Topic: Outsourcing vanity address generation - page 2. (Read 5256 times)

Wow, that does sound a lot easier.

Are these features available now?  If not when are they expected to be available?

If you have it handy can you give me a link to the new bitcoin address format?

Edit, nevermind, found it https://en.bitcoin.it/wiki/BIP_0013

Subscribe.

Nice work Burt, Meni, and whomever else was involved in coming up with this.

Just thinking out loud...

... but vanity addresses using 1-of-2 multisignature transactions and BIP 13's new bitcoin address format could be orders of magnitude easier to generate.

You'd start with a normal keypair.

And simply compute the hash of the public key and another, arbitrary, "I don't have the private key but I don't care" public key (in an "OP_1 OP_2 OP_CHECKMULTISIG" transaction type).

You'd always spend the funds sent to the vanity address using pk1.

No expensive ECDSA addition or multiplication required, just lots of SHA256/RIPEMD160 hashing and base58 encoding and string comparing.

-----------

Widespread use of the new pay-to-script address format will have to wait until "everybody" upgrades to support it, though. And it does make transactions larger (2 public keys instead of 1) than the find-the-right-private-key solution.

As you may know I have given this a lot of thought (in other threads) and would like to be involved in this.  I will post a list of the issues later today.

Tools such as Vanitygen used to generate vanity addresses, Bitcoin addresses which follow a specific pattern, have been somewhat popular.

Generating a vanity address is a computationally intensive task, more so the more specific the pattern. It is conceivable that some people would like a vanity address but lack the appropriate hardware to generate it. Others may have the necessary hardware but not sufficient interest in an address. This suggests the need for a vanity market where clients outsource the production of addresses to generators for an agreed upon fee.

Ostensibly, this suffers from the problem of the need for secrecy - whoever generates the address has access to the corresponding private key, but the client who is to be the owner of the address must remain the sole person knowing the private key. This problem can be solved with some ECDSA magic of the kind discussed here.

The way it would work is this:

1. Client generates himself a single private key c and corresponding public key c*G. He also chooses a pattern P.
2. Client keeps c secret, but submits c*G and P to the generator.
3. Generator repeatedly generates a private key g, calculates g*c*G and checks if the address generated from the public key g*c*G matches the pattern P.
4. #3 is repeated until a match g is found.
5. Generator submits g to the client. The client uses g*c as a private key and g*c*G as the corresponding public key, which maps to the desired vanity address.
6. The generator, not knowing c or g*c, cannot claim coins from the generated address.

The procedure can be modified so that instead of using g*c as the private key and g*c*G as the public key, the private key will be g+c and the public key will be g*G+c*G. This is deemed less secure, but I believe is suitable for this application and may be less computationally expensive.