Pages:
Author

Topic: Example of BTC collision (2 different priv key to the same BTC address) - page 2. (Read 1420 times)

legendary
Activity: 3472
Merit: 4801
considering the facts that SHA256 transforms 256bit public key (as input) to 256bit output, but RIPEMD160 transforms 256bit to 160bit, so the highly likely the collision is in RIPEMD160 function.

That depends on what you mean by highly likely.

It is much MORE likely that it will occur in the RIPEMD160 transform than in the SHA256 transform, but that's a bit like saying that it is much MORE likely that a completely fair coin will land on heads 160 times in a row than 256 times in a row.  In both cases it is *VERY* unlikely.

Essentially we are talking about the difference between "It isn't going to happen" and "It isn't going to happen".

The exception to this would be if a mathematician were to discover some currently unknown weakness in the algorithm which allows for a practical technique to generate a collision. In that case such a weakness is no more likely to be discovered in SHA256 than in RIPEMD160.

Furthermore, a discovery of an exploitable weakness in either hash would still require the ability to calculate an ECDSA private key from it's public key (currently not possible).  Otherwise, it won't be possible for someone to find the private key needed to cause the collision.
sr. member
Activity: 443
Merit: 350

I want to find at least two (better more of course) private keys within the bitcoin range and leading to the same btc address.


What you are looking for is either one of the following to have occurred:

  • A SHA256 collision (2 different inputs that result in the exact same SHA256 outputs)
  • A RIPEMD160 collision (2 different inputs that result in the exact same RIPEMD160 outputs)

To my knowledge, there is no record of either having ever occurred (in Bitcoin or otherwise).


Any of these collission will be good as both will lead to the situation where 2 different private keys will result to the same bitcoin address. As ECDSA bitcoin curve guarantees to us that there is only one public key to every private key, so the collision could be only during the public key transormation to the address.
So, you are absolutely right that the collision is in SHA256 or RIPEMD160. But considering the facts that SHA256 transforms 256bit public key (as input) to 256bit output, but RIPEMD160 transforms 256bit to 160bit, so the highly likely the collision is in RIPEMD160 function.
legendary
Activity: 3472
Merit: 4801

I want to find at least two (better more of course) private keys within the bitcoin range and leading to the same btc address.


What you are looking for is either one of the following to have occurred:

  • A SHA256 collision (2 different inputs that result in the exact same SHA256 outputs)
  • A RIPEMD160 collision (2 different inputs that result in the exact same RIPEMD160 outputs)

To my knowledge, there is no record of either having ever occurred (in Bitcoin or otherwise).
member
Activity: 174
Merit: 12
PS. It looks like you took my own example from another topic and post it here  Huh

Yes, I did not pay attention to who is the creator of this topic Smiley
sr. member
Activity: 443
Merit: 350
Privkeys:
KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYpCemuaUp7NigjvtJug
L5oLkpV3aqBjhki6LmvChTCV6odsp4SXM6LBVeqHTSj1w9XhwfuR   (outside of bitcoins curve range)
Address:
1Me6EfpwZK5kQziBwBfvLiHjaPGxCKLoJi

Thank you Smiley But this "playing" is known to me as well.
I'm not sure if you understand how these keys were received. I made the same example some weeks ago.

I just add the order to the private key 363d541eb611abee and received the outside private fffffffffffffffffffffffffffffffebaaedce6af48a03bf60fb2ab8647ed2f
But it is not a collision. It just play with a modular mathematics. This works beacuse the private keys are repeating after the order (the order actually is 0 in bitcoin EDCSA math).

I want to find at least two (better more of course) private keys within the bitcoin range and leading to the same btc address.

PS. It looks like you took my own example from another topic and post it here  Huh
Here is my post with the same example: https://bitcointalksearch.org/topic/m.52493665
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
Here are some privatekeys Leading to same addresses [Compressed and Uncompressed]

KxqjPLtQqydD8d6eUrpJ7Q1266k8Mw8f5eoyEztY3Kc6jtMsgkXp
-snip-
5JBb5A38fjjeBnngkvRmCsXN6EY4w8jWvckik3hDvYQMnakxLRd

Leads to
1C4LeCvgTFJJjxiuPMGgW26PAqmfEBfSL5 [Compressed]
1DU46StbrH652jBv7dE8DWMg4rTRy2rU5W [Uncompressed]
Those "two" WIF private keys aren't different, those are basically the same private key:
305E293B010D29BF3C888B617763A438FEE9054C8CAB66EB12AD078F819D9F7F
There's no collision there.

BTW, if you just base it from their WIF format, both private keys derived different addresses Roll Eyes
legendary
Activity: 2128
Merit: 1293
There is trouble abrewing
Here are some privatekeys Leading to same addresses

there are different ways of representing numbers:
Code:
1
I
one
0x01
00000001
but it doesn't mean we have dozens of number one! we only have 1 value that we use different encodings for it to represent it (numeral, roaman, text, hex, binary). what you did here was only to change the encoding.
and what you did here is just playing with modular arithmetic.

neither one of these have anything to do with this topic: collision.
member
Activity: 174
Merit: 12
Privkeys:
KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYpCemuaUp7NigjvtJug
L5oLkpV3aqBjhki6LmvChTCV6odsp4SXM6LBVeqHTSj1w9XhwfuR   (outside of bitcoins curve range)
Address:
1Me6EfpwZK5kQziBwBfvLiHjaPGxCKLoJi
newbie
Activity: 16
Merit: 3
can you just say how many private keys do you have to the same address? And also how many addresses do you have with more than one private key?

we are not "mapping" keys to addresses to have 1:X ratio. we are hashing the public key which returns a random result so there is no fixed ratio. there is a chance of collision because the hash size (160 bits) is smaller than the number of private keys (a little less than 256 bit) but so far nobody has found any collisions and will not find any for a very long time. anybody who claims otherwise without proof is most probably lying.

As for the ratio I knoe that this ratio could not be. There just ann average chance that one address could have 2^96 private keys.
I asked "how many" because this guy wrote that he had such keys, but didnot want to give the example and did not say the reason why he cuuld not tell:


Regarding your original question i must admit I have found such addressess and possess the private key for it, but cannot for various reason share which one and how I came in possession of it.

/KX

Talking about Wif format

Here are some privatekeys Leading to same addresses [Compressed and Uncompressed]

KxqjPLtQqydD8d6eUrpJ7Q1266k8Mw8f5eoyEztY3Kc6jtMsgkXp
cPCirFtGH3KUJ4ZusGdRUiW5iL3Y2PEM9gxSMRM3YSG6Eon9heJj
5JBb5A38fjjeBnngkvRmCsXN6EY4w8jWvckik3hDvYQMnakxLRd

Leads to
1C4LeCvgTFJJjxiuPMGgW26PAqmfEBfSL5 [Compressed]
1DU46StbrH652jBv7dE8DWMg4rTRy2rU5W [Uncompressed]

Thanks
jr. member
Activity: 87
Merit: 5
can you just say how many private keys do you have to the same address? And also how many addresses do you have with more than one private key?

we are not "mapping" keys to addresses to have 1:X ratio. we are hashing the public key which returns a random result so there is no fixed ratio. there is a chance of collision because the hash size (160 bits) is smaller than the number of private keys (a little less than 256 bit) but so far nobody has found any collisions and will not find any for a very long time. anybody who claims otherwise without proof is most probably lying.

As for the ratio I knoe that this ratio could not be. There just ann average chance that one address could have 2^96 private keys.
I asked "how many" because this guy wrote that he had such keys, but didnot want to give the example and did not say the reason why he cuuld not tell:


Regarding your original question i must admit I have found such addressess and possess the private key for it, but cannot for various reason share which one and how I came in possession of it.

/KX

And post got deleted.
sr. member
Activity: 443
Merit: 350
can you just say how many private keys do you have to the same address? And also how many addresses do you have with more than one private key?

we are not "mapping" keys to addresses to have 1:X ratio. we are hashing the public key which returns a random result so there is no fixed ratio. there is a chance of collision because the hash size (160 bits) is smaller than the number of private keys (a little less than 256 bit) but so far nobody has found any collisions and will not find any for a very long time. anybody who claims otherwise without proof is most probably lying.

As for the ratio I knoe that this ratio could not be. There just ann average chance that one address could have 2^96 private keys.
I asked "how many" because this guy wrote that he had such keys, but didnot want to give the example and did not say the reason why he cuuld not tell:


Regarding your original question i must admit I have found such addressess and possess the private key for it, but cannot for various reason share which one and how I came in possession of it.

/KX
legendary
Activity: 3472
Merit: 10611
can you just say how many private keys do you have to the same address? And also how many addresses do you have with more than one private key?

we are not "mapping" keys to addresses to have 1:X ratio. we are hashing the public key which returns a random result so there is no fixed ratio. there is a chance of collision because the hash size (160 bits) is smaller than the number of private keys (a little less than 256 bit) but so far nobody has found any collisions and will not find any for a very long time. anybody who claims otherwise without proof is most probably lying.
sr. member
Activity: 443
Merit: 350

Regarding your original question i must admit I have found such addressess and possess the private key for it, but cannot for various reason share which one and how I came in possession of it.

/KX

This was the exact thing i want to know   Huh If you can not tell everything, can you just say how many private keys do you have to the same address? And also how many addresses do you have with more than one private key?
sr. member
Activity: 443
Merit: 350
When you find a collision, you can get your reward in BTC:
SHA256 collision cost 0.27609251 BTC
RIPEMD160 collision cost 0.11476888 BTC
RIPEMD160(SHA256()) collision cost 0.10026873 BTC
SHA256(SHA256()) collision cost 0.10026873 BTC

Read original topic of the bounty https://bitcointalksearch.org/topic/m.3142575

Thank you for sharing! I wanted to find such collision just for my curiosity, however it also could be paid   Roll Eyes
Can you please explain how did you calculate these bounties for each collision?
kzv
legendary
Activity: 1722
Merit: 1285
OpenTrade - Open Source Cryptocurrency Exchange
When you find a collision, you can get your reward in BTC:
SHA256 collision cost 0.27609251 BTC
RIPEMD160 collision cost 0.11476888 BTC
RIPEMD160(SHA256()) collision cost 0.10026873 BTC
SHA256(SHA256()) collision cost 0.10026873 BTC

Read original topic of the bounty https://bitcointalksearch.org/topic/m.3142575
legendary
Activity: 4522
Merit: 3426
There are almost 2^256 possible private keys, and every key could be used to generate the BTC address. However the amount of possible BTC addresses is only 2^160 (because of ripemd160 hash function).

Is there any real example of at least 2 (or may be more) DIFFERENT private keys resulting to the same bitcoin address?

Answering your question ... So far there is no known collision.

Furthermore, the probability of a collision ever occurring by chance is extremely low. Imagine that 10 billion transactions, each with a new address, are added to the block chain every year for 1 million years. That's about 253 transactions, which is still very negligible compared to 2160.
legendary
Activity: 1946
Merit: 1427
And I don't think blockchain designed like that.
Except that it is possible. See the quote above, (or below)

Yes, you can have two keys generate the same address.

There are 2^160 possible addresses, and 2^256 possible private keys, so each address corresponds to roughly 2^(256-160)=2^96 private keys. Any of these will generate the same address and thus be able to spend the money owned by that address. Since 2^160 is so large, however, it would take a near-eternity to find any collisions.

Whether two private keys can generate the same public key is another question. I think the answer is yes, but I am not sure on that. The public key in uncompressed form consists of two 256-bit numbers, which are X and Y coordinates on an elliptic curve. However, the compressed form is just the X coordinate plus a bit, from which you can calculate the whole public key. This means the space is (at most) 2^257. Unless there is a one-to-one mapping due to the mathematical properties of the cryptography used, each compressed public key corresponds to roughly 0.5 private keys (with the same distribution you'd get from picking a random number from 1 to 2^257, 2^256 times), so some private keys will collide, while others will not.

Actually finding any pair of different private keys that generate the same public key or address would be quite difficult. Either it would involve a huge amount of computation and/or luck, or it would be due to finding a serious vulnerability in the algorithm(s) used.
hero member
Activity: 1241
Merit: 623
OGRaccoon
However i want to find 2 different private keys inside the order leading to the same BTC address
Likely you will not able to find it, and I don't think it will happen even future. A single btc address could not be belongs to two or more private keys. If so, then fund will be stolen from the first address. Because when you will see that you new genarated address contained with fund then likely you will move it to another address. And I don't think blockchain designed like that.

I understand that it is very unlikely. But a BTC address is created from the private key. The total possible private keys are almost 2^256 (to be exact: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141). The public key is also within the same range. However, later due to hash operations (SHA256 and ripemd160), the total possible combinations of final addresses is only 2^160. So, statistically each address on average could have 2^(256-160) = 2^96 possible private keys which is very large number: 79 228 162 514 264 337 593 543 950 336 (roundly 10^29). So, there should be the situation there several DIFFERENT private keys within the bitcoin order lead to the same bitcoin address.

You stated that "A single btc address could not be belongs to two or more private keys", but how is it true if the total possible combinations of bitcoin legacy addresses are 2^96 times less than the total possible combinations of priivate keys?

This is why brainflayer runs against a bloom filter of ripemd160 hashes instead of the actual main address it hunts for the corresponding PK value in relation to the Ripemd160 hashes.
it's also open source unlike the Large Bitcoin  MALWARE Collider posted above.

https://github.com/ryancdotorg/brainflayer
sr. member
Activity: 443
Merit: 350
However i want to find 2 different private keys inside the order leading to the same BTC address
Likely you will not able to find it, and I don't think it will happen even future. A single btc address could not be belongs to two or more private keys. If so, then fund will be stolen from the first address. Because when you will see that you new genarated address contained with fund then likely you will move it to another address. And I don't think blockchain designed like that.

I understand that it is very unlikely. But a BTC address is created from the private key. The total possible private keys are almost 2^256 (to be exact: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141). The public key is also within the same range. However, later due to hash operations (SHA256 and ripemd160), the total possible combinations of final addresses is only 2^160. So, statistically each address on average could have 2^(256-160) = 2^96 possible private keys which is very large number: 79 228 162 514 264 337 593 543 950 336 (roundly 10^29). So, there should be the situation there several DIFFERENT private keys within the bitcoin order lead to the same bitcoin address.

You stated that "A single btc address could not be belongs to two or more private keys", but how is it true if the total possible combinations of bitcoin legacy addresses are 2^96 times less than the total possible combinations of priivate keys?
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
Is there any real example of at least 2 (or may be more) DIFFERENT private keys resulting to the same bitcoin address?
Take a look at the Large Bitcoin Collider project. They have managed to find a few collisions. This page describes in detail what kind of collision the pool is looking for.
Those "collisions" aren't really collisions.
They mostly hunt for purposely generated "weak" private keys, for example: this puzzle transaction.

That example contains addresses derived from private keys ranging from
0000000000000000000000000000000000000000000000000000000000000001 to
000000000000000000000000000000000000000af55fc59c335c8ec67ed24826 and so on...
which apparently, can be bruteforced with enough computing power.
Pages:
Jump to: