[148597] in cryptography@c2.net mail archive
Re: [Cryptography] BitCoin Question - This may not be the best
daemon@ATHENA.MIT.EDU (Robert Christian)
Sun Dec 22 20:29:24 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CACJAJ58968arwms8i6K99xcvOv2ALi_WOrb7=csdXZk54yjC1Q@mail.gmail.com>
Date: Sun, 22 Dec 2013 16:30:50 -0800
From: Robert Christian <robertjchristian@gmail.com>
To: Steve Weis <steveweis@gmail.com>
Cc: cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============8204708343637809958==
Content-Type: multipart/alternative; boundary=001a1134bb9a6b791d04ee28bd02
--001a1134bb9a6b791d04ee28bd02
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On Sunday, December 22, 2013, Steve Weis wrote:
> On Sat, Dec 21, 2013 at 5:45 PM, Robert Christian
> <robertjchristian@gmail.com <javascript:;>> wrote:
> > What=E2=80=99s to stop someone from gaming the system and creating mill=
ions of
> wallets, increasing their odds of accidental deposits? If nothing else y=
ou
> could conceive of a DOS attack of sorts, where the addresses are all burn=
ed
> up. This seems like a major flaw to me.
>
> Bitcoin addresses are hashes of ECDSA key pairs:
> https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses
>
> If by "burning up" addresses you mean generating every key pair and
> storing it, that's not going to be feasible since Bitcoin uses
> Secp256k1 with 256-bit private keys.
>
>>>
Not saying "generating every key pair and
storing it". Saying generating a sufficient number of keypairs...
Thing is, I haven't seen a collision resolution strategy... just a general
sentiment that "there is an extremely low possibility for collision."
1) Understood that IDs are a hash. I guess I wasn't very articulate in the
initial question because it seems as if the responses so far are answering
other questions, such as "what if someone just tried to spoof an address"
or "what if someone tried to create all possible key value pairs and store
them" ... I am not asking either of those questions (but closer to the
latter).
2) I am pointing out that addresses are finite, and 34 chars long... They
can only be upper or lower case, or 0..9. So at the end of the day, after
all the fancy stuff, the number of all possible bitcoin addresses
is (26*2+10)^34 possible unique ids.
So the number of possible unique addresses is actually relatively smalll.
Right?
I understand that to use the address you need to have generated the keypair
prior/same time.
But you don't need to create *every* possible keypair... Just enough
keypairs such that the hash output represents enough unique hashes to
represent a small fraction of the unique ids. Then you'll start seeing
collisions.
So my question is "what am a missing with respect to thinking we'll start
to see collisions happening at a rate that makes the system cost
prohibitive?"
If we get past that point the question is "what is the hash resolution
strategy?"
And if we got past that one, and with no solution... Then the question is
why is Bitcoin trading at $650 per USD? :)
I am sure I am missing something here... Haven't found it yet though...
--001a1134bb9a6b791d04ee28bd02
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<br>On Sunday, December 22, 2013, Steve Weis wrote:<br><blockquote class=
=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padd=
ing-left:1ex">On Sat, Dec 21, 2013 at 5:45 PM, Robert Christian<br>
<<a href=3D"javascript:;" onclick=3D"_e(event, 'cvml', 'robe=
rtjchristian@gmail.com')">robertjchristian@gmail.com</a>> wrote:<br>
> What=E2=80=99s to stop someone from gaming the system and creating mil=
lions of wallets, increasing their odds of accidental deposits? =C2=A0If no=
thing else you could conceive of a DOS attack of sorts, where the addresses=
are all burned up. =C2=A0This seems like a major flaw to me.<br>
<br>
Bitcoin addresses are hashes of ECDSA key pairs:<br>
<a href=3D"https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addre=
sses" target=3D"_blank">https://en.bitcoin.it/wiki/Technical_background_of_=
Bitcoin_addresses</a><br>
<br>
If by "burning up" addresses you mean generating every key pair a=
nd<br>
storing it, that's not going to be feasible since Bitcoin uses<br>
Secp256k1 with 256-bit private keys.<br>
</blockquote><div><br></div><div>>>></div><div><br></div><div>Not =
saying=C2=A0"<font><span style=3D"background-color:rgba(255,255,255,0)=
">generating every key pair and</span></font></div><div><font><span style=
=3D"background-color:rgba(255,255,255,0)">storing it</span></font>". S=
aying generating a sufficient number of keypairs...</div>
<div><br></div><div><br></div><div>Thing is,=C2=A0I haven't seen a coll=
ision resolution strategy... just=C2=A0a general sentiment that "there=
is an extremely low possibility for=C2=A0collision."=C2=A0=C2=A0</div=
><div><br></div><div>
1) Understood that IDs=C2=A0are=C2=A0a hash. =C2=A0I guess I wasn't ver=
y articulate=C2=A0in the initial=C2=A0question=C2=A0because it seems as if =
the responses so far are answering other questions, such as "what if s=
omeone just tried to spoof an address" or "what if someone tried =
to create all possible key value pairs and store them" ... I am not as=
king=C2=A0either of those questions (but closer to the latter).</div>
<div><br></div><div>2) I am pointing out that addresses are finite, and 34 =
chars long... They can only=C2=A0be upper or lower case, or 0..9. =C2=A0So =
at the end of the day, after all the fancy stuff,=C2=A0the number of all po=
ssible bitcoin addresses is=C2=A0(26*2+10)^34=C2=A0possible unique ids.</di=
v>
<div><br></div>So the number of possible unique=C2=A0addresses is actually=
=C2=A0relatively smalll. =C2=A0Right?<div><div><br></div><div>I understand =
that to use the address you need to have generated=C2=A0the keypair prior/s=
ame time.</div><div>
=C2=A0</div><div>But you don't need to create *every*=C2=A0possible key=
pair... Just enough keypairs such that the hash output represents enough un=
ique hashes=C2=A0to represent a small fraction of the unique ids. =C2=A0The=
n you'll start=C2=A0seeing collisions.</div>
<div><br></div><div>So my question is "what am a missing with respect =
to thinking we'll start to=C2=A0see collisions happening at a rate that=
makes the system cost prohibitive?"</div><div><br></div><div>If we ge=
t past that point the question is "what is the hash resolution strateg=
y?"</div>
<div><br></div><div>And if we got past that one, and with no solution... Th=
en the question is why is Bitcoin trading at $650 per USD? =C2=A0:)</div><d=
iv><br></div><div>I =C2=A0am=C2=A0sure I am missing something=C2=A0here... =
Haven't found it yet though...<span></span></div>
<div><div><br></div></div></div>
--001a1134bb9a6b791d04ee28bd02--
--===============8204708343637809958==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============8204708343637809958==--
