Topic: I found a collision. The hard part is proving it. (Read 683 times)

And, in that case, it would be extremely likely that the collision would occur with an address that has never stored any bitcoins at all (meaning, that you wouldn't even know if you collided).

Remember that a MAXIMUM of LESS THAN 2⁵¹ addresses can simultaneously hold any bitcoin value at any given moment in time.

The general Birthday Problem answer applies: For 160 bit addresses, a collision becomes more likely than not when approximately 2^80 addresses have been generated.

How big is 2^80? Presently there are around 2^33 humans. The human lifespan is around 2^31. If every human generated one address every second their entire life, that would be 2^64. There would need to be 65536 earths before the collision chance crosses 50%.

You guys forgot about so called Birthday attack. No, I am not talking about USA drones bombing wedding parties or funerals in Afganistan and Yemen. I am talking about this one https://en.wikipedia.org/wiki/Birthday_attack when lots of random numbers are generated, it greatly increases probability that two random numbers are identical. Somebody should do the math to calculate exact percentage on how likely is to get one collision when there are n numbers of unique bitcoin addresses generated and used in blockchain. But I still think that probability of collision in real life is close to zero, even if birthday attack collision probability is increased several orders of magnitude.

Correct

Sorry but i'm not "Guru" in this questions.. but I try learn it.
I think collision is impossible or very low probablity to happen this.

What about public key? You wrote the words "About public key" and then you didn't actually write ANYTHING about public keys at all.


That is about UNCOMPRESSED VERSION 1 addresses (also known as uncompressed P2PKH addresses).

As I said, there are many types of addresses.


That link describes 2 ways of representing a private key (WIF and Mini-key) as well as an additional way of storing and generating keys (HD).


What is impossible?

About public key.
I read good article https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses and https://en.bitcoin.it/wiki/Private_key
This is impossible.
Thanks for help to learn bitcoin

I suppose the only way to prove such an event is to actually record how you are doing it in the process.
Improbable does not mean impossible. Why would you want to prove this? Anyone can enter a number and guess, it's like the lottery. In theory, anyone can punch in a random number and get access to your bitcoin address and assets. You say you have done this for a VERY long time. Was that time really worth it? 0.0001832 BTC is rather not worth it. On the other hand, if you accidentally got access to one of those 1000 + BTC accounts, you would probably not be here, you would be busy spending it 

I've never heard of a Public address key.

Are you talking about a public key, or are you talking about a Bitcoin Address?  They are NOT the same thing.


There are several different types of Bitcoin Addresses.  There are P2PKH addresses (which start with a '1'). There are P2SH addresses (which start with a '3'). There are P2WPKH addresses (which start with 'bc1').

Puplic address key.
I mean that one private key (A) for addresses (AA) and (BB).
where AA and BB compressed.

Actually, it depends on what you mean by "address".

There are 2 different P2PKH addresses for every private key (compressed, and uncompressed).

There are 2¹⁶⁰ different P2SH addresses for every private key.

If there is a collision you will not have a hard time proving it. Transfer the funds. Problem solved.

Yes, it's possible. Unlikely means it still can happen, just like life on earth.
However to prove collision one has to have both private keys and those private keys have to be different. If you've just one than most likely your seed is the same used to generate the other, so you got his private key, not a collision.
This said, unless you find the owner of those coins and he comes forward with a different private key, there's nothing to see here.

Actually its the other way around.
A private keys (ECDSA) has 256 bit -> 2^256 possible private keys.
An "address" is a 160 bit long hash -> 2^160 possible addresses.

So on average there are 2^96 (256-160) private keys which correspond to one address.
Sounds like a lot. But nothing someone should be concerned about.

He can probably show only one key because he was just browsing the list of private keys on that site
read my previous post, this could be just his way to get people to check his site

not possible.
unless you were thinking 2 different addresses such as these:
Private key (WIF key): KyBfwX8shdAWRWuFGHZtdgaaCALWv2BvinLZRXreSk2x4kA9k1mW
SegWit Address: 3CesBsWnMySdEhFxBw73kQeEch5AxSDNCi
Compressed Address: 1DCGTtTohk8GncyqG2SYjNhZn2Ra92YS7g

I agree with you.
He can show us two different private keys that to the same address.

I'm interesting..
If one private key and diffirent address. Can it possible?

What do you mean by this?  Do you mean that you found two 256-bit ECDSA public keys that hash to the same 160-bit address?

How is it relevent that the process was random?  To show a collision, it is necessary and sufficient to show two preimages that hash to the same value.

did you actually 'find' it or just trying to get people to check your site?
this post looks like a ploy to drive traffic to that site

God physically and literally came to my house yesterday and I had a wonderful conversation with him.

The fact that I can't prove this conversation happened is driving me nuts and making me look like a liar.

I am asking anyone and everyone to chime in on how to prove that I had this conversation with God.

I know what the odds are, and everyone keeps trying to prove me wrong with all kinds of math and theories, blah blah blah. At this point in time I am the only one who knows the truth, I had a face-to-face conversation with God.

So please, how can I prove that I had this conversation?

I am looking forward to proving, not disproving, my claim.

Thanks,
Danny


Honestly, my guess is that your method of choosing a starting number is not very random at all.  Then removing digits just removes entropy (shrinks the key space) significantly.  Eventually, you remove enough digits that you are searching a very small space, and someone else using a VERY poorly designed wallet (or method of generating addresses) could have also picked an address in that same space.  That would increase your odds of colliding with them to something actually possible.

Extreme example,

You remove all the digits except one.  There are a total of 10 different possible addresses that you could "randomly" end up with.

Someone else has a wallet that randomly chooses a number between 0 and 9 and uses that as it's private key.  There are a total of 10 different possible addresses they could "randomly" end up with.

The odds of you colliding with their address are no longer insurmountable.  Neither of you are using the entire key space.  There is now a 10% chance on each attempt that you will get their address.

I can find lots of private keys that have been used by modifying my search behavior to take advantage of the key generation behaviors or brain-wallet users.  This is because their method of choosing an address to use is not very random, AND because my method of choosing an address to check is not very random, AND because the key space of our two methods overlap in some way.

I'm not suggesting that you didn't find a private key that was already in use.  I'm suggesting that BOTH your method of searching AND the original user's method of choosing a key are not as random as either of you think, AND that the original user's method was insecure DUE TO HIS LACK OF RANDOMNESS.

Okay, so the gist of the thread is that you found an address that has a balance in it on a page that is publicly available? If so, then it isn't considered a collision really. Anyone could have sent a little Bitcoins to a random amount to the page just for laughs. The site isn't for anyone to generate an address and use them.

You couldn't be the one using a weak RNG, the website is loading the address and it could have been generated long ago.