles of bitcoin (that no third parties have any say over your money) to avoid such a hit.

The only way I would be ok with coins being locked or frozen would be if there was some method for the true owner to prove their ownership and reclaim them. The only way I can think of doing this would be by showing that the relevant private keys were derived from a seed phrase in their possession, but obviously this does not help with all the P2PK addresses or any non-HD reused addresses.

I'm hopeful that someone much smarter than me comes up with a better solution before it is necessary.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: mynonce on November 25, 2021, 03:50:20 PM

Quote from: BlackHatCoiner on November 25, 2021, 08:48:27 AM

Quote from: garlonicon on November 25, 2021, 01:46:40 AM

They are even less secure, because instead of just "knowing public key", you also know a lot of correct signatures, where d-value is the same. That means you have a lot of "d=(s/r)k-(z/r)" equations, so a lot of "d=number*k-number2" expressions.

So?

ECDSA: Revealing the private key, from four signed messages, two keys and shared nonces (SECP256k1)
https://billatnapier.medium.com/ecdsa-revealing-the-private-key-from-four-signed-message-two-keys-and-shared-nonces-secp256k1-5758f1258b1d

https://www.youtube.com/watch?v=6ssTlSSIJQE

True, but it requires user to use vulnerable software. Reusing k value (also called nonce) is well-known problem, so it's unlikely you could someone private key that way.

Quote from: o_e_l_e_o on November 27, 2021, 08:51:50 AM

Quote from: pooya87 on November 27, 2021, 08:44:31 AM

The decision also won't be unilateral, whatever the decision may be. It will be a fork that like any other fork requires support from the majority.

I meant unilateral in respect to the owner of the coins. The majority shouldn't get to decide what to do with the coins belonging to someone else, even if we think those coins have been lost or abandoned.

Unfortunately people have different opinion on this matter. For example, few people think it's better to freeze vulnerable UTXO rather than letting thief stole it and potentially manipulate Bitcoin price.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18587

Quote from: pooya87 on November 27, 2021, 08:44:31 AM

You forgot that we aren't talking about some abandoned coins in a P2PK output. We are also talking about a much bigger amount of bitcoin (in total) in reused addresses, like a lot of the addresses in the bitcoin rich-list.

And in those cases, where addresses are being constantly reused, then almost all of those users will be able to move their coins to whatever quantum resistant algorithm we end up with, which will probably be in place years before the coins on reused addresses are at any meaningful risk.

Quote from: pooya87 on November 27, 2021, 08:44:31 AM

The decision also won't be unilateral, whatever the decision may be. It will be a fork that like any other fork requires support from the majority.

I meant unilateral in respect to the owner of the coins. The majority shouldn't get to decide what to do with the coins belonging to someone else, even if we think those coins have been lost or abandoned.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: o_e_l_e_o on November 27, 2021, 08:29:52 AM

Still, I agree it is obviously theft, but I still don't think we should take any steps to prevent it. If coins have been abandoned or lost or the owners are ignoring them, and they end up being stolen, then so be it. The last thing we want is for nodes/miners/devs/the community to unilaterally decide to make some coins unspendable or remove them from circulation.

You forgot that we aren't talking about some abandoned coins in a P2PK output. We are also talking about a much bigger amount of bitcoin (in total) in reused addresses, like a lot of the addresses in the bitcoin rich-list.
The decision also won't be unilateral, whatever the decision may be. It will be a fork that like any other fork requires support from the majority.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18587

Quote from: mynonce on November 25, 2021, 03:50:20 PM

Whale Alert

Think what you like about the Patoshi data, but Whale Alert are one of the stupidest and click baity organizations in the whole of crypto. They tweet complete trash without doing even the most basic of research or investigation. If you are going to read about the Patoshi data, I suggest you read the original research directly. I wouldn't read a single word associated with Whale Alert.

Quote from: pooya87 on November 26, 2021, 12:15:13 AM

That makes bitcoin obsolete overnight.

I wouldn't call it a "short step". Look at things like CPUs, GPUs, or even ASICs, as comparison. It will take years between the first quantum computer which can solve the ECDLP, and the first quantum computer which can solve it in <10 minutes.

Still, I agree it is obviously theft, but I still don't think we should take any steps to prevent it. If coins have been abandoned or lost or the owners are ignoring them, and they end up being stolen, then so be it. The last thing we want is for nodes/miners/devs/the community to unilaterally decide to make some coins unspendable or remove them from circulation.

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

Quote from: mynonce on November 26, 2021, 04:00:47 PM

If they really wanted to stop it. They would have stopped it. We wouldn't have Bitcoin.

Devil's advocate speaking: And if the people really wanted to rebel we would have it. They wouldn't have stopped Bitcoin.

Quote from: mynonce on November 26, 2021, 04:00:47 PM

If they really wanted to know who Satoshi is ...

You must be really afraid of the government, but let me tell you that they are humans just like you and me.

mynonce

full member

Activity: 233

Merit: 253

Quote from: BlackHatCoiner on November 26, 2021, 03:39:15 PM

Quote from: mynonce on November 26, 2021, 03:18:10 PM

That will happen.

The acceptance of the inevitable or the allowance?

Let me answer this so:

Quote from: BlackHatCoiner on November 26, 2021, 03:07:38 PM

Quote from: mynonce on November 25, 2021, 03:50:20 PM

Governments allowed Satoshi to 'print' Bitcoin.

Or rather couldn't stop Satoshi from inventing Bitcoin.

If they really wanted to stop it. They would have stopped it. We wouldn't have Bitcoin.
If they really wanted to know who Satoshi is ... (My opinion: They know who Satoshi is and Satoshi knows it.)

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

Quote from: mynonce on November 26, 2021, 03:18:10 PM

That will happen.

The acceptance of the inevitable or the allowance?

mynonce

full member

Activity: 233

Merit: 253

Quote from: BlackHatCoiner on November 26, 2021, 03:07:38 PM

...
...

Quote from: mynonce on November 25, 2021, 03:50:20 PM

Governments will allow it.

Or maybe they'll have to accept they cannot forbid it.

That will happen.

Topic: Bitcoin private key BASE58 problem (Read 602 times)