Author

Topic: Read the whitepaper, still have dumb questions about private keys and sigs. (Read 12911 times)

hero member
Activity: 924
Merit: 1000
Lick me like a lolipop
I always assumed there's some reason you can't reverse engineer a private key using the sig and address, but given that you know what math was used to generate it, and presumably can do that math backwards, why it can't be reverse engineered is where I get lost.  I'm sure it has something to do with like SHA 256 or something.  But I would think people know what math and process these encryption protocols use, and could work backwards from a sig.

Do the math backwards is more computing intensive, like you have two prime numbers and multiplying you get result, now imagine you have just result and you have to find out the two prime numbers (a lot of combinations to try)
newbie
Activity: 10
Merit: 0
Appreciate the replies, still don't quite get it.  I read that article a few days ago, even commented on it asking a similar question.

I understand the private key is used to generate a sig, but then you send your sig to a node.  People can't guess the key from the sig, but if they have the sig and the public address, why can't they spend more coins from that address using the same sig?

I always assumed there's some reason you can't reverse engineer a private key using the sig and address, but given that you know what math was used to generate it, and presumably can do that math backwards, why it can't be reverse engineered is where I get lost.  I'm sure it has something to do with like SHA 256 or something.  But I would think people know what math and process these encryption protocols use, and could work backwards from a sig.

A thought occured to me, maybe any given sig public key combo could only be worked backwards to a lot of possible private keys due to random numbers.   That makes some sense if I'm right. 
legendary
Activity: 1232
Merit: 1195

So someone who wants to own Bitcoin gets an address and a private key.  What generates these, and how are they transmitted?  Are they generated on the user's own computer using the client after they've downloaded the blockchain? 

Yeah, your wallet client creates and stores them.

This article helped my understanding A TON! Well worth the read: http://www.michaelnielsen.org/ddi/how-the-bitcoin-protocol-actually-works/

Read this as well.
member
Activity: 119
Merit: 10
newbie
Activity: 1
Merit: 0
I'm not an expert, but I'll try to answer your questions:

Quote from: Terikan
So someone who wants to own Bitcoin gets an address and a private key.  What generates these, and how are they transmitted?  Are they generated on the user's own computer using the client after they've downloaded the blockchain?  Do you need to have a bitcoin in an address for it to exist or can it be created empty? 
I guess your wallet (means: bitcoind) generates the address and corresponding private key. It doesn't matter whether the blockchain has already been downloaded or not. Although, as I just think about it, I don't know if that means there is a risk that the same private key/address pair is generated twice by different wallets. Might be theoretically possible but in practice very unlikely.

Quote from: Terikan
If the software can create an address and private key, what stops someone from modifying the software to create address/key pairs that don't yet exist, but not add them to the blockchain, so that when one of the addresses is actually created via transaction, they will already have the private key to go with it?  Is the key randomly chosen first, then address generated from that, or the reverse, or neither?
There are so many possible private key/address pairs that this is like guessing a very long password. Theoretically possible, but practically not reachable with current hardware resources.
Private key and address belong to each other, so I think they can only be generated at the same time. This has something to do with several very big prime numbers, but here my knowledge stops.

Quote from: Terikan
So you send your sig with your address to other nodes when sending bitcoins.  Assuming address still has bitcoins on it after the transaction, what prevents using the same signature to spend more coins from that address?  Does the private key change, does the sig generator use more than just address/key to generate sig?  If so what? 
"Signature" means you encrypt something with your private key, which means that it can only be decrypted by the corresponding public key (I think this is the address). So, anyone who is able to decrypt the transaction with the public key can be sure it was encrypted with the private key, which should be at some safe place only you can reach. I don't know how it really is, but there must be some unique details in every transaction (e.g. the current timestamp), making it impossible to just copy the encrypted one and add it again to the blockchain.

Hope this helped.
newbie
Activity: 10
Merit: 0
I've wrapped my head around most of how it works, but a couple things I still don't quite get.  Ignore if you would be irritated in entertaining my questions Tongue  Otherwise go for it.

The whitepaper glazes over some things that I guess you have to read up on crypto and signatures and hashing, and I'm sorry to say, I would like more direct info then trying to read detailed information about these topics.

So someone who wants to own Bitcoin gets an address and a private key.  What generates these, and how are they transmitted?  Are they generated on the user's own computer using the client after they've downloaded the blockchain?  Do you need to have a bitcoin in an address for it to exist or can it be created empty? 

If the software can create an address and private key, what stops someone from modifying the software to create address/key pairs that don't yet exist, but not add them to the blockchain, so that when one of the addresses is actually created via transaction, they will already have the private key to go with it?  Is the key randomly chosen first, then address generated from that, or the reverse, or neither?

Signature questions.

So you send your sig with your address to other nodes when sending bitcoins.  Assuming address still has bitcoins on it after the transaction, what prevents using the same signature to spend more coins from that address?  Does the private key change, does the sig generator use more than just address/key to generate sig?  If so what? 

Thanks.
Jump to: