Topic: how many possible private keys can electrum generate? (Read 186 times)

 

Well reading your post should make the OP happy. Thanks for that I never knew the exact numbers involved.

There isn't much difference between brutforcing private keys and the mnemonic seed in terms of the total number of combination.
But yes, an HD wallet's seed has lower security but still, collision is impossible.
Here's an old thread to clear things up: How HD wallet works for back ups? Reply by achrow101

Here's a short answer: There are total of 5,444,517,870,735,015,415,413,993,718,908,291,383,296 possible combinations which makes any random combination unique.
Using that, it's easy to compute the chance to get a collision using a calculator that can enter 40+ characters.

Atleast you can have full access to the wallet you want to use, with the help of private keys unlike other person like me, whose fortune was taken because i was not able to keep my private keys and now zero. 

Additional seed are most often forgotten, but with the help of screenshot its's good to go.

Sure, but if you let electrum pick 12 random words, the odds of somebody else getting the exact same words is 1 in 38111625095145107907897956032358039683072 (source: https://bitcointalksearch.org/topic/m.16154287). These odds are so small a human being can't really comprehend them

I chose "I ALREADY HAVE A SEED" then "PLEASE ENTER YOUR SEED PHRASE TO RESTORE YOUR WALLET" then i guess the 12 words.
So its not electrum giving me my seed, i am trying to guess the correct string of words until they fit and the seed is valid and can open the wallet.
No the wallets were never funded and not active on the blockchain, but obviously they could be if someone creates the same seed i guess

No problem
About those 6 wallets in an hour: were any of their addresses funded ever? Was there any transaction history?
You can only say you stumbled upon an existing wallet when you create a random seed, use it to restore a wallet and actually see there's a transaction history in this wallet. If you use a random seed and use it to restore a wallet, but you don't see a transaction history, you've just created a new, empty wallet... In this case you didn't find a wallet that was generated by somebody else, you just generated a new (empty) wallet that can either be used by you, or discarded (i'd personally just discard such wallets, since the human brain is a terrible source of entropy, so the odds are much higher somebody else will generate the same random seed than when you let electrum pick a random seed by itself).

BTW: "the human brain is a terrible source of entropy" is a quote i picked up a long time ago, don't know who it belongs to anymore tough...

BTW2: The total number of possible bip39 seed phrases is smaller than the total address space : https://bitcointalksearch.org/topic/m.16154287
This shouldn't matter tough, since converting a seed phrase to an xprv and deriving private keys from this xprv is considerably slower than incrementally scanning all private keys directly... So eventough the total number of seed phrases is lower than the total address space, it's still really, really secure.

yea ok so i understand the numbers are big. Im just curious about this, because i was able to unlock 6 wallets in just an hour of mucking around with random words in electrum. Of course all were unfunded with 0 balance, but I decided to post about it here because I wanted to understand more because it seemed ridiculous that i could do that. Thx mocacinno for the very detailed reply;-)

Let's assume everybody in this world would have 100 funded addresses:
this means there would be ~1000.000.000.000 funded addresses at any point in time
1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976/1000.000.000.000 = 1/1,461,501,637,330,902,918,203,684,832,716,283,019th of the address space would be used

Now, i've seen benchmarks of GPU's generating up to 23 Mh priv keys => pub keys => addresses per second (i hope this number is correct, i got it from a benchmark i found online => source https://0day.work/using-an-aws-gpu-instance-to-generate-vanity-bitcoin-addresses/) .
Let's assume you're an evil genius and you build a farm with 10.000 GPU's generating 230 Gh addresses/second. 1 GPU works for 5? years before it breaks, costing $100/year. It runs at 300? Watt, costing 0.3*24*365*0.01 = $26 worth of electricity if you pay only 1 cent... Your farm would cost you 10000*$126 = $1.260.000 per year to maintain.

In order to find 1 funded address, on average it would take you:
2^160/(1000.000.000.000*230.000.000.000*24*60*60*365) = 201.495.273.494.322.970 years to find the private key belonging to one funded address... As long as the private key was generated by a perfect RNG. If you're talking about a botched RNG, this calculation no longer works.

Now, you're currently using FIAT money... Do you think your bank's centralised database is more secure or less secure than bitcoin's security? I mean, do you think that somebody who's willing to invest $1.25M per year for 201495 billion years wouldn't get his hands on your life savings in your bank account one way or another?

People's minds are just not able to grasp the number 2^160. As long as your private key is generated truely at random AND you keep your key 100% secure, your BTC wallet is a lot safer than your bank account... Offcourse, bitcoin falls victim to people using FUD, pump and dump scheme's, crooked wallet providers, hacked exchanges,... I personally think these are the main reasons why bitcoin isn't as mainstream as i'd like it to be (yet), but none of these reasons have anything to do about the fundamentals on which bitcoin has been built, only on human emotions and human mistakes.

So I think there are about 300,000 bitcoin addresses containing at least 10 bitcoin, meaning we have a 300,000 chance in 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976.
of winning the bitcoin lottery

Anyway all jokes aside, Im not entirely sure I can realistically see bitcoin being used as "the" worldwide currency when its security is somewhat flawed. i know things will progress but until then, hmmmm just thinking

Yes, indeed, i never contested its correctness. Jut wanted to make the relations clear for OP or any other reader.
I did not want to create the impression that your statement is wrong. I apologize if it seemed like i did.




I fully agree.
The only realistic scenario where two user create the same keypair would be if both used a wallet with a flaw in the random number generator.
Besides that, the math behind bitcoin is definitely safe and secure.

Your correction was correct, my initial response contained an error... I just realised my mistake after re-reading what i wrote the first time... My second reply was correct tough (i was talking about public key hashes, not public keys)
(it's friday, and it's hot and noisy in the office... My attention span is really low at the moment, so a few slipups are bound to happen)...

But either way, with or without my mistake, i hope we can all agree that the odds of just finding a collision are really, really, really small... So the OP shouldn't worry to much about it

2^256 private keys map on 2^256 public keys (1-to-1). The total amount of addresses is 2^160 (which leads to 2^96 public/private keys resulting in the same address on average).

But depending on the output type (p2pkh / p2sh) it is not sufficient to find any of the available (2^96) private-/public- keypairs to spend the UTXO's which hypothetically have been sent to this address earlier.
If the correct public key is required to redeem, you have to search through the 'full' space (2^256).

AFAIK, there are 2^256 private keys mapping on 2^160 public keys hashes (an effect of using ripe-md160). On average, each public key hash has 2^96 private keys

Just a small correction:
There are 2^256 possible public- (and private-) keys.
A public key is the product of a multiplication on the elliptic curve (1-to-1 mapping between private- and public key (256 bit)).


@OP: If you have security concerns, take a look at this.

ok thx looked it up here https://bitcointalksearch.org/topic/how-many-possibly-bitcoin-addresses-are-there-exactly-and-how-long-does-it-24268

So that; 2^160 is 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976.
Different private keys.

Ok so do we now conclude that basically its easy as shit to guess a 12 word seed but near impossible to guess a 12 word seed that has been in use with a balance? Correct or not?

And in the "possible" future somewhat easier if there are 15 or so billion addresses in use with a blance...

you should read up on key collision.
In total, there are 2^160 possible public keys, so 2^160 public key hashes (addresses). The odds of you finding a private key whose public key hash was funded by somebody else in the past is really, really, really small.

Just something out of my own experience: using vanitygen i can generate ~5Mkeys/second. that's 5000000 keys/second. This means it would take 2.9*10^41 seconds to scan the complete keyspace.
This is 9268782580738856660348077325699400 years to scan the complete keyspace

Offcourse, there is no need to scan this complete keyspace, there are over 1.000.000 funded addresses (IIRC), and i would only need 1 hit to rob somebody, but given these numbers, you can see the odds are still very, very small.
There is a key collision pool somewhere, they use GPU's and pool their resources together. They claim they get a couple hits a year, but i never took the effort to verify these claims. It looks to me like the cost of running this pool is a lot bigger than the potential reward.

ok so are you saying that there are so many possible combinations, lets say 100 trillion, would'nt that mean its pretty easy to guess one?

Regarding Electrum, since it's a HD wallet, private keys generated by it were based on the SEED, it's using 12 words as default (docs.electrum.org).
With that, hitting a collision isn't possible, there are more possible combinations of Electrum's 2048-word Dictionary (with different language variations) than the total population of the world.

No that's too few, add more Zeroes.

How many possible private keys can electrum generate? How many possible combinations are there?
There are 7.6 billion people on earth, lets assume everybody had a couple of wallets.
Can electrum generate over 15 billion different keys?