Topic: Matching public key with directory.io - why so difficult? (Read 3723 times)

Try asking that in an LBC thread.

For example here:  https://bitcointalk.org/index.php?topic=1877935.0;topicseen

Would it be possible to use LBC for personal purposes, ie without connecting to the LBC servers?

thank you all I stay on the wire because I test and come bring my results here

See https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses specifically step 7.

How calcul checksum of address ?

Are Bitcoin addresses random?  You tell me:

The private key is huge random number.  
The public key is therefore basically a random point on a huge elliptic curve.
The public key is then hashed, this creates a random number based on the random point on the curve.
The result of the hash is then hashed again, creating a random number based on the first hash.
The result is then hashed again creating a random number based on the result of the second hash.

Finally the result of the third hash is encoded into an ASCII string starting with 1 or 3.

Do you see now?

You can search for "vanity address generation" here on the forums.

Vanity address generation:

Let's say I want to find a Bitcoin address that looks like this "1BurtWxxxxxxxxxxxxxxxxxxxxxxxxxxxx"


Else you have found one of the almost infinite number of private keys that happen by chance to have "1BurtW" as the first 6 characters of the Bitcoin address.

I did this years ago.

Here is the result:   1BurtWEejbnKeBRsvcydJvsNztB1bXV5iQ

NOTICE that I have the private key and the Bitcoin Address so this is a valid Bitcoin Address and I have the private key so any Bitcoins sent to this address are "mine" in the sense that I can spend them - since I know the private key.

Here is another possibility:


Notice that this is a valid Bitcoin address in that you can send Bitcoins to it and people have, to the tune of 13.1251233 BTC (!)

https://blockchain.info/address/1BitcoinEaterAddressDontSendf59kuE

However, in this case, the private key is not know, for all practical purposes it is impossible to find the private key, the private key will never be found so these 13.1251233 BTC are lost forever.

Back in the old days when it did not cost anything to do a transaction and Bitcoins were only worth a couple of dollars each I actually placed one of my favorite poems into the blockchain, there to reside forever.  Here it is:


As noted above the private keys for these addresses cannot be found, ever, so these 0.00000004 BTC are lost forever.

Two more interesting points:

1) If you take any Bitcoin address, for example 1BitcoinEaterAddressDontSendf59kuE then, by design, there is not just one possible private key that will give you this exact Bitcoin address.  There are approximately 2⁹⁶ = 79,228,162,514,264,337,593,543,950,336 different private keys that will give you this exact Bitcoin address!  Even though there are that many different private keys that would allow you to own and spend the 13.1251233 BTC at that address it is, for all practical purposes, impossible to find even one of them!

Blows the mind, right?

2) Very long vanity addresses have been found.  Here are the records.  Note that the private keys for these addresses are known by the owners because they were found, by chance, by generating trillions of random valid private keys and then checking the Bitcoin addresses calculated from the private keys.

They are unpredictable, unless your wallet has a severely flawed random number generator and ends up generating the same address over and over again. Else, the addresses generated are random. Vanity address generators have an estimated time since there is a fixed range of characters for which an address can have. They can effectively give a very vague estimate of the time based on the probability.

the addresses are they really random or say that we could find an address of the type "11111" every X private key?

Generating a private key takes very little time.  In the case of directory.io the private keys for the page are simply calculated from the page number.  In the case of a real key pair generation the private key is a secure random 256 bit number.  In the case of the LBC the private key started at 1 and incremented from there (they are currently creating and testing key pairs with the private keys around 2^53.22 or 10,490,987,492,010,478).

Once you have the private key, which is very easy, then you have to calculate the public key which is a point on an elliptic curve.  The equation looks simple (Public Key) = (Private Key) * G but it is a bit involved since G is a point on a curve and * is the scalar multiplication function defined over the points on the curve.

Remember all public keys are point on a curve so they are X, Y coordinates.  For elliptic curves for every X coordinate there are exactly two possible Y coordinates which are easy to calculate so to "remember" a specific point on the curve we can either remember the X and the Y coordinate or just the X coordinate and a single bit to tell us which of the two possible Y coordinates to use.  This means there is a "compressed" form of the public key (the X coordinate and one additional bit = 256 + 1 = 257 bits) and and "uncompressed" form of the public key (the X coordinate and the Y coordinate = 256 + 256 = 512 bits).

Once you have the public key you can now generate the Bitcoin address which is defined as a specific ASCII encoding of the triple hashing of the public key plus some check bytes.

Since for every public key there are two ways we can represent it (compressed and uncompressed) this means that for every public key there will be two possible forms for the Bitcoin address.  If you start with the compressed form of the public key you end up with the compressed version of the Bitcoin address.  If you start with the uncompressed form of the public key you end up with the uncompressed form of the Bitcoin address.

What was your question again?

would it be possible to create the same site by not generating private keys but hash160?

No, if you try and crawl that site there will be a (practically) infinite number of pages.  Google alone has about 45000 pages index, all dynamically generated. 
https://www.google.com/search?source=hp&q=site%3Adirectory.io&oq=site%3Adirectory.io

Kind of like Google has about 42 million pages from finance.yahoo.com indexed.  Most are dynamically generated for various stock symbols and the related pages for each, etc:
https://www.google.com/search?q=site%3Afinance.yahoo.com

Wow! Thanks heaps.

No?
https://github.com/saracen/directory.io

You obviously didn't read my posts! I was thinking about USING directory.io as an offline wallet generator - IF I could get the code offline. Unfortunately, the creator hasn't made the code downloadable.

At the very first moment when you visit directory.io to find the page number of your offline created private key, it will be very easy for the admin of the page to steal your funds immediately PLUS your offline generated key is not offline anymore. There is no need to repeat the visit, because the attacker (admin) can simply check all visited directory.io pages and check the balance of all private keys on that very page.

These are just ideas and this is just a discussion. I'm the type of person that delves and delves until I find myself answering other people's questions on whatever it is I'm investigating.

A random private key will never be as memorable to me as something I create myself. So there's a trade-off either way you go.


Once again, you're assuming I'm reusing this public address over-and-over again or that I'm advertising it. This is my storage wallet and not an address for people to send me funds. True, if I bring them out of hibernation it increases their vulnerability. Then I go down the path of p2p wallets, etc and find a new cold address to send my savings to.

I don't understand why you are so fixated on choosing your own private key that is memorable. Why not instead generate random private keys until you generate something that you find memorable. That is far more secure than you choosing something memorable.

It can be stolen the moment you decide to spend the coins and have to enter you private key into some software. Even if you are keeping the coins in long term storage, at some point in the future you will want to move those coins out of storage to do something with them. Whenever you do that, you expose your private key and it can be stolen.

Similarly, the same argument can be made for randomly generating a private key and keeping it on a storage medium that never touches the internet.

There is also still a significant privacy loss even if you are only using that address for receiving. For starters, everyone that sends you money will know how much money you have. Furthermore you are reducing the privacy of everyone that transacts with you because anyone will be able to look at their transactions and immediately know who they were paying and how much.

Thanks for your detailed response. I'm sure others will find it useful too.


>>>>First of all, you are essentially sending your private key to a remote web server (directory.io).

Not if I'm doing the public-private key generation locally on an air-gapped, unconnected computer - one of the reasons for my posts above. I would like to get hold of that code for personal use, but the creator has hidden it, unlike other websites that randomly generate public-private key pairs. I actually think that I could create the code if I really put my mind to it, something I might consider if I can't get that code.

>>>>Secondly, you still need to load that private key into a wallet software in order to spend from it.

Not if I'm keeping it purely for storage and not transacting with it.

>>>>Thirdly, because the private key is in an unencrypted form, if the private key is stolen, then the thief can spend your coins immediately. With wallet encryption, if your coins are stolen, you still have time to move them as strong encryption and a strong password will protect your private keys.

How would a thief steal it if it's committed to memory and the public key has only ever been used once - to deposit the money? You're assuming I'm using it for transacting. That wallet is cold and the private key has never touched the Internet.

>>>>Lastly, you would be reusing the exact same address over and over again which will lead to significant privacy loss.

Not if I simply put the bitcoin there for long term storage.
-----------------------

The more I think about it, the better my idea becomes - for storage purposes, that is. Perhaps not for transacting.

The page number and location that you find memorable, even if a "huge" string of numbers, is probably something that many other people would find memorable. Regardless of what number you choose, it will not be as secure as randomly generating a private key. What you are doing is similar to brain wallets which are notoriously insecure. Except your method is less secure as it does not include any key stretching or additional things to possible add randomness (e.g. hashing) that brain wallets do.

There's nothing stopping you from randomly generating a private key and then figuring out its location on directory.io. Or randomly generating the page number and randomly generating the key index on directory.io so that you can memorize them for your key. That would be more secure than you choosing the location manually. You can even keep generating random numbers until you find one that is memorable to you. That is much more secure than you choosing your own private key.

Furthermore you are still vulnerable to many attacks (even the same ones that you thought you weren't vulnerable to) with your scheme.

First of all, you are essentially sending your private key to a remote web server (directory.io). The owner of that website can see that your browser would be visiting the same page over and over again. It would not be hard for them to just search through the private keys on that page and see which ones have coins and then steal them. In fact, any man in the middle could do this. The site doesn't even use https so anyone sniffing traffic on your internet connection (e.g. shared wifi) would be able to see exactly what page you are on and then just scan those private keys.

Secondly, you still need to load that private key into a wallet software in order to spend from it. You will probably have the private key on your clipboard, and the private key will be held in insecure places and in insecure memory. With a proper wallet software that generated your private key, the private key will remain in that software's memory (unless you export it). Your private key would then be able to be stolen by keyloggers and clipboard loggers which constitutes far more viruses than coin stealing viruses as coin stealing viruses much find specific files to steal your coins. This means that your key is much more vulnerable to viruses on your computer. Additionally you would still be vulnerable to traditional coin stealing viruses because most wallet software will write imported keys to a wallet file so normal coin stealing viruses can go steal those wallet files.

Thirdly, because the private key is in an unencrypted form, if the private key is stolen, then the thief can spend your coins immediately. With wallet encryption, if your coins are stolen, you still have time to move them as strong encryption and a strong password will protect your private keys.

Lastly, you would be reusing the exact same address over and over again which will lead to significant privacy loss. There's a reason that nearly all wallet software gives you a new address every time you want to receive coins and every time it makes a change output.

Questions about security vs. accessibility have been plaguing the computer security industry for decades. In the end it is simply up to you to determine such risks for yourself, there is no formula that will answer it for you.

Although humans are notoriously bad at randomness, human minds are really good at seeing patterns, even when they are not there (like shapes in the clouds). You can use that to your advantage to generate a random password using a machine and then remember it by imagining patterns in the keys, pretending that the characters actually have some meaning. This will help you remember it.

Another way you could exploit a human mind is by obtaining muscle memory of your keys. All you need to do is type them regularly, even if it is on a detached keyboard, so it will stay in your "muscles". All my passwords exist only in my subconscious, they were randomly generated and they are long as hell, I have no idea what they are. This resulted in some loses of accounts and inability to type them on a phone keyboard, but as long as you have a physical copy as well, you should be fine. It is unlikely you would lose both at the same time.

OK, this makes a bit more sense now. My "algorithm" for determining the key to use would make it more vulnerable to attack than a randomly generated key. But I still have an issue with this and it would be a really interesting study.

What's the greater risk?:

1) Using my method where it's a simple algorithm for me to remember the page number and location via a HUGE (and I mean HUGE) string of numbers - i.e. not your typical internet password. This wallet would exist in my head. Despite this, it's more vulnerable to attack because it doesn't have the entropy of a purely randomly generated number.

2) Using a randomly generated key which is less prone to attack, but is more easily forgotten or the details of which more easily lost. (This key would have to be stored somewhere physical, opening it up to being attacked in a way the first option wouldn't.)

I wonder what the figures are in terms of dollar value lost due to i) hacking ii) simply losing your private key.

I've already spoken to one guy who lost over 1000 bitcoin on a hard drive somewhere, and I bet most of you have heard similar stories. I would almost hazard that simple user clumsiness (i.e. option ii) is a greater threat to your wealth than being hacked.

Using directory.io to choose your private key is a horrible idea, regardless of whether you are online or offline. Private keys are only secure if they are randomly generated using a cryptographically secure random number generator. By using directory.io (or any other list of private keys) to select your private keys manually, you are significantly reducing your security because humans are notoriously bad at securely generating random numbers. You as a human do not provide enough entropy to actually choose a random number randomly, which means that whatever private key you choose will be insecure and more likely to be easily brute forced.

https://lbc.cryptoguru.org/stats

I love this stuff! Thanks. I've seen the puzzle transaction - that's cool.

I actually don't see why it's so terrible if I do it offline, air-gapped? Doesn't this directory list ALL potential private keys? It's not as if I'd use page 235 key 15 as my address...my choice would be far more sophisticated than that.

FYI:  The first 54970.38 billion pages on directory.io have already been searched for active Bitcoins and a few were found.  Most if not all of the bitcoins found in these first 54970.38 billion pages were placed there on purpose as a sort of "canary in a coal mine" test of the security of the network.

See the search project (started at private key 0 and searching the private key space linearly, currently running about 21.10 trillion keys per day): 

https://lbc.cryptoguru.org/stats

And the "puzzle transaction" security test is discussed here: 

https://bitcointalksearch.org/topic/bitcoin-puzzle-transaction-32-btc-prize-to-who-solves-it-1306983

Its an absolutely terrible idea. Humans SHOULD NOT be allowed to choose their own private key from a pool of addresses. The level of security you can expect from an address in directory.io should be considered as insecure as brainwallet generated from key phrase "correct battery horse staple". The problem with you picking an address that is already generated means that anyone else would have a decent chance (higher chance than someone generating a conflicting address) of finding your address and the corresponding private key. Needless to say, the database can be modified or removed at any time. Most clients generates addresses securely and it is never an issue.

Tl;Dr: It is an extremely bad idea and its stupid for anyone to use an address listed there.

You are right. Thanks for the correction.

No.
With a quantum computer it is possible to calculate the private key from the public key.
BUT,
if you use bitcoin "correctly" and you do not reuse the same bitcoin address, your public key is not visible to the attacker. So he would not be able to get your private key even with the help of a quantum computer.

The sha256 hash algorithm used in bitcoin, to generate address from public key, is quantum computer resistant.

But there are many bitcoin addresses, which are reused, and which do have sent actions in them, and those are vulnerable to quantum computers as the public key is visible.
There are more than 1000 000 bitcoins in such addresses.

Some corrections:
Address is a ripemod160 hash, so there are "only"
2^160 =
1461501637330902918203684832716283019655932542976
different addresses, that you need to check.
not the 2^256=
115792089237316195423570985008687907853269984665640564039457584007913129639936

And if you are not looking for one specific private key for the one address you want to find, but just try to find ANY address, that has bitcoins in it. (about 2000000 addresses) then you have to check only:
(2^160)/2000000=
730750818665451426033988086967063606722560
addresses.

A lot easier, but the result is still the same. It is not possible with the computers in existence now.

I wrote an answer in another topic where someone tried to find private keys with balance on it.

I did simple math to show that such a brute force attack on private keys is more or less useless.

I've been thinking a bit and to me this site could be the perfect cold wallet generator. It gives you a means of choosing an address to store your bitcoin which would be very easy to look up. You remember by page number and location on the page, rather than by address. It means you CHOOSE your address rather than in the case of those other sites which choose one for you at random.

I would like to be able to use this page offline on an air-gapped computer, but the code has been hidden and it's only possible to use online. Is there a way of getting it offline?

Thanks,

Ag

People might use some of those addresses for fun. Probably fist one was used as well. But since everyone knows the private keys for those addresses, there aren't any coins left there for long. There also might be some buggy wallets that generate addresses with no randomness and use small values for private keys.

Some people have a lot of money in bitcoin, so they want to be as secure as reasonably possible. Computers often have malware, antiviruses or even secure operating systems aren't enough in practice to keep you safe for more then few years. Security is pretty hard.

Thanks heaps for all answers.

Haha, this is brilliant. I haven't done a lot of computer programming, but I'm guessing the code to create this page isn't terribly involved. I might even send some crypto to him/ her just because it's such a good joke.

Someone found an address on there that had some bitcoin on it at some stage - I think it's on page 1337. Is this just fluke, or did the owner find it and advertise the fact?

(Insert: It's the 17xy address. Why doesn't the compressed address show the same info?)

I wonder why people go to such lengths with Nano devices when a public-private key pair generated by an offline, air-gapped computer is for all intents and purposes unhackable.

Cheers.

lol, please donate it took alot of computational power to generate this list , this guy is smart , he got me at first .

You can't look up an address without knowing it's private key.  If you know the private key already, then there is no need to look up the address.


Correct. Also, it is in private key order.  Therefore, by knowing a private key you can jump directly to the correct location in the list and instantly find the associated address, but if all you know is the address then you don't know what page to look on.


Correct.


It is not a database, and it didn't require a huge amount of computing power.  That's a joke.

It is required some kind of break through in computation for collisions to happen, people speculate it may be achieved with quantum computing.

Check out this article: https://www.miguelmoreno.net/bitcoin-address-collision/

The website is useless because it doesn't have one particular function, search.

All that website does is compute private keys starting from 0. The website isn't a database but more of like a active service, you put in a page number and then it calculates the private keys and generates them, its more of a parody than anything else.

Hi everyone,

I've read up on the close-to-impossibility of randomly generating a private key which matches a given public address (e.g. grains of sand analogy). I'm still trying to answer a few of my own questions, however.

My current questions relate to this: http://directory.io/

- What's to stop someone simply using this website to look up a particular address and find the corresponding private key?
- Is the list simply so large that it would take an eternity to actually find the relevant address with a computer program?
- I'm assuming this list has code behind it and it generates each page as required - i.e. it's not a static list?
- Why did this database require such a huge amount of computing power if the list is dynamically populated?

I find this list totally fascinating! I might even send a donation at some point...

Thanks for any help.

Agnosticus