Pages:
Author

Topic: Bitcoin Wallet generation by hand (Read 6770 times)

sr. member
Activity: 770
Merit: 250
June 11, 2014, 08:23:22 AM
#65
Hmmh. I wrote I piece of code to simulate any fair positive-integer sided die or a deck of cards provided you have a fair 2-or-more sided die or a fairly shuffled deck of cards. I liked the deck of cards thing, it was nice as a dice simulation, no flying parts. Don't know if I can clean that code though if anyone would like to draw cards to make their private key... but it's fun for someone to code. It's a fun exercise to convert the cards to a number while allowing shuffling in the middle etc, suggested for any hobbyist coder.

Maybe it's interesting to note that no finite amount of fair dice rolls with a die that has less than 3618502788666131106986593281521497120401173883721090761956411348172442546698 sides can be guaranteed to give a truly random (with equal chance for all possible keys) private key (similar to a 115792089237316195423570985008687907852837564279074904382605163141518161494336-sided dice roll). Fortunately reality isn't that harsh and more than 100 rolls with a six-sided die are rarely needed   Smiley
legendary
Activity: 1988
Merit: 1012
Beyond Imagination
May 31, 2014, 08:59:43 PM
#64
There's no point in caring whether a private key is in hex or WIF if you're importing it into a wallet.  The wallet does hashing on it and so you're not "doing it by hand" and avoiding a computer.  But, I'm sure sx can use your private key in hex format or as a seed, so you can use that if that's your goal.

http://www.swansontec.com/bitcoin-dice.html

Here is a detailed description of using 2 hex dices to generate private key and use some bash script to generate WIF. When I examine the code, it uses openssl to do the hash function, and base58 encoding part is also not easy to read. So the calculation is dependant on openssl functionality, which I would like to avoid if possible
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
May 31, 2014, 11:21:40 AM
#63
There's no point in caring whether a private key is in hex or WIF if you're importing it into a wallet.  The wallet does hashing on it and so you're not "doing it by hand" and avoiding a computer.  But, I'm sure sx can use your private key in hex format or as a seed, so you can use that if that's your goal.
legendary
Activity: 1988
Merit: 1012
Beyond Imagination
May 31, 2014, 08:29:18 AM
#62
I'm still researching this method, but the problem with the hand method is that even if you generated a pure random 256 bit private key, you still need to add 0x80 at the beginning and check-sum at the end of that key, then do a base 58 encoding to get WIF format private key to be imported into major wallet software. That check-sum involves 2xSHA256 hashing calculation which is impossible to do by hand

Is there any client can import a pure hex format private key so that I can skip the WIF format altogether?
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
November 18, 2013, 12:09:29 AM
#61
I've mentioned it in another thread, just roll dice one hundred (100) times, write down that sequence, and use that as the passphrase for bitaddress.org. (or nobrainr, but I have not yet used that tool yet.)
member
Activity: 88
Merit: 10
November 17, 2013, 10:43:29 AM
#60
your math is flawed:
assuming 5% error rate per step and 30 secs per step, it takes about 800hours to finish the hashing, doing as following:
calculate each step 5 times, if the 5 results match continue, else start the step again.
the probability to get the right result from this is:
99.999999%,

You want to play with semantics?

Ok, let's play.

Let's take a human, the super-hero kind, who can:
 a/ Calculate a 32-bit operation in 10 seconds
 b/ Work from midnight to midnight everyday
 c/ Calculate a 32-bit operation without any errors

A hash takes about 5000 32-bit operations. So make it 10000 for ripemd160(sha256()).
That makes (10*10000) = 100k seconds = 38.4 hours = 1.6 day non-stop.
Possible.

Now here comes the fun.



This time we take a real human, the super smart kind.

A/ He calculates a 32-bit operation in 30 seconds (please try a 32-bit addition and tell me how much time it took)
This raises the total time to calculate one hash to 115.2 hours

B/ The guy must sleep, so he can "only" work from 8am to midnight.
This makes the total time to calculate one hash equal to 4.8 days.
Still possible.

