0

Part of why Bitcoin works is that it's completely unlikely for someone to end up with the same Bitcoin address. But since Bitcoin address generation is based on pseudo-random generation it raises the question: Are pseudo-random number generation algorithms good enough to cover all possible Bitcoin addresses?

See also What happens if your bitcoin client generates an address identical to another person's?

And note that the Android Bitcoin wallet already had an issue with this: Google patches Android after Bitcoin wallet issue

Community
  • 1

2 Answers2

2

There are plenty of PRNG algorithms that are good enough. You just run into trouble when you, through ignorance or error, pick one that isn't.

The simplest adequate solution is to gather enough information, from any source and of any size, to ensure that it has at least 160 bits that are unpredictable by any attacker. You can then SHA256 hash this data. You may need to gather a large amount of data to ensure it has sufficient unpredictable bits, but that's okay.

You can make things a bit more secure by hashing many, many times or using a memory hard hashing algorithm. That way, an attacker that can guess some of your bits has to go to much more effort to try random combinations of the ones he can't predict to try to replicate your key.

If you don't have access to sufficient unpredictable data, from any source, then there's not much you can do. Your security is only as good as the unpredictable input your PRNG has.

David Schwartz
  • 51,554
  • 6
  • 106
  • 178
1

When done correctly, yes. The default Bitcoin client uses OpenSSL's RAND_bytes, which...

puts num cryptographically strong pseudo-random bytes into buf. An error occurs if the PRNG has not been seeded with enough randomness to ensure an unpredictable byte sequence.

Whether you'd call this a pseudo-random algorithm might be a matter of semantics, and of course some programs might use insecure algorithms, but at least Bitcoin-QT uses something that provides the full amount of randomness needed for security.

Community
  • 1
Tim S.
  • 4,407
  • 14
  • 25