Author

Topic: Theoretically We Already Broke Bitcoin And Any Security Bits For Once (Read 216 times)

legendary
Activity: 4522
Merit: 3426
...
So imagine this was a existing private key! The point of my post is not to scare and say that private keys are not secure anymore No! but to say that theoretically its not fully impossible to generate a key that did indeed existed.

Let's be clear. 1. All private keys already "exist". The question is whether or not a key is in use. 2. Everyone here knows that a collision is not "impossible". The reason that people say that a collision is "impossible" is that it is so "improbable" that it is indistinguishable from "impossible", so the word "impossible" is a good choice for practical reasons.

I'm sure you already know all this, but I'm just clarifying.
legendary
Activity: 2268
Merit: 18771
The point of my post is not to scare and say that private keys are not secure anymore No! but to say that theoretically its not fully impossible to generate a key that did indeed existed.
Here is a post I made a while ago comparing the likelihood or various pieces of security we all take for granted:

It is impossible to have a security system which is impossible to hack, and as far as security systems go, bitcoin's is pretty darn good.

Given that most 2FA codes are 6 digits long, there is a 1 in 106 chance of someone guessing your 2FA code.
Assuming an average house lock has 8 tumblers, and each tumbler can adopt one of 10 positions, then there is a 1 in 108 chance that someone will be able to guess your exact house key shape and unlock your door.
Given a standard credit card has a 15 or 16 digit number on it, there is at most a 1 in 1016 chance that someone will be able to guess your credit card number.
If you use a password manager to generate a long and totally random 16 character password, drawing from the full ASCII 95 character set of upper and lowercase letters, numbers, and symbols, (e.g. CY\u4"=t{rV%;N9S), there is a 1 in 4.4*1031 chance of someone guessing it.
The chance of someone guessing your private key is 1 in 1.158*1077.

The chance of someone correctly guessing your password, your 2FA code, your credit card number, and the key to your house simultaneously is 4.4*1061, which is still around 2 thousand trillion times more likely than them guessing your private key.

If you are worried about someone guessing your private key, then you should be absolutely petrified of the security of everything else in your life. For every possible 16 digit credit card number, there are approximately 10 trillion trillion trillion trillion trillion possible bitcoin private keys.
legendary
Activity: 3472
Merit: 10611
but to say that theoretically its not fully impossible to generate a key that did indeed existed.
If we want to dot all the i's and cross the t's, the chance of finding a collision is never absolute zero, that's by design. But the chance of it happening is so small that it might as well be zero because realistically it will never happen.
copper member
Activity: 1330
Merit: 899
🖤😏
So imagine this was a existing private key! The point of my post is not to scare and say that private keys are not secure anymore No! but to say that theoretically its not fully impossible to generate a key that did indeed existed.

Ok,  maybe you are confused about the size  of the key range,  imagine a galaxy 10 billion years away from us,  now imagine there are no moving particles and everything standing still,  once again imagine you are given an option to pick any atom from the total existing atoms in the universe, now tell me in theory what are the odds of you landing on an atom in that far galaxy? How many times do you need to pick one key until you land on that one? You already know the answer, generate 2^256 keys one by one.

You need to sleep a bit more and think about the math a little more,  this is not good for your mind to insist on something which is not important at all, go back grinding for a puzzle key.😂
member
Activity: 194
Merit: 14
Guys for some clarification. I know that private keys are and will be always secure from any attacks.

But reading your posts, i think some people still didn't understand my point that i want to let you know about it.

The point that I'm surprised by the fact, that when i generate a random key, out of the all possible large keys that exist let's say 2^256, i get 1 in 2^256 chance to get a specific unknown one private key from that big range.  * I know that i am guaranteed to land on a key but that fact that the chances were for me to land on that specific key that i previously got were supposed to be 1 in 2^256 *.

Many assume that i have the full 2^256 chances (since i can pick whatever the private key is) but i have to disagree with this. If every time i randomly generate a key the chances are always 1 in 2^256 for each time to land one on a key out of those many keys.

So imagine this was a existing private key! The point of my post is not to scare and say that private keys are not secure anymore No! but to say that theoretically its not fully impossible to generate a key that did indeed existed.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
So looking at the discussion above it is safe to say that we are still in the secure environment right? In simple language I believe we are far away from breaking the entire bitcoin addresses generation combination which is large odd as mentioned above. If this was already broken then bitcoin system had been down the sink by now.

I am not sure what has been technical point of view but what addresses I have generated until now including its private keys they are still as secured as they should be until I lose the private key somewhere or with someone.

Layman: the odds are high and it’s next to impossible to generate the repeated keys or combination of addresses plus keys. That’s what I’m keeping in mind.

TLDR; using probability theory, OP thought that with 50% chance of generating a 0 or 1 bit, he inadvertently generated all (1/2)^160 combinations when doing this 160 times (which is not true, not even from a mathematical standpoint, because the probabilities are independent from each other, which means only one of those addresses was actually the subject of the probability and not all 2^160 of them).
full member
Activity: 1092
Merit: 227
So looking at the discussion above it is safe to say that we are still in the secure environment right? In simple language I believe we are far away from breaking the entire bitcoin addresses generation combination which is large odd as mentioned above. If this was already broken then bitcoin system had been down the sink by now.

I am not sure what has been technical point of view but what addresses I have generated until now including its private keys they are still as secured as they should be until I lose the private key somewhere or with someone.

Layman: the odds are high and it’s next to impossible to generate the repeated keys or combination of addresses plus keys. That’s what I’m keeping in mind.
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
My point is how is it possible to generate something that is already impossible to generate due to the large combinations ? We are talking here about random generations.

I know this sounds very confusing but it confuses me myself a lot. Maybe i am the one but i don't know.
It's not impossible at all. In fact, it is very possible; guaranteed even, to quickly generate a valid Bitcoin private key and address.
Have a look at the algorithms:

And there we have a private key… just a big random number (in hexadecimal format).
It is trivial to generate a random 256-bit number on a modern PC.



What is indeed not trivial, almost impossible even, is 'generating' (sampling) a specific private key (e.g. one that spends coins sent to a specific address).
legendary
Activity: 2268
Merit: 18771
My point is how is it possible to generate something that is already impossible to generate due to the large combinations ?
It's not impossible to generate at all.

Let's say for the sake of argument you have exactly a 1 in 2160 chance to generate a specific legacy address. It is impossible to generate a specific address, because the odds of that is 1 in 2160.

But if we are considering the odds of generating any address, then well, there are 2160 to choose from! So your odds are 2160 in 2160, i.e. 1.
member
Activity: 194
Merit: 14
Glossing over the fact that bitcoin private keys are 256 bits, that bitcoin addresses are more than 160 bits since they also include a network byte and a checksum, and that the private key example you used does not generate the address you gave...
Nothing is broken. This is simply how statistics works. If you flip a coin 100 times, then every possible outcome from the 2100 possibilities is equally unlikely as every other possible outcome, but you are guaranteed to arrive at one of those outcomes. It is predicting which outcome in advance which is impossible.
I have corrected the private key now. And I never said that a Bitcoin private key has less or more than 256 bits.

Yes, i am guaranteed to get one address of the total 1461501637330902918203684832716283019655932542975 addresses, but still the chance is 1 in 2^160 to get any of those different addresses. (same chance if I wanted to generate an existing address).

My point is how is it possible to generate something that is already impossible to generate due to the large combinations ? We are talking here about random generations.

I know this sounds very confusing but it confuses me myself a lot. Maybe i am the one but i don't know.


legendary
Activity: 2268
Merit: 18771
The address i generated is in uncompressed form, but thank you for info.
The uncompressed public key for that private key is 189d5ADsBrQ9mvgraapVs9iF2eyHoQcywg. Either way, your address in the first post is wrong.
member
Activity: 194
Merit: 14
This is the public key of your private key
Code:
03c9bcd61b35bb58be41b7bc4e55d65cff0685da0ab94ccbe6a1861708909d136a
And this is the compressed address
Code:
1J8jv3svTCKste5LWqmjY3H272Vie7SvNV

The address i generated is in uncompressed form, but thank you for info.

From my point of view, wrong. I generated the address randomly, so i can't have the control for the whole 2^160 range to pick from. Its like when you hash something, you get completely random value. So According to my calculation it's still 1 in 2^160.


EDIT: You are right, my address generator was bugged, i have corrected the address now.
legendary
Activity: 2268
Merit: 18771
Glossing over the fact that bitcoin private keys are 256 bits, that bitcoin addresses are more than 160 bits since they also include a network byte and a checksum, and that the private key example you used does not generate the address you gave...

Nothing is broken. This is simply how statistics works. If you flip a coin 100 times, then every possible outcome from the 2100 possibilities is equally unlikely as every other possible outcome, but you are guaranteed to arrive at one of those outcomes. It is predicting which outcome in advance which is impossible.

It is trivial to generate an address. It is impossible to generate a specific address.
It is trivial to pick a random combination of 6 or 7 numbers to play the lottery. It is very difficult to pick the winning combination.
It is trivial to pick random English words from a dictionary. It is very difficult to pick the correct combination of words to win the Pulitzer prize.
copper member
Activity: 1330
Merit: 899
🖤😏
This is the public key of your private key
Code:
03c9bcd61b35bb58be41b7bc4e55d65cff0685da0ab94ccbe6a1861708909d136a
And this is the compressed address
Code:
1J8jv3svTCKste5LWqmjY3H272Vie7SvNV

You actually didn't break anything, you can't even control your generated address, when you generate a key, you are for the first time generating that key, unless you don't use secure RNG.
The only method to break ECC is through public keys, they are the only things connected mathematically to the private keys, since there are no identical public keys generated by different private keys.

You have not 1 in 2^160 odds, you actually have the entire 2^160 as your options to pick, you could either pick them all and store them somewhere, or you could generate as many needed to use.

If you generate an address without revealing the private key, now anyone else need to generate not in random, but sequentially from 1 up to 2^160 keys till they find your address, given you have chosen a 160 bit key, if you choose a 256 bit key, there is no specific range for others to search, so they'd need to search all 2^256 keys, and  if someone starts from 2^255.9 to 2^256,  he would still have the same odds as others searching sequentially.

Ps, almost all my math above is incorrect, I didn't calculate, just estimated.
member
Activity: 194
Merit: 14
Hello all,

I have asked myself the same question over and over again and as a experienced person, i couldn't find an convenient answer to the theory problem that i found, so here i am sharing you guys what the weird theory that from my point of view could be that we in fact could have broken 160 bits AND any other bigger security bits without us even noticing it.

Now let's start with my theory. (I'll use Bitcoin 160 bit address as an example).

Bitcoin Addresses are known to have 160 Bits. Since we know that an Bitcoin Address could be generated from any 160 bits, we can then be 100% sure that we will be able to successfully generate an valid 160 bits Bitcoin address from the first try to by just inputting any 160 bits. So for me to get an Random Bitcoin address from the total 1461501637330902918203684832716283019655932542975 different possible Bitcoin addresses by inputting random 160 bits is exactly 1 in 2^160.

Here I am trying to generate one random Bitcoin address by inputting an 160 randomly generated bits.

Code:
GenerateKey: = E9A3EAA622BBDC094205C2D03395C9FFCA41EB0C
Here i have generated randomly an 160 Bits PrivateKey.

Code:
ConvertToHash160ANDAddress: 4E6A51BF4C909515A8B9151C258068906482026D + [b]189d5ADsBrQ9mvgraapVs9iF2eyHoQcywg[/b]
We have now got our final desired address.

Now the weird theorie problem that blew my mind: Does this mean that i just generated an Bitcoin address 189d5ADsBrQ9mvgraapVs9iF2eyHoQcywg that the chances were for me generating it was 1 in 2^160? If yes, theoretically speaken, everytime we generate an random Bitcoin address, we actually break the law and generate an address that is ultra rare to find and not infeasible for any humans to genereate it back again because it take an infinite amount of years.

Now if i were to generate the same address 189d5ADsBrQ9mvgraapVs9iF2eyHoQcywg that i previously just generated by 1 in 2^160, i would still have the same chances as before, namely: 1 in 2^160. But the differeneces that it would take this time zillion of zillion of years before i can generate the same address, that i previously found, by just 1 try. So how is this possible?

My theory says, everytime we generate an Bitcoin address, or an privatekey, or an long Random Hash, we actually break the security for its bits for ONLY once, but never will be repeated again for same address/privatekey/Hash.

What are your thoughts on this guys?
Jump to: