There are different kinds of bits. One kind is the number of 1's and 0's. As Dany said a ECDSA private key as used in bitcoin has 256 different of these.
Another kind is a measurement for the amount of information a message contains (this message may or may not be encoded in bits). This measurement is called entropy and is given in bits as well.
There is also the kind of bits used by DeathAndTaxes which is a comparisson between algorithms. What it means is that ECDSA is as strong as a 128bit symmetric encryption scheme. Another common example is RSA, where a 1024 bit key is as strong as ~70 bits. This number can decrease over time as better ways are found to calculate the private key from the public key.
Yes but I was asking for the entropy, hence the title of the thread:
Quote
I`m a bit confused about the maximum entropy that bitcoin provides.
Alright so private key = 128 bit entropy, finally that is settled
No.
Ok so then how much entropy security does a spent vs unspent address provide?
I think you are looking for security not entropy. Anyway Ill put the names aside and try to answer your question. Im pretty sure Danny will correct me when I make a mistake. The question the way I understand it is, how easy is it for someone to steal your coins if you re use addresses.
Scenario #1: You have spend coins received on the address in the past and thus the public key is stored in the blockchain. In this case the attacker would need 2128 elemantary operations to find the correct private key. Aka a security level of 128 bit. This ignores randomness and chance, e.g. the birthday paradox.
Scenario #2: You have never spend coins received on the address, ever. You also have not otherwise published your private key (e.g. due to a payment to pubkey instead of to an address). In this case the attacker has to break the RIPEMD160 hash in order to get to the SHA256 of the public key. Since there are no known attacks to improve from simple brute force its security is 160 bit. Once RIPEMD160 is done, an attacker would need to break SHA256 (256 bit security, unless used with reduced number of rounds) in order to get to the public key and from there try to find the private key. This however makes no sense as its way faster to just try private keys until you found one that results in the same address. As there are only 2160 different (version 1) addresses due to the 160 bits of RIPEMD160 there are 296 different private keys for each address. As such you have a total security level of 160 bits.