Bitcoin Forum>Other>Beginners & Help
Author

Topic: Random Bitcoin Addresses? (Read 1310 times)

SnowDog2003
jr. member
Activity: 41
Merit: 1
Random Bitcoin Addresses?
March 13, 2013, 07:27:18 PM
#11
Quote from: SgtSpike on March 13, 2013, 12:46:18 PM

Can you show some maths to support your degrees of entropy claim?  I don't think you're wrong, I just want to see a more exact estimate.

My 3.4 x 10^38 number is the number of combinations possible by which the Electrum deterministic 12 word seed can be ordered. The Electrum 12 words are picked out of a dictionary of 1626 seeds. So the total possible number is 1626^12, or possibly 1626! / (1626-12)!, depending on if you can reuse the words in the seed. I was wrong in attributing this number to the Satoshi client.
greyhawk
hero member
Activity: 952
Merit: 1009
Re: Random Bitcoin Addresses?
March 13, 2013, 04:06:30 PM
#10
Wasn't one of the vanity wallet generators shut down because the wallets being generated ended up not being random at all?
zefiris
newbie
Activity: 4
Merit: 0
Re: Random Bitcoin Addresses?
March 13, 2013, 02:06:31 PM
#9
Yes, using a normal random generator would indeed be insecure. Luckily, cryptographic random number generators have been developed specifically to avoid this problem. They typically use inputs like mouse movement and keyboard key presses, which are not deterministic, to generate the numbers.
SgtSpike
legendary
Activity: 1400
Merit: 1005
Re: Random Bitcoin Addresses?
March 13, 2013, 12:46:18 PM
#8
Quote from: SnowDog2003 on March 13, 2013, 11:50:56 AM
Quote from: SgtSpike on March 13, 2013, 11:43:09 AM
Here's the thread I was looking for in which theymos describes the entropy:

https://bitcointalksearch.org/topic/how-are-private-keys-createdrandomized-109092

Quote
Last time I checked, Bitcoin used:
- Microsecond time.
- GUI events
- /dev/urandom if available
- HKEY_PERFORMANCE_DATA on Windows

So essentially 3 different random things.  And even if the user isn't utilizing the GUI (a server instance, for example), the OS-specific ones (urandom and HKEY_) are sufficiently removed from the microsecond time as to be unreproducible, AFAIK.

This answer is for the Satoshi client. But the answer does show the point that the number of addresses from which the Satoshi client chooses, when it chooses a bitcoin address, is far less than the 10^38 degrees of entropy possible in the final bitcoin addresses.

This question needs to be addressed by developers of each wallet. I looked through some of the code for the Electrum wallet, and it appears to use the Python random number generator. I could be wrong, but that would create even a smaller pool of Electrum wallet 'seeds'. Imagine installling a new wallet on your computer to find that there's already money in it!

Can you show some maths to support your degrees of entropy claim?  I don't think you're wrong, I just want to see a more exact estimate.
flatfly
legendary
Activity: 1092
Merit: 1016
760930
Re: Random Bitcoin Addresses?
March 13, 2013, 12:42:25 PM
#7
Quote from: SnowDog2003 on March 13, 2013, 11:50:56 AM


This question needs to be addressed by developers of each wallet. I looked through some of the code for the Electrum wallet, and it appears to use the Python random number generator. I could be wrong, but that would create even a smaller pool of Electrum wallet 'seeds'. Imagine installling a new wallet on your computer to find that there's already money in it!


Are you sure?
 IIRC, Electrum uses the OpenSSL RNG, not Python.
Humanxlemming
sr. member
Activity: 364
Merit: 250
Re: Random Bitcoin Addresses?
March 13, 2013, 11:52:21 AM
#6
Quote from: SgtSpike on March 13, 2013, 11:43:09 AM
Here's the thread I was looking for in which theymos describes the entropy:

https://bitcointalksearch.org/topic/how-are-private-keys-createdrandomized-109092

Quote
Last time I checked, Bitcoin used:
- Microsecond time.
- GUI events
- /dev/urandom if available
- HKEY_PERFORMANCE_DATA on Windows

So essentially 3 different random things.  And even if the user isn't utilizing the GUI (a server instance, for example), the OS-specific ones (urandom and HKEY_) are sufficiently removed from the microsecond time as to be unreproducible, AFAIK.

Got to love the guy that invented bitcoin wallet generation Cheesy

no homo :|
SnowDog2003
jr. member
Activity: 41
Merit: 1
Re: Random Bitcoin Addresses?
March 13, 2013, 11:50:56 AM
#5
Quote from: SgtSpike on March 13, 2013, 11:43:09 AM
Here's the thread I was looking for in which theymos describes the entropy:

https://bitcointalksearch.org/topic/how-are-private-keys-createdrandomized-109092

Quote
Last time I checked, Bitcoin used:
- Microsecond time.
- GUI events
- /dev/urandom if available
- HKEY_PERFORMANCE_DATA on Windows

So essentially 3 different random things.  And even if the user isn't utilizing the GUI (a server instance, for example), the OS-specific ones (urandom and HKEY_) are sufficiently removed from the microsecond time as to be unreproducible, AFAIK.

This answer is for the Satoshi client. But the answer does show the point that the number of addresses from which the Satoshi client chooses, when it chooses a bitcoin address, is far less than the 10^38 degrees of entropy possible in the final bitcoin addresses.

This question needs to be addressed by developers of each wallet. I looked through some of the code for the Electrum wallet, and it appears to use the Python random number generator. I could be wrong, but that would create even a smaller pool of Electrum wallet 'seeds'. Imagine installling a new wallet on your computer to find that there's already money in it!
SgtSpike
legendary
Activity: 1400
Merit: 1005
Re: Random Bitcoin Addresses?
March 13, 2013, 11:43:09 AM
#4
Here's the thread I was looking for in which theymos describes the entropy:

https://bitcointalksearch.org/topic/how-are-private-keys-createdrandomized-109092

Quote
Last time I checked, Bitcoin used:
- Microsecond time.
- GUI events
- /dev/urandom if available
- HKEY_PERFORMANCE_DATA on Windows

So essentially 3 different random things.  And even if the user isn't utilizing the GUI (a server instance, for example), the OS-specific ones (urandom and HKEY_) are sufficiently removed from the microsecond time as to be unreproducible, AFAIK.
BurtW
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Re: Random Bitcoin Addresses?
March 13, 2013, 11:25:18 AM
#3
I recall this being discussed in this thread:  https://bitcointalksearch.org/topic/519704-received-at-1tbzjmxho6mdghoesamv2svtqjxytwfep-lost-and-found-133122

And many other threads.
SgtSpike
legendary
Activity: 1400
Merit: 1005
Re: Random Bitcoin Addresses?
March 13, 2013, 11:24:41 AM
#2
Quote from: SnowDog2003 on March 13, 2013, 11:21:52 AM
Many of these wallets, and other tools, generate random bitcoin addresses. From someone who started programming in the 1970s, we learned quickly then that computers are deterministic machines. There is no such thing as a random number. So, people started seeding their random number generators with certain random things, like the number of milliseconds at which time the program ran. This generally solved the random number problem.

However! The degree of precision at which random number generators, are seeded, could be extremely important for bitcoin. If the degree of precision of the seeds that these random number generators use in bitcoin wallets, is not large enough, (or random enough), then bitcoin addresses could be expected to be repeated much more often than we might expect when we calculate a very large degree of entropy in the final bitcoin address.

So, in each wallet, it is crucial to find out how, and to what degree of precision, the random number generators are being seeded, that are used to create the bitcoin addresses that we use.

Does anyone have any idea as to how these number generators work in some of the common wallets like Satoshi, or Electrum? If not, then I think it's crucial that we find out.


I asked this question a while back.  I think there were 6 different factors that were used in generation of random addresses to ensure sufficient entropy.  Hopefully someone will chime in with exactly what those were, but it definitely satisfied me that the addresses are extremely random.
SnowDog2003
jr. member
Activity: 41
Merit: 1
Re: Random Bitcoin Addresses?
March 13, 2013, 11:21:52 AM
#1
Many of these wallets, and other tools, generate random bitcoin addresses. From someone who started programming in the 1970s, we learned quickly then that computers are deterministic machines. There is no such thing as a random number. So, people started seeding their random number generators with certain random things, like the number of milliseconds at which time the program ran. This generally solved the random number problem.

However! The degree of precision at which random number generators, are seeded, could be extremely important for bitcoin. If the degree of precision of the seeds that these random number generators use in bitcoin wallets, is not large enough, (or random enough), then bitcoin addresses could be expected to be repeated much more often than we might expect when we calculate a very large degree of entropy in the final bitcoin address.

So, in each wallet, it is crucial to find out how, and to what degree of precision, the random number generators are being seeded, that are used to create the bitcoin addresses that we use.

Does anyone have any idea as to how these number generators work in some of the common wallets like Satoshi, or Electrum? If not, then I think it's crucial that we find out.

Bitcoin Forum>Other>Beginners & Help
Jump to: