If computers can calculate an address from its private key, then why can't they do the reverse and calculate a private key from an address?
Not every process is reversible.
Topic: Why can't a private key be calculated from its address? (Read 3062 times)
If computers can calculate an address from its private key, then why can't they do the reverse and calculate a private key from an address?
Op check out: https://www.khanacademy.org/computing/computer-science/cryptography
Takes less than few hours at most, and its free.
I'd like to thank everyone, especially Kazimir, for laying this all out so clearly.
I feel a lot better about sites like directory.io and www.Buttcoins.com being out there now. Even though directory.io was said to be a hoax, the news story about it was focused more on how many address and key pairs there were rather than you can't get the private key from the public one. Thanks.
I feel a lot better about sites like directory.io and www.Buttcoins.com being out there now. Even though directory.io was said to be a hoax, the news story about it was focused more on how many address and key pairs there were rather than you can't get the private key from the public one. Thanks.
So, a private key is nothing more than a random number between 1 and 115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336 converted to base58?
Not exactly.
A Bitcoin private key is nothing more than a random number between 1 and 115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336. You are welcome to convert it into any base you like. It's just a number.
The Wallet Import Format (WIF) of a Bitcoin private key is a specific representation of that private key that concatenates: a one byte version number, the private key, and a 4 byte checksum. This value is then converted into base58 using the rules described here:
https://en.bitcoin.it/wiki/Base58Check_encoding
Thanks for the response. I like mathematics but never studied too much of it. I would like to understand in more detail both about functions that can't be reversed and the ones which reversion is much harder than the original,
- snip -
- snip -
http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/1/
Thanks, it's very interesting. Now I'm curious about how are public and private btc keys generated. Do you know a site explaining that?
Private keys are "generated" as a randomly chosen number between:
0x01 and 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140
(1 and 115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336)
The programer of a wallet (or address generating software) chooses how they want to generate the random number. If you like, you can even do it with dice or a deck of cards.
Once you've chosen a random private key, the public key is calculated as described at that arstechnica link above using the secp256k1 curve.
https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses
(Have you never heard of internet search engines? Most of these answers come up with about 30 seconds of effort on Google, Yahoo, Bing, etc.)
Thanks. So, a private key is nothing more than a random number between 1 and 115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336 converted to base58?
Very interesting. Ok, I will try to google my next questions and will ask here in case I don't find the answer.
If computers can calculate an address from its private key, then why can't they do the reverse and calculate a private key from an address?
Because you don't have a quantum computer at your disposal, and you never will. Thanks for the response. I like mathematics but never studied too much of it. I would like to understand in more detail both about functions that can't be reversed and the ones which reversion is much harder than the original,
- snip -
- snip -
http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/1/
Thanks, it's very interesting. Now I'm curious about how are public and private btc keys generated. Do you know a site explaining that?
Private keys are "generated" as a randomly chosen number between:
0x01 and 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140
(1 and 115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336)
The programer of a wallet (or address generating software) chooses how they want to generate the random number. If you like, you can even do it with dice or a deck of cards.
Once you've chosen a random private key, the public key is calculated as described at that arstechnica link above using the secp256k1 curve.
https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses
(Have you never heard of internet search engines? Most of these answers come up with about 30 seconds of effort on Google, Yahoo, Bing, etc.)
Thanks for the response. I like mathematics but never studied too much of it. I would like to understand in more detail both about functions that can't be reversed and the ones which reversion is much harder than the original,
- snip -
- snip -
http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/1/
Thanks, it's very interesting. Now I'm curious about how are public and private btc keys generated. Do you know a site explaining that?
Private keys are "generated" as a randomly chosen number between:
0x01 and 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140
(1 and 115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336)
The programer of a wallet (or address generating software) chooses how they want to generate the random number. If you like, you can even do it with dice or a deck of cards.
Once you've chosen a random private key, the public key is calculated as described at that arstechnica link above using the secp256k1 curve.
Thank you. Now I wonder how do you convert the big number to the smaller one with upper and lower case letters?
Thanks for the response. I like mathematics but never studied too much of it. I would like to understand in more detail both about functions that can't be reversed and the ones which reversion is much harder than the original,
- snip -
- snip -
http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/1/
Thanks, it's very interesting. Now I'm curious about how are public and private btc keys generated. Do you know a site explaining that?
Private keys are "generated" as a randomly chosen number between:
0x01 and 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140
(1 and 115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336)
The programer of a wallet (or address generating software) chooses how they want to generate the random number. If you like, you can even do it with dice or a deck of cards.
Once you've chosen a random private key, the public key is calculated as described at that arstechnica link above using the secp256k1 curve.
Also, SHA-256 is used to hash the public key. SHA-256 uses two logical functions. 1. the majority function and 2. the choosing function.
Majority function works how it sounds. Given 3 bits, it selects the majority. So;
MAJ(0,0,0) = 0
MAJ(0,0,1) = 0
MAJ(0,1,0) = 0
MAJ(1,0,0) = 0
Thus 4 combinations of inputs yield one and only one output.
The choosing function works in a similar way. The first input chooses the second. If first is positive, choose the second, else choose the third.
CH(0,0,0) = 0
CH(1,0,0) = 0
CH(0,1,0) = 0
CH(1,1,0) = 0
And so on.
Majority function works how it sounds. Given 3 bits, it selects the majority. So;
MAJ(0,0,0) = 0
MAJ(0,0,1) = 0
MAJ(0,1,0) = 0
MAJ(1,0,0) = 0
Thus 4 combinations of inputs yield one and only one output.
The choosing function works in a similar way. The first input chooses the second. If first is positive, choose the second, else choose the third.
CH(0,0,0) = 0
CH(1,0,0) = 0
CH(0,1,0) = 0
CH(1,1,0) = 0
And so on.
In his example, it is extremely easy to calculate not just one, but many and all the possible private keys of an address, with nearly the same difficulty of the reverse, it surely doesn't explain bitcoin at all.
Nope, that does explain Bitcoin. Each address represents around 2^96 possible private keys. It is believed to be computationally infeasible to generate a collision.
But all of the 2^96 possible private keys of an address work, don't they? Or only one works?
Yes, because a bitcoin address is a 160 bit hash, and since a private key (and its corresponding public key) are 256 bits, there are 2^96 (96 = 256 - 160) public keys which should have the same 160 bit hash.
That has nothing to do with the private key to public key operation. It has to do with the fact inputting 256 bits into a hash and getting out 160 bits. The number of possible inputs is higher than the number of possible outputs, so therefore some inputs MUST have the same output as others.
And so yes, any of those 2^96 private keys will work, because the mathematical requirement for sending a bitcoin is only that the signature is valid and that the hash matches, so any key that can produce the hash will satisfy that requirement.
Problem is you have to brute force through 160 bits before you are guaranteed to start getting those collisions... (And "bits" means it's exponential. 160 bits isn't twice as hard to brute force as 80 bits, it's 2^80 times as hard.)
If computers can calculate an address from its private key, then why can't they do the reverse and calculate a private key from an address?
Not all calculations are reversible. Suppose private keys and address work like this: private keys are long numbers, and addresses are the sum of all digits. Obviously a simplification, but just as an example.So if you have private key = 134505719542, then you can easily calculate the address: 1+3+4+5+0+5+7+1+9+5+4+2 = 46.
Now I have another address: 43. What's the private key?
I understand this.
It's a good example.There are too many combinations
Thanks for the response. I like mathematics but never studied too much of it. I would like to understand in more detail both about functions that can't be reversed and the ones which reversion is much harder than the original,
- snip -
- snip -
http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/1/
Thanks, it's very interesting. Now I'm curious about how are public and private btc keys generated. Do you know a site explaining that?
Stupid people should just be happy with the fact that we let them remain here with us on Earth and they get to benefit from all the smart people who make cool shit. BitNerd, Don't try to figure out math. You are annoying the numbers.
I don't need to "let you" live in the same planet as I live. You are born with the natural right of private property, no need to worry. And numbers are not alive, don't worry about them either.
In his example, it is extremely easy to calculate not just one, but many and all the possible private keys of an address, with nearly the same difficulty of the reverse, it surely doesn't explain bitcoin at all.
Nope, that does explain Bitcoin. Each address represents around 2^96 possible private keys. It is believed to be computationally infeasible to generate a collision.
But all of the 2^96 possible private keys of an address work, don't they? Or only one works?
I hear the young ones like video, so Ill add this: http://media.ccc.de/browse/congress/2014/31c3_-_6369_-_en_-_saal_1_-_201412272145_-_ecchacks_-_djb_-_tanja_lange.html#video
I tried to watch the video, and I gotta say, it was extremely IRRITATING to have the math-intensive lecture slides dissapear at the WORST possible timing to only cut to the lecturer in person. What. The. Fuck.Whoever edited the video needs to be stuffed into a cannon and shot. What is supposed to be an informative learning video is ruined by moronic decision making that killed my concentration.
Its a live capture from the conference, the editing was done on the fly and frankly: yes it sucks for many videos.
If computers can calculate an address from its private key, then why can't they do the reverse and calculate a private key from an address?
Not all calculations are reversible. Suppose private keys and address work like this: private keys are long numbers, and addresses are the sum of all digits. Obviously a simplification, but just as an example.So if you have private key = 134505719542, then you can easily calculate the address: 1+3+4+5+0+5+7+1+9+5+4+2 = 46.
Now I have another address: 43. What's the private key?
Any number of which the digits' sum is 43?
I don' think your example really explains why a btc private key (actually, as far as I know each address has something like 2^100 private keys), can't be calculated from the address.
It was a simple example just to understand how difficult it would be determine the key from an address, hence the emphasis on 'suppose', he never implied that it was the concept the bitcoin address generation is based on.
Because the "trapdoor" functions used in public key cryptography are designed with exactly that property. In your question, the first implicit assumption is already wrong. If a function can be calculated, it does not necessarily follow that its inverse can be calculated with similar effort or can be calculated at all.
Trapdoor functions are invertible; the question is how hard they are to invert. There's a long history of crypto functions which were thought to be too hard to solve, but were solved. Sometimes by advances in mathematics, sometimes by sheer computational power, and sometimes by a combination of the two. The ones used for Bitcoin are generally considered strongly resistant to solution, and they're functions which have been examined thoroughly. But SHA-1 and DES were once thought to be highly resistant, too. Now they're routinely solved. I hear the young ones like video, so Ill add this: http://media.ccc.de/browse/congress/2014/31c3_-_6369_-_en_-_saal_1_-_201412272145_-_ecchacks_-_djb_-_tanja_lange.html#video
I tried to watch the video, and I gotta say, it was extremely IRRITATING to have the math-intensive lecture slides dissapear at the WORST possible timing to only cut to the lecturer in person. What. The. Fuck.Whoever edited the video needs to be stuffed into a cannon and shot. What is supposed to be an informative learning video is ruined by moronic decision making that killed my concentration.
If computers can calculate an address from its private key, then why can't they do the reverse and calculate a private key from an address?
Not all calculations are reversible. Suppose private keys and address work like this: private keys are long numbers, and addresses are the sum of all digits. Obviously a simplification, but just as an example.So if you have private key = 134505719542, then you can easily calculate the address: 1+3+4+5+0+5+7+1+9+5+4+2 = 46.
Now I have another address: 43. What's the private key?
Any number of which the digits' sum is 43?
I don' think your example really explains why a btc private key (actually, as far as I know each address has something like 2^100 private keys), can't be calculated from the address.
His example does explain a lot to be honest , I personally got it
Thanks for the information Kazimir , really helpful
~ Madness
In his example, it is extremely easy to calculate not just one, but many and all the possible private keys of an address, with nearly the same difficulty of the reverse, it surely doesn't explain bitcoin at all.
Stupid people should just be happy with the fact that we let them remain here with us on Earth and they get to benefit from all the smart people who make cool shit. BitNerd, Don't try to figure out math. You are annoying the numbers.
Jump to: