Pages:
Author

Topic: z - page 11. (Read 58402 times)

rjk
sr. member
Activity: 448
Merit: 250
1ngldh
July 24, 2012, 05:33:48 PM
#51
Yes, it's true.  Look at the scripts on blockexplorer.  They say "to spend this, you must provide a public key with the following 160 bit hash, and a signature made with the corresponding private key".  It doesn't specify which public key must be used.  Any one with the correct 160 bit hash will work.

Here's an example script:

OP_DUP OP_HASH160 5b62be019b9c39991daed3c3d0e2186986476c11 OP_EQUALVERIFY OP_CHECKSIG
Yes that is the part I was misunderstanding, thanks for the explanation.
legendary
Activity: 2940
Merit: 1333
July 24, 2012, 05:17:10 PM
#50
Dooglus is saying there's 2^160 public keys for the 2^256 private keys. In other words the mapping is not injective, meaning that more than one private key can map to the same public key.

No, there are 2^256 public keys but only 2^160 bitcoin addresses.

i.e. there are around 2^96 public/private keypairs for each bitcoin address, and any of those 2^96 can spend the coins at an address.

More than one private key can map to the same *address*.
legendary
Activity: 2940
Merit: 1333
July 24, 2012, 05:14:33 PM
#49
Any private key with the same bitcoin address will let you spend its money.
Is this true though? I thought the public key was present in the blockchain, and having 2 public keys that resolved to the same bitcoin address would probably cause the quintessential swirling vortex of doom, but shouldn't allow the coins to be spent. This assumes that there are 2^256 public keys that go with those 2^256 private keys.

Yes, it's true.  Look at the scripts on blockexplorer.  They say "to spend this, you must provide a public key with the following 160 bit hash, and a signature made with the corresponding private key".  It doesn't specify which public key must be used.  Any one with the correct 160 bit hash will work.

Here's an example script:

OP_DUP OP_HASH160 5b62be019b9c39991daed3c3d0e2186986476c11 OP_EQUALVERIFY OP_CHECKSIG
hero member
Activity: 504
Merit: 500
July 24, 2012, 02:42:37 PM
#48
donator
Activity: 1218
Merit: 1079
Gerald Davis
July 23, 2012, 10:42:18 PM
#47
No you were right the first time.

Bitcoin public keys are 256 bit HOWEVER multiple public keys will map to the same address (which is 160 bit).

address_base = version + RIPEMD-160(SHA-256(256bit ECDSA public key))
checksum = Left4Bytes(SHA-256(SHA-256(address_base))
address = Base58(address_base + checksum)

The end result is the same.  Bitcoin keypairs have 160bits of strength when facing a brute force attack.

On base-58.  The missing values are O0Il  ("upper case oh", "zero", "upper case eye", "lower case ell").
The reason it to make errors in manual copying less likely.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
July 23, 2012, 10:37:47 PM
#46
Dooglus is saying there's 2^160 public keys for the 2^256 private keys. In other words the mapping is not injective, meaning that more than one private key can map to the same public key.
OK I see - I thought the public key was still 256 bit and the public-key-to-bitcoin-address transformation reduced that to 160 bits. However, I looked at how it works again, and the bitcoin address is just the 160 bit public key written in Base58. EDIT: tired, need sleep

BTW, what are the 4 alphanumerics that are left out of a Base58 address, and why were they left out instead of using a standard Base62 alphanemeric  character set? (26 alphas x2 case + 10 numbers)
sr. member
Activity: 283
Merit: 250
July 23, 2012, 10:26:36 PM
#45
Dooglus is saying there's 2^160 public keys for the 2^256 private keys. In other words the mapping is not injective, meaning that more than one private key can map to the same public key.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
July 23, 2012, 10:10:47 PM
#44
Any private key with the same bitcoin address will let you spend its money.
Is this true though? I thought the public key was present in the blockchain, and having 2 public keys that resolved to the same bitcoin address would probably cause the quintessential swirling vortex of doom, but shouldn't allow the coins to be spent. This assumes that there are 2^256 public keys that go with those 2^256 private keys.
legendary
Activity: 2940
Merit: 1333
July 23, 2012, 10:05:13 PM
#43
The conjectured security level of ECDSA 256 bit keys is
128bit (source: http://www.nsa.gov/business/programs/elliptic_curve.shtml).
It's in fact likely to be closer to 2^256, the size of the space of all possible secp256k1 keys.

That means : breaking an ECDSA 256 bit key would take, using the best known
algorithms today, on the order of 2^128 attempts.

That's 340282366920938463463374607431768211456 attempts.

Don't forget that there are only 2^160 different addresses, due to the hash160 step in making an address from a private key.  You don't need to find the rich account's private key.  Any private key with the same bitcoin address will let you spend its money.

I don't know how you got from 2^256 to 2^128 in your analysis, but can you use the same magic to get from 2^160 to 2^80?
hero member
Activity: 812
Merit: 1000
July 23, 2012, 08:11:25 PM
#42
I wonder how many people fired up vanitygen trying to find the keys for that one large address?  I know it would take millions of years, but you never know, you might get lucky.

I think very few people are trying to do that.

I have to believe that most people involved with bitcoin are neither thieves nor stupid.


Vanitygen doesn't support full addresses anyway.

really? what's the longest string you can search for, if not 34?
legendary
Activity: 1092
Merit: 1016
760930
July 23, 2012, 04:52:56 PM
#41
I wonder how many people fired up vanitygen trying to find the keys for that one large address?  I know it would take millions of years, but you never know, you might get lucky.

I think very few people are trying to do that.

I have to believe that most people involved with bitcoin are neither thieves nor stupid.


Vanitygen doesn't support full addresses anyway.
member
Activity: 66
Merit: 10
July 23, 2012, 04:08:02 PM
#40
I wonder how many people fired up vanitygen trying to find the keys for that one large address?  I know it would take millions of years, but you never know, you might get lucky.

I think very few people are trying to do that.

I have to believe that most people involved with bitcoin are neither thieves nor stupid.
legendary
Activity: 1458
Merit: 1006
July 23, 2012, 12:22:26 PM
#39
I wonder how many people fired up vanitygen trying to find the keys for that one large address?  I know it would take millions of years, but you never know, you might get lucky.

That's 340282366920938463463374607431768211456 attempts.

Assuming your computer could try a billion per seconds (it can't, according to the vanitygen
post, vanitygen can do ~20 Million attempts per second on a 6990), that'd still take you, oh,
about 10790283070806014188 years.

...

In other words, chances are you'd witness the heat death of the universe before you actually
"get lucky".


[trolling on technicalities]

Hey! That's only ~10^19 years, ~10^22 years on a 6990.

That's literally nothing compared to the heat death of the universe. (At least 10^40 years.)

Not to mention that there is a lot of headroom between a 6990 and the physical limits to computation.

You have plenty of time, even with a 6990. Better get started. Grin

(You can probably crack it by hand, if the proton doesn't decay.)

[/trolling on technicalities]
member
Activity: 61
Merit: 10
July 23, 2012, 10:09:49 AM
#38
I wonder how many people fired up vanitygen trying to find the keys for that one large address?  I know it would take millions of years, but you never know, you might get lucky.
legendary
Activity: 1458
Merit: 1006
July 19, 2012, 08:36:04 AM
#37

the monster address has shrunk noticeably


That would be the BTCST treasury, in my guess. Down by 20%, oh my. ^^
hero member
Activity: 504
Merit: 500
July 18, 2012, 10:45:39 AM
#36

List bumped.

Noteworthy changes:

    - someone donated to the top 30 addresses to make them have a decimal tally ending in .03133700  Grin
    - the list now has a "date last touched" field added to it
    - the monster address has shrunk noticeably





hehe, very cute of them to do so. The only thing that sucks about it, is that it throws off the 'date last touched' for us watching the hibernating wallets. :/

I suppose we can filter out a transaction date if we know for sure we can not attribute it to the wallet owner?
legendary
Activity: 1246
Merit: 1016
Strength in numbers
July 18, 2012, 03:42:40 AM
#35
I see the address in my lost wallet Cry

Damn bitcoin needs to grow if my lost wallet is in the top 500...

That's not how it works. As Bitcoin grows the nominal amount in each address will tend to flatten out and yours and other early lost addresses will become the highest. Rather depressing  Sad
legendary
Activity: 960
Merit: 1028
Spurn wild goose chases. Seek that which endures.
July 17, 2012, 06:16:01 PM
#34
Around 30 addresses from the top, except the biggest one, totaling over 990k - if my math is right :p If it's not the same person, then it's a conspiracy Wink
My guess is that some third party just sent them all 0.031337 BTC as a joking congratulations for making the top of the list.
cst
member
Activity: 110
Merit: 10
The Cosmos doesn't care about you.
July 17, 2012, 12:14:56 PM
#33
Seems several more of these addresses now have balances ending in 0.031337 as compared to before.


I have a feeling that the top 4 addresses belong to the same owner.

Around 30 addresses from the top, except the biggest one, totaling over 990k - if my math is right :p If it's not the same person, then it's a conspiracy ;)
legendary
Activity: 1092
Merit: 1016
760930
July 17, 2012, 12:03:16 PM
#32
Seems several more of these addresses now have balances ending in 0.031337 as compared to before.


I have a feeling that the top 4 addresses belong to the same owner.
Pages:
Jump to: