Pages:
Author

Topic: How to Create a Bitcoin Receive Address from a Coin Flip - page 3. (Read 14750 times)

hero member
Activity: 658
Merit: 500
Random.org is for trivial stuff.

Generating a Bitcoin private key and its corresponding address is not trivial at all.
sr. member
Activity: 392
Merit: 268
Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ

*** You cannot use the Brainwallet BIN to HEX converter due to the fact that Brianwallet adds a “0” place holder to every 4 bit BIN sequence. e.g. “1111” converted to HEX is “F” but Brainwallet converts it as “0F” ***


Yes, you can. Just don't add spaces to the binary.

Also, don't use random.org at all. Use a physical coin, or a known-good physical RNG, preferably one that is designed to be unbiased, truly random using physical noise, and separate from a computer.
staff
Activity: 4284
Merit: 8808
I will argue that 256 coin flips from random.org is the best random number possibility available.  And assuming that you push the results through an offline computer using brainwallet offline, you will have a VERY SAFE, VERY RANDOM private key.
LOL.  A "VERY SAFE" number which is trivially known to a third party.  Is someone at "random.org" paying you to encourage people to have them generate their private keys, or did you come by this cluelessness naturally?

I haven't looked recently but last I checked random.org methods were secret and not peer reviewed. So not only may the results be trivially maliciously logged (by the site operators or anyone whos compromised their system; or the operators of the VPSes they use (rackspace cloud)), they're probably more likely to be accidentally flawed because their methods are not reviewed.
legendary
Activity: 1512
Merit: 1012
NewLiberty, what kind of dice do you have there? How does it differ from normal dices/coin toss?

These are 16 sided hexidecimal dice.
Despite Anditoshi's sage advice on much of the fluff around this method, using dice or coins is not significantly reduce or increaes the entropy of key generation.
It just isn't code+machine doing it.  Ultimately you are going to have to trust some device to use your bitcoin, but doing it by hand for novelty's sake is fun for some.

Thank you for the clarification! And I'm also curious how much are those, if you're still selling Smiley
member
Activity: 93
Merit: 10
Interesting. Reading for the first time creating bitcoin address with dices.
sr. member
Activity: 425
Merit: 253
I would be interested in buying a set of HEX dice... How much are they?
legendary
Activity: 1204
Merit: 1002
Gresham's Lawyer
NewLiberty, what kind of dice do you have there? How does it differ from normal dices/coin toss?

That is a 16-sided dice. You only need to roll it 64 times to get a 256-bit number.
On the other hand, with a normal 6-sided dice, you need to roll it 100 times.

More the side... less the randomness.
Why?
Are you assuming they are not balanced or something?
legendary
Activity: 1204
Merit: 1002
Gresham's Lawyer
NewLiberty, what kind of dice do you have there? How does it differ from normal dices/coin toss?

These are 16 sided hexidecimal dice.
Despite Anditoshi's sage advice on much of the fluff around this method, using dice or coins is not significantly reduce or increaes the entropy of key generation.
It just isn't code+machine doing it.  Ultimately you are going to have to trust some device to use your bitcoin, but doing it by hand for novelty's sake is fun for some.
sr. member
Activity: 425
Merit: 253
Please please please do not do this. The cryptosystem which Bitcoin keys and addresses are part of assumes for its security that its private keys are uniformly random numbers. Flipping coins by hand will definitely not give uniformly random numbers, and is probably so biased (depending on your hand, the coin, what side you pick it up from, the surface it lands on, etc, etc) that you can measure it yourself by just flipping a coin and counting the zeroes and ones.

If you swap out one component of a cryptosystem for another you have constructed a new cryptosystem and need to argue its security. And I guarantee you won't find a good security argument for "Bitcoin script with biased randomness".


Thanks for the feedback.  However this is not a technical paper on cryptography, it is simply a step by step method on "HOW" to create a private key.  Most of your argument is either technical or addresses a "WHY" issue.  I did clean up two small issues that were over simplifications on my part.  

I will only address your central theme with which I disagree:  While it may be scientifically possible to determine that a coin flip method has a bias (you could make the same argument about dice as well), I could also make the same argument about how the Bitcoin client chooses its random string.  There are many examples of Bitcoin wallets themselves having built in biases that allowed the private keys to be hacked.  Computers have a built in bias against randomization which must be overcome.  Your Bitcoin wallet is no exception as it always sits on an OS.  (Google:  Android OS pseudorandom number generator PRNG - and also NSA Dual EC DRBG)

I offered an option in the original post where one could obtain true random numbers from a coin flip. > from www.random.org

I will argue that 256 coin flips from random.org is the best random number possibility available.  And assuming that you push the results through an offline computer using brainwallet offline, you will have a VERY SAFE, VERY RANDOM private key.

Edit:  It is possible for someone at random.org to guess your intent, even though their site is not a BITCOIN related site.  So just use it for testing.  True security will come from the coin toss not an online web site.
legendary
Activity: 2226
Merit: 1052
NewLiberty, what kind of dice do you have there? How does it differ from normal dices/coin toss?

That is a 16-sided dice. You only need to roll it 64 times to get a 256-bit number.
On the other hand, with a normal 6-sided dice, you need to roll it 100 times.

More the side... less the randomness.
hero member
Activity: 896
Merit: 1000
NewLiberty, what kind of dice do you have there? How does it differ from normal dices/coin toss?

That is a 16-sided dice. You only need to roll it 64 times to get a 256-bit number.
On the other hand, with a normal 6-sided dice, you need to roll it 100 times.
legendary
Activity: 1512
Merit: 1012
NewLiberty, what kind of dice do you have there? How does it differ from normal dices/coin toss?
legendary
Activity: 1442
Merit: 1186
Can someone please tell me where are the 5-9 of this happening in the OP ?

These are done by your wallet when you import the key generated by the OP's method.


Not exactly, you can't import a base 6 format key into your wallet. First you have to convert it from base 6 to WIF. In the OP the conversion is done using brainwallet, but they use a different method so the conversion method is different, they started with binary 1 and 0 and then convert to hex and then to WIF. With the dice method you have base 6 and then convert to WIF private key with the help of an app like bitaddress.
legendary
Activity: 2226
Merit: 1052
Can someone please tell me where are the 5-9 of this happening in the OP ?

These are done by your wallet when you import the key generated by the OP's method.


As I can see that you have disqualified blockchain.info as a reliable wallet. Would like to know the technical reason behind it. I am assuming the user is downloading the paper wallet from blockchain.info, so that he is still in control of his coins, even if the site goes down. AFAIK, their keys are encrypted too... so for a DB hack, private keys should not be stolen.

Moreover, do u think, if someone runs bitaddress.org offline (by downloading the zip from https://github.com/pointbiz/bitaddress.org) to generate addresses, that is a safe method with enough randomness ?
full member
Activity: 179
Merit: 151
-
Can someone please tell me where are the 5-9 of this happening in the OP ?

These are done by your wallet when you import the key generated by the OP's method.
full member
Activity: 179
Merit: 151
-
Please please please do not do this. The cryptosystem which Bitcoin keys and addresses are part of assumes for its security that its private keys are uniformly random numbers. Flipping coins by hand will definitely not give uniformly random numbers, and is probably so biased (depending on your hand, the coin, what side you pick it up from, the surface it lands on, etc, etc) that you can measure it yourself by just flipping a coin and counting the zeroes and ones.

If you swap out one component of a cryptosystem for another you have constructed a new cryptosystem and need to argue its security. And I guarantee you won't find a good security argument for "Bitcoin script with biased randomness".

To add to the presumption of insecurity that should be applied to all new cryptosystems, let me point out that much of this one is gibberish:

Step by Step Tutorial

  • Create a Bitcoin address by flipping a coin
  • Create a Bitcoin address so secret, {Insert name of your Government Spy agency Here} wont even know who made it!

Linkage between addresses and identities has nothing to do with key generation. This sort of linkage is done by exploiting ordinary address mismanagement.

Quote
Simple Intro
A Bitcoin private key is a really big number that is created in a very specific format.
A Bitcoin private key is an integer modulo the field order of the secp256k1 curvegroup used by Bitcoin's signature scheme. It is an element of an additive group and has no size.

Quote
Once the private key is created, it can then be pushed through a mathematical gauntlet and produce a Public Address that anyone can freely give out without fear.
Publishing your addresses is a (potentially very serious) privacy risk and cannot be done "freely without fear".

Quote
Every Public Address corresponds to exactly one Private Key and vice-versa.
This is simply false.

Quote
If you could guess a private key, you could access and spend the Bitcoins stored at the address as if they were yours. It is not likely that you or anyone else will ever guess a private key.
"not likely" is an understatement. The probability is 2^{-160}. There is nothing in yourordinary life that is comparable to this number. Nobody, ever, will ever find a private key by guessing uniformly at random. (Of course, they may exploit biases in random number generators and guess nonuniformly at random; this has happened many times.)

Quote
You can however, create you own private keys from scratch or you can let the wallet do it for you.  Your option.
This is horrifically bad advice. Key management is hard enough to do when using software specifically designed to do it for you. Manual key management is stupid, and manual key generation is even stupider.

Quote

How to create a Bitcoin Private Key and therefore a Unique Public Address, by flipping a Coin.

Get a coin.  Label one side as “1” and the other side as “0”
Flip the coin a minimum of 256 times and record the results as you go in groups of 4.  When you are done, your binary sequence should look something like this:

Binary: (Below is four sequences of 64 bits each 4x64=256)
0010 1000 1000 1111 0011 1001 1011 1011 1111 1101 0011 0110  
1101 1010 0101 1010
0001 0010 1101 0001 0110 0010 1100 1011 0001 1000 1001 0111
1100 1001 0000 0010
0010 1000 1000 1011 0011 1001 1011 1011 0011 0110 1101 1010
0101 1010 0001 0010
1101 0001 0110 0010 1100 1011 0001 1000 1001 0111 1100 1001  
0000 0010 0011 1101

The number of flips equals the bitness of the encryption.
This statement is nonsensical. Besides, there is no encryption in Bitcoin.

Quote
256 flips  = 256 bit encryption.  The grouping and spaces are not important. They are grouped this way to make them "Human Friendly."

The next step is to convert the Binary to HEX. Finding a Binary to Hex converter on-line that will handle that sized number is no easy task.

http://www.mathsisfun.com/binary-decimal-hexadecimal-converter.html – This one can handle 64 bits at a time. Just keep them in order and separate.  Do 64 bits at a time. (4 times)

Every part of this tells me you should not be touching encoding or decoding systems, let alone cryptosystems. Please do not give cryptographic advice if you do not know what you are talking about. It is dangerous and therefore immoral. Do you also advise people how to do surgery on themselves and others? Do you tell them how to pilot aircraft? (Perhaps you are an expert on one or both of these things; then how would you like to see laymen giving such advice?)

Quote
The Binary Number above Converted to HEX: (32 bytes)
288F 39BB FD36 DA5A 12D1 62CB 1897 C902 288B 39BB 36DA 5A12 D162 CB18 97C9 023D
This HEX number is your Raw Private Key, and again the spacing is not important.

Next, Cut and paste the HEX number into https://brainwallet.github.io/#converter and choose “HEX” to “B58Check.”  This will create a very large number that begins with a “5”. This number is your private key “Wallet Import Format”.

Please don't advise people to use brainwallet. About half of the things on that site are implemented dangerously; I have good reason to believe this is deliberate because its creator it attempting to steal money from users of its compromised keys. One good reason is that none of the dangerous things are labeled as such (or better, removed) despite repeated admonishment from myself and others.

Quote
*** You cannot use the Brainwallet BIN to HEX converter due to the fact that Brianwallet adds a “0” place holder to every 4 bit sequence. e.g. “1111” converted to HEX is “F” but Brainwallet converts it as “0F” ***

The HEX above converted to B58Check WIF:
5J89cr5WGdvQWeeekN5ZGzuXVsWREbAYku6MDeUgrJTjX1ZHhCX

Next copy the private key WIF code. Click “Generator” and paste the private key into the Private Key box.  This will create your new Public Address.

WIF Format above Converted to Bitcoin Public Address:
1Cwd7i5R6GM56njNhyyr7RRUYo6e1AMg9A

You have now created a Private Bitcoin Key and a Public Address from 256 coin flips!

As I mentioned above, manual key management is stupid and dangerous. (I'm going to get a lot of flack from paper wallet users for this claim. Nonetheless I stand by it.)

Quote
EXTRA SECURITY:  Just in case you are worried about using the online generator, you can download the .zip file at the bottom of the page (off Brainwallet) and set the generator up on your computer.  You can run this program off-line with no Internet connection for extra security.

This provides no extra security. Can you clarify (for my understanding of psychology) why you would think it does?

Quote
EXTRA SPEED:  You can go to https://www.random.org/coins/?num=4&cur=60-pln.1zloty and flip four or eight coins a time.  The Polish Zloty works great because it has the shape of a 1 and a 0. The randomness of their service is top notch.

This is unbelievably bad advice. If you are being paid to do this, then I advise you to speak with a priest and take a serious look at the moral decisions you are making. In any case, please stop.

Quote
EXTRA COINS:  The Brainwallet site is also set up to do 25 other coins in addition to Bitcoin.

I'll just leave this here.

I'm going to stop now; the remainder was simply instructions on importing keys, and I've already discussed manual key management. I will also say, without justification (as I'm tired of repeating it, not because I have none) that web wallets, and blockchain.info in particular, are not a safe way to store Bitcoin keys, and I strongly advise anyone storing coins with such a service to move them out of there immediately.

legendary
Activity: 2226
Merit: 1052
There was another discussion going on regarding this, where someone posted the following...

What does 'manually' mean, pen and paper only?
Pen and paper, calculator etc...

As long as it's not made by an application.

Pen and paper would take days.

http://www.righto.com/2014/09/mining-bitcoin-with-pencil-and-paper.html
This is ONE of the hashing algorithms (SHA-256) and this man says he could do 0.67 hashes per day.

The process of generating a bitcoin address by hand (pen and paper) would be the following.

1. roll a 6 sided dice 99 times.
2. write down each result, writing a "0" for every 6 that comes up.
3. take this long string of numbers from 0-5 and convert it from base 6 to base 10.
   a. This means starting from the first non-zero digit on the left, multiply it by 6 then add it to the next digit, then multiply by 6 then add to the next digit... etc. until you get a long number with digits from 0-9.
4. Now you will have to calculate the public key. This is more easily done if the private key (the long number you made) is in binary form (1 or 0) so convert the number to binary.
5. Use the ECDSA point doubling formula and point addition formula on the generator point to get the public key. This will probably take a few days.
6. Convert the public point's x and y value both into binary. Pad each of them with 0s on the left hand side in case they're shorter than 256.
7. add 00000100 to the far left, then the padded x, then the padded y.
8. follow the video I linked above to perform a single SHA256 on the binary string created in #7
9. once you get the single 256 bit binary string... you must then perform the RIPEMD160 hash algorithm on it.
10. once you get the 160 bit length hash from it, add 00000000 to the far left of it... hold this string for later. We will do two things to it.
11. perform a SHA256 on the string from #10, then perform ANOTHER SHA256 on the result. (double SHA256)
12. take the 32 bits on the far left of the result from #11 and add it to the far right of the result from #10
13. For every 8 zeros on the far left of the result of #12, write down a number 1 on a piece of paper. Then convert the left over bits to base 58 as per the bitcoin base 58 specification (it's slightly disorienting if you're doing by hand, as 0 is represented by 1, 1 is represented by 2, 57 is represented by z etc...)
14. now you have your bitcoin address. To format your private key in the widely used WIF format, perform #10-#13 on the binary private key from #4... except instead of sticking 8 zeroes to the far left, add 10000000 to it instead.

Can someone please tell me where are the 5-9 of this happening in the OP ?
legendary
Activity: 1204
Merit: 1002
Gresham's Lawyer
I've a bunch of these left over from when I was running around to all the conventions....


So they are for sale.  If folks want them let me know and I will put some up for sale.
The folks that made them aren't doing it any more so to get more I would have to make a very large order.
member
Activity: 84
Merit: 10
very helpful tutorial thankz for explaining it....really a good work
sr. member
Activity: 425
Merit: 253
Thanx!  Im working on the excel spreadsheet now.  Hope to have it out there shortly.
Pages:
Jump to: