Topic: Calling Gavin Andresen and others, possibility of restoring MtGox's coins. - page 3. (Read 7877 times)

The QT client uses the OS level random number generator to generate private keys.  If values of PRNG could be recomputed, then anyone could recompute any other persons private keys.  Bitcoin would fail and so would essentially all other crypto.  PRNG while not truly random are designed to make such recomputation infeasible.  They don't just use a timestamp, they pull data from an entropy pool which is filled with sources like # of disk I/O failures in last x seconds,  random noise from sound card DAC, temperature of processor, the timing (in milliseconds) between keystrokes on the keyboard, the mouse movement data, the latency recorded on IDE calls.

To recompute a PRNG value would require not just the timestamp of the value but recreating the system in the exact same configuration as it was at the time the random value was requested.  This is nearly impossible unless there is some flaw in the PRNG and even then you would need some extensive cryptanalysis and a lot of computing power (i.e may take quadrillions of attempts to recompute the target value).

Of course it is also possible to generate private keys using a true hardware random number generator (quantum random number generator is one example).  For those there is no method, not even theoretical to recompute the generated number.

If there existed such an easy way to compute private keys, then Bitcoin was doomed from the start. Well, actually - maybe the whole Internet would be doomed, as no SSL or SSH session would ever be safe.

Luckily, that's rather improbable.

I have a question:
I do understand that private keys are random numbers, but at same point they have to be created on deterministic factors like time etc. So when the private key would be let's say a hash of the "magic_number"+timestamp, then there is a chance to rebuild the private key, if you have the magic number and the timestamp. For the sake of simplicity let's assume the bug is that a letter x got added to the private key. So no private key would work anymore.
-> So in this case there would be a feasible way to compute the private keys.

But I have no idea how MtGox created the private key. Maybe they took something that can't be found like Marc used 500 random characters (just pushed his hands on the keyboard).

So based on what private keys get created in the qt wallet?

Yep.

If a hard fork was done to print more coins, i would definately leave Bitcoin...

Some rules are meant *not* to be changed. You can't just print gold out of thin air. Bitcoin is the new gold. An action like this would literally destroy Bitcoin.

The current bitcoin model can't stop people from doing stupid things.  Like dealing with a group that has had issue with reliability for years. Like storing bitcoins on an exchange, pool or somewhere else where you don't have the private keys. Like designing software  that allows one to withdraw the same funds many times.

This isn't about the bitcoin model, this is about gox being stupid, uninformed, or criminal depending on who you believe and people not seeing (or ignoring) the repeated issues all through 2013 and before.

Thats not going to happen...these poeple were on the other side of the trade and in on the cover - up ( Roger seemingly bidding for Goxcoins,remember? ) ....they collected

your wealth on the way up , your money went offshore already....and now your stolen coins are even dumped on you until wallstreet picks em up for 50 bucks a piece...

if you don´t believe me...just watch the show

Let's say that some cryptographic breakthroughs during the next few years allow us to figure out a private key from a bitcoin address in a reasonable amount of time (ie both SHA256 and RIPEMD160 become vulnerable).

By then, the bitcoin software will have been upgraded to work with a different set of hashes and everybody will have sent all their balance from the old, potentially compromised addresses to the new ones. This scenario would mean two things:

- We would be able to know the exact amount of lost coins. All balance that remains in the old addresses could be safely assumed to have been previously lost.
- All those lost coins could be reintroduced back into the system by cracking their private keys (I'll leave aside the subject of how to distribute them among users).

Now, if mtgox hasn't been robbed and the root cause of this situation is that MK lost the private key(s) to the cold wallet(s), we would have a chance to return the coins to their rightful owners without forking the network or minting new coins. We would just rescue those lost coins and put them in circulation again.

Full disclosure: I'm one affected mtgox user.

If the current Bitcoin model allows a guy like MK to wreak such havoc, then there's something wrong in the current Bitcoin model.

Well as far as I understand, there could be a homomorphic function f for which f(AA) = BB, and then there'd be an f' for which f'(aa) = bb. But I think that's extremely unlikely. Also I dimly remember MtGox had a problem with broken tx scripts, which I very much doubt falls into this homomorphic function class.

Its just so unfathomable to think of that amount of BTC just being lost. The fact that gox has said nothing just adds to the speculation.

I think this is the main issue and until we hear anything from gox themselves all manor of possibilities could be true.

In terms of hard fork to recover funds due to people not understanding counter-party risk ... er no.

This I agree on.  MtGox alleges they don't have 800K BTC that they "should have".  There are about a half dozen credible theories as to why that is the case.  MtGox has been totally silent and opaque on the issue.  Mark's comments to date have been either false or vague to the point of being useless.

Until MtGox provides some clarity on EXACTLY how they ended up short 800K BTC, it is all academic speculation.

Thanks for the explanation. This makes sense.

However as someone said on the original Reddit thread:

--- The only thing that's clear is we need a thorough investigation and time is of the essence.

Before we make any more speculation, it's necessary to find out exactly what has happened. And I'm not sure if Mark's the right person to be able to do that right now. Perhaps he should enter more of an advisory role, and have a team of skilled devs/auditors looking into it.

Before we have established what exactly is the problem it is not possible to fix it, and it might as well be unfixable, but then there was at least an attempt to fix it..


I agree with DAT here.


The funny thing is that force might be exactly the thing that would be needed, although most us are too civil to condone that kind of thing, if we did and claimed it was for the greater god, who would we be like then?



I do not talk about making a fork. I talk about doing an investigation and then see if anything could be done. It could be that privkeys are encrypted, and the password who mark stored on an usb disk is gone or corrupted for example..

No violence really necessary, other than a thug to hold him down for a minute while you hook up the Sodium Amytal drip.

well, first thing to do before spending more thought is to extract the truth from Mark or Gox, force maybe necessary as it's been proven that they are not cooperative and continue lying.

In the name of Satoshi please stop mentioning a fork here. It makes me feel sick 

If it is just about trying to recover a potentially lost private key, then yes, why not?

+ infinity! If the coins are truly lost, let 'em go. The rise in value will help to compensate people. In addition, they DID file bankruptcy. Their other assets will be sold, and disbursed as at least some compensation to the bagholders.

It does suck, but it is not the end of bitcoin. If the coins were actually stolen, they'll eventually recirculate. Not cool for those who lost, but no harm to bitcoin. If they are lost, again not cool for those who lost, but the coin becomes automatically more valuable on scarcity alone.

Gox going down in flames is also positive for bitcoin, as they were a nightmare already.

So MtGox is too big to fail and there should be "super users" who have the ability to generate hundreds of thousands of new coins by decree?  You have just reinvented the existing banking system.  Bitcoin was suppose to be digital gold.  If a ship carrying 750,000 ounces of gold for a depository sunk in irrecoverably deep water and the depository was uninsured you couldn't just magic up another 750,000 ounces of gold.

Any hard fork or alteration of the core bitcoin rules essentially has no chance of consensus and if it did it would undermine all the touted benefits of Bitcoin.  What is different about "Gavin" (as if he had the power) minting 750,000 BTC by decree, compared to the federal reserve printing a sum of USD from nothing?

Advanced math is not my strongpoint, but what you say is what I have understood as well.

In truth, I don't believe the keys are missing or that Gox was hacked. I think somebody on the inside stole it. I have strong (but unproven) suspicions of Mark Karpeles himself, since NOBODY in charge of a business would fail to note a monetary hemorrhage of that magnitude. Hell, when I was an assistant manager, I'd redo the numbers ten times to find five bucks. I was in charge of a few thousand dollars, not a King's Ransom.

The whole thing stinks of fish.

Ok, well the private keys are probably not restorable, but something should be done to pay back people who have suffered because of this.

Yeah I read it an it is utter nonsense written by someone who doesn't understand that private keys are random and addresses are derived from those private keys.  

Private key a is a random 256 bit number.  Using ECDSA and priv_key a produces pubkey A which is hashed and cheksumed to form address AA.  A proper wallet would record "a" and "AA".  If MtGox's custom wallet was broken such that after randomly generating "a" instead of producing address "AA" it produced address "BB" then contrary to the linked post, there is no way to find private key "b" from address "BB".  The coins are now at "BB" which has an unknown key and they were never sent to "AA" which is the address for the key MtGox has.

The linked post is just a theory and if right (MtGox doesn't have the private keys from the addresses containing 800,000 BTC) then those coins are "gone" forever*.  If you could "recover" those coins then it wouldn't really matter because Bitcoin is completely broken and worthless.

Furthermore I would add nobody even knows if this is the case.  Mark (and his lawyers) have been very vague on the exact status of the "lost/stolen/missing/unavailable" coins and the reason for that status.   


* Well at least until the cryptographic primitives are weakened by cryptanalysis to make a brute force attack possible which could be 0 to infinite years from now.