Author

Topic: Generating the private and public keys 100% offline (Read 169 times)

newbie
Activity: 8
Merit: 8
Thank you All for detailed and great information. Now it's much more clear to me.
full member
Activity: 149
Merit: 165
Metal Seed Phrase at the lowest price! From 44.99
In case that after all these useful answers you are still worried, you could set up a multisig 2-of-3 solution, and then it would be even less likely
sr. member
Activity: 364
Merit: 298
-snip-

This is my favourite analogy:

Imagine a massive wall of lockers. Each locker is 1mm by 1mm, and the entire wall of lockers is a square 2 light years on each side. When you choose a private key, you pick one of these lockers at random. When someone sends you bitcoins, there's some magical inbox which puts the bitcoins into your locker without telling the sender anything about the location of your locker.

The lockers don't have locks. If someone knew the location of your locker (ie. your private key), then they could just go take what's in it. Similarly, it's possible to choose a locker at random and find that someone has used it already at some point in the past. But there are just so many lockers that in reality it's never going to happen, even if humanity devotes all of its efforts to searching through all of the lockers.

Another excellent analogy is provided by Charles-Tim in the first reply.  To put it into perspective, even if you used the most efficient method to, not hash, *just count* up to 2256 and had the energy equivalent of the Sun (roughly 330,000 times the mass of the Earth!), you would still run out of energy before reaching that number. 
jr. member
Activity: 59
Merit: 27
Your question essentially boils down to whether someone can find a RIPEMD-160 collision.  Your address is a hash of your public key.  An attacker doesn't need to discover your private key, which has a probability of approximately 1 in 2256.  They need to find a private key whose public key generates the same 160-bit RIPEMD hash as yours.  The odds of this happening are 1 in 2160.

This is still  astronomically large.  You can rest assured that your coins are safe. 

Indeed, those numbers are really big. From Bruce Schneier’s book “Applied Cryptography”, here are some analogies that illustrate just how big those numbers are.

Physical Analogue - Number
Odds of being killed by lightning (per day) - 1 in 9 billion (2^33)
Odds of winning the top prize in a U.S. state lottery - 1 in 4,000,000 (2^22)
Odds of winning the top prize in a U.S. state lottery and being killed by lightning in the same day 1 in 2^55
Odds of drowning (in the U.S. per year) 1 in 59,000 (2^16)
Odds of being killed in an automobile accident (in the U.S. in 1993) 1 in 6100 (2^13)
Odds of being killed in an automobile accident (in the U.S. per lifetime)   1 in 88 (2^7)
Time until the next ice age   14,000 (2^14) years
Time until the sun goes nova 109 (2^30) years
Age of the planet   109 (2^30) years
Age of the Universe   1010 (2^34) years
Number of atoms in the planet   1051 (2^170)
Number of atoms in the sun   1057(2^190)
Number of atoms in the galaxy   1067 (2^223)

 Shocked
legendary
Activity: 3346
Merit: 3130
My main concern is that someone else may do the same and possibly generate the same pair of keys thus unintentionally gain access to my crypto.
Are my concerns justified or this scenario is totally impossible ?

It's impossible because the keys are generated with entropy and the odds to generate the same keys are just too low to consider it as an option. If someone was able to spend your coins, that means someone got access to your pendrive, that's the only logical version.

Or another option could be the fact that you used the wrong software to generate the private keys, some malware that sends the pk to the hacker when the address is generated.
hero member
Activity: 2702
Merit: 716
Nothing lasts forever
Hello,
Assume the private and public keys for Bitcoin were generated via the legitimate and secure desktop application.
This desktop was never connected to the internet. The application installer was copied into the desktop from pendrive and thus the application was installed on this desktop when it was already disconnected from the internet.
After copying the generated private and public keys to the pendrive the desktop disk was erased and thus this desktop was never connected to the internet.
Later some crypto were sent to the public address.
My main concern is that someone else may do the same and possibly generate the same pair of keys thus unintentionally gain access to my crypto.
Are my concerns justified or this scenario is totally impossible ?
I believe the application may be any desktop wallet and it is not limited to BTC only.

Thank you for clarification.


Even if you had your computer connected to the internet then the possibility of someone else generating the same public key as yours is next to impossible.
So you don't have to worry about the fact that the keys might be generated by someone else too.
Then comes the fact of securing your coins and I think you should be good with the technique you are using.
Just make sure you are using a genuine application to generate the keys.
hero member
Activity: 1554
Merit: 880
pxzone.online
My main concern is that someone else may do the same and possibly generate the same pair of keys thus unintentionally gain access to my crypto.
Are my concerns justified or this scenario is totally impossible ?
It might be possible by math since the chance don't fall to zero but it's very impossible to happen realistically. Your kind of concern were already thought by the those companies who have very huge BTC holdings. If you think about it, they as rich as holding hundred of thousands of BTC trusts the process from standard wallet generation how much more for those average holders?
sr. member
Activity: 364
Merit: 298
Is it possible for seed to be 100% protected? To me, it's not actually possible as there might be many open spaces that makes it 99% even when they have never seen an internet connection. But it now depends on how serious you take the security of your keys.(just my taught though)

Generate your seed phrase by tossing a coin to avoid any RNG weaknesses or errors.  Use an airgapped machine with Tails installed for signing transactions through electrum.  When it's time to spend, use a watch-only wallet on your internet-connected computer and transfer the signatures via QR code.  This is virtually 100% protection, excluding physical attacks. 
hero member
Activity: 868
Merit: 952
My main concern is that someone else may do the same and possibly generate the same pair of keys thus unintentionally gain access to my crypto.
Are my concerns justified or this scenario is totally impossible ?

Although it wouldn’t be totally correct to use the word impossible because theoretically there is possibility since there is nothing actually keeping tabs of the generated private keys to stop the generation of them.

But mathematically it is impossible to actually get the private key collision because the total number of private keys available is slightly less than 2256 which is definitely impossible to generate all at this rate. Even the possibility of generating same address which is smaller is still having to generate a 2160 private keys before getting a collision. So let’s put out the impossibility now at this rate.


If your seed phrase or private key is 100% protected and only you has it, your coins are safe.

Is it possible for seed to be 100% protected? To me, it's not actually possible as there might be many open spaces that makes it 99% even when they have never seen an internet connection. But it now depends on how serious you take the security of your keys.(just my taught though)

That’s basically just saying that nothing is 100% perfect which yea is right. But still your 99% is already showing perfection.
hero member
Activity: 896
Merit: 586
Leading Crypto Sports Betting & Casino Platform
The public key of a wallet is generated from a private key making the two to be connected to each other. This private key generates a random 256 bit (32 byte) number and these numbers are so large that it will be impossible for two same people to generate the same private keys, as long as it was generated securely.

It is only you that have access to your private keys and that is what shows that you are the owner of that wallet.This is why you don't show anyone your private keys either offline or online, if not they can use it to steal your bitcoin. Meaning that your coins are safe. You can read this for more understanding
https://learnmeabitcoin.com/technical/keys/private-key/
sr. member
Activity: 336
Merit: 365
The Alliance Of Bitcointalk Translators - ENG>PID
The scenario you described isn't possible because of how private keys are generated in cryptographic systems. I used to think about this a while agoo but after doing some research I found that the randomness used in generating keys for each wallet ensures they are always unique. This means it's not possible for two wallets to have exactly the same keys. Another thing I wondered about was how the cryptographic system can check if a key has been generated before, especially if it's done offline without any internet connection. Then it took a bit more time to know that it wasn't necessary to create a wallet online and you can also sign your transactions offline. Meaning that you can choose not to ever expose your keys to the Internet.

If your seed phrase or private key is 100% protected and only you has it, your coins are safe.

Is it possible for seed to be 100% protected? To me, it's not actually possible as there might be many open spaces that makes it 99% even when they have never seen an internet connection. But it now depends on how serious you take the security of your keys.(just my taught though)
sr. member
Activity: 2828
Merit: 357
Eloncoin.org - Mars, here we come!
No matter what or how good a software is, it’s very unlikely for two persons to generate the same keys. Bitcoin is created in a way that no keys would be generated by pure coincidence alone. The possibilities are just too astronomical for it to happen so the scenario is very unlikely to happen.
sr. member
Activity: 364
Merit: 298
Your question essentially boils down to whether someone can find a RIPEMD-160 collision.  Your address is a hash of your public key.  An attacker doesn't need to discover your private key, which has a probability of approximately 1 in 2256.  They need to find a private key whose public key generates the same 160-bit RIPEMD hash as yours.  The odds of this happening are 1 in 2160.

This is still  astronomically large.  You can rest assured that your coins are safe. 
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Answer it yourself by reading what are written on this image:




If your seed phrase or private key is 100% protected and only you has it, your coins are safe.
newbie
Activity: 8
Merit: 8
Hello,
Assume the private and public keys for Bitcoin were generated via the legitimate and secure desktop application.
This desktop was never connected to the internet. The application installer was copied into the desktop from pendrive and thus the application was installed on this desktop when it was already disconnected from the internet.
After copying the generated private and public keys to the pendrive the desktop disk was erased and thus this desktop was never connected to the internet.
Later some crypto were sent to the public address.
My main concern is that someone else may do the same and possibly generate the same pair of keys thus unintentionally gain access to my crypto.
Are my concerns justified or this scenario is totally impossible ?
I believe the application may be any desktop wallet and it is not limited to BTC only.

Thank you for clarification.
Jump to: