Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: Signature Forging
by
DannyHamilton
on 16/12/2017, 09:31:00 UTC
Quote from: bob123 on December 16, 2017, 08:32:07 AM
Quote from: Kwothe117 on December 05, 2017, 09:28:54 PM
I see. Seems pretty secure. The last problem that I have then is how hard would it be to imitate the public key? a public key is derived from the private one but it is considerably shorter (64-bit?). Shouldn't multiple private keys match that public key? couldn't it be possible (and easier than a brute force on the private key) to simply find something that hashes out to the private key as it is the only part that is actually verified?

You don't hash the private key to get your public key. The algorithm usd is the Elliptic Curve Digital Signature Algorithm (ECDSA: https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm).
Basically its a multiplication on elliptic curves (x*y). The private key is 256 bits long and the public key is either:
1) Prefix (1 byte) + 256 bit integer (x) + 256 bit integer (y) = 520 bit (for uncompressed public keys) or
2) Prefix (1 byte) + 256 bit integer (x) = 264 bit (for compressed public keys, where the y-value can be derived from the prefix and x-value)

I hope that clears everything.

I assume that Kwothe117 was making the very common mistake of referring to the bitcoin address as a "public key".  Then he compounded that mistake by assuming that it was only 64 bits long.

Assuming we are talking about the classical P2PKH address type, the bitcoin address is derived from a hash of the public key.  Specifically, the public key is first hashed with SHA256, and then the result of that is hashed with RIPEMD160.  This 160 bit hash value is then encoded in base58 along with an 8-bit version number (telling the network that it is to be used in a P2PKH output script) and a 32-bit checksum (to allow wallets to catch most typing errors).  As such the "address" is actually a 200 bit value, but only 160 bits of that are determined by the choice of key-pair.

While Kwothe117 is incorrect in stating that "multiple private keys match that public key" (there is a one-to-one relationship between private keys and public keys).  He would be correct in stating that multiple key pairs match the same bitcoin address.  In the case of a classical P2PKH address type, there are on average 296 different key pairs that would all result in the same address.

Finding any one of those 296 key pairs is a probability of 1 in 2160, so it is computationally infeasible to "brute force" with any currently known technology.