Topic: What are the chances of an address collision? and what happens when it does? (Read 22435 times)

wow you really like writing zero's

what are the odds of being struck by lightning twice in a lifetime? has that happened?

theorizing and intellectual conversation are always a worthy endeavor.

According to this, the odds of you being struck by lightning in the U.S. each year is

If the entire Bitcoin network devoted all of its hashing power to guessing your private key (assuming 1 million trillion checks per second), then the odds each year of someone generating your private key are

In other words, you are 32872500000000000000 times more likely to be struck by lighting.

Even if someone were able to generate 2¹⁰⁹ addresses per year, you are still about 2 billion times more likely to be struck by lightning in a year.

The cost of doing anything to minimize your risk (including even discussing it) is greater than the risk of doing nothing.

a privkey rules an address no matter the salt. you can use that privkey to import the addresses funds to any wallet on any computer.

it doesn't hurt or cost anything to split your funds into a few address, thus minimizing your exposure of being struck by lightning in this sort of attack.

The chances of the Earth being hit by an asteroid are much much much higher. If 1 in 2⁵⁹ unsettles you, then I suggest you start digging a bunker now. I apologize if I just caused you to become unglued.

This video is always appropriate to this discussion: https://www.youtube.com/watch?v=KX5jNnDMfxA

very concise response, thank you..

although it seems we're still looking at thousands of thousands of years before a rational possibility of collision in maximum scenario (without 24x bitcoins current network capabilities;) it's still a bit unsettling that the possibility is out there.

maybe food for thought in not holding all of ones funds in a single address.

That is the probability of the same address being generated by two different wallets, assuming that all generated addresses are all used. It is not the same as simply generating an address that is currently in use.

The maximum theoretical probability can be computed. Suppose bitcoins are maximally distributed such that each address holding bitcoins contains only 1 satoshi. There would be 2.1 quadrillion addresses in use (or about 2⁵¹).

The maximum odds of a collision occurring while distributing the 2.1 quadrillion satoshis is approximately (2⁵¹)² / (2 * 2¹⁶⁰), or


That is an incredibly small number.

Once the satoshis are distributed, the odds of generating a single address that is already in use is 2⁵¹ / 2¹⁶⁰, or

These are the highest possible odds of a collision.

Suppose you are trying to steal satoshis by brute force and you hope to crack one of the 2.1 quadrillion addresses per year. What kind of hash rate do you need? Well, you need to check 2¹⁰⁹ private keys per year (31556926 seconds), or

Note that 2.1x10²⁵ is about 24 million times the total Bitcoin hash rate (though the two rates are not directly comparable)

build addresses and check balances against any block explorer, import the generated privkey on any collisions to siphon funds.

its cold calling with an extra step but anyone who ran toneloc back in the day will tell you that the law of averages is pretty unrelenting.

What do you exactly mean by collision?
I mean is there an point out of building adresses without connected to the network? i think no..

that's for the collision of a specific address correct?

what if you were to continually generate addresses (and thus privkeys) hoping to collide with another random address which holds funds.

i would imagine as the pool of addresses used by the general population increases, the chances of collisions occurring will increases likewise.

I think you just found ALL POSSIBLE collisions. Congrats on owning all bitcoins, too (present and future).

Here is a way to get an address collision in just under a minute:

Step 1: Grab every human on the planet.
Step 2: Convert each of their atoms into a little computer that can generate a new Bitcoin address every 1/10^9 seconds (A billion addresses per second)
Step 3: You will consume the entire search space within 30 seconds.
Step 4: Profit.

Workings:
Bitcoin addresses: 2^160.
Amount of atoms in an average size human (70kg): 7 X 10^27 atoms
Human population: 7.22 billion people.
Addresses generated each second: 1 billion.

The chance depends on how many addresses there are.


The ECD curve doesn't matter. We use 160 bit addresses, and that's the space we're looking for collisions in. If two different privkeys give the same address they can still spend each other's funds, since we pay to addresses, not to privkeys or pubkeys.

Since Bitcoin addresses are basically random numbers, it is possible, although extremely unlikely, for two people to independently generate the same address. This is called a collision. If this happens, then both the original owner of the address and the colliding owner could spend money sent to that address. It would not be possible for the colliding person to spend the original owner's entire wallet (or vice versa). If you were to intentionally try to make a collision, it would currently take 2^107 times longer to generate a colliding Bitcoin address than to generate a block. As long as the signing and hashing algorithms remain cryptographically strong, it will likely always be more profitable to collect generations and transaction fees than to try to create collisions.

It is more likely that the Earth is destroyed in the next 5 seconds, than that a collision occur in the next millenium.

Address collision won't occur. It will be a billionth of billionth of a billionth chance, that an address may collide. Further, the address is backed by public key and private keys. Those keys must be different even if an address collide with another. No need to worry or think about the collision problem. The ECD curve is much larger than the scope we're imagining.

Sorry for the necro-post, but reddit is talking about this thread, and nobody in this thread seems to be close to the truth...


This is wrong. It fails to take into account the birthday problem.

When there are 10^10 addresses, there are roughly (10^20)/2 pairs of addresses.

Consider when there are 5 addresses, A through E.

To check for a collision, you need to compare AB, AC, AD, AE, BC, BD, BE, CD, CE, DE - that's 10 pairs of addresses (5*4)/2, or roughly (5^2)/2.

So your answer is off by a factor of roughly 5 billion.

Since there are 2^160 possible addresses, we need around 2^80 of them to have a 50% chance of a collision.

http://diyhpl.us/~bryan/papers2/bitcoin/bitcoin-birthday.pdf does a better job of approximation, but comes up with a similar answer.


No. You can say that the odds of being hit by lightning are 16,540,000,000,000,000,000,000,000 times higher than of finding a collision, but your statement isn't true.

A simpler example that we can picture more easily than all those zeroes:

 * I have a 1 in 2 chance of coin coming up tails.
 * I have a 1 in 20 chance of rolling a 6 on a 20 sided die.
 * so tossing "tails" is 10 times more likely than rolling a 6.

From this, using your logic, I am just as likely to toss "tails" 10 times in a row as I am to roll a 6.

But we can see that this isn't true. Tossing "tails" 10 times in a row is a 1 in 1024 event. Rolling a 6 is still only 1 in 20.

thanks, it is.

This may be relevant.

I saw the link on IRC and though I should share, didn't ask where it came from 

thanks odolvlobo, this is very helpful info.

Since this is the probability of a collision to be found anywhere within the network (right?), I should probably either compare this to the probability of anyone getting struck by lightning, or I should compare the probability of a particular indivudual finding a collision with the probability of said individual getting struck by lightning?

awesome! where did that come from?