Author

Topic: Playing with Public Keys (Read 1406 times)

member
Activity: 98
Merit: 10
July 24, 2012, 01:04:26 AM
#11

What would be the point of doing that instead of hashing the document to a private key? As you say, you'll destroy any coins sent there if you hash it to a public key.

If you just wanted proof-of-knowledge OR if you wanted to create a "black hole" that people could send BTC to, knowing those BTC could never be recovered until ECDSA was broken.

Hashing to a private key gives the same proof-of-knowledge, plus you can take your coin back.

I know... Read my OP:

Quote
This is obviously not the only way to do this, this was just for fun.
foo
sr. member
Activity: 409
Merit: 250
July 24, 2012, 12:06:14 AM
#10

What would be the point of doing that instead of hashing the document to a private key? As you say, you'll destroy any coins sent there if you hash it to a public key.

If you just wanted proof-of-knowledge OR if you wanted to create a "black hole" that people could send BTC to, knowing those BTC could never be recovered until ECDSA was broken.

Hashing to a private key gives the same proof-of-knowledge, plus you can take your coin back.
member
Activity: 98
Merit: 10
July 24, 2012, 12:02:22 AM
#9
Ah, I think you're missing a step in your code, namely the one that makes the public key out of the private key. This explains why I was not able to verify your calculation for "hello". Smiley

I used this site for the hash: http://www.xorbin.com/tools/sha256-hash-calculator
and then plugged the hex string as a private key into https://www.bitaddress.org/
which gives the Bitcoin address.

Nope, it works fine for me...

This code is public key only. You are not able to spend the money at the address, only generate the address itself.
What would be the point of doing that instead of hashing the document to a private key? As you say, you'll destroy any coins sent there if you hash it to a public key.

If you just wanted proof-of-knowledge OR if you wanted to create a "black hole" that people could send BTC to, knowing those BTC could never be recovered until ECDSA was broken.
foo
sr. member
Activity: 409
Merit: 250
July 23, 2012, 11:58:52 PM
#8
Ah, I think you're missing a step in your code, namely the one that makes the public key out of the private key. This explains why I was not able to verify your calculation for "hello". Smiley

I used this site for the hash: http://www.xorbin.com/tools/sha256-hash-calculator
and then plugged the hex string as a private key into https://www.bitaddress.org/
which gives the Bitcoin address.

Nope, it works fine for me...

This code is public key only. You are not able to spend the money at the address, only generate the address itself.
What would be the point of doing that instead of hashing the document to a private key? As you say, you'll destroy any coins sent there if you hash it to a public key.
member
Activity: 98
Merit: 10
July 23, 2012, 11:54:43 PM
#7
Ah, I think you're missing a step in your code, namely the one that makes the public key out of the private key. This explains why I was not able to verify your calculation for "hello". Smiley

I used this site for the hash: http://www.xorbin.com/tools/sha256-hash-calculator
and then plugged the hex string as a private key into https://www.bitaddress.org/
which gives the Bitcoin address.

Nope, it works fine for me...

This code is public key only. You are not able to spend the money at the address, only generate the address itself.
foo
sr. member
Activity: 409
Merit: 250
July 23, 2012, 11:53:44 PM
#6
Ah, I think you're missing a step in your code, namely the one that makes the public key out of the private key. This explains why I was not able to verify your calculation for "hello". Smiley

I used this site for the hash: http://www.xorbin.com/tools/sha256-hash-calculator
and then plugged the hex string as a private key into https://www.bitaddress.org/
which gives the Bitcoin address.
member
Activity: 98
Merit: 10
July 23, 2012, 11:52:40 PM
#5
This concept is usually known as "brain wallets".
It's only a brain wallet if it's a private key/seed and it's memorized. The OP didn't say anything about private keys or memorization.

BTW, the variable you named "sha_pubkey" actually contains the Bitcoin private key, so you should rename that one. Smiley
No, according to my understanding of the code sha_pubkey is (the hash of) the public key, the private key is nowhere to be found. If there was a conversion from private to public, we'd see a mention of ECDSA.

That is my understanding.
donator
Activity: 2058
Merit: 1054
July 23, 2012, 11:51:49 PM
#4
This concept is usually known as "brain wallets".
It's only a brain wallet if it's a private key/seed and it's memorized. The OP didn't say anything about private keys or memorization.

BTW, the variable you named "sha_pubkey" actually contains the Bitcoin private key, so you should rename that one. Smiley
No, according to my understanding of the code sha_pubkey is (the hash of) the public key, the private key is nowhere to be found. If there was a conversion from private to public, we'd see a mention of ECDSA.
member
Activity: 98
Merit: 10
July 23, 2012, 11:49:38 PM
#3
This concept is usually known as "brain wallets".

I recently played around with this myself and found that SHA-256("test") has been used: http://blockchain.info/address/1HKqKTMpBTZZ8H5zcqYEWYBaaWELrDEXeE

BTW, the variable you named "sha_pubkey" actually contains the Bitcoin private key, so you should rename that one. Smiley

Interesting. I had heard the term before, but didn't realize that's what they were implying.

I'm also pretty sure that "sha_pubkey" is the public key. I based my code off of

https://en.bitcoin.it/w/images/en/9/9b/PubKeyToAddr.png

foo
sr. member
Activity: 409
Merit: 250
July 23, 2012, 11:39:36 PM
#2
This concept is usually known as "brain wallets".

I recently played around with this myself and found that SHA-256("test") has been used: http://blockchain.info/address/1HKqKTMpBTZZ8H5zcqYEWYBaaWELrDEXeE

BTW, the variable you named "sha_pubkey" actually contains the Bitcoin private key, so you should rename that one. Smiley
member
Activity: 98
Merit: 10
July 23, 2012, 11:26:13 PM
#1
I wrote a small/dirty python script that allows me to use an arbitrary value (like a string) as a "public key" in order to create a Bitcoin address.

This is the script:

Code:
#Wyager's quick and dirty arbitrary public key hasher

import binascii
import sys
import hashlib

code_string = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
###
pubkey = sys.argv[1]  #the "public key" is the first command line argument   
###
sha_pubkey = hashlib.sha256(pubkey).digest()# sha of the "public key"
###
ripe = hashlib.new("ripemd160")
ripe.update(sha_pubkey)
ripe_pubkey = ripe.digest()#ripemd of that
###
versioned_ripe_pubkey = "\x00" + ripe_pubkey#add a 00 to the beginning
###
sha_ripe_1 = hashlib.sha256(versioned_ripe_pubkey).digest()#sha that once
sha_ripe_2 = hashlib.sha256(sha_ripe_1).digest()#sha it twice
checksum_4_bytes = sha_ripe_2[0:4] #take the first 4 bytes of that
###
ripemd_and_checksum = versioned_ripe_pubkey + checksum_4_bytes#stick that on the end of the ripemd
###
integer_result = int(binascii.hexlify(ripemd_and_checksum), 16)
base58check_result = ""
while(integer_result > 0):#base58check encode that
    remainder = integer_result % 58
    integer_result = integer_result / 58
    base58check_result = base58check_result + code_string[remainder]#insert the base58 values
i = 0
while(ripemd_and_checksum[i]=="\x00"): #append a "1" for every leading zero byte
    base58check_result = base58check_result + "1"
    i = i + 1
###
reversechars = list(base58check_result)#flip the string around to make it big endian
reversechars.reverse()
base58check_result = ''.join(reversechars)
###
print base58check_result

I don't use python very often, so forgive my bad form.

My intention here was to make a simple system that allowed for proof of copyright or whatever. You treat your secret string/document as a "public key", and send money to the corresponding address, so it shows up on the blockchain. If you ever need to prove that you knew the string/document at some point, you can simply point to the transaction that has that address on the blockchain. This gives you a strong hash+timestamp. This is obviously not the only way to do this, this was just for fun.

Anyway, what I noticed was that someone else obviously had the same idea. I ran this script using "hello" as the public key, and that produces an address of 1HeqNjAst5TCQ63F7xhjg6bcTbDKrRk7sH. According to http://blockexplorer.com/address/1HeqNjAst5TCQ63F7xhjg6bcTbDKrRk7sH, someone has already sent money to "hello". I wonder what other addresses out there like this exist?  Tongue
Jump to: