Remember that the number of private keys are roughly (please, bear some patience with this one) equal to the number of atoms in the universe?
If we assume that there are ~1078 atoms in the Universe, then yes, it's a "little" greater than that. Your chances of finding a collision aren't that many, though. Remember, there are ~296 different private keys for each single-sig address on average. That leaves you with less than 1050 different addresses. 
Topic: There are 2^256 private keys out there: how big is that number? - page 2. (Read 2334 times)
Today I discovered another website:
privatekeys.pw/scanner
Free online tool for fast scanning random Bitcoin, Bitcoin Cash, Bitcoin SV, Litecoin, Dogecoin, Dash, Zcash private keys and finding addresses with balance.
This website scans private keys, and check balances. I don’t exactly know what it should happen if a positive balance is found, but I suspect you can transfer to your custom address.
I have been running the program for a few hours, and I checked 1,000,000,000 addresses.
Let’s say I can run this program all day and long 10 times this amount.
If everyone on the planet would run the same program 24/7 for 100 years, we would get to 3*10^24 tries.
Looks, like a big number!
Remember that the number of private keys are roughly (please, bear some patience with this one) equal to the number of atoms in the universe?
Look what I found in Quora:
How many grams of water are in 2.31 x 10^24 molecules of water (H2O)?
Not going to spoil the answer.
privatekeys.pw/scanner
Quote
Free online tool for fast scanning random Bitcoin, Bitcoin Cash, Bitcoin SV, Litecoin, Dogecoin, Dash, Zcash private keys and finding addresses with balance.
This website scans private keys, and check balances. I don’t exactly know what it should happen if a positive balance is found, but I suspect you can transfer to your custom address.
I have been running the program for a few hours, and I checked 1,000,000,000 addresses.
Let’s say I can run this program all day and long 10 times this amount.
If everyone on the planet would run the same program 24/7 for 100 years, we would get to 3*10^24 tries.
Looks, like a big number!
Remember that the number of private keys are roughly (please, bear some patience with this one) equal to the number of atoms in the universe?
Look what I found in Quora:
How many grams of water are in 2.31 x 10^24 molecules of water (H2O)?
Not going to spoil the answer.
September 08, 2020, 11:08:33 PM
Not really. A hash is just a number (or perhaps more accurately, a string of bits). Hexadecimal is a way of representing numbers in base-16. A hash can be represented in many ways because it is just a string of bits. For example, a Bitcoin address is a hash (plus some other things), but you normally see it as base-58, and not hexadecimal. Base-64 is also a common way to represent hashes.
A re-post, I see.Perhaps I should edit it as "represented as HEX by most tools" to clear things up, thanks.
That part of the reply is based from Blackhatcoiner's previous post that mistakenly identified the 'private key in hex' as hash because hexadecimal outputs are most likely what he's been seeing in hashing tools.
September 08, 2020, 08:15:37 PM
Most Hashing algorithms' outputs are just in HEX, that's why it looks the same.
Not really. A hash is just a number (or perhaps more accurately, a string of bits). Hexadecimal is a way of representing numbers in base-16. A hash can be represented in many ways because it is just a string of bits. For example, a Bitcoin address is a hash (plus some other things), but you normally see it as base-58, and not hexadecimal. Base-64 is also a common way to represent hashes.
p.s. a bit nitpick-y but there are 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140 private keys which is a little smaller than 2256 
I'm trying to understand it but failed. Why not 2^256? They are hashes right? Like strings. All possible combinations. Where is the mistake?
to add to what @nc50lc and to understand "why not all possible combinations" aka 2256 you have to know that in elliptic curve cryptography we are working with a finite group of points. these points are generated by a generator point on curve that can only generate a sub group (again finite group) of points. in other words G can not generate all points on the curve only some of them.
the number of points this generator point (G) can generate is equal to N so we can only have N private keys not any more (a point is private-key*G). and for bitcoin's curve (sekp256k1) value of N is what i posted above in hexadecimal format.
p.s. a bit nitpick-y but there are 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140 private keys which is a little smaller than 2256
I'm trying to understand it but failed. Why not 2^256? They are hashes right? Like strings. All possible combinations. Where is the mistake?
They are not hashes. Public keys are X,Y points on a very large curve which has just under 2^256 points.
I'm trying to understand it but failed. Why not 2^256? They are hashes right? Like strings. All possible combinations. Where is the mistake?
He's just nitpicking 
and explained that it's not actually 2 to the power of 256 but only until the highest valid private key to be exact.2^256 = 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936
isn't equal to 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140,
in decimal = 115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336
Those aren't hash, 0-F character strings are Hexadecimal (HEX).
Most Hashing algorithms' outputs are just represented as HEX by most tools, that's why it looks the same.
p.s. a bit nitpick-y but there are 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140 private keys which is a little smaller than 2256
I'm trying to understand it but failed. Why not 2^256? They are hashes right? Like strings. All possible combinations. Where is the mistake?
How much energy would be necessary? Well, a lot, according to this infographic:
https://i.imgur.com/MnBkXUo.jpg
I was never truly happy with that picture, so your thread got me thinking how to explain the energy requirements in a different way:https://i.imgur.com/MnBkXUo.jpg
"If you had a computer that could do those calculations within a human's lifetime and were the size of the earth or smaller, and you actually somehow had an energy source to power it, as soon as you'd turn it on, you'd turn the earth into a supernova."
More detailed explanation in a more technical thread about it:
https://bitcointalksearch.org/topic/energy-requirements-to-brute-force-sha-256-5216788
I've never liked that image because its misleading.
We already know of ways to crack private keys that dont require 2^256 work.
https://etherscan.io/address/0x3f17f1962B36e491b30A40b2405849e597Ba5FB5
I found a private key, how do I get my money
I found a private key, how do I get my money
You don't because the private key is invalid.
https://keys.lol/ethereum/904625697166532776746648320380374280100293470930272690489102837043110636675
https://etherscan.io/address/0x3f17f1962B36e491b30A40b2405849e597Ba5FB5
I found a private key, how do I get my money
LOL.https://etherscan.io/address/0x3f17f1962B36e491b30A40b2405849e597Ba5FB5
I found a private key, how do I get my money
I see what you did here
Let's explain:
https://bitcoin.stackexchange.com/questions/65969/invalid-public-key-was-spent-how-was-this-possible
https://keys.lol/ethereum/904625697166532776746648320380374280100293470930272690489102837043110636675
https://etherscan.io/address/0x3f17f1962B36e491b30A40b2405849e597Ba5FB5
I found a private key, how do I get my money
https://etherscan.io/address/0x3f17f1962B36e491b30A40b2405849e597Ba5FB5
I found a private key, how do I get my money
January 12, 2020, 08:47:40 AM
How much energy would be necessary? Well, a lot, according to this infographic:
I was never truly happy with that picture, so your thread got me thinking how to explain the energy requirements in a different way:"If you had a computer that could do those calculations within a human's lifetime and were the size of the earth or smaller, and you actually somehow had an energy source to power it, as soon as you'd turn it on, you'd turn the earth into a supernova."
More detailed explanation in a more technical thread about it:
https://bitcointalksearch.org/topic/energy-requirements-to-brute-force-sha-256-5216788
January 08, 2020, 01:24:54 AM
Now, in Bitcoin, I'm thinking of a number between one and 2^160 (in fact, it's a little less, but let's not delve into technical details too much).
there is a tiny mistake here. that "number" that we choose in bitcoin (aka private key) is between 1 and a little less than 2256 then that number is "converted" and "compressed" using one way operations to a smaller size (2160).There is (AFAIK) no really good answer to how many "guesses" we're talking about in this "game".
There are indeed 2^256 private keys (or slightly less), but they translate to a "mere" 2^160 addresses.
More than one private key translates to one address, but it's not as simple as saying "x private keys translate to one address".
if we are talking about collision then it is not just about finding a hash collision in 2160 range, that would be pointless. we have to find two "private keys" that collide to the same hash result. so the bounds for the loop that is used to choose the keys are from 1 to 2256 instead.
now how many keys should be checked before we find a collision is what you are pointing out here. and in cryptography it usually is half of the final size meaning theoretically after checking 280 keys we may start seeing collisions.
At this moment the hash rate of bitcoin network is about 2^67 hashes/s, i.e. about 2^92 hashes/year.
that is a good number but also a bit of an unfair comparison. the hashrate is the result of computing double SHA256 of a mostly fixed 80 bytes message whereas a collision is going to be computing multiple things starting from an elliptic curve multiplication then 1 SHA256 followed by 1 RIPEMD160 of either a 33 byte input or a 65 byte input. most of the optimization that has gone into mining won't work here not to mention that there isn't much room to optimize RIPE-MD algorithm. the result should be a lot less than 292 for this process even if ASICs were made for it. January 07, 2020, 11:04:43 AM
At this moment the hash rate of bitcoin network is about 2^67 hashes/s, i.e. about 2^92 hashes/year.
The BTC network power is quite impressive !
Considering having the same power dedicated to address calculation, it would require few hours to find an address collision (2 private keys with the same address).
I know only a cpu program to find an address collision:
https://www.reddit.com/r/Bitcoin/comments/34hjph/generating_partial_address_collisions_using_the/
January 07, 2020, 10:29:15 AM
At this moment the hash rate of bitcoin network is about 2^67 hashes/s, i.e. about 2^92 hashes/year.
The BTC network power is quite impressive !
Considering having the same power dedicated to address calculation, it would require few hours to find an address collision (2 private keys with the same address).
January 07, 2020, 10:23:27 AM
Cheat code to convert 2^x to 10^x: reduce the exponent by 3 or 4 (2^3 = 8; 2^4 = 16)
No. You have to divide 160 by 3 or 4.
I actually use dice in my examples, i.e. 6^62 ~ 2^160.
That's why I sometimes carry a big bag of dice around
Example from my FAQ (in German, sorry)
62 dice rolls in a row (guaranteed to be random*):
4 2 1 5 1 6 4 3 4 4 3 4 1 3 3 5 5 6 3 4 4 2 4 2 3 3 3 6 4 5 6 5 3 2 3 1 5 6 3 1 5 4 3 3 3 3 3 2 5 5 6 1 2 1 3 4 6 6 5 4 2 6
Or in binary:
Code:
1 1 0 1 0 0 1 0 0 1 0 1 1 0 0 0 1 1 0 1 0 0 0 1 1 1 1 1 1 0 1 1 0 1 0 1 1 0 1 1
0 0 0 1 1 0 1 0 1 0 0 0 1 0 0 0 0 1 0 1 0 1 0 1 0 0 0 1 0 0 1 1 0 0 0 0 1 0 0 1
0 1 1 0 0 1 1 0 1 1 0 1 1 1 1 0 0 0 1 1 0 0 1 1 1 1 0 0 0 1 1 0 0 1 1 0 0 1 1 1
0 1 0 0 0 0 1 0 1 0 1 0 1 0 0 1 1 0 1 1 0 1 1 1 1 1 0 0 1 1 1 1 0 0 1 0 0 0 1 0
*
https://xkcd.com/221/
January 07, 2020, 09:56:30 AM
Once people understand what it takes to reduce a number with 156 zeros down to a manageable size, they usually begin to comprehend why "I'm thinking of a random number" is actually a very safe way to store your Bitcoins.
This is actually the point of this whole thread!But:
1) the real measure of how random is an address is 2^160, not 2^256, because there are 2^96 different private keys for the same address
2) if you reveal your public key, it takes only about 2^128 guesses (just to simplify) to steal your bitcoins
At this moment the hash rate of bitcoin network is about 2^67 hashes/s, i.e. about 2^92 hashes/year.
Generating a hash is faster (so far) than generate an address from a private key, it's just to have an idea of what size of numbers we're talking about.
We would need a computation power 2^36 bigger than the current entire network to crack an address in 1 year. It would take 36 consecutive doublings to get that power.
January 07, 2020, 09:35:41 AM
Once people understand what it takes to reduce a number with 156 zeros down to a manageable size, they usually begin to comprehend why "I'm thinking of a random number" is actually a very safe way to store your Bitcoins.
This is actually the point of this whole thread!
...
Here's another snippet of wisdom from when I'm trying to explain the odds of guessing a private key:
Cheat code to convert 2^x to 10^x: reduce the exponent by 3 or 4 (2^3 = 8; 2^4 = 16)
2^160 is (roughly) the same as a 1 with 156 zeros.
Here's another snippet of wisdom from when I'm trying to explain the odds of guessing a private key:
Cheat code to convert 2^x to 10^x: reduce the exponent by 3 or 4 (2^3 = 8; 2^4 = 16)
2^160 is (roughly) the same as a 1 with 156 zeros.
No. You have to divide 160 by 3 or 4.
2^160 = 1461501637330902918203684832716283019655932542976
like 1 with 48 zeroes.
After a thoroughful research I can confirm @arulbero result:
January 07, 2020, 09:34:17 AM
...
Here's another snippet of wisdom from when I'm trying to explain the odds of guessing a private key:
Cheat code to convert 2^x to 10^x: reduce the exponent by 3 or 4 (2^3 = 8; 2^4 = 16)
2^160 is (roughly) the same as a 1 with 156 zeros.
Here's another snippet of wisdom from when I'm trying to explain the odds of guessing a private key:
Cheat code to convert 2^x to 10^x: reduce the exponent by 3 or 4 (2^3 = 8; 2^4 = 16)
2^160 is (roughly) the same as a 1 with 156 zeros.
No. You have to divide 160 by 3 or 4.
2^160 = 1461501637330902918203684832716283019655932542976
like 1 with 48 zeroes.
Jump to: