Topic: ★☆ Get Help Here | The Ultimate Help Thread! | Free Giveaways ★☆ - page 5. (Read 7872 times)

What process do you use to generate an address from a private key?

Bump, we're nearing 50 questions guys!

I have to go back to this guys videos, to understand the concept. http://www.youtube.com/watch?v=U2bw_N6kQL8

But your answer was spot on. Thanks.

There are three layers of cryptographic functions between the private key and the bitcoin address.  Each layer is currently recognized as being a one-way function.  In other words, given an input, it is very fast for a computer to calculate the output, but given an output, mathematicians have not yet found an efficient way to determine what the input could have been.

The first layer is ECDSA (Elliptic Curve Digital Signature Algorithm):
This algorithm depends on the fact that point multiplication is something that computers can do very quickly, but mathematicians have not yet found a way to efficiently accomplish the reverse.  It is known as the "discrete logarithm problem", and if an efficient method is discovered, then it will become possible to determine a private key if you have the public key.  Fortunately, the public key isn't revealed until the bitcoins that are received at an address are spent.  Therefore even if weaknesses are discovered in ECDSA, depending on just how efficient a solution is discovered, bitcoins received at a new address will still be secure.

The next layer is SHA-256 (Secure Hash Algorithm 256 bit):
This algorithm creates a 256 bit digest of the input.  The public key (generated from ECDSA) is used as input, and the output is fed to another hashing algorithm (RIPEMD-160). The output is unpredictable beyond the fact that it will fall between 0 and 2²⁵⁶.  Given the input, computers can very quickly calculate the digest, but mathematicians have not yet found a way to efficiently accomplish the reverse.  If SHA-256 is broken, it will affect much more than just Bitcoin.  This algorithm is widely used for security throughout the internet for passwords, and information verification.  Fortunately, the public key isn't revealed until the bitcoins that are received at an address are spent, and the output of SHA-256 is obscured by the RIPEMD-160 function.  Therefore, having a bitcoin address isn't enough information to calculate the public key, and breaking SHA-256 will only get you the public key which would then need ECDSA to also be broken before you could get to the private key.

As mentioned, the next layer is RIPEMD-160 (RACE Integrity Primitives Evaluation Message Digest 160 bit):
This algorithm creates a 160 bit digest of the input.  The output of the previous SHA-256 is used as input, and the output is essentially your bitcoin address. The output is unpredictable beyond the fact that it will fall between 0 and 2¹⁶⁰.  Given the input, computers can very quickly calculate the digest, but mathematicians have not yet found a way to efficiently accomplish the reverse.  Fortunately, the public key isn't revealed until the bitcoins that are received at an address are spent.  Therefore, if RIPEMD-160 were broken, having a bitcoin address is only enough information to calculate the output of the SHA-256 function.  You'd also have to break SHA-256 just to get the public key which would then need ECDSA to also be broken before you could get to the private key.

As you can hopefully see, weakening any one (or two) of these cryptographic functions isn't enough to steal bitcoins.  Meanwhile, if weaknesses ever are discovered in any of these algorithms, there would be plenty of time for Bitcoin to replace the weakened function with a newer more secure algorithm.  To get from a bitcoin address to a private key, someone would need to very suddenly discover extremely efficient solutions to reverse all three algorithms.  Since they don't have much in common, this would require some significant efforts in very different fields of study with some extremely lucky timing.

It isn't realistically going to happen.

Question 4

If the bitcoin adress can be generated from the private key, why can'nt the bitcoin adress, not be reverse engineered, to display the private key?

Silly question, but if someone figure that out, the whole crypto currency world will collapse.

The single most inportant piece of information you need is the private key.  With this you can regenerate the bitcoin address in the future. If you don't have the private key, you can't every access the bitcoins that were sent to the address.  If anyone else has access to the private key, then they can access and spend/steal your bitcoins.  This means that you need to do 2 important things.  You need to store the private key in a way that you are certain that you will be able to access it in the future (protect it against loss and damage), AND you need to store the private key in a way that you are certain that no untrusted individuals will be able to gain access to it.


You have some of it right, but you have some that isn't right.

There is no such thing as a "sending address", or a "private address".  Some people will use the words "sending address" to refer to their "receiving address" when they spend the bitcoins that were recieved there, but this is not an accurate description and leads to confusion and misunderstandings.

So, when it comes to wallets (paper, offline, online, cold storage, etc), the two terms to be familiar with are "private key" and "bitcoin address" (also known as "receiving address").  You need to know what the bitcoin address is if you want to send bitcoins to the wallet.  You (or the software that you are using to create transactions) need to have access to the private key if you want to spend any bitcoins that were received at that address.  Every private key has exactly 1 address.  For all intents and purposes, every bitcoin address has exactly 1 private key.


Assuming that you mean "private key", yes that is sufficient.


Hidden number? My best guess is that it was the private key, but I'd need to see an example of a similar paper wallet to be sure.


Again, there is no "private address", and there really isn't a "sending address", but yes, the term "private key" was most likely correct.

Well I created a sh^%&load of paper wallets, on a brand new pc, I print them and keeping them for future. I then re-formatted the pc, and most traces of what was on the pc, is wiped. The pc will work as a standalone "wordprocessing" pc and will never be connected to the internet.

I deposit BTC into some of these wallets, to spread the bounty. If someone ever do get hold of these wallets, they will not be online, and all of them will not be, at my house. They will not find 1 wallet with all my coin.

Make say 100 paper wallets, and leave them all over the place. Make whoever are looking for it, work for it.  And in most casses, all of them will be empty anyways.

 

This touches on another area I am not totally clear on. What exactly needs to be recorded, printed out/written down?

We have private keys, private (sending?) address, and public (receiving?) address. Do I even have the terminology correct?

If one was to print or write down the private address only is that sufficient to recover (spend, send) BTC to a new wallet some day?

**edit**

Earlier I mentioned a a paper wallet I made. Was the hidden number the private key or private (sending?) address? Once again do I even have the terminology correct?

Regards, and thank you for your time.

When I said "generated", I assumed it was implied that the information would need to be recorded offline in some fashion (such as printing with a printer, or carefully writing it down on a piece of paper).  Saving to a USB thumb drive would be ok as well, as long as the thumb drive was never plugged into a computer that was connected to the internet.

I can see how someone unfamiliar with the importance of private keys might not understand the necessity to record this information, and therefore might not realize what I was implying.  As such, I've edited my post to clarify the matter.

Question. If you reformat the HDD a second time, as above, where do you have, store your wallet, wallet files, to access them again? You didn't mention a paper wallet, thumb drive, nothing?

Good question, I also use Multibit on Win 7. While we wait for an answer I tell you what I did, and it seemed to work.

I wanted a paper wallet to load up, add to and give to my nephew. I didn't use Multibit. I went to bitaddress org and downloaded the offline version. Made a paperwallet, loaded it up and sent to off to my nephew as planned. He created an account on blockchain info and sweep the entire amount in. At that point he installed multibit and sent the entire amount to himself.

It seemed to work, but please make sure somebody else with more experience is OK with all this before you try it.

We'll see....

Regards,

The first thing you need to do is decide what you mean when you say the words "cold storage".  This pair of words has a large variety of meanings depending on who is saying it.

My definition of "cold storage" is an address (and private key) that was generated (then written down or printed) from a computer that was disconnected from the internet, had its hard drive formatted, and a fresh install of a trusted operating system without being connected to the internet.  Then the hard drive is formatted again before ever connecting it back to the internet.

The concept is that any computer that has ever been connected to the internet has the potential of being infected with malware without you knowing it.  That malware has the potential of influencing the private keys (and addresses) that you generate such that the creator of the malware could gain control of your bitcoins.

By formatting the hard drive, and installing a trusted operating system, you eliminate the potential of the computer running any malware.  By formatting the hard drive again, you remove any trace of the software and data that was used on it.  Therefore, an attacker that gains access to your computer can't determine what private keys  (and addresses) were previously generated on it.

Many people find that this is excessive.  They are willing to accept a very small increase in risk in exchange for a significant decrease in complexity.  I know of people who will happily generate paper wallets at bitaddress.org (while online!), print them out, call that "cold storage".  If you are storing small amounts of bitcoins that you aren't going to feel devastated about losing, then this is probaby fine, but I wouldn't call it "cold storage".

No.

In order to generate those words, you have to generate lots of random addresses until you stumble across a pattern you like.

In order to generate the same words, the other person has to generate lots of random addresses until they stumble across the same pattern.

The odds of stumbling across the particular pattern don't change.  The odds of that being the exact same address as anyone else don't change either.

Lets ignore addresses for a moment and just talk about randomness and probability.  For our randomness and probability discussion we'll be rolling 20 six-sided dice one after another and writing down the result.

I continue rolling my 20 dice until my first 5 rolls are all sixes, then I write down my 20 digit result (66666421136545344651).
You roll your set of dice only once writing down your result and have no two adjacent digits that are the same (34521625342516253425).
A friend of ours rolls all 20 dice 3,600,000,000,000,000 times and eventually gets all 20 dice to come up fives. He writes down 20 fives (55555555555555555555).

Now an attacker is going to try to roll his 20 dice until he matches one of our addresses.

Whose address does he have the best odds of matching?

The answer is that it doesn't matter.  The attacker is equally likely on any set of rolls to get any one of our addresses (he has approximately a 0.000000000000027% chance).

If he happens to roll sixes for his first 5 rolls, then his chances of getting the rest of my address are better, but first he has to actually get 5 sixes for his first 5 rolls.  Just like if he happens to get 34521 for his first 5 rolls, then his chances of getting the rest of your address are better, but first he has to actually get 34521 on his first 5 rolls.  There is nothing special about getting 5 sixes, or 5 fives, or "34521" for the first 5 rolls of the dice.  We give them meaning by deciding that we like the pattern, but that doesn't make the pattern any more likely to come up.

Getting back to addresses, it's the same thing.  Every address is a vanity address, all you need to do is like the first few characters in the address and assign them meaning.  There is nothing special about an address that starts with 1Danny, or 1ggggg, or 16zJNT.  We give them meaning by deciding that we like particular patterns, but that doesn't make the pattern any more likely to come up.

Ok so now i have a Q!!

I know this has been covered before but now I’m info-blind!!

Please could you explain it like I’m 5!

I use multibit on Win 7.

I would like to create a cold storage address to withdraw my daily trading profits.

This wallet needs to be offline and I need to regularly send BTC to it.

One day I would obviously like to be able to access the BTC.

I know its simple stuff but I've been blinded by Cold Storage, Paper Wallet & Private key.

What in your experience would be the easiest method of achieving this?

Thanks in advance.

Rgds

Ratters

But the first few words are the same, if someone uses the same words doesn't the odds of getting the same address increase a little bit?

A vanity address is just an address that has a coincidence of having a pattern in it that you like.  It does not change the odds of generating that exact address at all.

The only transaction a block has to have to be valid is the transaction that pays the block reward.

If you are solo mining, and are running custom software to build your blocks, you can choose which transactions (if any) to include in the block.

If you are mining in a mining pool then all you are doing is renting your hash power to the pool.  The pool decides which transactions to include in the block.

No questions at the moment but this a really good thread, Well Done OP

thx for answer. One more question. Can you mine a specific transaction if you want? For ex can you mine your one transaction?

Yup, for example, block 305384 has given its finder 25.09655756 btc.
https://blockchain.info/block/000000000000000018ddf70877b17fbff39458db34f39237d32da5a557a84ec3