0

Since bitcoin uses cryptography algorithms to create private and public keys there is a possibility it could repeat.

Person 1: L54w...KraG -> bc1...kq4

Person 2: L3mV...JU8G -> bc1...kq4

So could person 2 single handedly sent bitcoin from bc1...kq4 to a different address. My question is would both of the private keys work to change the funds. If so how will his affect bitcoin as a whole.

Varun W.
  • 63
  • 7
  • Does one of these three answer your question in full? https://bitcoin.stackexchange.com/q/8804/5406, https://bitcoin.stackexchange.com/q/43609/5406, https://bitcoin.stackexchange.com/q/22/5406 – Murch Feb 11 '22 at 20:33

1 Answers1

1

The size of the key space in Bitcoin is just shy of 2256. There are a few different output types with different address schemes, but for most of these, the address space is a lot smaller than the key space. Let's assume you're inquiring about P2WPKH. There are about 2160 unique addresses for P2WPKH outputs, so about 296 keys map to each address.

You are therefore correct that hypothetically two users could each discover a different private key that map to the same address. If that were the case:

  1. There is no registration of addresses or other mitigation for key collisions. Simply, either user could spend funds received to the address.
  2. From a protocol perspective, there would not be a problem at all, as a transaction signed with either key would be valid.
  3. If they both notice in time, the users might get into a bidding war, creating conflicting transactions with higher and higher fees to claim the funds.
  4. If transactions from both users surface, other people might notice and be concerned about the key collision. Most likely this would lead to a loss of confidence in the method the corresponding keys were generated, but some users could lose confidence in Bitcoin instead due to misunderstanding the cause of the situation.

2160 is an extremely large number. As long as key generation uses reasonable entropy sources, it's unlikely that we'll ever see any two addresses collide no matter how long Bitcoin will get used.

Murch
  • 75,206
  • 34
  • 186
  • 622
  • Suggesting that two users could hypothetically generate the same address and to infer implications for spend-ability of the coin is really just a thought experiment. What really needs to be understood is the sheer scale of 2^256. Without analogies the human brain has trouble comprehending the scale. This video from 3Blue1Brown youtube.com/watch?v=S9JGmA5_unY gives a good explanation of the scale and security of 2^256. – stackaccount Feb 13 '22 at 08:38
  • @stackaccount: Perhaps you could add another answer that focuses on highlighting the magnitude of 2^160, if you feel that "it's unlikely we'll ever see any two addresses collide" doesn't stress this aspect sufficiently for your taste.—I chose to answer the way I did, because the question was about what happened when the situation occurred, and linked to a prior answer that covers how unlikely that is. – Murch Feb 13 '22 at 18:50
  • @Murch But isn't 2^256 the maximum amount of hashes that can be generated. A collision could and probably would occur before 2^256. So in theory couldn't a collusion occur today or tomorrow or next week? – Varun W. Feb 15 '22 at 04:45
  • Most addresses that involve a hash function (P2PKH, P2SH, P2WPKH) have a RIPEMD160 hash step. So while there are just shy of 2^256 keys, there are only 2^160 addresses. This is still plenty that we don't ever expect to see a collision. – Murch Feb 15 '22 at 05:09
  • See the post I linked in the last paragraph for calculations on that matter. – Murch Feb 15 '22 at 05:10