Author

Topic: Vanity Address for Altcoins, How are vanity addresses secure? (Read 2004 times)

legendary
Activity: 1008
Merit: 1005
All you would need to do is read the Bitcoin wiki's entry on vanitygen Tongue But yes, that's all you'd need to do. As I said, privtype is addrtype + 128 (so in the case of LottoCoin, privtype would be 177, because 49 + 128 = 177), with the exception of Securecoin where it's hardcoded to 128. scriptaddrtype, as far as I know, is -1 for everything other than Bitcoin.

 Cheesy  Thanks!


Quote
1) You generate a random 256-bit integer less than the SECP256k1 generator. You keep this secret. (Effectively, an ECDSA private key.)

2) You compute the corresponding EC point on the SECP256k1 curve. You share this with whoever is finding the vanity address for you. (This is the ECDSA public key that corresponds to the private key you generated in step one.)

3) The person working out the vanity address for you tries various 256-bit integers also less than the SECP256k1 generator. They compute the corresponding EC point and add it to the EC point you sent them (from step two). They then hash this and see if it produces the desired vanity address. They repeat this over and over until they find a 256-bit integer that works. They give this integer to you. (And the world, it need not be kept secret.)

4) You add the 256-bit integer they found to the 256-bit integer you generated in step 1 and reduce it modulo the SECP256k1 generator.

5) You now have the private key, and they don't. (And you can prove that they cannot generate the private key from just the information you gave them unless ECDSA is fundamentally broken.)

In ECDSA, you convert a private key to a public key by multiplying by the generator. Division is impossible.

The vanity address generation scheme above works because: (A+B)*G = AG + BG

You generate A and AG, but give them only AG.

They try various different B's, calculating the AG+BG for each one to find the right one for the vanity address.

They give you B. You can now compute A+B (the secret key corresponding to the public key AG+BG) but nobody else can since they do not know A.

Computing A from AG would mean breaking ECDSA fundamentally. All you gave them is AG, an ECDSA public key. If they could figure out the private key to your new account (A+B), they could also figure out A. So if they could figure out the private key to your vanity account, they could also figure out the private key you created in step 1. But all you gave them was the corresponding public key. So any compromise of the vanity account would mean they could compromise a private key given only its corresponding public key.

Could anyone explain this to me in simpler terms?

newbie
Activity: 49
Merit: 0
All you would need to do is read the Bitcoin wiki's entry on vanitygen Tongue But yes, that's all you'd need to do. As I said, privtype is addrtype + 128 (so in the case of LottoCoin, privtype would be 177, because 49 + 128 = 177), with the exception of Securecoin where it's hardcoded to 128. scriptaddrtype, as far as I know, is -1 for everything other than Bitcoin.
legendary
Activity: 1008
Merit: 1005
So all I would need to do is look in a coin's source, and replace it with the coin's values?

e.g. https://github.com/Smeagol-Gollum/securecoin-vanitygen/blob/master/vanitygen.c#L388

I could change

Code:
                 case 'N':
                        addrtype = 52;
                        privtype = 180;
                        scriptaddrtype = -1;
                        break;

to
Code:
                case 'L': //LottoCoin
                        addrtype = 49;
                        privtype = 180;
                        scriptaddrtype = -1;
                        break;

Where would I find privtype and scriptaddrtype?
newbie
Activity: 49
Merit: 0
Also - what are the variables I need to change?
https://github.com/samr7/vanitygen

EDIT: You actually don't need to modify the source code for most altcoins; you can use vanitygen's -X flag to generate addresses for altcoins (modifying the source code for Securecoin was necessary because the privtype variable is hardcoded to 128). Look at the Bitcoin Wiki page on Vanitygen (scroll down to the section titled "Vanity addresses for other crypto-coins") for instructions.

But if you want to modify the source code anyway, see the commit here:

https://github.com/llamasoft/securecoin-vanitygen/commit/9bba3e60c21960acc9ca8a280d1d193fe202a0dc

addrtype must be the value of PUBKEY_ADDRESS in the original source code (for example, in LottoCoin it's 49) and privtype is usually 128 + addrtype, except in the case of Securecoin where it was hardcoded to 128 (in LottoCoin it's the former).
sr. member
Activity: 770
Merit: 250
Use Google to find modified vanity generators for altcoins. You'll find them. And if you don't, you'll find out you only have to change the value of two variables on the source code to adapt the address generated to any coin - https://bitcointalksearch.org/topic/annsrc-vanitygen-for-securecoin-293700

You are perfectly secure selling addresses. But it wouldn't be secure to buy them. Do people actually sell addresses? I didn't know.

I see people selling vanity addresses.  Also, there are vanity pools

If someone sells you a vanity address they have your private key... you would be a fool to use it!!!

There is a safe way to let someone generate you a vanity address so that only you get the private key. The wonders of cryptography! Too bad there isn't a working firstbits lookup any more.
legendary
Activity: 1652
Merit: 1265
Use Google to find modified vanity generators for altcoins. You'll find them. And if you don't, you'll find out you only have to change the value of two variables on the source code to adapt the address generated to any coin - https://bitcointalksearch.org/topic/annsrc-vanitygen-for-securecoin-293700

You are perfectly secure selling addresses. But it wouldn't be secure to buy them. Do people actually sell addresses? I didn't know.

I see people selling vanity addresses.  Also, there are vanity pools

If someone sells you a vanity address they have your private key... you would be a fool to use it!!!
legendary
Activity: 1008
Merit: 1005
Use Google to find modified vanity generators for altcoins. You'll find them. And if you don't, you'll find out you only have to change the value of two variables on the source code to adapt the address generated to any coin - https://bitcointalksearch.org/topic/annsrc-vanitygen-for-securecoin-293700

You are perfectly secure selling addresses. But it wouldn't be secure to buy them. Do people actually sell addresses? I didn't know.

Also - what are the variables I need to change?
https://github.com/samr7/vanitygen
legendary
Activity: 1008
Merit: 1005
Use Google to find modified vanity generators for altcoins. You'll find them. And if you don't, you'll find out you only have to change the value of two variables on the source code to adapt the address generated to any coin - https://bitcointalksearch.org/topic/annsrc-vanitygen-for-securecoin-293700

You are perfectly secure selling addresses. But it wouldn't be secure to buy them. Do people actually sell addresses? I didn't know.

I see people selling vanity addresses.  Also, there are vanity pools
full member
Activity: 182
Merit: 100
Use Google to find modified vanity generators for altcoins. You'll find them. And if you don't, you'll find out you only have to change the value of two variables on the source code to adapt the address generated to any coin - https://bitcointalksearch.org/topic/annsrc-vanitygen-for-securecoin-293700

You are perfectly secure selling addresses. But it wouldn't be secure to buy them. Do people actually sell addresses? I didn't know.
legendary
Activity: 1008
Merit: 1005
Is it possible to make vanity addresses for altcoins?  If so, how?

Also, when people sell addresses, how is it secure?  Wouldn't they know the private key?
Jump to: