Topic: Collisions on private addresses? Balances? - page 2. (Read 594 times)

I suppose it's difficult to say without knowing anything about his implementation. He's saying he's doing 500 million * 60000 address comparisons per day. If his implementation is naive (checking each generated key against each address in the "database") that works out to ~350 million key comparisons per second. If his implementation is less naive (using a hash table for the 60000 "known" addresses) then that works out to nearly 6000 keys generated and compared per second.

If he's doing it the first (naive) way, then I think he's probably made a mistake somewhere without realizing it, because that number (350 million comparisons per second) seems obviously out-of-range for an i5 (to me, anyway).

If he's doing it the second (less naive) way, then assuming it's "homebrew" that's been quickly slapped together in 3 days, it's still suspiciously fast, IMHO.

Maybe I've misread/misunderstood something or calculated incorrectly. I'm always happy to be corrected

FYI, you're not the first people trying to generate all private keys. Have you checked LBC? According to them, their pool performance currently is 107.85 million keys/second[2]. Some people don't like LBC though since it use closed source software and there's speculation they targeting specific address.


Actually i find it's quite slow. Recovery software such as FinderOuter could achieve 64 thousand address per second on i3[3].

[1] https://lbc.cryptoguru.org/
[2] https://lbc.cryptoguru.org/stats
[3] https://bitcointalksearch.org/topic/m.56043632

Take a merit for following through on your plan and for being hardcore enough to still be running Windows 7

Sounds like you're having fun, keep at it! I would double-check your numbers though, they seem a little high for a core i5...

Lol.
Ok so started to build the app. First got 12 million computations per day as a test, this generates the private key, and public key etc. I now compare that to a database of 60000 known public keys and balances.

Day 3, improved the code somewhat. Now the same app is running at 500 million computations per 24 hrs, comparing the generated output against a dBASE of 60000 known balances addresses

So my computations are now 500 million * 60000 per 24hrs. The numbers is to big to calculate.
This is running on a Windows 7 pc icore 5.

Let's see what it comes up with in a day, a week, a year.

I know the numbers are huge.

Because this task is so computationally infeasible and therefore harmless to try, I'll spare you the morality lecture and just say that I like your methodology. IMHO, getting some code down is the best way to learn about something. Good luck!

Interesting conversation, thanks everyone, now to build the app and try. Lol

Yup, that's pretty much all there is to it.

Edit: Of course, it's not realistic to undertake this search and expect results, but it's possible, both in theory and in practice. The only thing protecting any given bitcoin address (ignoring exotic redeem scripts) from unauthorized spending is lack of knowledge about the private key, there are no other protections in place. That's why it's so important to keep your private key(s) safe.

I understand all of the above, but the point I am making is this.

I can generate a private key, and from there I can generate a public address, from that same private key.

If I did this enough times, and it may take forever, eventually I will match a public address, and I will have the private key from it, so I can claim the balance if it had one, in theory?

Yes, it's one of the address type that uses "HASH160" or RIPEMD160[SHA256(PubKey)] for P2PKH.
P2SH also uses HASH160 of the redeem script, P2WPKH also uses it, the rest of the steps are just difference in encoding.
So when pointlessly bruteforcing addresses, you can derive those address types from each 160bit result.

There's no "private BTC address" and "public address".
Only "Private Key" and its "Public Key" pair, then the "Bitcoin address" generated from the public key.
It's a one way process "PrvKey->PubKey->Address", not the other way around.

As an analogy, let' use a "lock" and "key" scenario:

• Let the "lock" be the HASH160.
• Let the "key" be the Private Key.
• In your scenario, your theoretical computer program cycles through all the "locks" which can only unlocked by the "key".
• Even if you can generate all the locks, it's pointless since you can't unlock them without their keys.
• So, if you want "collision", you need search through the keys which have a tremendously larger search space than the locks.

That's a little beside the point. As nc50lc said, if you want to be able spend what you find, then you need to search the "private key" space and not the "address" space.

Let's consider "legacy" P2PKH addresses for the moment. To create one you have to choose a number between 1 and 115792089237316195423570985008687907852837564279074904382605163141518161494336.

Then you take this number and do some irreversible math on it (elliptic curve cryptography) to produce another number.

Then you take this number and do some more irreversible math on it (cryptographic hash) to produce the final "address".

If you try to search for non-empty addresses by "cheating" and not doing the full address derivation, then when you find an address that has money in it, you won't be able to spend it (because you don't have the first number, the private key).


No, those figures are for illustrating how much harder searching a space gets as you add bits. The takeaway should be that if you can search a 2^160 space in 9 days, then searching a 2^256 space will take you roughly 2 octillion years (~140 quadrillion times longer than the age of the universe).


That's true, but 2^256 is a massive search space. It's tempting to visualize it as a line and think that there "must" be some addresses near the beginning of that line, but with a space this big "near" can still be really, really far. If you've selected your private key at random, you have nothing to worry about.

Hi, is the hash 160 for legacy addresses?

The figures above are quoted to cycle through the entire range of addresses from start to finish.

It may be a case that your my particular address gets cycled in the first hour.

The number you've given is merely based on the HASH160 of the public key that is 160bit which is correct, but that's merely for addresses that relies on that PubkeyHash.
There are other address types out there, anyways, that's not the important part of this reply.

The Bitcoin address generation starts from Private key if you want to be able to spend its funds so what you need to bruteforce are private keys.
Which has roughly 2^256 combinations or
115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936
But since some of them are invalid, the number "shrinks" to:
115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336
If you can theoretically bruteforce even 1% of that, you "may" be able to find one with funds.

Maybe yes (for 2^160), but they can't spend it since they've bruteforced addresses, not private keys.

I know this is all theory, but it seems to me that if btc wallets just reply on you not matching the private key, then it's a lack of security surely, as I know the fastest super computer on the planet can cycle through the combinations in 9 days.

What about P2PK?


P2PK was before my time, but wasn't it just the Base58 encoding of the public key? So, if you're adding up all the different ways that you can specify an "address", doesn't it belong in your sum?

There are 2¹⁶⁰ P2PKH addresses + 2¹⁶⁰ P2SH addresses + 2¹⁶⁰ P2WPKH addresses + 2²⁵⁶ P2WSH addresses + 2²⁵⁶ P2TR addresses, which is the number that greatly exceeds the number of possible private keys (slightly less than 2²⁵⁶).

Why do you need a separate address format, if you'are paying directly to a public key (as a name suggests)?

You don't need a special program to generate private and public keys, any bitcoin wallet can do the trick. The odds of you accidentally finding a private key with a balance are extremely slim, but no one can stop you from trying. However, keep in mind that stealing someone else's coins is to be considered a crime in most jurisdictions.

You're missing a point:

Private address to public address, there is no process like this.

It's one-way flow from k > K > A
Private key (Elliptic Curve Multiplication: one-way) > Public key (Hash-function: one-way) > Public address

It is one-way and irreversible process as you can read more in Chapter 3: Key, addresses in Mastering Bitcoin book

Private keys are the means by which transactions are signed from corresponding addresses on the blockchain which were generated from they xpriv key. So, with the private keys you will be able to spend funds from that address.

If it were possible to generate private keys and public keys which has a balance on it, then it would not have been worth it, as the network would haveko value.

Yes. And by all means: try it! Convince yourself how secure Bitcoin is, you'll never find a fixed address that was properly generated.

I don't have that much knowledge on this but base on my study. Yes you can spend the funds if a collision happens

Thanks for the answer.

Is it true if that were to happen, all I need is the private key to spend the funds?

Thanks