I see. Seems pretty secure. The last problem that I have then is how hard would it be to imitate the public key? a public key is derived from the private one but it is considerably shorter (64-bit?). Shouldn't multiple private keys match that public key? couldn't it be possible (and easier than a brute force on the private key) to simply find something that hashes out to the private key as it is the only part that is actually verified?
You don't hash the private key to get your public key. The algorithm usd is the
Elliptic
Curve
Digital
Signature
Algorithm (ECDSA:
https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm).
Basically its a multiplication on elliptic curves (
x*
y). The private key is 256 bits long and the public key is either:
1) Prefix (1 byte) + 256 bit integer (
x) + 256 bit integer (
y) =
520 bit (for uncompressed public keys) or
2) Prefix (1 byte) + 256 bit integer (
x) =
264 bit (for compressed public keys, where the y-value can be derived from the prefix and
x-value)
I hope that clears everything.