Author Topic: Bitcoin greatest vulnerability  (Read 4690 times)

0 Members and 1 Guest are viewing this topic.

Offline yvv

  • Hero Member
  • *****
  • Posts: 1186
    • View Profile
Tl;dr;??
Possibilities of same private key get generated by two independent individuals.

A few years ago someone in bitcointalk said that if you used all the computational power available at that time non stop, the sun would become a red giant before you could be able to create two identical keys, also in the rare case that you managed to create two identical keys, those keys would be almost certain to be yours and empty(because of the huge amount of empty keys you created)

I don't know if this is entirely true but back then noone denied it.
Thats true .. uts even worse
if you built a simple counter (no key derivation) to count all possibilities (from 1 to 2^256) and only used the smalles available time to do one increment (the planck time) .. you would still need 1.4x10^16 times the age if the universe to just count them all .. no bruteforcing no comparing just counting

http://m.wolframalpha.com/input/?i=2%5E256+*plank+time%2F+age+of+the+universe&x=0&y=0

If probability of event is very low, this does not mean that you need to wait ages for it to happen. Take dice for example. You don't necessarily need to roll dice over 36 times to get double six. This can happen any time several times in a row.
As I understand it the probability is non existant, those numbers are HUGE, and if by any raaaaaaare chance there is a colision it will be between empty addresses

It does not not matter how huge are numbers. Event which happens once in billion years can equally happen at the very first second of billion year interval, as well as at the very last second. And, although very unlikely, it can still happen several times in a minute.

chryspano

  • Guest
Tl;dr;??
Possibilities of same private key get generated by two independent individuals.

A few years ago someone in bitcointalk said that if you used all the computational power available at that time non stop, the sun would become a red giant before you could be able to create two identical keys, also in the rare case that you managed to create two identical keys, those keys would be almost certain to be yours and empty(because of the huge amount of empty keys you created)

I don't know if this is entirely true but back then noone denied it.
Thats true .. uts even worse
if you built a simple counter (no key derivation) to count all possibilities (from 1 to 2^256) and only used the smalles available time to do one increment (the planck time) .. you would still need 1.4x10^16 times the age if the universe to just count them all .. no bruteforcing no comparing just counting

http://m.wolframalpha.com/input/?i=2%5E256+*plank+time%2F+age+of+the+universe&x=0&y=0

If probability of event is very low, this does not mean that you need to wait ages for it to happen. Take dice for example. You don't necessarily need to roll dice over 36 times to get double six. This can happen any time several times in a row.
As I understand it the probability is non existant, those numbers are HUGE, and if by any raaaaaaare chance there is a colision it will be between empty addresses

Offline yvv

  • Hero Member
  • *****
  • Posts: 1186
    • View Profile
Tl;dr;??
Possibilities of same private key get generated by two independent individuals.

A few years ago someone in bitcointalk said that if you used all the computational power available at that time non stop, the sun would become a red giant before you could be able to create two identical keys, also in the rare case that you managed to create two identical keys, those keys would be almost certain to be yours and empty(because of the huge amount of empty keys you created)

I don't know if this is entirely true but back then noone denied it.
Thats true .. uts even worse
if you built a simple counter (no key derivation) to count all possibilities (from 1 to 2^256) and only used the smalles available time to do one increment (the planck time) .. you would still need 1.4x10^16 times the age if the universe to just count them all .. no bruteforcing no comparing just counting

http://m.wolframalpha.com/input/?i=2%5E256+*plank+time%2F+age+of+the+universe&x=0&y=0

If probability of event is very low, this does not mean that you need to wait ages for it to happen. Take dice for example. You don't necessarily need to roll dice over 36 times to get double six. This can happen any time several times in a row.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile

I wasted a lot of my time reading through half of it, just because of the way it is cloaked in intrigue.  The guy had some big project then realizes the concept of hash collisions and somehow thinks all the cryptographers in the BTC space are not aware..  honestly,  this is beyond insanity. If this was a problem, then we'd be seeing it, but we don't.  Yet somehow it stopped the guy from proceeding with his project? 
I speak for myself and only myself.

Offline levent

  • Newbie
  • *
  • Posts: 12
    • View Profile
Rt) theorem
 
rt= bitcoin address"1234567890A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z"
 
The (1234567890A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z) system that creates Bitcoin is reduced to (rt)
 
With Chinese, Japanese, Latin Alphabet, the numbers and a thousand characters number series, only
 
   (rr) Bitcoin address
   (tt) Bitcoin address
   (rt) Bitcoin address
   (tr) Bitcoin address
 
      addresses can be created.
 
In this case when you create a Bitcoin address with a character series(6789012345678901友達彼女雪男),(Llisp),(1234542152695) of  any length, a collision occurs.
 
Let's consider Bitcoin (tt) as a cold address, in this case someone else can create the cold address.

(tt)cold wallet -> hot

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Tl;dr;??
Possibilities of same private key get generated by two independent individuals.

A few years ago someone in bitcointalk said that if you used all the computational power available at that time non stop, the sun would become a red giant before you could be able to create two identical keys, also in the rare case that you managed to create two identical keys, those keys would be almost certain to be yours and empty(because of the huge amount of empty keys you created)

I don't know if this is entirely true but back then noone denied it.
Thats true .. uts even worse
if you built a simple counter (no key derivation) to count all possibilities (from 1 to 2^256) and only used the smalles available time to do one increment (the planck time) .. you would still need 1.4x10^16 times the age if the universe to just count them all .. no bruteforcing no comparing just counting

http://m.wolframalpha.com/input/?i=2%5E256+*plank+time%2F+age+of+the+universe&x=0&y=0

chryspano

  • Guest
Tl;dr;??
Possibilities of same private key get generated by two independent individuals.

A few years ago someone in bitcointalk said that if you used all the computational power available at that time non stop, the sun would become a red giant before you could be able to create two identical keys, also in the rare case that you managed to create two identical keys, those keys would be almost certain to be yours and empty(because of the huge amount of empty keys you created)

I don't know if this is entirely true but back then noone denied it.

Offline abit

  • Committee member
  • Hero Member
  • *
  • Posts: 4668
    • View Profile
    • Abit's Hive Blog
  • BitShares: abit
  • GitHub: abitmore
Tl;dr;??
Possibilities of same private key get generated by two independent individuals.
BitShares committee member: abit
BitShares witness: in.abit

Offline pc

  • Hero Member
  • *****
  • Posts: 1530
    • View Profile
    • Bitcoin - Perspektive oder Risiko?
  • BitShares: cyrano
Bitcoin addresses are generated from a 160 bit hash. In order to produce an accidental collision, you'll have to generate about 2^80 addresses. In other words, it is *very* unlikely.

In Graphene-based blockchains, accounts are protected by public keys of about 256 bits. You'll have to produce about 2^128 keys before you get a duplicate. Note that the chance to produce a duplicate for a given existing key is much lower - probably less than 1/(2^230).

If you have indeed managed to produce a duplicate simply by typing "create account" into the console, you have either misunderstood the workings of your client, or an extremely broken random number generator. (Leaving aside the fact that the bitcoin console client doesn't have a "create account" command.)
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc

Offline levent

  • Newbie
  • *
  • Posts: 12
    • View Profile
http://reifddd.wix.com/levent

[I'm a finite character space]

Levent Korkmaz

The finite space of the characters of Bitcoin's account number.

(I'm a cold wallet and all the cold wallets are warm.)

[I'm a finite character space]

We have prepared a new project to use Bitcoin with my team-mates: Anthony Boivin and
Takashi Ohno. I bought reifd.info for our project. I've done research about Bitcoin account
security for the protection of the people who will invest our new projects. My research
results show this frightening security flaw.

I've realized that Bitcoin, Ethereum, Ripple and Ethereum dao have affected by Assets
security flaw. Coin that designed with Chain and the others are being affected. So all of the
Chain technology are under affection of this security flaw. With this security flaw all of the
investors' money can be stolen. Despite of the investor that has performed every security
protection.

I've stopped my reifd.info project for the safety of my investor. I hope that updates will be
done as soon as possible for this security flaw and we present our project safely to the
investor. Honesty and security first, then trading.

*Firstly let's think what we have to do concerning Bitcoin account security like everybody
else does.

I should provide the security of the number of Private key to assure the security of my
Bitcoin and Ethereum accounts. I need to keep my account number's Private key
somewhere safe. I need to use cold wallet. I need to create Multi - Signature with
Electrum. I need to print Private Key and keep it somewhere safe. I need to protect my
wallet with a strong password. I need to transfer my money into several account numbers.
I need to back-
up my wallet.

Now let's ask the questions:

1)Do the security of Private Key's number and the other security precautions provide thesecurity of my money in my account numbers on Bitcoin, Ethereum, Ripple?

In fact, this question doesn't make sense for Ripple. But Ripple also experiences the
security problems that fall to it's share. And of course all the assets(Dao) that created by
Ethereum are also included.

And this question's answer is definetly "no", but why not?

The Bitcoin address with the total 33 characters:
1 “CbtYLQY4jdQhKs3WMweRFqe93MNtPnbPh”

The Ethereum address with the total 40 characters:

0x”Bb97dC9271B097E1568bB4d24BEa7C3a28b76d44”
1234567890A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z

Bitcoin, Ethereum, Rhesap numbers with the 26+26+10= 62 characters space.

The number of the private Key's security can't provide the security of the money in my
Bitcoin, Ethereum and Ripple account numbers because of that we create Bitcoin and
Ethereum account numbers with the infinite space characters( 62 character space).

So we can create account numbers with the finite characters space and this causes
coincidence. Alice and Bob may coincidentally create an exact same account number.

In this case Alice and Bob may have eachother's money without permission.

"All cold wallets in the outer character space are actually alone and warm. There are no
security and protection for money."

In that case Bitcoin and Ethereum that full of money are cold wallets, but the Ripple wallet
acount is warm.

Actually a wallet's being whether hot or cold doesn't make sense for this security flaw.
(All accounts wander in the 62 characters space)

So money in the accounts is idle in the character space because a wallet that created with
the finite characters space is also warm.

In this case Bitcoin that coincidentally belongs to someone else can create Ethereum and
Ripple addresses and the money might be transferred to another account.

"You can make your own special lottery without paying a red cent too. All you need to do is
to create million accounts quickly. Maybe you won't create a full account, but surely one
will be able to build a full account. If you're not a decent person you may hack someone
else's Bitcoin or Ethereum account and you are to ask for God's forgiveness."

In the banking system, IBAN is designed differently for every bank. A bank never gives an
IBAN that registered in it's own database to another bank customer, if that happens a fatal
mistake will be occurred. The bank solves this problem so easily.

2) Can we solve the security problem if we make the Bitcoin, Ethereum and Ripple's
account numbers' length about 1000-character-long?

This one's answer is also "no". But why not?

Ethereum made the generated account numbers' character length 40, too. Ethereum's all
account numbers' consist 40 characters, in that case Alice and Bob coincidentally create
an exact same account number.

(note: Ethereum made account number legth 40 characters for either "Private Key security
or "lack of coincidence".) In both cases 40 characters don't matter.

3)Does expanding the character space provide solution for our security problem?

This one's answer is also "no".

Let's see...
1234567890
A B C D E F G H I J K L M N O P Q R S T U V W X Y Za b c d e f g h i j k l m n o p q r s t u v w x y z

Let's add 1000 chinese kanji characters to this space and we'll have 1062 characters in
total.

You can access the 1000 Chines kanji I've found through the link below.
http://www.jaist.ac.jp/~sjittisa/kanji1000.pdf

4)Does creating Bitcoin and Ethereum account numbers With the total 1000, 5000 or
10.000 kanji characters space make our account number safe?

And this one's answer is also "no", but why not?

- We have a finite character space(10.062 kanji characters in total), and still two different
person can coincidentally create an exact same account number.

A Bitcoin account number that created with 1000 kanji and 62 latin characters space:
1 昼店道発物用 L 商圧誤委委投働 i 鈍毎何今 s 南西北外山雨聞 p 来読戻乱未


So what could be the solution to our security problem?

This kind of account number may slightly meets our requests if we think how this won't
create a confusion or a finite character space problem.

1 昼店道発物用 L 商圧誤委委投働 i 鈍毎何今 s 南西北外山雨聞 p 来読戻乱未

No matter what we do since we'll have a finite character space, the "random case" will be
valid for every character space we'll suggest.

So how can we maintain the security of a Bitcoin account?

"This suggestion is all about putting a checkpoint or creating a sequential account while
creating a Bitcoin account."A suggestion:

All account numbers are creating by The Miners. This stiuaton is not a centralist approach.

In the end, distributed miners will take over this process.

Miners' tasks in the new design are:

1)Confirming the accounts, security(their current task)2)Creating new accounts and adding
them into the chain

3)Maintaining the security of the account chain
4)
5)
6)
7)

"A suggestion"s key aspect is that how the miners will create the account numbers.

The process works like this:

User opens the wallet and clicks on the "create a new account" button and creates a
Bitcoin account or when he/she opens the wallet, the miners will create an account
automatically. The miners scan the account chain in order to know if the account number
that they are going create is already on the account chain and if there's no match to that
account number, they bring the account number into use to the owner of the wallet.


Or the miners create Bitcoin numbers in a sequential manner and they in retrospect don't
check which account numbers have been created.

Are the checkpoints necessary while sequential accounts are being created? "This should
be discussed."

First create six or seven free new accounts and even a little fee is requested from users for
the other Bitcoin accounts to be created. Thus prevents the excessive account number
creation.

An example for the sequential account number:

1MkhnXC6fkfQ3DvswfnuXXzpdwwP9KaMQD
1MkhnXC6fkfQ3DvswfnuXXzpdwwP9KaMQE
1MkhnXC6fkfQ3DvswfnuXXzpdwwP9KaMQF
0x3E3D07b8DFbb904ae63Eea9F30aedD099E484134
0x3E3D07b8DFbb904ae63Eea9F30aedD099E484135
0x3E3D07b8DFbb904ae63Eea9F30aedD099E484136

Of course there will be security aspects such kind of a road map.


Right below, you can see the account number that I've created by coincidence after a
research of mine.

Private key:
162Ks8Z4rFiAG8XbAG7Z5JMEP37suEPirr

Private key:
5K1y8cA3ewXgbUNXWGGZn2qCmJ1soQ29oc3uBgiUxwfkuDKFz6p

You can see the Bitcoin account number on Bitcoin forum through the link below
https://bitcointalk.org/index.php?topic=156609.450

Of course there's a wallet aspect of this plain. It has no importance of the created wallet
whether is cold or hot.

In order to coincidentally create a Bitcoin account in this way, we have two different
options.

1) We create a wallet and write "create account" command into the console.
2) We create the wallet and repeatedly create accounts using the new group of words.

I've created an account number that belongs to someone else by trying the first option.

Electrum and these kind of wallets create Bitcoin account numbers with a finite words
space too. (q)This stiuation causes coincidence since it can't go beyond the finite
characters space.

Electrum creates new account numbers with english words. English words are finite, so
this causes a coincidence
It'll be entered into another finite words space when it go beyond the english finite words
space. In this case read again starting from (q).

I've been following the development of Cointree for a long time. Peercoin brought a great
innovation with Proof-of-Stake. I believe the big problems will be solved by adding Proof-
of-Stake to Bitcoin.

Example: It can provide solution to 51 attacks and also Peercoin wallet mining can be
done.