Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: How to Create a Bitcoin Address from a Coin Flip
by
fasbit
on 05/02/2015, 00:06:10 UTC
Quote from: andytoshi on February 03, 2015, 09:42:08 PM
Please please please do not do this. The cryptosystem which Bitcoin keys and addresses are part of assumes for its security that its private keys are uniformly random numbers. Flipping coins by hand will definitely not give uniformly random numbers, and is probably so biased (depending on your hand, the coin, what side you pick it up from, the surface it lands on, etc, etc) that you can measure it yourself by just flipping a coin and counting the zeroes and ones.

If you swap out one component of a cryptosystem for another you have constructed a new cryptosystem and need to argue its security. And I guarantee you won't find a good security argument for "Bitcoin script with biased randomness".


Thanks for the feedback.  However this is not a technical paper on cryptography, it is simply a step by step method on "HOW" to create a private key.  Most of your argument is either technical or addresses a "WHY" issue.  I did clean up two small issues that were over simplifications on my part.  

I will only address your central theme with which I disagree:  While it may be scientifically possible to determine that a coin flip method has a bias (you could make the same argument about dice as well), I could also make the same argument about how the Bitcoin client chooses its random string.  There are many examples of Bitcoin wallets themselves having built in biases that allowed the private keys to be hacked.  Computers have a built in bias against randomization which must be overcome.  Your Bitcoin wallet is no exception as it always sits on an OS.  (Google:  Android OS pseudorandom number generator PRNG - and also NSA Dual EC DRBG)

I offered an option in the original post where one could obtain true random numbers from a coin flip. > from www.random.org

I will argue that 256 coin flips from random.org is the best random number possibility available.  And assuming that you push the results through an offline computer using brainwallet offline, you will have a VERY SAFE, VERY RANDOM private key.

Edit:  It is possible for someone at random.org to guess your intent, even though their site is not a BITCOIN related site.  So just use it for testing.  True security will come from the coin toss not an online web site.