Bitcoin Forum>Bitcoin>Development & Technical Discussion
Author

Topic: Question about a collision statement on bitcoin wiki (Read 656 times)

Peter R
legendary
Activity: 1162
Merit: 1007
Question about a collision statement on bitcoin wiki
December 09, 2013, 06:28:53 PM
#3
Quote from: SneakyNinjA on December 09, 2013, 02:48:16 PM
Hey guys,
Was just reading https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses when I came across this part.
Quote
Since Bitcoin addresses are basically random numbers, it is possible, although extremely unlikely, for two people to independently generate the same address. This is called a collision. If this happens, then both the original owner of the address and the colliding owner could spend money sent to that address. It would not be possible for the colliding person to spend the original owner's entire wallet (or vice versa).
Now it is my understanding that a collision would mean 2 different ECDSA keys turning into the same public bitcoin address, and it would therefore make sense that the ECDSA key must be the same to have actually access the entire wallet. But this stands true only if there is indeed a collision right? If two users have the same ECDSA key, then both would have access to the entire wallet, and the following statement of
Quote
If you were to intentionally try to make a collision, it would currently take 2^107 times longer to generate a colliding Bitcoin address than to generate a block
as well as the previous statement regarding collisions (as none have been found in SHA-256 to my knowledge) would really only be put there for marketing, and not for actual securities sake.

Bitcoin addresses are 160 bits and bitcoin ECDSA private keys are 256 bits. There are thus WAY more private keys than bitcoin addresses.  This means that there are TONS AND TONS of private keys that would all unlock the same bitcoin address.  

That being said, the odds of ever finding two keys that unlock the same address (a collision) is effectively nil.  I've seen one post that showed it would require more energy than is contained in our sun to even make a credible attempt at finding a collision.  

TL/DR: While collisions must mathematically exist, it is not physically possible to find one.  
alp
full member
Activity: 284
Merit: 101
Re: Question about a collision statement on bitcoin wiki
December 09, 2013, 04:21:48 PM
#2
If two people have the same key, that's not really a collision in this sense.

It wouldn't have access to the "entire wallet", only that specific address.

Since it is only talking about collisions of different keys, I have no idea why you claim this is only marketing.  This is an important distinction for addresses, since it is "compressed" forms of large keys.  Ensuring you generate keys using good sources of entropy is an entirely different security concern, as is someone accessing your private key and using that.
SneakyNinjA
newbie
Activity: 21
Merit: 0
Re: Question about a collision statement on bitcoin wiki
December 09, 2013, 02:48:16 PM
#1
Hey guys,
Was just reading https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses when I came across this part.
Quote
Since Bitcoin addresses are basically random numbers, it is possible, although extremely unlikely, for two people to independently generate the same address. This is called a collision. If this happens, then both the original owner of the address and the colliding owner could spend money sent to that address. It would not be possible for the colliding person to spend the original owner's entire wallet (or vice versa).
Now it is my understanding that a collision would mean 2 different ECDSA keys turning into the same public bitcoin address, and it would therefore make sense that the ECDSA key must be the same to have actually access the entire wallet. But this stands true only if there is indeed a collision right? If two users have the same ECDSA key, then both would have access to the entire wallet, and the following statement of
Quote
If you were to intentionally try to make a collision, it would currently take 2^107 times longer to generate a colliding Bitcoin address than to generate a block
as well as the previous statement regarding collisions (as none have been found in SHA-256 to my knowledge) would really only be put there for marketing, and not for actual securities sake.
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: