My journey towards understanding cryptocurrencies - Episode 3 - Let's try and steal some coin
My journey towards understanding cryptocurrencies(…and some bitcoin mining)
Part three: Keys and addresses – Let’s try and steal some coin
Now, that we have some basic knowledge on the foundation of the bitcoin, the blockchain, let’s take a look into a fascinating topic. The bitcoin account numbers (addresses).
In the second episode of this series, I have mentioned that bitcoin is transferred from one address to another. An address is like an account number at a bank on which a certain balance of coin is stored.
First, how can I get such an address for myself?
Do I need to apply for one or create an account at my local bank? Or do I have to contact Satoshi (remember our non-existing guy) to assign me one?
Well…none of that is necessary. You can actually choose one for yourself.
Sounds weird, right? But it is the truth.
So how does it work.
A bitcoin address is derived from a, so called, private key as follows:
Private Key => ECDSA => Public Key => Hashing => Bitcoin address
Not again…keep it simple, man.
Let’s start at the beginning. At the beginning of each bitcoin address stands a private key. A private key is a random number between 0 and 2^256 that you can choose freely. Freely as you wish. Seriously…as you wish.
To put that in numbers. You choose a random number between zero and 1.15792E+77 or put in human readable form between zero and 115792000000000000000000000000000000000000000000000000000000000000000000000000
That is a lot of possibilities.
When you play the 6 out of 49 lottery you have 13 983 816 possible combinations only. And that is why it is very unlikely that another person will ever choose the same number as you chose. Before that happens, that person will have won the lottery like 50 trillion times.
Or that anyone will ever be able to brute force hack your bitcoin address, or anyone else’s for that matter.
Usually that private key is expressed as a 64 characters key such as
E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262
That random number has to be kept secret. And that is important. The private key is called private key because it has to be kept private. You never tell anyone, not even your grandma. Anyone who knows your private key can get your coin. And you can do nothing against that.
Also, if you lose that key you have no chance to ever get hold of your coin again. After all it is very unlikely that you will be able to guess what your key was.
Don’t worry. You don’t need to write that 78 digits (or 64 characters) down onto a piece of paper, you can, however, if you wish to. There is software out there to do that for you. Wallets…digital wallets that manage your coin and take the work of remembering your keys from you.
Once you have chosen the private key the rest is deterministic. Love that word. That means nothing else but that all other items in the chain above can be derived from your private key and no matter how often you do that, the result is always going to be the same.
Bitcoin uses something called ECDSA. Elliptic Curvy Digital Signature Algorithm. That means an algorithm is executed on your private key that results into your public key. This algorithm has a feature similar to the SHA256 hash algorithm. It is easy to calculate one way, but hard to impossible to reverse. That means it is very easy and fast to derive the public key from the private key, but not the other way around. And therefore, it is risk free to give that public key to others, which is exactly what you do when you spend your coin. Now there is one more step to the bitcoin address.
The public key is takes as basis, and hashed multiple times using SHA256 and RIPDEM160, base58 encoded and the result is your bitcoin address, which looks something like
3FZbgi29cpjq2GjdwV8eyHuJJnkLtktZc5.
Now, what does all that mean for us if we try to steal someone else's coin?
Let’s say there are 10 billion people on earth. And each one has 1 million active bitcoin addresses assigned to them. That means currently 10.000.000.000.000.000 addresses auf of the friggin’ huge number above are taken. Now you would like to guess one to steal the coin of a random person you don’t know.
To find such an address, in average, you have to try and guess 1157920000000000000000000000000000000000000000000000000000000 times.
Of course, there is that one lucky person out there who tries just once and finds an address, that is currently in use. But that person is certainly not me. Even with a really fast calculator, such as the latest GeForce graphics device on the market, this endeavor would still take more time than you have left in your entire life. And in the life of your children, grand-children and grand-grand-children. And even if you manage to get all the mining power currently available on planet earth and they all join forces to find just one active address, that would not change much.
