Pages:
Author

Topic: There are 2^256 private keys out there: how big is that number? - page 2. (Read 2434 times)

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Remember that the number of private keys are roughly (please, bear some  patience with this one) equal to the number of atoms in the universe?
If we assume that there are ~1078 atoms in the Universe, then yes, it's a "little" greater than that. Your chances of finding a collision aren't that many, though. Remember, there are ~296 different private keys for each single-sig address on average. That leaves you with less than 1050 different addresses.
legendary
Activity: 2268
Merit: 16328
Fully fledged Merit Cycler - Golden Feather 22-23
Today I discovered another website:

privatekeys.pw/scanner

Quote

Free online tool for fast scanning random Bitcoin, Bitcoin Cash, Bitcoin SV, Litecoin, Dogecoin, Dash, Zcash private keys and finding addresses with balance.



This website scans private keys, and check balances. I don’t exactly know what it should happen if a positive balance is found, but I suspect you can transfer to your custom address.

I have been running the program for a few hours, and I checked 1,000,000,000 addresses.

Let’s say I can run this program all day and  long 10 times this amount.
 If everyone on the planet would run the same program 24/7 for 100 years, we would get to 3*10^24 tries.


Looks, like a big number!

Remember that the number of private keys are roughly (please, bear some  patience with this one) equal to the number of atoms in the universe?

Look what I found in Quora:
How many grams of water are in 2.31 x 10^24 molecules of water (H2O)?

Not going to spoil the answer.

legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
Not really. A hash is just a number (or perhaps more accurately, a string of bits). Hexadecimal is a way of representing numbers in base-16.  A hash can be represented in many ways because it is just a string of bits. For example, a Bitcoin address is a hash (plus some other things), but you normally see it as base-58, and not hexadecimal. Base-64 is also a common way to represent hashes.
A re-post, I see.
Perhaps I should edit it as "represented as HEX by most tools" to clear things up, thanks.
That part of the reply is based from Blackhatcoiner's previous post that mistakenly identified the 'private key in hex' as hash because hexadecimal outputs are most likely what he's been seeing in hashing tools.
legendary
Activity: 4466
Merit: 3391
Most Hashing algorithms' outputs are just in HEX, that's why it looks the same.

Not really. A hash is just a number (or perhaps more accurately, a string of bits). Hexadecimal is a way of representing numbers in base-16.  A hash can be represented in many ways because it is just a string of bits. For example, a Bitcoin address is a hash (plus some other things), but you normally see it as base-58, and not hexadecimal. Base-64 is also a common way to represent hashes.
legendary
Activity: 3472
Merit: 10611
p.s. a bit nitpick-y but there are 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140 private keys which is a little smaller than 2256 Tongue

I'm trying to understand it but failed. Why not 2^256? They are hashes right? Like strings. All possible combinations. Where is the mistake?  Huh

to add to what @nc50lc and to understand "why not all possible combinations" aka 2256 you have to know that in elliptic curve cryptography we are working with a finite group of points. these points are generated by a generator point on curve that can only generate a sub group (again finite group) of points. in other words G can not generate all points on the curve only some of them.
the number of points this generator point (G) can generate is equal to N so we can only have N private keys not any more (a point is private-key*G). and for bitcoin's curve (sekp256k1) value of N is what i posted above in hexadecimal format.
newbie
Activity: 22
Merit: 3
p.s. a bit nitpick-y but there are 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140 private keys which is a little smaller than 2256 Tongue

I'm trying to understand it but failed. Why not 2^256? They are hashes right? Like strings. All possible combinations. Where is the mistake?  Huh

They are not hashes. Public keys are X,Y points on a very large curve which has just under 2^256 points.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
I'm trying to understand it but failed. Why not 2^256? They are hashes right? Like strings. All possible combinations. Where is the mistake?  Huh
He's just nitpicking Grin and explained that it's not actually 2 to the power of 256 but only until the highest valid private key to be exact.
2^256 = 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936
isn't equal to 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140,
in decimal = 115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336

Those aren't hash, 0-F character strings are Hexadecimal (HEX).
Most Hashing algorithms' outputs are just represented as HEX by most tools, that's why it looks the same.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
p.s. a bit nitpick-y but there are 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140 private keys which is a little smaller than 2256 Tongue

I'm trying to understand it but failed. Why not 2^256? They are hashes right? Like strings. All possible combinations. Where is the mistake?  Huh
newbie
Activity: 22
Merit: 3
How much energy would be necessary? Well, a lot, according to this infographic:

https://i.imgur.com/MnBkXUo.jpg
I was never truly happy with that picture, so your thread got me thinking how to explain the energy requirements in a different way:

"If you had a computer that could do those calculations within a human's lifetime and were the size of the earth or smaller, and you actually somehow had an energy source to power it, as soon as you'd turn it on, you'd turn the earth into a supernova."

More detailed explanation in a more technical thread about it:
https://bitcointalksearch.org/topic/energy-requirements-to-brute-force-sha-256-5216788

I've never liked that image because its misleading.

We already know of ways to crack private keys that dont require 2^256 work.
legendary
Activity: 4466
Merit: 3391
qwk
donator
Activity: 3542
Merit: 3413
Shitcoin Minimalist
How much energy would be necessary? Well, a lot, according to this infographic:


I was never truly happy with that picture, so your thread got me thinking how to explain the energy requirements in a different way:

"If you had a computer that could do those calculations within a human's lifetime and were the size of the earth or smaller, and you actually somehow had an energy source to power it, as soon as you'd turn it on, you'd turn the earth into a supernova."

More detailed explanation in a more technical thread about it:
https://bitcointalksearch.org/topic/energy-requirements-to-brute-force-sha-256-5216788
legendary
Activity: 3472
Merit: 10611
Now, in Bitcoin, I'm thinking of a number between one and 2^160 (in fact, it's a little less, but let's not delve into technical details too much).
there is a tiny mistake here. that "number" that we choose in bitcoin (aka private key) is between 1 and a little less than 2256 then that number is "converted" and "compressed" using one way operations to a smaller size (2160).
It's actually a little more complicated than that.
There is (AFAIK) no really good answer to how many "guesses" we're talking about in this "game".
There are indeed 2^256 private keys (or slightly less), but they translate to a "mere" 2^160 addresses.
More than one private key translates to one address, but it's not as simple as saying "x private keys translate to one address".
that's a different topic though.
if we are talking about collision then it is not just about finding a hash collision in 2160 range, that would be pointless. we have to find two "private keys" that collide to the same hash result. so the bounds for the loop that is used to choose the keys are from 1 to 2256 instead.

now how many keys should be checked before we find a collision is what you are pointing out here. and in cryptography it usually is half of the final size meaning theoretically after checking 280 keys we may start seeing collisions.

At this moment the hash rate of bitcoin network is about 2^67 hashes/s, i.e. about 2^92 hashes/year.
that is a good number but also a bit of an unfair comparison. the hashrate is the result of computing double SHA256 of a mostly fixed 80 bytes message whereas a collision is going to be computing multiple things starting from an elliptic curve multiplication then 1 SHA256 followed by 1 RIPEMD160 of either a 33 byte input or a 65 byte input. most of the optimization that has gone into mining won't work here not to mention that there isn't much room to optimize RIPE-MD algorithm. the result should be a lot less than 292 for this process even if ASICs were made for it.
legendary
Activity: 1932
Merit: 2077
At this moment the hash rate of bitcoin network is about 2^67 hashes/s, i.e. about 2^92 hashes/year.

The BTC network power is quite impressive !
Considering having the same power dedicated to address calculation, it would require few hours to find an address collision (2 private keys with the same address).


I know only a cpu program to find an address collision:

https://www.reddit.com/r/Bitcoin/comments/34hjph/generating_partial_address_collisions_using_the/
sr. member
Activity: 462
Merit: 696
At this moment the hash rate of bitcoin network is about 2^67 hashes/s, i.e. about 2^92 hashes/year.

The BTC network power is quite impressive !
Considering having the same power dedicated to address calculation, it would require few hours to find an address collision (2 private keys with the same address).
qwk
donator
Activity: 3542
Merit: 3413
Shitcoin Minimalist
Cheat code to convert 2^x to 10^x: reduce the exponent by 3 or 4 (2^3 = 8; 2^4 = 16)
No.  You have to divide 160 by 3 or 4.
Right, my bad Roll Eyes
I actually use dice in my examples, i.e. 6^62 ~ 2^160.
That's why I sometimes carry a big bag of dice around Cool


Example from my FAQ (in German, sorry)

62 dice rolls in a row (guaranteed to be random*):
4 2 1 5 1 6 4 3 4 4 3 4 1 3 3 5 5 6 3 4 4 2 4 2 3 3 3 6 4 5 6 5 3 2 3 1 5 6 3 1 5 4 3 3 3 3 3 2 5 5 6 1 2 1 3 4 6 6 5 4 2 6

Or in binary:
Code:
1 1 0 1 0 0 1 0 0 1 0 1 1 0 0 0 1 1 0 1 0 0 0 1 1 1 1 1 1 0 1 1 0 1 0 1 1 0 1 1
0 0 0 1 1 0 1 0 1 0 0 0 1 0 0 0 0 1 0 1 0 1 0 1 0 0 0 1 0 0 1 1 0 0 0 0 1 0 0 1
0 1 1 0 0 1 1 0 1 1 0 1 1 1 1 0 0 0 1 1 0 0 1 1 1 1 0 0 0 1 1 0 0 1 1 0 0 1 1 1
0 1 0 0 0 0 1 0 1 0 1 0 1 0 0 1 1 0 1 1 0 1 1 1 1 1 0 0 1 1 1 1 0 0 1 0 0 0 1 0

*

https://xkcd.com/221/
legendary
Activity: 1932
Merit: 2077
Once people understand what it takes to reduce a number with 156 zeros down to a manageable size, they usually begin to comprehend why "I'm thinking of a random number" is actually a very safe way to store your Bitcoins.
This is actually the point of this whole thread!

But:

1) the real measure of how random is an address is 2^160, not 2^256, because there are 2^96 different private keys for the same address

2) if you reveal your public key, it takes only about 2^128 guesses (just to simplify) to steal your bitcoins

At this moment the hash rate of bitcoin network is about 2^67 hashes/s, i.e. about 2^92 hashes/year.

Generating a hash is faster (so far) than generate an address from a private key, it's just to have an idea of what size of numbers we're talking about.

We would need a computation power 2^36 bigger than the current entire network to crack an address in 1 year. It would take 36 consecutive doublings to get that power.
legendary
Activity: 2268
Merit: 16328
Fully fledged Merit Cycler - Golden Feather 22-23
Once people understand what it takes to reduce a number with 156 zeros down to a manageable size, they usually begin to comprehend why "I'm thinking of a random number" is actually a very safe way to store your Bitcoins.

This is actually the point of this whole thread!

...
Here's another snippet of wisdom from when I'm trying to explain the odds of guessing a private key:
Cheat code to convert 2^x to 10^x: reduce the exponent by 3 or 4 (2^3 = 8; 2^4 = 16)

2^160 is (roughly) the same as a 1 with 156 zeros.

No.  You have to divide 160 by 3 or 4.

2^160  = 1461501637330902918203684832716283019655932542976

like 1 with 48 zeroes.

After a thoroughful research I can confirm @arulbero result:
legendary
Activity: 1932
Merit: 2077
...
Here's another snippet of wisdom from when I'm trying to explain the odds of guessing a private key:
Cheat code to convert 2^x to 10^x: reduce the exponent by 3 or 4 (2^3 = 8; 2^4 = 16)

2^160 is (roughly) the same as a 1 with 156 zeros.

No.  You have to divide 160 by 3 or 4.

2^160  = 1461501637330902918203684832716283019655932542976

like 1 with 48 zeroes.
Pages:
Jump to: