You are viewing a single comment's thread from:
RE: Ethereum private keys and public addresses comparison..
The public address is different from the public key. This is explained in the yellow paper in the appendices somewhere, but it uses the ECDSA and a hash function (Keccak, IIRC).
The address is created with something like KECCAK(ECDSAPUBKEYGEN(PrivateKey))[12:] (the 160 bits to the right of the output of the KECCAK hash).
I know it's different. The problem is private keys are more than public addresses. Which means 1 public address can have more than 1 private keys. Right? The relationship between number of keys and public address is astonishing if that is right. 7.92E+28 keys per single public address is insane.
Just looked at the paper, page 19 appendix F: it goes from private key (256 bits) to public key (512 bits) to the address (160 bits).
So yeah, there could be
2^256 / 2^160 = 2^96(or 7.92E+28) keys per public address. It is also the case that only the public address is used in the transaction, as the public key is "recovered" (IIRC).Because of the way the address is generated, it is hard to generate a key corresponding to any public address, but it's even harder (essentially impossible) to generate the same key to a public address. That means, even if you succeed in finding a key that belongs to a known public address, if you transfer the money it will be exceedingly obvious that it was a guessed/hacked key. To be successful AND undetected/unprovable you need to guess both.
I can't speak to what the ethereum validation code checks for but existence that a public key was different in a previous transaction (all of which are stored on the blockchain) would be sufficient evidence that the hacked transaction was invalid.
Does that help? (great question, btw)
Thanks for the clarification.
This thing make me think about one more thing. As we know all the contract addresses are one of the combination in 2^160 addresses. So that means if some wallet randomly generates a private key which converts to a address allocated to a previously generated contract. What will happen then? It's extremely rare possibility but still a possibility, how blockchain handles or will handle this situation? Got any idea?
I'm not sure because it depends on the software implementation. Assuming the software does not check, it will appear you have a balance when you start. When/if you transfer eth the original owner will have proof of ownership of the first address (this is one of the reasons the guides recommend a test transaction when you first start out. It establishes your identity on the block chain).
Posted using Partiko Android