C/ The lower brain failure rate in the best conditions is 5%. As he's super smart his is only 1%.
The probability of him finding the correct hash on one try is P = 1/2^(100000*1%) = 1/2^1000 ~ 1/10^300

D/ He starts the hashing calculation at birth and will stop at 100 years old.
This is (100*365) = 36500 days of calculation.
One try is 4.8 days, so he has 7604 tries available.
The odd of our super smart guy FINDING AT LEAST ONCE the correct hash in his entire lifetime is then:
  R = 1-Q where Q = (1-P)^7604 = ( 1 - 1/2^1000 )^7604

Basic maths gives that Q > 1 - 7604/2^1000 = 1 - 10^(-297.149) > 1 - 10^(-297)
So R < 10^(-297) < 1/2^986
Yes, R < 1/2^986



TLDR

It's easier to crack 6 different bitcoin addresses with only 6 guesses than to a human to calculate a correct bitcoin address hash in his lifetime
Yes, I call that impossible
legendary
Activity: 1456
Merit: 1081
I may write code in exchange for bitcoins.
November 08, 2013, 03:50:07 PM
#59
There seems to be some confusion between ADDRESS and PUBLIC KEY.

The PUBLIC KEY is computed from the PRIVATE KEY using ECDSA.

The ADDRESS is the PUBLIC KEY triple hashed and checksumed.

It is utterly impossible for a human in any reasonable amount of time and with any reasonable accuracy (don't want to be sending funds to the wrong address) to perform the hashing necessary to create the ADDRESS.

However the OP asked about the PUBLIC KEY.  It would seem difficulty but possible to compute the PUBLIC KEY from the PRIVATE KEY.  Then transfer only the PUBLIC KEY to a computer and use a simple program to compute the full ADDRESS.

Sorry for the annoying caps but seems many people can't grasp the difference between PRIVATE KEY, PUBLIC KEY, and ADDRESS.  If you are one of them they are three distinct things. ADDRESS =/= PUBLIC KEY.

Yes, I needed this education.  I thank you death and taxes.
donator
Activity: 1218
Merit: 1079
Gerald Davis
November 08, 2013, 02:02:18 AM
#58
There seems to be some confusion between ADDRESS and PUBLIC KEY.

The PUBLIC KEY is computed from the PRIVATE KEY using ECDSA.

The ADDRESS is the PUBLIC KEY triple hashed and checksumed.

It is utterly impossible for a human in any reasonable amount of time and with any reasonable accuracy (don't want to be sending funds to the wrong address) to perform the hashing necessary to create the ADDRESS.

However the OP asked about the PUBLIC KEY.  It would seem difficulty but possible to compute the PUBLIC KEY from the PRIVATE KEY.  Then transfer only the PUBLIC KEY to a computer and use a simple program to compute the full ADDRESS.

Sorry for the annoying caps but seems many people can't grasp the difference between PRIVATE KEY, PUBLIC KEY, and ADDRESS.  If you are one of them they are three distinct things. ADDRESS =/= PUBLIC KEY.
legendary
Activity: 1092
Merit: 1016
760930
November 08, 2013, 01:55:16 AM
#57
Given that doing it purely by hand s practically unfeasible, how about this as a next best option: using our NoBrainr python script (only 25-30 lines of code) on an offline raspberry pi? This can be used with or without dice.

Can I ask why you promote nobrainr so much? Lots of people share scripts on this site but I've never seen someone promote their opensource script quite as much as you do.

Because I think it can help users and hits a sweet spot between security and transparency? Also, I only mention it when it's appropriate to.

Although now you mention it, you may be right, I seem to be a little obsessed with it!  Probably due to the fact that I have a little too much free time on my hands right now. Won't last for long, though...
legendary
Activity: 3682
Merit: 1580
November 08, 2013, 01:21:48 AM
#56
Given that doing it purely by hand s practically unfeasible, how about this as a next best option: using our NoBrainr python script (only 25-30 lines of code) on an offline raspberry pi? This can be used with or without dice.

Can I ask why you promote nobrainr so much? Lots of people share scripts on this site but I've never seen someone promote their opensource script quite as much as you do.
legendary
Activity: 1092
Merit: 1016
760930
November 08, 2013, 12:33:50 AM
#55
Given that doing it purely by hand is practically unfeasible, how about this as a next best option: using our NoBrainr python script (only 25-30 lines of code) on an offline raspberry pi? This can be used with or without dice.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
September 20, 2013, 06:22:21 AM
#54
Write an Android / iOS version of it. Publish source code or make it open source. Problem solved for most people.

If you really want to do it on paper ... Good luck.
legendary
Activity: 1442
Merit: 1005
September 20, 2013, 06:08:23 AM
#53
I was going to write the order of operations to be made on paper, then I got to RIPEMD-160. No way someone can complete the process (EC generation, EC point conversion, RIPEMD-160 hashing, SHA-256 hashing, base58 conversion and address building) and remain sane.

You would need something like 100-200 pages of paper with boxes printed of them to help you complete the operations, and many many hours...
The EC part seems possible if you are really motivated
There are less operations but the operands are bigger. The hashing though, it will take some time to complete. I will try again later to see if I can write the operations in order.
legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
September 20, 2013, 05:50:58 AM
#52
I was going to write the order of operations to be made on paper, then I got to RIPEMD-160. No way someone can complete the process (EC generation, EC point conversion, RIPEMD-160 hashing, SHA-256 hashing, base58 conversion and address building) and remain sane.

You would need something like 100-200 pages of paper with boxes printed of them to help you complete the operations, and many many hours...
The EC part seems possible if you are really motivated
legendary
Activity: 1442
Merit: 1005
September 20, 2013, 05:47:33 AM
#51
I was going to write the order of operations to be made on paper, then I got to RIPEMD-160. No way someone can complete the process (EC generation, EC point conversion, RIPEMD-160 hashing, SHA-256 hashing, base58 conversion and address building) and remain sane.

You would need something like 100-200 pages of paper with boxes printed of them to help you complete the operations, and many many hours...
legendary
Activity: 3682
Merit: 1580
September 20, 2013, 05:41:17 AM
#50
Is there some kind of "hash" that can be easily "calculated" from an human (even if takes some hours...) but not from computer?

captcha
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
September 20, 2013, 01:13:16 AM
#49
well the math is above me lol, but couldn't your 'super-smart' be a little smarter and instead of doing the math himself, be allocated to to the of task simply breaking it up into easier micro chunks of math to be distributed amongst an army of mental sweatshop laborers and then supersmart guy checks over for errors and does the final math on it?  assuming a low amount of errors, it would reduce the time significantly would it not? In some countries right just paying the workers with food (some economical high protein stuff like peanut butter!) would be incentive enough.

note i'm am conscious of 3rd world war/global poverty issues and don't mean to be insensitive here, so please don't interpret as that.
You risk all those workers will somehow know the private keys. Someone will take notes and eventually figure out what they are used for.

Just use an offline computer or an offline smartphone.
hero member
Activity: 756
Merit: 500
September 19, 2013, 06:57:13 PM
#48
I am offering a 1btc bounty for someone who can demonstrate a repeatable method for calculating a private key using only paper pencil and brain

Bounty noted.  I am actually working on it right now.

EDIT: Okay, I am ready to claim.  Since you said private key, and not a WIF key or public key, its actually pretty easy.

Here is the method, which requires two dice or any other randomizing method.  Roll the two six sided dice 64 times.  Right down the numbers like this:

If the number is 0-9 right now the number.  If the number is 10-12 right now a-c.  Do this with each roll of the dice and you will get a valid hex private key, such as A9 87 3C 79 B6 D8 70  A0 1B 61 57 78 63 33 89 B4 45 32 13 30 3A A6 1C 20 CC 67 2C 23 36 B3 32 62

This is a valid bitcoin private key.  Note that this does not use all the hex characters, and as such can not generate all possible private keys, but its easy to do with just two dice.

You could also buy a 16 sided dice or something and use 0-F which would be more proper.  If you do it this way, the max address you can use is FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141



I don't think this qualifies for the bounty.
hero member
Activity: 756
Merit: 500
September 19, 2013, 06:56:59 PM
#47
I am offering a 1btc bounty for someone who can demonstrate a repeatable method for calculating a private key using only paper pencil and brain

Bounty noted.  I am actually working on it right now.

EDIT: Okay, I am ready to claim.  Since you said private key, and not a WIF key or public key, its actually pretty easy.

Here is the method, which requires two dice or any other randomizing method.  Roll the two six sided dice 64 times.  Right down the numbers like this:

If the number is 0-9 right now the number.  If the number is 10-12 right now a-c.  Do this with each roll of the dice and you will get a valid hex private key, such as A9 87 3C 79 B6 D8 70  A0 1B 61 57 78 63 33 89 B4 45 32 13 30 3A A6 1C 20 CC 67 2C 23 36 B3 32 62

This is a valid bitcoin private key.  Note that this does not use all the hex characters, and as such can not generate all possible private keys, but its easy to do with just two dice.

You could also buy a 16 sided dice or something and use 0-F which would be more proper.  If you do it this way, the max address you can use is FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141



I don't think this qualifies for a claim.
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
September 19, 2013, 06:45:26 PM
#46
Is there some kind of "hash" that can be easily "calculated" from an human (even if takes some hours...) but not from computer?

Do you mean a hash that a computer can't perform or one that it would take longer than a human?  It would probably have to involve some sort of riddle.  Though the computer in the van in midnight madness could do it quickly...
Pages:
Jump to: