Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Pages:
Author

Topic: Generate an address (Read 3036 times)

DannyHamilton
legendary
Activity: 3472
Merit: 4794
Generate an address
September 17, 2013, 09:30:41 AM
#42
Quote from: gravitate on September 17, 2013, 09:10:53 AM
For next time how do you think I can write my private key in code safely but easy enough to decode by hand?

I wouldn't try to encode/decode by hand.  I'd generate a random 256 bit number, perform an XOR between the random 256 bit number and the bitcoin address, then encode both the random number and the result of the XOR in something like base58.  Next I'd have two different engravers engrave two separate items, each engraving one of the two encoded strings.

To redeem, you'd perform a bitwise XOR between the values represented on the two engraved items, and import the result as a private key.

In reality, this is all more effort and risk than I'd prefer.  I wouldn't use an engraver at all, and would find some other method of long term storage that doesn't require me to reveal my address or encoded private key to another person.  If you've got your mind set on involving untrusted people to assist, then I'd want to introduce a significant amount of unpredictable modification to the value that you are sharing.
gravitate
legendary
Activity: 1372
Merit: 1000
Re: Generate an address
September 17, 2013, 09:10:53 AM
#41
For next time how do you think I can write my private key in code safely but easy enough to decode by hand?
DannyHamilton
legendary
Activity: 3472
Merit: 4794
Re: Generate an address
September 17, 2013, 09:08:26 AM
#40
Quote from: gravitate on September 17, 2013, 09:02:14 AM
Well there is nothing for them to believe it has anything to do with bitcoins you see. They are a normal engravers. I am going to save 1000 GNP on there you see.  From what you say they would have to suspect bitcoin first then at the same time be a programmer. I feel secure that it's unlikely they are not. Thank you for your reply though

You pays your money and you takes your chances.
gravitate
legendary
Activity: 1372
Merit: 1000
Re: Generate an address
September 17, 2013, 09:02:14 AM
#39
Well there is nothing for them to believe it has anything to do with bitcoins you see. They are a normal engravers. I am going to save 1000 GNP on there you see.  From what you say they would have to suspect bitcoin first then at the same time be a programmer. I feel secure that it's unlikely they are not. Thank you for your reply though
DannyHamilton
legendary
Activity: 3472
Merit: 4794
Re: Generate an address
September 17, 2013, 08:56:56 AM
#38
Quote from: gravitate on September 17, 2013, 08:36:08 AM
I want to get a coin engraved with my public address and private key. Basically my public address will be shown and the private key will be fully written yet have some characters capitalised/ decapitalised and some numbers that are slightly different.

In total for one full private key generated from bitaddress.org the private key was changed by capitalising 3 letters, decapitalising 2 and changing 1 of the numbers.

So the engraver will see my public address and my private key with a few changes. Are there any risk of my coins getting stiolen?
Thanks

You've posted this question in multiple places. I've already answered it in your other post:

https://bitcointalksearch.org/topic/how-secure-is-this-295898

Quote from: DannyHamilton on September 17, 2013, 09:04:56 AM
If the engraver is aware of your obfuscation system, then there is a significant risk (perhaps they are reading this forum right now?)

Even if they aren't aware, there is a bit of a risk that they could decide to run a program that iterates over various combinations of substitution.  I haven't done the math, but you are essentially changing only 9 bits of information in an otherwise known 256 bit number.
gravitate
legendary
Activity: 1372
Merit: 1000
Re: Generate an address
September 17, 2013, 08:36:08 AM
#37
I want to get a coin engraved with my public address and private key. Basically my public address will be shown and the private key will be fully written yet have some characters capitalised/ decapitalised and some numbers that are slightly different.

In total for one full private key generated from bitaddress.org the private key was changed by capitalising 3 letters, decapitalising 2 and changing 1 of the numbers.

So the engraver will see my public address and my private key with a few changes. Are there any risk of my coins getting stiolen?
Thanks
Dabs
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Re: Generate an address
September 14, 2013, 06:03:27 AM
#36
Quote from: pc on September 10, 2013, 09:22:52 AM
Or to be completely offline, you can flip a coin 256 times to make the private key and have a calculator and pencil and paper to calculate the public key and address. I want to do it one of these days just to show that it's possible.
I was just about to reply with dice when I saw the table-top game dice.

Quote from: DannyHamilton on September 12, 2013, 08:38:26 AM
Is there a better source of entropy available to the average person that could be used to mechanically generate a private key?

According to dice ware and other sites, a really good dice would be "casino" grade dice. Those are usually 6 sided dice.

You just have to use an unbiased method to roll the required number of bits needed. Like roll one dice, 1-3 = 0 and 4-6 = 1. But that's too much work and you'd roll 256 times. Better is to roll 2 or 3 or several at a time to get bigger values (not added together, but representing base 6?)

Personally, what I would do is just use those dice results as a seed for a cryptographically secure random number generator. You'd still need to roll the 6 sided dice about 100 times to equal 256 bits.
DannyHamilton
legendary
Activity: 3472
Merit: 4794
Re: Generate an address
September 13, 2013, 07:38:57 AM
#35
Quote from: J35st3r on September 13, 2013, 03:20:30 AM
Quote from: DannyHamilton on September 12, 2013, 07:26:26 PM
Are dice any more likely to be "fair" than a coin?

It seems that people are far more likely to have a coin handy than 1d20?

Does it really matter here? The address space is 2^160 (mapped from the 2^256 approx private key space). A little bit of bias in the RNG is not going to make very much difference (and a lot of bias would be pretty obvious ... two headed coin anyone?)
- snip -

Sorry. I misunderstood.  I thought you were offering the d20 as a response to the earlier question:

Quote from: DannyHamilton on September 12, 2013, 08:38:26 AM
- snip -
Is there a better source of entropy available to the average person that could be used to mechanically generate a private key?
J35st3r
full member
Activity: 196
Merit: 100
Re: Generate an address
September 13, 2013, 03:20:30 AM
#34
Quote from: DannyHamilton on September 12, 2013, 07:26:26 PM
Are dice any more likely to be "fair" than a coin?

It seems that people are far more likely to have a coin handy than 1d20?

Does it really matter here? The address space is 2^160 (mapped from the 2^256 approx private key space). A little bit of bias in the RNG is not going to make very much difference (and a lot of bias would be pretty obvious ... two headed coin anyone?)

I got a few d20 somewhere (I'm of that generation...), but you could do it properly with d6. Just roll four times (ignoring values 5 and 6) and treat the results as two bits of the byte . Slightly more efficient than tossing a coin (not much), but you need to be pretty good at binary to hex conversion (though if you're doing the EC by hand too, that's the least of your problems...).
DannyHamilton
legendary
Activity: 3472
Merit: 4794
Re: Generate an address
September 12, 2013, 07:26:26 PM
#33
Quote from: J35st3r on September 12, 2013, 06:23:35 PM
Just roll a d20 and ignore everything above 15 (call 20 as zero). Or just use a d16 (a bit more difficult to come by though, never really was adopted in D&D.)

Are dice any more likely to be "fair" than a coin?

It seems that people are far more likely to have a coin handy than 1d20?
DannyHamilton
legendary
Activity: 3472
Merit: 4794
Re: Generate an address
September 12, 2013, 07:25:39 PM
#32
Quote from: johnyj on September 12, 2013, 05:41:56 PM
casting 2 x 8 sided dice will generate a hex number each time, cast it 16 times will generate a private key

VERY BAD IDEA.

The odds of rolling a combination that adds up to 9 (1,8: 2,7: 3,6: 4,5: 5,4: 6,3: 7,2: & 8,1) is FAR greater than the odds of rolling a combination that adds up to 2 (ONLY 1,1).

How exactly will you ever roll a 0 or a 1?
J35st3r
full member
Activity: 196
Merit: 100
Re: Generate an address
September 12, 2013, 06:23:35 PM
#31
Just roll a d20 and ignore everything above 15 (call 20 as zero). Or just use a d16 (a bit more difficult to come by though, never really was adopted in D&D.)
jackjack
legendary
Activity: 1176
Merit: 1260
May Bitcoin be touched by his Noodly Appendage
Re: Generate an address
September 12, 2013, 05:49:14 PM
#30
Quote from: johnyj on September 12, 2013, 05:41:56 PM
casting 2 x 8 sided dice will generate a hex number each time, cast it 16 times will generate a private key




Run your solution 30 times
  • Each time the result is in [2,3,4,13,14,15,16] (7 possibilities), I owe you 1BTC
  • Each time the result is in [6,7,8,9,10,11,12] (7 possibilities), you owe me 1BTC
  • Each time the result is 5, nothing happens

Deal?
johnyj
legendary
Activity: 1988
Merit: 1012
Beyond Imagination
Re: Generate an address
September 12, 2013, 05:41:56 PM
#29
casting 2 x 8 sided dice will generate a hex number each time, cast it 16 times will generate a private key



DannyHamilton
legendary
Activity: 3472
Merit: 4794
Re: Generate an address
September 12, 2013, 12:49:46 PM
#28
Quote from: BurtW on September 12, 2013, 12:43:51 PM
Good to know.  I was wrong (and was wrong for a very long time).  Learn something new every day.

 Grin

It seems that every time I think I finally understand something about bitcoin, I learn that my understanding was somehow flawed.

Even on this matter, I thought I knew what I was talking about when I told people that a number higher than 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141 was invalid.  Now today I discover that it is valid, it just isn't recommended to use it because it ends up essentially being some other number based on the modulo of the value.
BurtW
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Re: Generate an address
September 12, 2013, 12:43:51 PM
#27
Good to know.  I was wrong (and was wrong for a very long time).  Learn something new every day.
DannyHamilton
legendary
Activity: 3472
Merit: 4794
Re: Generate an address
September 12, 2013, 12:34:47 PM
#26
Quote from: BurtW on September 12, 2013, 11:57:17 AM
The integer p specifying the finite field Fp can be found here:

https://en.bitcoin.it/wiki/Secp256k1

which is really just copied from section 2.7.1 "Recommended Parameters secp256k1" on page 15 of this document:

http://www.secg.org/collateral/sec2_final.pdf

I will verify this and then fix the wiki if I am correct.

The number is found in the wiki here:
https://en.bitcoin.it/wiki/Private_key#Range_of_valid_private_keys

And is frequently stated throughout bitcointalk.org:


https://bitcointalksearch.org/topic/m.1672366
Quote from: deepceleron on March 25, 2013, 06:58:37 AM
- snip -
Also, SHA256 can create a value invalid as an ECDSA private key, "Specifically, any 256-bit number between 0x1 and 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141 is a valid private key."

https://bitcointalksearch.org/topic/m.2222704
Quote from: dunand on May 21, 2013, 09:21:12 AM
- snip -
Quote from: https://en.bitcoin.it/wiki/Private_key
Nearly every 256-bit number is a valid private key. Specifically, any 256-bit number between 0x1 and 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141 is a valid private key.

The range of valid private keys is governed by the secp256k1 ECDSA standard used by Bitcoin.

https://bitcointalksearch.org/topic/m.1727476
Quote from: Dabs on April 03, 2013, 12:01:22 AM
Quote from: dscotese
Does every number with the right number of bits represent a valid private key?  That seems doubtful to me.

I think there is a range. I found it on the wiki: Specifically, any 256-bit number between 0x1 and 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141 is a valid private key.
- snip -

https://bitcointalksearch.org/topic/m.1715086
Quote from: DannyHamilton on April 01, 2013, 10:56:21 AM
Quote from: falcoiii on March 31, 2013, 02:10:03 PM
- snip -
What is the maximum number of private addresses?

2^96  --  https://bitcointalksearch.org/topic/how-many-possibly-bitcoin-addresses-are-there-exactly-and-how-long-does-it-24268

and "almsot 2^256"   --   https://en.bitcoin.it/wiki/Private_key
- snip -

I assume you mean private keys (not private addresses, there is no such thing).  In that case:

https://en.bitcoin.it/wiki/Private_key

Quote
Nearly every 256-bit number is a valid private key. Specifically, any 256-bit number between 0x1 and 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141 is a valid private key.

The range of valid private keys is governed by the secp256k1 ECDSA standard used by Bitcoin.

https://bitcointalksearch.org/topic/m.1720529
Quote from: Dabs on April 02, 2013, 03:25:41 AM
- snip -
Nearly every 256-bit number is a valid private key. Specifically, any 256-bit number between 0x1 and 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141 is a valid private key.
- snip -

https://bitcointalksearch.org/topic/m.1662810
Quote from: kokjo on March 23, 2013, 07:50:04 AM
- snip -
its because the prime number chosen for secp256k1 is just a little less then 2^256

0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141 is that prime number in hexadecimal.

https://bitcointalksearch.org/topic/m.3081656
Quote from: Sothh on September 04, 2013, 01:47:46 PM
- snip -
If you do it this way, the max address you can use is FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141

https://bitcointalksearch.org/topic/m.2970259
Quote from: gmaxwell on August 20, 2013, 05:37:51 AM
Quote from: jackjack on August 20, 2013, 05:16:41 AM
By the way its not really an upper limit: n+1 is a pretty valid private key, it's just that it's equal to 1 (as n+1 mod n == 1 mod n)
If you generate that way you will end up with keys which are not equiprobable. The difference from uniform is very small, but its a certificational weakness you should avoid.
jackjack
legendary
Activity: 1176
Merit: 1260
May Bitcoin be touched by his Noodly Appendage
Re: Generate an address
September 12, 2013, 12:19:21 PM
#25
Quote from: BurtW on September 12, 2013, 11:57:17 AM
Quote from: pc on September 12, 2013, 08:45:57 AM
Quote from: BurtW on September 11, 2013, 06:36:20 PM
Quote from: pc on September 10, 2013, 01:49:05 PM
A private key is just a 256-bit random number. (Well, a number between 1 and hex value FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141.)

Where did you get that God awful number?  The actual value of p for secp256k1 is:

p = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F

I got it from the Private Key page on the Bitcoin wiki. I don't know whether the number is right or wrong, but feel free to update the wiki (perhaps it should have a citation, even?) if the value there is wrong. I apologize for not checking my sources more thoroughly, or at least citing where I was getting my info from.

In any event, it's rather unlikely that a random 256-bit number won't be in the range. If somebody gets heads a ton of times in a row, they may want to double-check the upper bound before using it. (Or, perhaps more likely, check that their coin is fair…)
The integer p specifying the finite field Fp can be found here:

https://en.bitcoin.it/wiki/Secp256k1

which is really just copied from section 2.7.1 "Recommended Parameters secp256k1" on page 15 of this document:

http://www.secg.org/collateral/sec2_final.pdf

I will verify this and then fix the wiki if I am correct.

I just answered to your post in the dev&tech forum
It's n because G^(n+1) = G
By the way a private key above n is valid, it's just that it will equivalent to (private key)%n
BurtW
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Re: Generate an address
September 12, 2013, 11:57:17 AM
#24
Quote from: pc on September 12, 2013, 08:45:57 AM
Quote from: BurtW on September 11, 2013, 06:36:20 PM
Quote from: pc on September 10, 2013, 01:49:05 PM
A private key is just a 256-bit random number. (Well, a number between 1 and hex value FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141.)

Where did you get that God awful number?  The actual value of p for secp256k1 is:

p = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F

I got it from the Private Key page on the Bitcoin wiki. I don't know whether the number is right or wrong, but feel free to update the wiki (perhaps it should have a citation, even?) if the value there is wrong. I apologize for not checking my sources more thoroughly, or at least citing where I was getting my info from.

In any event, it's rather unlikely that a random 256-bit number won't be in the range. If somebody gets heads a ton of times in a row, they may want to double-check the upper bound before using it. (Or, perhaps more likely, check that their coin is fair…)
The integer p specifying the finite field Fp can be found here:

https://en.bitcoin.it/wiki/Secp256k1

which is really just copied from section 2.7.1 "Recommended Parameters secp256k1" on page 15 of this document:

http://www.secg.org/collateral/sec2_final.pdf

I will verify this and then fix the wiki if I am correct.
jackjack
legendary
Activity: 1176
Merit: 1260
May Bitcoin be touched by his Noodly Appendage
Re: Generate an address
September 12, 2013, 10:33:37 AM
#23
Running the roulette again of course Grin
Pages:
Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Jump to: