Bitcoin Forum>Bitcoin>Development & Technical Discussion
Author

Topic: out of range private keys (Read 146 times)

pooya87
legendary
Activity: 3472
Merit: 10611
out of range private keys
December 19, 2021, 01:14:49 PM
#3
Quote from: akaki on December 19, 2021, 12:51:15 PM
However, in reality even the full 256 bits range and beyond work.
For Example, using 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF, we get the address 1PRWyFKTsQSJaUdX9VKgQNw8JERPw2kMFm that is valid (even transacted before).
No, they don't work because they are technically invalid. You are just using a tool that decided not to show you any error or warning message that the key you gave it is out of range, and instead handles it silently under the hood.

Quote from: akaki on December 19, 2021, 12:51:15 PM
As far as I understood, in ECDSA calculations we use %N, therefore we loop, and there is also a prviate key < N that also gives the same address 1PRWyFKTsQSJaUdX9VKgQNw8JERPw2kMFm.

am I right ?
In ECC we are working in a finite field so the operations are always modulo m.
Any private key > N is invalid, you can modify its value to make it valid. One way is to compute is mod N.
BlackHatCoiner
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Re: out of range private keys
December 19, 2021, 01:09:16 PM
#2
Well, no. We can't use anything beyond 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140. The fact that k∈[1, N] with m > N doesn't make m - N a number outside that range.

The private key of this address is m - N with m = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF. Specifically, it's
Code:
0x14551231950B75FC4402DA1732FC9BEBE

With a compressed public key of:
Code:
039166C289B9F905E55F9E3DF9F69D7F356B4A22095F894F4715714AA4B56606AF

WIF:
Code:
KwDiBf89QgGbjEhKnhXJuH7grrzmjVFJVSqqLimWN6cB6k6v8AAF
akaki
newbie
Activity: 25
Merit: 35
Re: out of range private keys
December 19, 2021, 12:51:15 PM
#1
Hi,

we can read in [https://en.bitcoin.it/wiki/Private_key] the following:

Quote
Range of valid ECDSA private keys
Nearly every 256-bit number is a valid ECDSA private key. Specifically, any 256-bit number from 0x1 to N=0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140 is a valid private key.
The range of valid private keys is governed by the secp256k1 ECDSA standard used by Bitcoin

However, in reality even the full 256 bits range and beyond work.
For Example, using 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF, we get the address 1PRWyFKTsQSJaUdX9VKgQNw8JERPw2kMFm that is valid (even transacted before).

As far as I understood, in ECDSA calculations we use %N, therefore we loop, and there is also a prviate key < N that also gives the same address 1PRWyFKTsQSJaUdX9VKgQNw8JERPw2kMFm.

am I right ?
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: