Topic: Example of BTC collision (2 different priv key to the same BTC address) - page 2. (Read 1410 times)

considering the facts that SHA256 transforms 256bit public key (as input) to 256bit output, but RIPEMD160 transforms 256bit to 160bit, so the highly likely the collision is in RIPEMD160 function.

What you are looking for is either one of the following to have occurred:

• A SHA256 collision (2 different inputs that result in the exact same SHA256 outputs)
• A RIPEMD160 collision (2 different inputs that result in the exact same RIPEMD160 outputs)

To my knowledge, there is no record of either having ever occurred (in Bitcoin or otherwise).

I want to find at least two (better more of course) private keys within the bitcoin range and leading to the same btc address.

PS. It looks like you took my own example from another topic and post it here 

Privkeys:
KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYpCemuaUp7NigjvtJug
L5oLkpV3aqBjhki6LmvChTCV6odsp4SXM6LBVeqHTSj1w9XhwfuR   (outside of bitcoins curve range)
Address:
1Me6EfpwZK5kQziBwBfvLiHjaPGxCKLoJi

Here are some privatekeys Leading to same addresses [Compressed and Uncompressed]

KxqjPLtQqydD8d6eUrpJ7Q1266k8Mw8f5eoyEztY3Kc6jtMsgkXp
-snip-
5JBb5A38fjjeBnngkvRmCsXN6EY4w8jWvckik3hDvYQMnakxLRd

Leads to
1C4LeCvgTFJJjxiuPMGgW26PAqmfEBfSL5 [Compressed]
1DU46StbrH652jBv7dE8DWMg4rTRy2rU5W [Uncompressed]

Here are some privatekeys Leading to same addresses

1
I
one
0x01
00000001

As for the ratio I knoe that this ratio could not be. There just ann average chance that one address could have 2^96 private keys.
I asked "how many" because this guy wrote that he had such keys, but didnot want to give the example and did not say the reason why he cuuld not tell:

As for the ratio I knoe that this ratio could not be. There just ann average chance that one address could have 2^96 private keys.
I asked "how many" because this guy wrote that he had such keys, but didnot want to give the example and did not say the reason why he cuuld not tell:

we are not "mapping" keys to addresses to have 1:X ratio. we are hashing the public key which returns a random result so there is no fixed ratio. there is a chance of collision because the hash size (160 bits) is smaller than the number of private keys (a little less than 256 bit) but so far nobody has found any collisions and will not find any for a very long time. anybody who claims otherwise without proof is most probably lying.

Regarding your original question i must admit I have found such addressess and possess the private key for it, but cannot for various reason share which one and how I came in possession of it.

/KX

can you just say how many private keys do you have to the same address? And also how many addresses do you have with more than one private key?

Regarding your original question i must admit I have found such addressess and possess the private key for it, but cannot for various reason share which one and how I came in possession of it.

/KX

When you find a collision, you can get your reward in BTC:
SHA256 collision cost 0.27609251 BTC
RIPEMD160 collision cost 0.11476888 BTC
RIPEMD160(SHA256()) collision cost 0.10026873 BTC
SHA256(SHA256()) collision cost 0.10026873 BTC

Read original topic of the bounty https://bitcointalksearch.org/topic/m.3142575

There are almost 2^256 possible private keys, and every key could be used to generate the BTC address. However the amount of possible BTC addresses is only 2^160 (because of ripemd160 hash function).

Is there any real example of at least 2 (or may be more) DIFFERENT private keys resulting to the same bitcoin address?

And I don't think blockchain designed like that.

Yes, you can have two keys generate the same address.

There are 2^160 possible addresses, and 2^256 possible private keys, so each address corresponds to roughly 2^(256-160)=2^96 private keys. Any of these will generate the same address and thus be able to spend the money owned by that address. Since 2^160 is so large, however, it would take a near-eternity to find any collisions.

Whether two private keys can generate the same public key is another question. I think the answer is yes, but I am not sure on that. The public key in uncompressed form consists of two 256-bit numbers, which are X and Y coordinates on an elliptic curve. However, the compressed form is just the X coordinate plus a bit, from which you can calculate the whole public key. This means the space is (at most) 2^257. Unless there is a one-to-one mapping due to the mathematical properties of the cryptography used, each compressed public key corresponds to roughly 0.5 private keys (with the same distribution you'd get from picking a random number from 1 to 2^257, 2^256 times), so some private keys will collide, while others will not.

Actually finding any pair of different private keys that generate the same public key or address would be quite difficult. Either it would involve a huge amount of computation and/or luck, or it would be due to finding a serious vulnerability in the algorithm(s) used.

I understand that it is very unlikely. But a BTC address is created from the private key. The total possible private keys are almost 2^256 (to be exact: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141). The public key is also within the same range. However, later due to hash operations (SHA256 and ripemd160), the total possible combinations of final addresses is only 2^160. So, statistically each address on average could have 2^(256-160) = 2^96 possible private keys which is very large number: 79 228 162 514 264 337 593 543 950 336 (roundly 10^29). So, there should be the situation there several DIFFERENT private keys within the bitcoin order lead to the same bitcoin address.

You stated that "A single btc address could not be belongs to two or more private keys", but how is it true if the total possible combinations of bitcoin legacy addresses are 2^96 times less than the total possible combinations of priivate keys?

Likely you will not able to find it, and I don't think it will happen even future. A single btc address could not be belongs to two or more private keys. If so, then fund will be stolen from the first address. Because when you will see that you new genarated address contained with fund then likely you will move it to another address. And I don't think blockchain designed like that.

Take a look at the Large Bitcoin Collider project. They have managed to find a few collisions. This page describes in detail what kind of collision the pool is looking for.