Lagrange on Nostr: Yesterday evening a person ask me: "If bitcoin keys are generated randomly by the ...
Yesterday evening a person ask me:
"If bitcoin keys are generated randomly by the software,
isn't there a probability that two different people can generate the same
private key?"
This probability is astronomically small and we can compute it approximately.
To solve this we need to take into account that there are N = 2^256 = 10^77
possible private keys, but what we should look is the space of bitcoin addresses,
because to spend a P2PKH or P2WPKH output it suffices to have a
private key that produces the
same public key hash in the transaction output, ie. some private key that
produces a specific bitcoin address.
Since bitcoin addresses are computed from RIPEMD160 hashes, this means that the
space of bitcoin address is M=2^160=10^48.
If we consider x=10^10 people (8 billion at the time of writing)
in the world would generate y=10^6 addresses in their lifetime;
to put into perspective there are 800000 hours
in the lifetime of a 100 year old person.
Then the probability of no collision at all
is the number of possible ways to hit different addresses in the address space:
M (M-1) (M-2) ... (M-xy+1) = M! / (M-xy)!
divided by the number of possible choices:
M^(xy)
hence the probability of no collisions is
prob0 = M! / (M-xy)! / M^{xy}
since M!/(M-xy)! is approximately
M^{xy} - (1+2+...+xy) M^{xy-1} = M^{xy} - (xy)^2 /2 M^{xy-1}
we have
prob0 = 1 - (xy)^2 / 2 / M
Now, the probability of having at least one collision is prob1 = 1-prob0
which for large numbers at leading order becomes
prob1 = (xy)^2 / 2 / M
The square in the numerator the responsible for the so called
birthday paradox, ie. in a group of 20 people the chances of a birthday
collision is very high because 20^2/2 = 200 which is comparable to the number of
days in the year.
The collisions in the case of bitcoin are so unlikely because (xy)^2 = 10^32
while M=10^48 so that
prob1 = 1/10^16 = 0.000 000 000 000 000 1
not as small as the probability of a private key collission but still very
unlikely.
"If bitcoin keys are generated randomly by the software,
isn't there a probability that two different people can generate the same
private key?"
This probability is astronomically small and we can compute it approximately.
To solve this we need to take into account that there are N = 2^256 = 10^77
possible private keys, but what we should look is the space of bitcoin addresses,
because to spend a P2PKH or P2WPKH output it suffices to have a
private key that produces the
same public key hash in the transaction output, ie. some private key that
produces a specific bitcoin address.
Since bitcoin addresses are computed from RIPEMD160 hashes, this means that the
space of bitcoin address is M=2^160=10^48.
If we consider x=10^10 people (8 billion at the time of writing)
in the world would generate y=10^6 addresses in their lifetime;
to put into perspective there are 800000 hours
in the lifetime of a 100 year old person.
Then the probability of no collision at all
is the number of possible ways to hit different addresses in the address space:
M (M-1) (M-2) ... (M-xy+1) = M! / (M-xy)!
divided by the number of possible choices:
M^(xy)
hence the probability of no collisions is
prob0 = M! / (M-xy)! / M^{xy}
since M!/(M-xy)! is approximately
M^{xy} - (1+2+...+xy) M^{xy-1} = M^{xy} - (xy)^2 /2 M^{xy-1}
we have
prob0 = 1 - (xy)^2 / 2 / M
Now, the probability of having at least one collision is prob1 = 1-prob0
which for large numbers at leading order becomes
prob1 = (xy)^2 / 2 / M
The square in the numerator the responsible for the so called
birthday paradox, ie. in a group of 20 people the chances of a birthday
collision is very high because 20^2/2 = 200 which is comparable to the number of
days in the year.
The collisions in the case of bitcoin are so unlikely because (xy)^2 = 10^32
while M=10^48 so that
prob1 = 1/10^16 = 0.000 000 000 000 000 1
not as small as the probability of a private key collission but still very
unlikely.