Topic: How bitcoin addresses are generated? (Read 1008 times)

No, your mistake is treating the public key (the hex above starting with 0450...) as a String. But it is a hex.
If you perform SHA256 on it as a string you get the different result which is wrong (3251...). But when you treat it as a Hex, you get the correct result.

Here is an online tool which you can use:
http://www.fileformat.info/tool/hash.htm?hex=0450863AD64A87AE8A2FE83C1AF1A8403CB53F53E486D8511DAD8A04887E5B23522CD470243453A299FA9E77237716103ABC11A1DF38855ED6F2EE187E9C582BA6

If you type the public key hex in the string text box on the top of that page you get the wrong result.

Hello,
I'm learning how Bitcoin address is generated and I don't understand one thing.
My source is the following
http://gobittest.appspot.com/Address
https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses

What I dont understand is step 2, hashing public key
using SHA-256 hashing function.

Both mentioned sources have the output of the SHA-256
but If I try any other hash generator the result is different

Can anyone explain why? Is the public key hashed multiple times or why?
thank you very much.

Yes, I am really impressed as well, thanks OP.  I had tried to do some of that arithmetic myself, so I know what a job it must have been.  Bravo.

Special thanks to DannyH, Franky1 and Coding E for their interesting observations and results.  Explaining some of the "mechanics under the hood" in English is nice to see.

I do agree with the notion that it is possible for some future smarty-pants math graduate student to find a weakness or two in the whole Bitcoin Ecosystem, unlikely as that may seem for now.

I am really wowed by what I have read so far in response to the question OP asked and its because even though I had wondered how the addresses were generated and no one seems to go to another wallet, I generate another one on exchange site and it payment goes there directly, it still something that I find some how incredible and maybe this is due to my background which does not have anything to do with information technology.

you can check a generated address in a block explorer to make sure its 0.

but if its non zero, that means you just found a 256 bit ECDSA collision, which is astronomically unlikely. 

Said it mostly because of this:
Thought it is a nice little info to share here.

What exactly does SHA1 have to do with any of this? Private keys turn into addresses via EC point multiplication followed by SHA256 (which is a member of the SHA-2 family), followed by RIPEMD160.

The theory about an approach to successfully create a SHA-1 collision was published in 2013.
    Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total
    6,500 years of CPU computation to complete the attack first phase
    110 years of GPU computation to complete the second phase
Went into the testing of the theory.
In February, 2017 they finally succeeded at finding a collision.
Now we are using safer cryptographic such as SHA-3 and SHA-256

https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

There is currently no indication that there are any significant weaknesses in any of the three cryptographic algorithms (ECDSA, SHA256, RIPEMD160) used by Bitcoin.

Perhaps a mathematics researcher will discover a weakness in the future, perhaps they will not.  It is impossible to predict.

There is a known weakness in ECDSA related to quantum computing if quantum computers are ever powerful enough.  There should be plenty of time for us to switch to a different algorithm if that ever seems likely.

That is insanely profound to me.  The thought that that many private keys that can generate different addresses to one wallet is mind boggling.

But my question is how secure is the hashing algorithm?  I don't know if I remember seeing this correctly somewhere, but I remember reading about how Bitcoin's hashing function could potentially be vulnerable.  I don't remember any of the arguments as to why, but was wondering how safe SHA256 is.

Ok, I've reported all the sig ad nonsense in this thread to the moderators.  Hopefully, they'll come in and clean it up.


Those are 2 of the 4 algorithms.  There is also ECDSA and RIPEMD160.


Not as an address.

What is typically stored (for a version 0 address) is the RIPEMD160 hash.  You can retrieve the RIPEMD160 hash and convert it into a bitcoin address with Base58Check encoding if you want to.

That being said, the RIPEMD160 hash is only in the blockchain if someone has used it for a transaction output.  Other than the 80 byte block header at the top of every block, the ONLY other thing stored in the blockchain is the list of transactions.


Correct.  There are 1461501637330902918203684832716283019655932542976 valid version 0 bitcoin addresses.  Less than 0.000000000000000000000000000000000001% of them have been used yet.


That depends on the block explorer you are using, but yes most of them seem to behave that way.

This sentence is a bit misleading. SHA256 is *not* a canonical way of generating Bitcoin private keys; even brainwallet uses PBKDF2 or other key stretching techniques. It's more correct to say that a private key is an arbitrary 256-bit value, from which the public key (and the pubkeyhash that's encoded in any P2PKH address) are derived.

FTFY

All the possible Bitcoin Addresses are already created. They only exist on the Blockchain if they are part of a transaction.

You get the Private Key of a Bitcoin address by applying the SHA 256 algorithm to ANY value (i.e. the word "cat" or "123456", etc.)

if never used it will just show no transactions linked to that address.. when checking block explorers.
to 'save' all possible addresses would require storage beyond any measure/availability today

---

there are 904625697166532776746648320380374280100293470930272690489102837043110636675 possible private keys

use this http://gobittest.appspot.com/Address
type in 1 at: '0 - Private ECDSA Key' text box
it will give you: 1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm  at: '9 - Base58 encoding of 8' text box

type in 2 at: '0 - Private ECDSA Key' text box
it will give you: 1LagHJk2FyCV2VzrNHVqg3gYG4TSYwDV4m  at: '9 - Base58 encoding of 8' text box

continue for as long as you like until your fingers burn out from keyboard friction.. or even make a script to automate it.
the number is so huge it wont matter.

---

you can build a new script that not only makes the keypairs for your computer to store
requiring storage way way way beyond even a yottabyte hard drive


then if checking the balance. which by the way requires much more computational power and bandwidth.

seeing as how there are 904625697166532776746648320380374280100293470930272690489102837043110636675 possibilities
and imagining you could check lets say 1000 addresses a second.

1000                     =1 sec   
60000                     =1 min   
3600000                  =1 hour   
86400000                 =1 day   
31536000000            =1 year   
788400000000           =1 family generation   
78840000000000        =100 family generation(ancestors)   

after 2500 years your ancestors would have only checked
78840000000000   possibles

in other words after 2500 years your ancestors would have
904625697166532776746648320380374280100293470930272690489102758203110636675 still to go
of
904625697166532776746648320380374280100293470930272690489102837043110636675

no.
what you need to know is that there is no bitcoin! there are only transactions and you are spending those transactions by signing away the ownership to another person and saving this which is called a transaction on the blockchain.

what you call bitcoin address is simply a representation of your private key which others can "send bitcoins to"!


address being valid is checking the Base58 encoding (https://en.bitcoin.it/wiki/Base58Check_encoding). if it is valid you can be sure it is a valid bitcoin address. it has nothing to do with if it was used before.

what you ask in the second part is called collision which is practically impossible because of how huge the number of bitcoin private keys are.

The title may be a little bit misleading as I'm not sure what to put else, so please read the post first.

---

I know how the algorithms (SHA-256,  Base58Check encoding etc.) are being used. but I want to know something, are the generated addresses stored in the blockchain? I suppose Its not the case? If its not, does it mean If I build a software that check If a bitcoin address is valid or not, even If it says that the address is valid, It could mean that the address was never generated before or controlled by someone? In other words, as long as the bitcoin address you type in a blockexplorer meets the algorithm output, It will return the address + a balance of 0.00 BTC?