:: Re: [Libbitcoin] address collision?
Top Page
Delete this message
Reply to this message
Author: Neill Miller
To: libbitcoin
Subject: Re: [Libbitcoin] address collision?
Hello Mike,

Interesting find!

It's true that the "bx seed" command provides psuedo-random numbers
provided by the OS. The intent of all libbitcoin commands is to never
generate randomness internally where necessary (and to rather accept
randomness as an input where needed), but "bx seed" is an exception,
mostly for example purposes. To be clear, we don't recommend using it
for strong cryptographic purposes (of which generating Bitcoin private
keys is one such example).

It is quite possible that's a reason for the collision, or at least
that's my best guess at the moment.

That said, I have run similar sorts of programs (more optimized than
what's shown) for extended periods of time in the past out of
curiosity and also to 'convince' myself of the same thing you were
thinking about, and never produced a result like yours. I know we're
not the only ones who have tried this as well :-)


On Thu, Mar 28, 2019 at 05:32:27PM -0400, Mike Miller wrote:
> Approximately 18 months ago I became fascinated with the magic of extremely
> large numbers and that this is basically what's protecting my bitcoin.
> e.g. https://learnbtc.tech/PowerOfLargeNumber.jpg
> In an effort to somewhat "prove" this to myself, I whipped up a script to
> run an endless loop generating random public/private keypairs (using the
> libbitcoin library) and checking the received "balance" at each address,
> and to email me if anything was found. Naturally this script never seemed
> to "find" any bitcoin. This was comforting to me, as it meant that my
> bitcoin was relatively safe from others doing the same thing.
> The meat of the loop is:
> $bx = '/usr/local/bin/bx'
> $private_key = `$bx seed | $bx ec-new|$bx ec-to-wif`
> $public_key = `$bx wif-to-public $private_key`
> $address = `$bx ec-to-address $public_key`
> $balance = `$bx fetch-balance $address`
> I completely forgot about this script, but it's been running all this time
> (~18 months), just running in an infinite loop on my desktop linux box.
> This morning I woke up to a surprise email that something had been found.
> balance
> {
>     address 1CeuzQcb5pmM1PmyoDgV5rfPsJDkAY8ScR
>     received 1965000
>     spent 0
> }

> I used electrum to "import" the associated private key to verify this
> amount was accessible. But I didn't move it -- of course I don't want to
> steal the poor guy's BTC.
> I'm a little bit blown away here. I thought the known universe would hit
> end of life before finding anything. If I can get this lucky finding a
> needle in a haystack with few lines of Perl code, I don't feel quite as
> safe about my bitcoin.
> Or might this mean that, despite the fact that it took 18 months to produce
> a collision, there might be something nonrandom about the seeding mechanism?
> It says mine is Version: 4.0.0, which was the latest version at that time.
> Thoughts?
> -Mike

> _______________________________________________
> Libbitcoin mailing list
> Libbitcoin@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/libbitcoin