Image for post
Image for post

Confuscating Bitcoins?

A news headline over the weekend reported that a criminal’s stash of bitcoins had been confuscated:

Image for post
Image for post

While I understand why the media reported it as the coins has been confuscated, it is not quite the case, as “the coins” don’t actually exist. The only way they can be released, is to release the private key used to define the ownership of the cryptocurrency. There are no coins in wallets, no physical traces of the coins, only a private key exists, and finding the private key will allow for the coins to be transferred.

Where’s my bitcoins?

Another question I was once asked, is “What if someone generates the same address as me? What should I do”?

So let’s look at these special keys, and try and understand their format and usage.

Bitcoins use Elliptic Curve cryptography with 32 byte private keys (which is a random number) and 64 byte public keys, and use the secp256k1 curve. A private key is a 32-byte number chosen at random, and you know that 32 bytes make for a very large number. In the following we create a random number on an elliptic curve and then generate the public key [here]:

-BEGIN EC PARAMETERS — — — 
BgUrgQQACg==
— — -END EC PARAMETERS — — —
— — -BEGIN EC PRIVATE KEY — — — MHQCAQEEIEa56GG2PTUJyIt4FydaMNItYsjNj6ZIbd7jXvDY4ElfoAcGBSuBBAAK oUQDQgAEJQDn8/vd8oQpA/VE3ch0lM6VAprOTiV9VLp38rwfOog3qUYcTxxX/sxJ l1M4HncqEopYIKkkovoFFi62Yph6nw==
— — -END EC PRIVATE KEY — — —
Private-Key: (256 bit) priv: 00:85:75:39:af:fe:80:30:2d:cb:1d:21:db:6e:46: 9f:66:39:45:82:8c:76:10:87:1d:f4:8a:29:cb:cc:
9f:1d:a3
pub:
04:21:d1:80:f4:73:ec:60:07:a4:1a:98:63:9e:a2: 5a:02:49:86:a4:b3:71:f9:24:6c:7c:f2:ff:3b:e9: 1f:f1:a2:0d:aa:5d:41:a5:dd:9c:5b:68:31:9c:59: d9:4a:63:2b:a8:94:c3:06:89:29:6d:f6:b1:c0:32:
df:17:1e:9a:1f
ASN1 OID: secp256k1 Field Type: prime-field
Prime:
00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:
ff:fc:2f
A: 0 B: 7 (0x7)
Generator (uncompressed): 04:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87: 0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16: f8:17:98:48:3a:da:77:26:a3:c4:65:5d:a4:fb:fc: 0e:11:08:a8:fd:17:b4:48:a6:85:54:19:9c:47:d0:
8f:fb:10:d4:b8
Order: 00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0: 36:41:41
Cofactor: 1 (0x1)

A private key is a 32-byte number chosen at random, and you know that 32 bytes make for a very large number. In OpenSSL, we can create a random number with:

C \ > openssl ecparam -name secp256k1 -genkey -out priv.pem
C \ > type priv.pem
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIEa56GG2PTUJyIt4FydaMNItYsjNj6ZIbd7jXvDY4ElfoAcGBSuBBAAK
oUQDQgAEJQDn8/vd8oQpA/VE3ch0lM6VAprOTiV9VLp38rwfOog3qUYcTxxX/sxJ
l1M4HncqEopYIKkkovoFFi62Yph6nw==
-----END EC PRIVATE KEY-----

And so if we have a 256-bit random number then the number of possible keys are 2²⁵⁶. So the chances of selecting the same address as someone else is:

1-in- 115,792,089,237,316,195,423,570,985, 008,687,907,853,269,984,665,640,564,039, 457,584,007,913,129,639,936

So, as long as we have a good random number generator, we are highly unlikely to ever create just one address which is the same as someone else’s, in the whole of our lifetime.

Next, we can generate the public key based on the private key:

C \> openssl ec -in priv.pem -text -noout
read EC key
Private-Key (256 bit)
priv
46 b9 e8 61 b6 3d 35 09 c8 8b 78 17 27 5a 30
d2 2d 62 c8 cd 8f a6 48 6d de e3 5e f0 d8 e0
49 5f
pub
04 25 00 e7 f3 fb dd f2 84 29 03 f5 44 dd c8
74 94 ce 95 02 9a ce 4e 25 7d 54 ba 77 f2 bc
1f 3a 88 37 a9 46 1c 4f 1c 57 fe cc 49 97 53
38 1e 77 2a 12 8a 58 20 a9 24 a2 fa 05 16 2e
b6 62 98 7a 9f
ASN1 OID secp256k1

The public key has 64 bytes, and is made up of two 32 byte values (x,y) and is a point on the secp256k1 elliptic curve function of:

=x³+7

and relates to an (x,y) point in relation to the private key (n) and a generator (G). With the private key (32 bytes — 256 bits), we have a random number. In this case, it is in the form of:

46 b9 e8 61 
b6 3d 35 09
c8 8b 78 17
27 5a 30 d2 2d 62 c8 cd
8f a6 48 6d
de e3 5e f0
d8 e0 49 5f

With Bitcoins, the private key defines our identity and we use it to sign for transactions, and prove our identity to others with the public key. For the public key we have an (x,y) point and is defined in a raw form starting with a 0x04 and then followed by the x co-ordinate and then the y-co-ordinate:

04 25 00 e7 f3
fb dd f2 84
29 03 f5 44
dd c8 74 94
ce 95 02 9a
ce 4e 25 7d
54 ba 77 f2
bc 1f 3a 88

37 a9 46 1c
4f 1c 57 fe
cc 49 97 53
38 1e 77 2a
12 8a 58 20
a9 24 a2 fa
05 16 2e b6
62 98 7a 9f

We can also use OpenSSL to view the details of the curve:

C:> openssl ecparam -in priv.pem -text -param_enc explicit -noout
Field Type: prime-field
Prime:
00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:
ff:fc:2f
A: 0
B: 7 (0x7)
Generator (uncompressed):
04:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87:
0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16:
f8:17:98:48:3a:da:77:26:a3:c4:65:5d:a4:fb:fc:
0e:11:08:a8:fd:17:b4:48:a6:85:54:19:9c:47:d0:
8f:fb:10:d4:b8
Order:
00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0:
36:41:41
Cofactor: 1 (0x1)

Overall we have a prime number (p), and fixed point G (the generator), which on the curve. We then multiply the generator (G) by the scalar private key n. This operation is extremely difficult to reverse in modular arithmetic. The result is the public key P which is:

P=n×G (mod p)

It should not be computationally possible, with a reasonable time period, to determine the scalar (the private key value) between the generator and the public key value. Within Bitcoins, we use the private key to sign a transaction, and then which is proven by the public key (Elliptic Curve Digital Signature Algorithm). More details on elliptic curve ciphers here:

Conclusions

Image for post
Image for post

Ref: here

ASecuritySite: When Bob Met Alice

This publication brings together interesting articles related to cyber security.

ASecuritySite: When Bob Met Alice

This publication brings together interesting articles…

Prof Bill Buchanan OBE

Written by

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.

ASecuritySite: When Bob Met Alice

This publication brings together interesting articles related to cyber security.

Prof Bill Buchanan OBE

Written by

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.

ASecuritySite: When Bob Met Alice

This publication brings together interesting articles related to cyber security.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store