Bitcoin Forum>Bitcoin>Bitcoin Discussion
Pages:
Author

Topic: Is it possible to send BTC to an address that doesn't exist? (Read 4631 times)

DeathAndTaxes
donator
Activity: 1218
Merit: 1079
Gerald Davis
Is it possible to send BTC to an address that doesn't exist?
July 18, 2012, 06:11:16 PM
#45
Quote from: westkybitcoins on July 18, 2012, 05:45:16 PM
Not trying to be picky, I'm just wanting to know exactly how this works....

Would you need the original private key to spend the coins, or just any private key that ultimately hashes to the address?

Any.  To spend coins sent to an address you need a private key which can sign the transaction.  Any private key which produces the same public address can properly sign a transaction.  For all intents and purposes Bitcoin addresses have 160bits of cryptographic strength.  Still there are certain advantages to making the keys 256bit.
dooglus
legendary
Activity: 2940
Merit: 1333
Re: Is it possible to send BTC to an address that doesn't exist?
July 18, 2012, 06:11:10 PM
#44
Quote from: westkybitcoins on July 18, 2012, 05:45:16 PM
Would you need the original private key to spend the coins, or just any private key that ultimately hashes to the address?

You don't need the original private key to spend payments to a bitcoin address.  Any private key with the same bitcoin address will work.

We can see this by looking at the script on a random recent transaction.  In order to spend the 50 BTC output of that transaction, we need to provide an input such that this script is satisfied:

OP_DUP OP_HASH160 f88b720031b65505f853bce809d4f4641744d2ae OP_EQUALVERIFY OP_CHECKSIG

ie. we need to put two values on the stack, one of which is a public key which has a hash160 of f88b720031b65505f853bce809d4f4641744d2ae, and the other of which is the signature obtained when signing the spending transaction with the corresponding private key.

At no point is there anything to distinguish the sender's private key - all we can see is the 160 bit hash of the sender's public key and so any suitable private key will do.
westkybitcoins
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
Re: Is it possible to send BTC to an address that doesn't exist?
July 18, 2012, 05:45:16 PM
#43
Quote from: jgarzik on July 18, 2012, 05:38:57 PM
Quote from: westkybitcoins on July 18, 2012, 05:20:58 PM
Quote from: jgarzik on July 18, 2012, 03:14:43 PM
The ECDSA private key behind it all is 256 bits.

Yes, but since the end-result is a 160-bit address, there's a certain loss of information. IOW, multiple 256-bit private keys could map to any given 160-bit address, so really only (Roll Eyes) 2^160 bits worth of work needs to be done to crack any given address.

The bitcoin address is basically a 160-bit hash, yes, but you need the private key to actually spend the bitcoins.



Not trying to be picky, I'm just wanting to know exactly how this works....

Would you need the original private key to spend the coins, or just any private key that ultimately hashes to the address?
jgarzik
legendary
Activity: 1596
Merit: 1099
Re: Is it possible to send BTC to an address that doesn't exist?
July 18, 2012, 05:38:57 PM
#42
Quote from: westkybitcoins on July 18, 2012, 05:20:58 PM
Quote from: jgarzik on July 18, 2012, 03:14:43 PM
The ECDSA private key behind it all is 256 bits.

Yes, but since the end-result is a 160-bit address, there's a certain loss of information. IOW, multiple 256-bit private keys could map to any given 160-bit address, so really only (Roll Eyes) 2^160 bits worth of work needs to be done to crack any given address.

The bitcoin address is basically a 160-bit hash, yes, but you need the private key to actually spend the bitcoins.

DeathAndTaxes
donator
Activity: 1218
Merit: 1079
Gerald Davis
Re: Is it possible to send BTC to an address that doesn't exist?
July 18, 2012, 05:31:04 PM
#41
That is correct.  The stength of private keys from a brute force attack is 2^160th.  An attacker doesn't need the exact private key they simply need any private key which produces the same address.  Still 2^160th is very large many many many magnitudes larger than what could be brute forced even with all the computing power on the planet AND a century of Moore's law at work.
westkybitcoins
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
Re: Is it possible to send BTC to an address that doesn't exist?
July 18, 2012, 05:20:58 PM
#40
Quote from: jgarzik on July 18, 2012, 03:14:43 PM
Quote from: westkybitcoins on July 18, 2012, 10:34:49 AM
Quote from: Rygon on July 18, 2012, 10:04:13 AM
Quote from: Nyhm on July 17, 2012, 11:23:55 AM

Under the original post's scenario, that private key may be unknown to anyone. If anyone ever does generate that key pair (against astronomically incomprehensible odds), they mathematically and cryptographically "own" (because this is how the Bitcoin system is defined) any associated bitcoin value assigned to them by a transaction in the blockchain!


What exactly are those odds? Is there a reference somewhere? I was trying to explain the finer details of Bitcoin to someone with a solid mathematics background, and I was having trouble finding the odds. is it like 1 in 2^50, or 1 in 2^100? Thanks!

IIRC, Bitcoin addresses rely on a hash called RIPEMD-160, giving 160-bit results, so the odds are about 1 in 2^160.

The ECDSA private key behind it all is 256 bits.

Yes, but since the end-result is a 160-bit address, there's a certain loss of information. IOW, multiple 256-bit private keys could map to any given 160-bit address, so really only (Roll Eyes) 2^160 bits worth of work needs to be done to crack any given address.

I'm not a cryptographer, but that's what I've read. Can anyone else confirm (or disprove) this?
Rygon
hero member
Activity: 520
Merit: 500
Re: Is it possible to send BTC to an address that doesn't exist?
July 18, 2012, 04:33:19 PM
#39
Thanks! That's good enough for me!
jgarzik
legendary
Activity: 1596
Merit: 1099
Re: Is it possible to send BTC to an address that doesn't exist?
July 18, 2012, 03:14:43 PM
#38
Quote from: westkybitcoins on July 18, 2012, 10:34:49 AM
Quote from: Rygon on July 18, 2012, 10:04:13 AM
Quote from: Nyhm on July 17, 2012, 11:23:55 AM

Under the original post's scenario, that private key may be unknown to anyone. If anyone ever does generate that key pair (against astronomically incomprehensible odds), they mathematically and cryptographically "own" (because this is how the Bitcoin system is defined) any associated bitcoin value assigned to them by a transaction in the blockchain!


What exactly are those odds? Is there a reference somewhere? I was trying to explain the finer details of Bitcoin to someone with a solid mathematics background, and I was having trouble finding the odds. is it like 1 in 2^50, or 1 in 2^100? Thanks!

IIRC, Bitcoin addresses rely on a hash called RIPEMD-160, giving 160-bit results, so the odds are about 1 in 2^160.

The ECDSA private key behind it all is 256 bits.

westkybitcoins
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
Re: Is it possible to send BTC to an address that doesn't exist?
July 18, 2012, 10:35:47 AM
#37
Quote from: FreeMoney on July 17, 2012, 03:24:19 PM
Quote from: Nyhm on July 17, 2012, 03:08:17 PM

Mathematicians overlook that computation is bounded by Physics. Computer Scientists lament it. Cryptographers depend on it. -- Nyhm

(Is it pretentious to quote my own proverbs? Is it tactless to jingle my proverbial tip jar?) 1NYhM2pzT6PDfZyXbyFm3dVcoob4phrGc5

Usually yes, but that one is ok.

Yeah, it's good enough to refer to at some point. Smiley
westkybitcoins
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
Re: Is it possible to send BTC to an address that doesn't exist?
July 18, 2012, 10:34:49 AM
#36
Quote from: Rygon on July 18, 2012, 10:04:13 AM
Quote from: Nyhm on July 17, 2012, 11:23:55 AM

Under the original post's scenario, that private key may be unknown to anyone. If anyone ever does generate that key pair (against astronomically incomprehensible odds), they mathematically and cryptographically "own" (because this is how the Bitcoin system is defined) any associated bitcoin value assigned to them by a transaction in the blockchain!


What exactly are those odds? Is there a reference somewhere? I was trying to explain the finer details of Bitcoin to someone with a solid mathematics background, and I was having trouble finding the odds. is it like 1 in 2^50, or 1 in 2^100? Thanks!

IIRC, Bitcoin addresses rely on a hash called RIPEMD-160, giving 160-bit results, so the odds are about 1 in 2^160.
Rygon
hero member
Activity: 520
Merit: 500
Re: Is it possible to send BTC to an address that doesn't exist?
July 18, 2012, 10:04:13 AM
#35
Quote from: Nyhm on July 17, 2012, 11:23:55 AM

Under the original post's scenario, that private key may be unknown to anyone. If anyone ever does generate that key pair (against astronomically incomprehensible odds), they mathematically and cryptographically "own" (because this is how the Bitcoin system is defined) any associated bitcoin value assigned to them by a transaction in the blockchain!


What exactly are those odds? Is there a reference somewhere? I was trying to explain the finer details of Bitcoin to someone with a solid mathematics background, and I was having trouble finding the odds. is it like 1 in 2^50, or 1 in 2^100? Thanks!
caveden
legendary
Activity: 1106
Merit: 1004
Re: Is it possible to send BTC to an address that doesn't exist?
July 18, 2012, 08:00:42 AM
#34
Quote from: DeathAndTaxes on July 17, 2012, 05:15:34 PM
Quote from: caveden on July 17, 2012, 04:55:44 PM
Why can't the very first 50 bitcoins be spent?

Early versions of the client consider them unspendable to maintain compatibility all current versions also consider them unspendable.  

I understand this, I just wonder if some rationale was given for this "weird" rule.

Quote from: DeathAndTaxes on July 17, 2012, 05:15:34 PM
Given the potential for hard fork I doubt it will ever be patched.

For sure, definitely not worth the trouble. Particularly since it was Satoshi himself who created this rule, which only concerns his own coins.
TangibleCryptography
sr. member
Activity: 476
Merit: 250
Tangible Cryptography LLC
Re: Is it possible to send BTC to an address that doesn't exist?
July 17, 2012, 05:36:18 PM
#33
Quote from: casascius on July 17, 2012, 05:21:29 PM
I am amazed we worry much about the earliest clients and that there isn't a mechanism to deactivate them.  The earliest clients also allow for the creation of new bitcoins just by summing two numbers together in an overflow, but we assume everyone has upgraded.  I am guessing the original 50 BTC doesn't ever get added to the blkindex.dat and that's the reason it is unspendable.

I think the issue isn't just earliest clients anymore.  The "rule" (unintended or not) of block zero unintended or not has been carried forward this long.  There are now what 8 different clients in active development.  Changing the rule now while possible has the potential for huge disruptions if some/all clients don't implement it.  Given almost all of Satoshi early blocks have never been spent it doesn't seem like a huge issue.  Either Satoshi has no intention of spending them, or the private key is lost.   Even if it was spendable Satoshi (IMHO a group of people) mined thousands of blocks so it isn't like they NEED to spend that particular block.

Given the extremely tiny benefit is simply doesn't warrant disruption to the network. 
casascius
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
Re: Is it possible to send BTC to an address that doesn't exist?
July 17, 2012, 05:21:29 PM
#32
Quote from: DeathAndTaxes on July 17, 2012, 05:15:34 PM
Quote from: caveden on July 17, 2012, 04:55:44 PM
Why can't the very first 50 bitcoins be spent?

Early versions of the client consider them unspendable to maintain compatibility all current versions also consider them unspendable.   If that were to change now it has the potential to cause a permanent fork in the network where some nodes see a block as valid and some as invalid when it contains block0 coins.  I think it was an oversight in the early code base but it is a "limitation" we are stuck with now. Given the potential for hard fork I doubt it will ever be patched.

I am amazed we worry much about the earliest clients and that there isn't a mechanism to deactivate them.  The earliest clients also allow for the creation of new bitcoins just by summing two numbers together in an overflow, but we assume everyone has upgraded.  I am guessing the original 50 BTC doesn't ever get added to the blkindex.dat and that's the reason it is unspendable.
DeathAndTaxes
donator
Activity: 1218
Merit: 1079
Gerald Davis
Re: Is it possible to send BTC to an address that doesn't exist?
July 17, 2012, 05:15:34 PM
#31
Quote from: caveden on July 17, 2012, 04:55:44 PM
Why can't the very first 50 bitcoins be spent?

Early versions of the client consider them unspendable to maintain compatibility all current versions also consider them unspendable.   If that were to change now it has the potential to cause a permanent fork in the network where some nodes see a block as valid and some as invalid when it contains block0 coins.  I think it was an oversight in the early code base but it is a "limitation" we are stuck with now. Given the potential for hard fork I doubt it will ever be patched.
caveden
legendary
Activity: 1106
Merit: 1004
Re: Is it possible to send BTC to an address that doesn't exist?
July 17, 2012, 04:55:44 PM
#30
Why can't the very first 50 bitcoins be spent?
ribuck
donator
Activity: 826
Merit: 1060
Re: Is it possible to send BTC to an address that doesn't exist?
July 17, 2012, 03:46:34 PM
#29
Quote from: theymos on July 17, 2012, 02:59:17 PM
Quote from: ribuck on July 17, 2012, 02:43:52 PM
The coins in that address cannot be redeemed.

Only the generation transaction to that address can't be redeemed. Other transactions could be redeemed by Satoshi if he still has the private key.
Thank you theymos for clarifying (again). I'll edit my post to get it right this time.
Nyhm
full member
Activity: 216
Merit: 100
Re: Is it possible to send BTC to an address that doesn't exist?
July 17, 2012, 03:31:40 PM
#28
Quote from: FreeMoney on July 17, 2012, 03:24:19 PM
Quote from: Nyhm on July 17, 2012, 03:08:17 PM

Mathematicians overlook that computation is bounded by Physics. Computer Scientists lament it. Cryptographers depend on it. -- Nyhm

(Is it pretentious to quote my own proverbs? Is it tactless to jingle my proverbial tip jar?) 1NYhM2pzT6PDfZyXbyFm3dVcoob4phrGc5

Usually yes, but that one is ok.

Why, thank you for your compliment, fine Sir! ... *eagerly awaits new transactions*

Bitcoin - Ushering in a new era of online begging. -- Nyhm
FreeMoney
legendary
Activity: 1246
Merit: 1016
Strength in numbers
Re: Is it possible to send BTC to an address that doesn't exist?
July 17, 2012, 03:24:19 PM
#27
Quote from: Nyhm on July 17, 2012, 03:08:17 PM

Mathematicians overlook that computation is bounded by Physics. Computer Scientists lament it. Cryptographers depend on it. -- Nyhm

(Is it pretentious to quote my own proverbs? Is it tactless to jingle my proverbial tip jar?) 1NYhM2pzT6PDfZyXbyFm3dVcoob4phrGc5

Usually yes, but that one is ok.
Nyhm
full member
Activity: 216
Merit: 100
Re: Is it possible to send BTC to an address that doesn't exist?
July 17, 2012, 03:08:17 PM
#26
Quote from: DeathAndTaxes on July 17, 2012, 02:59:51 PM
Reference for the sun enough energy in our star to brute force 256 bit keyspace

http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html

Note that the energy calculated is to count to 2^256 nothing more.

i.e. this code can't be completed even with a computer using all power of our star at perfect theoretical efficiency
Code:
int256 i=0;

while (i < int256.MaxValue)
{
  i++
}
print "WE FINALLY COUNTED TO 2^256"

Mathematicians overlook that computation is bounded by Physics. Computer Scientists lament it. Cryptographers depend on it. -- Nyhm

(Is it pretentious to quote my own proverbs? Is it tactless to jingle my proverbial tip jar?) 1NYhM2pzT6PDfZyXbyFm3dVcoob4phrGc5
Pages:
Bitcoin Forum>Bitcoin>Bitcoin Discussion
Jump to: