Author

Topic: I found a collision. The hard part is proving it. (Read 687 times)

legendary
Activity: 3472
Merit: 4801
If every human generated one address every second their entire life, that would be 2^64. There would need to be 65536 earths before the collision chance crosses 50%.

And, in that case, it would be extremely likely that the collision would occur with an address that has never stored any bitcoins at all (meaning, that you wouldn't even know if you collided).

Remember that a MAXIMUM of LESS THAN 251 addresses can simultaneously hold any bitcoin value at any given moment in time.

member
Activity: 93
Merit: 39
You guys forgot about so called Birthday attack. No, I am not talking about USA drones bombing wedding parties or funerals in Afganistan and Yemen. I am talking about this one https://en.wikipedia.org/wiki/Birthday_attack when lots of random numbers are generated, it greatly increases probability that two random numbers are identical. Somebody should do the math to calculate exact percentage on how likely is to get one collision when there are n numbers of unique bitcoin addresses generated and used in blockchain. But I still think that probability of collision in real life is close to zero, even if birthday attack collision probability is increased several orders of magnitude.

The general Birthday Problem answer applies: For 160 bit addresses, a collision becomes more likely than not when approximately 2^80 addresses have been generated.

How big is 2^80? Presently there are around 2^33 humans. The human lifespan is around 2^31. If every human generated one address every second their entire life, that would be 2^64. There would need to be 65536 earths before the collision chance crosses 50%.
legendary
Activity: 1512
Merit: 1049
Death to enemies!
You guys forgot about so called Birthday attack. No, I am not talking about USA drones bombing wedding parties or funerals in Afganistan and Yemen. I am talking about this one https://en.wikipedia.org/wiki/Birthday_attack when lots of random numbers are generated, it greatly increases probability that two random numbers are identical. Somebody should do the math to calculate exact percentage on how likely is to get one collision when there are n numbers of unique bitcoin addresses generated and used in blockchain. But I still think that probability of collision in real life is close to zero, even if birthday attack collision probability is increased several orders of magnitude.
legendary
Activity: 3472
Merit: 4801
I think collision is impossible or very low probablity to happen this.

Correct
sr. member
Activity: 1330
Merit: 258
About public key.

What about public key? You wrote the words "About public key" and then you didn't actually write ANYTHING about public keys at all.


That is about UNCOMPRESSED VERSION 1 addresses (also known as uncompressed P2PKH addresses).

As I said, there are many types of addresses.


That link describes 2 ways of representing a private key (WIF and Mini-key) as well as an additional way of storing and generating keys (HD).

This is impossible.

What is impossible?

Thanks for help to learn bitcoin Smiley

Sorry but i'm not "Guru" in this questions.. but I try learn it.
I think collision is impossible or very low probablity to happen this.
legendary
Activity: 3472
Merit: 4801
About public key.

What about public key? You wrote the words "About public key" and then you didn't actually write ANYTHING about public keys at all.


That is about UNCOMPRESSED VERSION 1 addresses (also known as uncompressed P2PKH addresses).

As I said, there are many types of addresses.


That link describes 2 ways of representing a private key (WIF and Mini-key) as well as an additional way of storing and generating keys (HD).

This is impossible.

What is impossible?

Thanks for help to learn bitcoin Smiley
sr. member
Activity: 1330
Merit: 258
Puplic address key.

I've never heard of a Public address key.

Are you talking about a public key, or are you talking about a Bitcoin Address?  They are NOT the same thing.

I mean that one private key (A) for addresses (AA) and (BB).
where AA and BB compressed.

There are several different types of Bitcoin Addresses.  There are P2PKH addresses (which start with a '1'). There are P2SH addresses (which start with a '3'). There are P2WPKH addresses (which start with 'bc1').




About public key.
I read good article https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses and https://en.bitcoin.it/wiki/Private_key
This is impossible.
Thanks for help to learn bitcoin Smiley
newbie
Activity: 28
Merit: 3
I suppose the only way to prove such an event is to actually record how you are doing it in the process.
Improbable does not mean impossible. Why would you want to prove this? Anyone can enter a number and guess, it's like the lottery. In theory, anyone can punch in a random number and get access to your bitcoin address and assets. You say you have done this for a VERY long time. Was that time really worth it? 0.0001832 BTC is rather not worth it. On the other hand, if you accidentally got access to one of those 1000 + BTC accounts, you would probably not be here, you would be busy spending it  Grin
legendary
Activity: 3472
Merit: 4801
Puplic address key.

I've never heard of a Public address key.

Are you talking about a public key, or are you talking about a Bitcoin Address?  They are NOT the same thing.

I mean that one private key (A) for addresses (AA) and (BB).
where AA and BB compressed.

There are several different types of Bitcoin Addresses.  There are P2PKH addresses (which start with a '1'). There are P2SH addresses (which start with a '3'). There are P2WPKH addresses (which start with 'bc1').


sr. member
Activity: 1330
Merit: 258
If one private key and diffirent address. Can it possible?
Actually its the other way around.

Actually, it depends on what you mean by "address".

There are 2 different P2PKH addresses for every private key (compressed, and uncompressed).

There are 2160 different P2SH addresses for every private key.



Puplic address key.
I mean that one private key (A) for addresses (AA) and (BB).
where AA and BB compressed.
legendary
Activity: 3472
Merit: 4801
If one private key and diffirent address. Can it possible?
Actually its the other way around.

Actually, it depends on what you mean by "address".

There are 2 different P2PKH addresses for every private key (compressed, and uncompressed).

There are 2160 different P2SH addresses for every private key.

full member
Activity: 294
Merit: 104
✪ NEXCHANGE | BTC, LTC, ETH & DOGE ✪
I found a collision on btckey.space, now how do I prove it?

Let's start from the beginning, shall we.

I am one of those people who, when people tell me something is impossible or improbable, often prove them wrong. It almost becomes a game to me and I become relentless. I never deceive people or fake results to prove myself right, that's just dumb and would be cheating myself.

The fact that I can't prove my findings is driving me nuts and making me look like a liar.

Here is the address: 1EJvrRrgEAtAHx2dfVUh1NBresW1CJ9RHP

As you can see it has a small amount of funds.

Since I could have owned this address prior to this thread, I could easily be lying.

I am asking anyone and everyone to chime in on how to prove that I found this collision.

I know what the odds are, and everyone keeps trying to prove me wrong with all kinds of math and theories, blah blah blah. At this point in time I am the only one who knows the truth, I found a collision.

So please, how can I prove that I found this address randomly? If you own this address, please PM me or post here and I can sign a message and you can and we can make some progress in proving this impossible feat.

I am looking forward to proving, not disproving, my claim.

Thanks,
Jude

If there is a collision you will not have a hard time proving it. Transfer the funds. Problem solved.
member
Activity: 183
Merit: 43
Yes, it's possible. Unlikely means it still can happen, just like life on earth.
However to prove collision one has to have both private keys and those private keys have to be different. If you've just one than most likely your seed is the same used to generate the other, so you got his private key, not a collision.
This said, unless you find the owner of those coins and he comes forward with a different private key, there's nothing to see here.
legendary
Activity: 1624
Merit: 2481
If one private key and diffirent address. Can it possible?


Actually its the other way around.
A private keys (ECDSA) has 256 bit -> 2^256 possible private keys.
An "address" is a 160 bit long hash -> 2^160 possible addresses.

So on average there are 2^96 (256-160) private keys which correspond to one address.
Sounds like a lot. But nothing someone should be concerned about.
hero member
Activity: 1232
Merit: 738
Mixing reinvented for your privacy | chipmixer.com
He can show us two different private keys that to the same address.
He can probably show only one key because he was just browsing the list of private keys on that site
read my previous post, this could be just his way to get people to check his site

Quote
If one private key and diffirent address. Can it possible?
not possible.
unless you were thinking 2 different addresses such as these:
Private key (WIF key): KyBfwX8shdAWRWuFGHZtdgaaCALWv2BvinLZRXreSk2x4kA9k1mW
SegWit Address: 3CesBsWnMySdEhFxBw73kQeEch5AxSDNCi
Compressed Address: 1DCGTtTohk8GncyqG2SYjNhZn2Ra92YS7g
sr. member
Activity: 1330
Merit: 258
Since I could have owned this address prior to this thread, I could easily be lying.
The only way to prove an actually collision is by showing two different private keys that lead to the same address. Since there are many more private keys than addresses, it's much more likely to find a collision on a different key than on the same key.
(correct me if I'm wrong, but this is how I remember it)

Quote
At this point in time I am the only one who knows the truth, I found a collision.
Finding a collision is possible if the address wasn't randomly created.

Quote
I am looking forward to proving, not disproving, my claim.
I don't think that's possible.
Maybe you can start with explaining how you found the address?

Quote
Since I could have owned this address prior to this thread, I could easily be lying.
It's the internet, so there's at least a one-in-a-million chance you're lying. And even at that low odds, it's still billions of times more likely than finding a collision with a truely random address.

I agree with you.
He can show us two different private keys that to the same address.

I'm interesting..
If one private key and diffirent address. Can it possible?
newbie
Activity: 18
Merit: 0
I found a collision on btckey.space, now how do I prove it?
What do you mean by this?  Do you mean that you found two 256-bit ECDSA public keys that hash to the same 160-bit address?

So please, how can I prove that I found this address randomly?
How is it relevent that the process was random?  To show a collision, it is necessary and sufficient to show two preimages that hash to the same value.
hero member
Activity: 1232
Merit: 738
Mixing reinvented for your privacy | chipmixer.com
I found a collision on btckey.space, now how do I prove it?
---snip---
Since I could have owned this address prior to this thread, I could easily be lying.
did you actually 'find' it or just trying to get people to check your site?
this post looks like a ploy to drive traffic to that site Lips sealed

Selling ad space on http://btckey.space
legendary
Activity: 3472
Merit: 4801
God physically and literally came to my house yesterday and I had a wonderful conversation with him.

The fact that I can't prove this conversation happened is driving me nuts and making me look like a liar.

I am asking anyone and everyone to chime in on how to prove that I had this conversation with God.

I know what the odds are, and everyone keeps trying to prove me wrong with all kinds of math and theories, blah blah blah. At this point in time I am the only one who knows the truth, I had a face-to-face conversation with God.

So please, how can I prove that I had this conversation?

I am looking forward to proving, not disproving, my claim.

Thanks,
Danny


Honestly, my guess is that your method of choosing a starting number is not very random at all.  Then removing digits just removes entropy (shrinks the key space) significantly.  Eventually, you remove enough digits that you are searching a very small space, and someone else using a VERY poorly designed wallet (or method of generating addresses) could have also picked an address in that same space.  That would increase your odds of colliding with them to something actually possible.

Extreme example,

You remove all the digits except one.  There are a total of 10 different possible addresses that you could "randomly" end up with.

Someone else has a wallet that randomly chooses a number between 0 and 9 and uses that as it's private key.  There are a total of 10 different possible addresses they could "randomly" end up with.

The odds of you colliding with their address are no longer insurmountable.  Neither of you are using the entire key space.  There is now a 10% chance on each attempt that you will get their address.

I can find lots of private keys that have been used by modifying my search behavior to take advantage of the key generation behaviors or brain-wallet users.  This is because their method of choosing an address to use is not very random, AND because my method of choosing an address to check is not very random, AND because the key space of our two methods overlap in some way.

I'm not suggesting that you didn't find a private key that was already in use.  I'm suggesting that BOTH your method of searching AND the original user's method of choosing a key are not as random as either of you think, AND that the original user's method was insecure DUE TO HIS LACK OF RANDOMNESS.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Yeah, but me randomly clicking next and deleting several numbers on the end of the URL kind of disproves that.

Even if I did use a weak PRNG, I altered the number heavily by randomly clicking next and removing several digits from the end of the URL while doing so.
Okay, so the gist of the thread is that you found an address that has a balance in it on a page that is publicly available? If so, then it isn't considered a collision really. Anyone could have sent a little Bitcoins to a random amount to the page just for laughs. The site isn't for anyone to generate an address and use them.

You couldn't be the one using a weak RNG, the website is loading the address and it could have been generated long ago.
legendary
Activity: 1140
Merit: 1000
The Real Jude Austin
I generated a random number between 1 and 1809251394333065553493296640760748560200586941860545380978205674086221273350 ...
It just drives me nucking futs that people think it's impossible.... 1 out of all the atoms in the known universe DOES NOT MEAN IMPOSSIBLE!


I guess you didn't read my post completely?

It depends on HOW you generated this number?
The most probable event that happend is that you have used a broken RNG which someone else also already used.
At least its way more probable than really finding a collision.

Yeah, but me randomly clicking next and deleting several numbers on the end of the URL kind of disproves that.

Even if I did use a weak PRNG, I altered the number heavily by randomly clicking next and removing several digits from the end of the URL while doing so.

legendary
Activity: 1624
Merit: 2481
I generated a random number between 1 and 1809251394333065553493296640760748560200586941860545380978205674086221273350 ...
It just drives me nucking futs that people think it's impossible.... 1 out of all the atoms in the known universe DOES NOT MEAN IMPOSSIBLE!


I guess you didn't read my post completely?

It depends on HOW you generated this number?
The most probable event that happend is that you have used a broken RNG which someone else also already used.
At least its way more probable than really finding a collision.
member
Activity: 183
Merit: 43
You mean you brutte-forced an > 0 address...
That's not a collision, that's just what it; brutte-force.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
It just drives me nucking futs that people think it's impossible.... 1 out of all the atoms in the known universe DOES NOT MEAN IMPOSSIBLE!
When you make a very unlikely claim, it does mean you need solid proof. You're not the first, and I have no doubt others will make the same claim later. I'll treat it the way I treat any perpetuum mobile claim: proof or didn't happen.
legendary
Activity: 1140
Merit: 1000
The Real Jude Austin
I'm far too tired to quote everyone as I just landed in Melbourne from Brisbane and I worked all day.

How did I find the address?

I generated a random number between 1 and 1809251394333065553493296640760748560200586941860545380978205674086221273350 then I entered it in the URL for btckey.space

I then would click next a random amount of times then delete the last digit off the URL, rinse and repeat.

I setup btckey.space to throw a notification when an address with a balance is found, and it happened.

I then made a post to the directory.io with balances thread I started stating that I found an address. https://bitcointalksearch.org/topic/m.20157187

I also posted the page to my Pushbullet some days later, this happened in July of 2017. https://i.imgur.com/EqgXt72.png

I also posted to my FB groupchat: https://i.imgur.com/lf2PVAp.png

Someone had mentioned that I am part of LBC or Large Bitcoin Collider, if you look through my posts, I have been searching for an address collision WAY BEFORE LBC even existed.

I'm not a liar, I understand the odds: https://bitcointalksearch.org/topic/m.20242181

It just drives me nucking futs that people think it's impossible.... 1 out of all the atoms in the known universe DOES NOT MEAN IMPOSSIBLE!

I just realized after reading through the FB groupchat that I posted the wrong address, the address I originally posted is not the one I found randomly.

Stand by while I locate the proper address, should have a balance of 0.00003941
legendary
Activity: 1624
Merit: 2481
The fact that I can't prove my findings is driving me nuts and making me look like a liar.

Here is the address: 1EJvrRrgEAtAHx2dfVUh1NBresW1CJ9RHP

To prove a collision (finding 2 private keys to 1 public key) you just have to provide both private keys.
This is probably not what you are talking about? Because that would mean you are the first person to break SHA256..


But if you are talking about address collision (2 people randomly generating a private key to the same address)..
thats not a collision in the mathematical/cryptography sense.

Your "Address collision" (if you aren't lying; im not implying you do.. but its just very unlikely) probably comes from a bad bad (really BAD!) Pseudo Random Number Generator.
May i ask how you computed the private key? Did you use a wallet (I hope you didn't.. because chances are very high that this wallet has a broken PRNG then)?
Or did you use a libary to create it? (In this case.. the RNG of the libary is broken and should be reported).

A few more information about HOW you generated that private key would be nice!
full member
Activity: 369
Merit: 111
Since I could have owned this address prior to this thread, I could easily be lying.
The only way to prove an actually collision is by showing two different private keys that lead to the same address. Since there are many more private keys than addresses, it's much more likely to find a collision on a different key than on the same key.
(correct me if I'm wrong, but this is how I remember it)

So then the only way is for the owner of that address to come forward and have an alternative private key for this address? If they both signed an identical message would it result in different signatures?
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Since I could have owned this address prior to this thread, I could easily be lying.
The only way to prove an actually collision is by showing two different private keys that lead to the same address. Since there are many more private keys than addresses, it's much more likely to find a collision on a different key than on the same key.
(correct me if I'm wrong, but this is how I remember it)

Quote
At this point in time I am the only one who knows the truth, I found a collision.
Finding a collision is possible if the address wasn't randomly created.

Quote
I am looking forward to proving, not disproving, my claim.
I don't think that's possible.
Maybe you can start with explaining how you found the address?

Quote
Since I could have owned this address prior to this thread, I could easily be lying.
It's the internet, so there's at least a one-in-a-million chance you're lying. And even at that low odds, it's still billions of times more likely than finding a collision with a truely random address.
legendary
Activity: 1140
Merit: 1000
The Real Jude Austin
I found a collision on btckey.space, now how do I prove it?

Let's start from the beginning, shall we.

I am one of those people who, when people tell me something is impossible or improbable, often prove them wrong. It almost becomes a game to me and I become relentless. I never deceive people or fake results to prove myself right, that's just dumb and would be cheating myself.

The fact that I can't prove my findings is driving me nuts and making me look like a liar.

Here is the address: 1EJvrRrgEAtAHx2dfVUh1NBresW1CJ9RHP

As you can see it has a small amount of funds.

Since I could have owned this address prior to this thread, I could easily be lying.

I am asking anyone and everyone to chime in on how to prove that I found this collision.

I know what the odds are, and everyone keeps trying to prove me wrong with all kinds of math and theories, blah blah blah. At this point in time I am the only one who knows the truth, I found a collision.

So please, how can I prove that I found this address randomly? If you own this address, please PM me or post here and I can sign a message and you can and we can make some progress in proving this impossible feat.

I am looking forward to proving, not disproving, my claim.

Thanks,
Jude
Jump to: