Topic: entropy (Read 642 times)

According to achow101, that IS right.

Please have a look at your thread:
https://bitcointalksearch.org/topic/m.18602354  (post #4)



That much is certain.

Entropy (more accurately known as Shannon entropy) in information theory is a measure of randomness.

A private key (in the bitcoin protocol) is a number between 1 and 115792089237316195423570985008687907852837564279074904382605163141518161494336.

Since numbers can be represented in many forms, you can also say that a private key is a number between 0x01 and 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4140

When choosing which number you want to use as your private key, it is important (in the interest of security) to have enough entropy (randomness) in your selection.  While any number in that range IS a valid private key, your method of choosing a private key might not have an equal probability of generating any of the numbers in the range.  This is where "entropy" becomes important.  You need enough entropy to make any number in the valid range nearly equal in probability of being selected.

If you roll a cube die 3 times and use the resulting digits as your private key, you will only be capable of generating one of 216 possible private keys.  There isn't enough randomness in this.  Another person could roll a cube die a few thousand times and they would almost certainly get the same private key as you at least once.  Since there are 216 possible results, and all of them are equally likely to occur, the entropy can be described as approximately 7.7 bits of entropy.

If you roll a cube die 100 times and use the resulting digits as a base 6 representation of your private key, you will generate one of:
6.53 X 10⁷⁷ possible private keys.  This has enough randomness.  Another person could roll a cube die continuously for the rest of the time that the earth will exist and they still won't have even a 0.000000000000001% chance of generating the same private key as you. Since there are 6.53 X 10⁷⁷ possible results, and all of them are equally likely to occur, the entropy can be described as a bit more than 256 bits of entropy.

The PRNG still produces a random number that is based upon transforming the entropy. Your private key is still a random number.

@DannyHamilton: Thank you for your answer.


No, according to @achow101 this is not right.

Please have a look at the following thread:
https://bitcointalksearch.org/topic/entropy-length-53-vs-99-1871338 (post #6)

I am now confused.

There are many ways to represent a number.

For example, The number of fingers I have (including thumbs) could be written as:

• 1010 in base 2 (binary)
• 101 in base 3 (ternary)
• 22 in base 4 (quaternary)
• 20 in base 5 (quinary)
• 14 in base 6 (senary)
• 13 in base 7 (Septenary)
• 12 in base 8 (Octal)
• 11 in base 9 ()
• 10 in base 10 (decimal)
• A in base 16 (hexadecimal)
• B in base 58 (Octoquinquagesimal)
• K in base 64 (Tetrasexagesimal)
• KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU78MReK4ms in base58check (Bitcoin WIF encoding)

In otherwords, we ALWAYS use the random number directly as a private key.  We just represent that random number in a way that makes the most sense for it's use.

So if we are aware that a guilty private key must be in the range of 0x0 to oxFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141,
 there is no reason against using a random number directly as a private key? It is only less comfortable. (?)

No, you are wrong. Entropy is used in every single operation that involves generating random numbers, and that includes private keys.

Private keys are 256 bit integers, not just a 52 character string in base58. The private key must fall within a certain range and actually using a random number generator and key generating software ensures that the private key is valid.

Hello,

Am I right that we do only use an entropy if we make a BIP32, BIP38 or BIP41 wallet. And we do not use entropy if we only need a wallet with one single public and private key?

If I am not right:
What is the advantage to generate a single private/public key, using an entropy (made by a cube), instead of generate the private/public key directly with a cube and convert the resulting numbers of the cube directly into a "52 characters base58".

(?)