Confuscating Bitcoins?
Confuscating Bitcoins?
A news headline over the weekend reported that a criminal’s stash of bitcoins had been confuscated:
While I understand why the media reported it as the coins has been confuscated, it is not quite the case, as “the coins” don’t actually exist. The only way they can be released, is to release the private key used to define the ownership of the cryptocurrency. There are no coins in wallets, no physical traces of the coins, only a private key exists, and finding the private key will allow for the coins to be transferred.
Where’s my bitcoins?
On a few occasions, I have been asked to find someone’s Bitcoins, and where I had to explain that there are not actually stored anywhere, and that the ownership of the coins is just defined by ledger entries on the Bitcoin blockchain. At the core of the ownership (and transfer) of the coins is the ownership of a private key which can reassign the ownership of the coins.
Another question I was once asked, is “What if someone generates the same address as me? What should I do”?
So let’s look at these special keys, and try and understand their format and usage.
Bitcoins use Elliptic Curve cryptography with 32 byte private keys (which is a random number) and 64 byte public keys, and use the secp256k1 curve. A private key is a 32-byte number chosen at random, and you know that 32 bytes make for a very large number. In the following we create a random number on an elliptic curve and then generate the public key [here]:
-BEGIN EC PARAMETERS — — —
BgUrgQQACg==
— — -END EC PARAMETERS — — —
— — -BEGIN EC PRIVATE KEY — — — MHQCAQEEIEa56GG2PTUJyIt4FydaMNItYsjNj6ZIbd7jXvDY4ElfoAcGBSuBBAAK oUQDQgAEJQDn8/vd8oQpA/VE3ch0lM6VAprOTiV9VLp38rwfOog3qUYcTxxX/sxJ l1M4HncqEopYIKkkovoFFi62Yph6nw==
— — -END EC PRIVATE KEY — — —
Private-Key: (256 bit) priv: 00:85:75:39:af:fe:80:30:2d:cb:1d:21:db:6e:46: 9f:66:39:45:82:8c:76:10:87:1d:f4:8a:29:cb:cc:
9f:1d:a3
pub:
04:21:d1:80:f4:73:ec:60:07:a4:1a:98:63:9e:a2: 5a:02:49:86:a4:b3:71:f9:24:6c:7c:f2:ff:3b:e9: 1f:f1:a2:0d:aa:5d:41:a5:dd:9c:5b:68:31:9c:59: d9:4a:63:2b:a8:94:c3:06:89:29:6d:f6:b1:c0:32:
df:17:1e:9a:1f
ASN1 OID: secp256k1 Field Type: prime-field
Prime:
00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:
ff:fc:2f
A: 0 B: 7 (0x7)
Generator (uncompressed): 04:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87: 0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16: f8:17:98:48:3a:da:77:26:a3:c4:65:5d:a4:fb:fc: 0e:11:08:a8:fd:17:b4:48:a6:85:54:19:9c:47:d0:
8f:fb:10:d4:b8
Order: 00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0: 36:41:41
Cofactor: 1 (0x1)
A private key is a 32-byte number chosen at random, and you know that 32 bytes make for a very large number. In OpenSSL, we can create a random number with:
C \ > openssl ecparam -name secp256k1 -genkey -out priv.pem
C \ > type priv.pem
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIEa56GG2PTUJyIt4FydaMNItYsjNj6ZIbd7jXvDY4ElfoAcGBSuBBAAK
oUQDQgAEJQDn8/vd8oQpA/VE3ch0lM6VAprOTiV9VLp38rwfOog3qUYcTxxX/sxJ
l1M4HncqEopYIKkkovoFFi62Yph6nw==
-----END EC PRIVATE KEY-----
And so if we have a 256-bit random number then the number of possible keys are 2²⁵⁶. So the chances of selecting the same address as someone else is:
1-in- 115,792,089,237,316,195,423,570,985, 008,687,907,853,269,984,665,640,564,039, 457,584,007,913,129,639,936
So, as long as we have a good random number generator, we are highly unlikely to ever create just one address which is the same as someone else’s, in the whole of our lifetime.
Next, we can generate the public key based on the private key:
C \> openssl ec -in priv.pem -text -noout
read EC key
Private-Key (256 bit)
priv
46 b9 e8 61 b6 3d 35 09 c8 8b 78 17 27 5a 30
d2 2d 62 c8 cd 8f a6 48 6d de e3 5e f0 d8 e0
49 5f
pub
04 25 00 e7 f3 fb dd f2 84 29 03 f5 44 dd c8
74 94 ce 95 02 9a ce 4e 25 7d 54 ba 77 f2 bc
1f 3a 88 37 a9 46 1c 4f 1c 57 fe cc 49 97 53
38 1e 77 2a 12 8a 58 20 a9 24 a2 fa 05 16 2e
b6 62 98 7a 9f
ASN1 OID secp256k1
The public key has 64 bytes, and is made up of two 32 byte values (x,y) and is a point on the secp256k1 elliptic curve function of:
y²=x³+7
and relates to an (x,y) point in relation to the private key (n) and a generator (G). With the private key (32 bytes — 256 bits), we have a random number. In this case, it is in the form of:
46 b9 e8 61
b6 3d 35 09
c8 8b 78 17
27 5a 30 d2 2d 62 c8 cd
8f a6 48 6d
de e3 5e f0
d8 e0 49 5f
With Bitcoins, the private key defines our identity and we use it to sign for transactions, and prove our identity to others with the public key. For the public key we have an (x,y) point and is defined in a raw form starting with a 0x04 and then followed by the x co-ordinate and then the y-co-ordinate:
04 25 00 e7 f3
fb dd f2 84
29 03 f5 44
dd c8 74 94
ce 95 02 9a
ce 4e 25 7d
54 ba 77 f2
bc 1f 3a 88
37 a9 46 1c
4f 1c 57 fe
cc 49 97 53
38 1e 77 2a
12 8a 58 20
a9 24 a2 fa
05 16 2e b6
62 98 7a 9f
We can also use OpenSSL to view the details of the curve:
C:> openssl ecparam -in priv.pem -text -param_enc explicit -noout
Field Type: prime-field
Prime:
00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:
ff:fc:2f
A: 0
B: 7 (0x7)
Generator (uncompressed):
04:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87:
0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16:
f8:17:98:48:3a:da:77:26:a3:c4:65:5d:a4:fb:fc:
0e:11:08:a8:fd:17:b4:48:a6:85:54:19:9c:47:d0:
8f:fb:10:d4:b8
Order:
00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0:
36:41:41
Cofactor: 1 (0x1)
Overall we have a prime number (p), and fixed point G (the generator), which on the curve. We then multiply the generator (G) by the scalar private key n. This operation is extremely difficult to reverse in modular arithmetic. The result is the public key P which is:
P=n×G (mod p)
It should not be computationally possible, with a reasonable time period, to determine the scalar (the private key value) between the generator and the public key value. Within Bitcoins, we use the private key to sign a transaction, and then which is proven by the public key (Elliptic Curve Digital Signature Algorithm). More details on elliptic curve ciphers here:
Conclusions
So, don’t lose that private key, or you will have lost your ‘coins’. And don’t leave your cryptocurrency wallet around in a place that someone could get access to it, as they may steal your private key (and thus transfer your funds to their account). To be safe, just use a paper wallet that stores the key phrases to rebuild your key (and perhaps a USB stick that is stored in another location).
Ref: here