No announcement yet.

Bitcoin and random number generation...

  • Filter
  • Time
  • Show
Clear All
new posts

  • Bitcoin and random number generation...

    Anyone have any thoughts to share on how to programmatically generate Bitcoin a set of public / private keys?
    Like the way can produce them?

    Also see

    As I understand it the private key is a random 256 bits. So I could flip a coin 256 times and come up with a unique set of bits? Really, it is that simple?

    I am probably being naive but I would figure it would be quite doable to cook up 256 random bits.

    Take 256 coins and toss them in the air? Would that be unique?

    Would 64 wheels marked in Hex be random if each was spun separately?

    I know there are lots of posts on here about random numbers....

    David Roberts and Stuart have some good stuff.

    From Stuart:

    Was just wondering if anyone had thought about them in the context of Bitcoin.

    Also looking for a way to extract the Bitcoin public key from the private key.

    There is some discussion of that here:

  • #2

    How to get the public key ?

    A public key is derived from a private key. To derive the public key you need an Elliptic Curve, Bitcoin chose to use secp256k1. Your public key is your private key multiplied by the generator point (which is a constant set in the secp256k1 standard), so it’s a point on the curve. The security in this operation is based on the fact that on an elliptic curve you can kind of “multiply” but you can not divide : you cannot retrieve the private key by dividing you public key by the generator point. You can find more information about this process here.


    • #3

      How to get the address ?

      The address is an encoded part of a hash of your public key. Because it is the last part of the post, let’s take a concrete example to do this part :

      Generate a random private key :

      Derive the public key from it :

      Pass it through the sha256 function, then the ripemd160 function :

      Add 00to the begining. It is called “network byte” and means we are on Bitcoin main network.

      Then take the four first bytes of the sha256 hash of the sha256 hash of this word and append it to the end.

      # The hash from which you take the first four bytes B4AE3A0DCF1AAD584327FDB0974BBCBE3E19C2A6A2F9A29D7303C3A0D526910F
      # The result 00C0CBEC6E4B3F537A68F64F65B68998158E211B92B4AE3A0D
      Then base58check encode it :



      • #4
        More questions about "random numbers"

        if I had a form with 64 buttons - each button would stop a 1 to 16 hex counter when pressed. Would that be "crypto grade" random?


        • #5
          How would does the "counter" work?

          64 x 1 to 16 HEX counters? That will give you 64 values in the decimal range 1 to 22.
          Presumably you meant 0 to 15 decimal counters each of which can be regarded as an 8 bit byte which you would concatenate to give you a 512 bit value and you are relying on your users delay between clicks to generate entropy.

          Please define "crypto grade" and explain why your value needs to be "crypto grade"
          Please define "random"
          Please defune "number"

          Looks like you are trying to generate a 512 string of bits.

          Your method sure sounds like a lot of effort when there are plenty of simpler ways to generate a "cryptographically secure" random number, if you even need it to be cryptographically secure - which is doubtful if you are just generating a bitcoin private key.

          Click image for larger version  Name:	random_number.png Views:	0 Size:	8.0 KB ID:	816595
          Click image for larger version  Name:	321a39e06d6401301d80001dd8b71c47.gif Views:	0 Size:	65.5 KB ID:	816596


          • #6
            Hi Stuart
            Yes, I meant 0 to F - hex - 64 of them.

            Go to I am trying to figure out if I can do something like that pragmatically. Not the mouse part, the make a bitcoin private key part.

            If I was to just press 0 / 1 256 times is that random?

            Bitcoin people say "Oh be careful! It's got to have lots of entropy! Perhaps I am being naive...

            I would think there are all sorts of ways to introduce entropy! Or just call some DLL?


            • #7
              Just checked and the ETH Zurich site does not appear to be operational any more.

              But works.

              Here's code to return a string of quantum random bytes
              'Returns a set of quantum random bytes from
              'as a byte string
              'Note: displaying the with Print/Msgbox may be problematic
              'since it may contain bytes in the range CHR$(0) to CHR$(31)
              #COMPILE EXE
              #DIM ALL
              #INCLUDE ONCE "WIN32API.INC"  'Roca Includes
              FUNCTION PBMAIN () AS LONG
                  LOCAL qMin,qMax AS QUAD
                  LOCAL qty, i AS LONG
                  LOCAL s,s2 AS STRING
                  LOCAL numbytes AS LONG
                  numbytes = 64  '64 bytes = 512 bits
                  s = GetRandBytes(numbytes)
                  IF LEN(s) <> numbytes THEN
                      ? "Problem retrieving Quantum Random bytes"
                      FOR i = 1 TO numbytes
                          s2 &= HEX$(ASC(s,i),2)
                     ? "Random " & STR$(numbytes) & " byte string in Hex = " & $LF & s2
                  END IF
              END FUNCTION
              FUNCTION GetRandBytes(qty AS LONG) AS STRING
                  LOCAL v1        AS VARIANT
                  LOCAL v2        AS VARIANT
                  LOCAL v3        AS VARIANT
                  LOCAL vResult   AS VARIANT
                  LOCAL vResponse AS VARIANT
                  LOCAL oHttp     AS DISPATCH
                  LOCAL sResponse AS STRING
                  LOCAL i         AS LONG
                  LOCAL s AS STRING
                  ON ERROR GOTO errtrap 'in case  HTTP  call fails!
                  SET oHttp = NEWCOM "Msxml2.XMLHTTP"
                  v1 = "GET"
                  v2 = "
                  v3 = 0
                  OBJECT CALL oHttp.Open(v1, v2, v3) TO vResult
                  OBJECT CALL oHttp.Send(v1) TO vResult
                  OBJECT GET  oHttp.Responsetext TO vResponse
                  oHttp = NOTHING
                  sResponse = VARIANT$(vResponse)
                  IF INSTR(sResponse,"""success"":true}") THEN
                     s = MID$(sResponse,INSTR(sResponse,"[") + 1, INSTR(sResponse,"]") - INSTR(sResponse,"[")-1)
                     DIM arrS(1 TO qty) AS STRING  'get numbers as strings
                     PARSE s, arrS(), ","
                     FOR i = 1 TO qty
                         s &= CHR$(VAL(arrS(i)))
                     FUNCTION = s
                     EXIT FUNCTION
                      ? "Failed to get bytes" & $LF & sresponse
                  END IF
              END FUNCTION
              (Also posted as an update in the previous Source Code thread)


              • #8
                In subject is "BitCoin". It uses SHA-256 which has 256 bit output. More than 256 coin tosses needed for input (the entropy). Just pressing 0 or 1 is not random. A PC by itself (like using TIMER, etc) does not have enough entropy.)

                Homework to do before any programming:
                FIPS about SHA-256 (though Windows has now)
                FIPS about using hashes (like SHA-256) for PRNG
                Bitcoin docs

                (FIPS are Federal Information Processing Standards by NBST)

                Sorry if that is too much rain for your parade.


                • #9
                  Thanks Dale - Not too much rain at all!

                  I would think something like this would be random:

                  FUNCTION PBMAIN () AS LONG
                  LOCAL BIG_STRING AS STRING
                  LOCAL STR_SIZE AS LONG
                  WHILE LEN(BIG_STRING) < 64
                  BIG_STRING = BIG_STRING + RIGHT$(GET_NUMBER,8)
                  PRINT BIG_STRING
                  BIG_STRING = ""
                  IF WAITKEY$ = "X" THEN EXIT DO
                  END FUNCTION
                  LOCAL CycleCount_1 AS QUAD
                  LOCAL CycleCount_2 AS QUAD
                  TIX CycleCount_1
                  TIX CycleCount_2
                  LOCAL STRING_1 AS STRING
                  LOCAL STRING_2 AS STRING
                  LOCAL STRING_3 AS STRING
                  LOCAL STRING_4 AS STRING
                  LOCAL NUMBER_1 AS QUAD
                  LOCAL NUMBER_2 AS QUAD
                  LOCAL NUMBER_3 AS QUAD
                  LOCAL NUMBER_4 AS QUAD
                  TIX END CycleCount_1
                  STRING_1 = FORMAT$(RND(1, 9)) + FORMAT$(TIMER*1000) + LEFT$(FORMAT$(CycleCount_1),3) + RIGHT$(FORMAT$(CycleCount_1),3) + FORMAT$(RND(1, 9))
                  STRING_2 = FORMAT$(RND(1, 9)) + FORMAT$(CycleCount_1) + RIGHT$(FORMAT$(TIMER*1000) ,3) + LEFT$ (FORMAT$(CycleCount_1),3) + FORMAT$(RND(1, 9))
                  TIX END CycleCount_2
                  STRING_3 = FORMAT$(RND(1, 9)) + FORMAT$(TIMER*1000) + LEFT$(FORMAT$(CycleCount_2),4) + RIGHT$(FORMAT$(CycleCount_2),2) + FORMAT$(RND(1, 9))
                  STRING_4 = FORMAT$(RND(1, 9)) + FORMAT$(CycleCount_2) + RIGHT$(FORMAT$(TIMER*1000) ,4) + LEFT$ (FORMAT$(CycleCount_2),2) + FORMAT$(RND(1, 9))
                  NUMBER_1 = VAL(STRING_1)
                  NUMBER_2 = VAL(STRING_2)
                  NUMBER_3 = VAL(STRING_3)
                  NUMBER_4 = VAL(STRING_4)
                  FUNCTION = HEX$(NUMBER_1) + HEX$(RND(1, 9)) + HEX$(NUMBER_2) + HEX$(RND(1, 9)) + HEX$(NUMBER_3) + HEX$(RND(1, 9)) + HEX$(NUMBER_4)
                  END FUNCTION


                  • #10
                    Cool code Stuart! But the actual number is coming from right?


                    • #11
                      I know everybody would say "don't use RND(1,9)" or any other way of using RND.

                      But mixing it as a string with other "random" stuff like RIGHT$( FORMAT$(TIMER),2) AND TIX or current memory in use or some % of free memory etc.... Sure feels random!


                      • #12
                        I would think something like this would be random:
                        And post 11

                        Not even close. Good for games.


                        • #13
                          Originally posted by David Clarke View Post
                          Cool code Stuart! But the actual number is coming from right?
                          Correct. That URL returns a JSON file containing an array of true random bytes (values 0-255). generated in real time by quantum fluctuations (Quantum Random Numbers).
                          Alternativel slightly different API URLs withh generate the data in different lengths and formats

                          "This website offers true random numbers to anyone on the internet. The random numbers are generated in real-time in our lab by measuring the quantum fluctuations of the vacuum. The vacuum is described very differently in the quantum physics and classical physics. In classical physics, a vacuum is considered as a space that is empty of matter or photons. Quantum physics however says that that same space resembles a sea of virtual particles appearing and disappearing all the time. This is because the vacuum still possesses a zero-point energy. Consequently, the electromagnetic field of the vacuum exhibits random fluctuations in phase and amplitude at all frequencies. By carefully measuring these fluctuations, we are able to generate ultra-high bandwidth random numbers."

                          Using true randoms like that, you can forget about "crypto safe", they are inherently "un-crackable".


                          • #14
                            inherently "un-crackable".
                            ...with current technology that we're allowed to know about.
                            "Not my circus, not my monkeys."


                            • #15
                              I guess some of this discussion is philosophical - if you called 256 people randomly out of the phone book and asked them to select 1 or 0 or Up or Down etc.... That is not random?

                              On the other hand

                              I know how to use SHA-256 to create a hash. Still looking for an explanation of what to feed into it for random numbers. I use sha-256 to hash passwords now.


                              • #16

                                Would you use the number as it was sent by the web site or would running that through sha-256 be a good idea, or a bad idea!

                                I remember reading that passing something through a hash twice actually can make it less secure.

                                Again - my goal is to generate Bitcoin private keys.


                                • #17
                                  And then there is hardware like this -


                                  • #18
                                    And then there is


                                    • #19
                                      Who needs Bitcoin anyway? I have a quart freezer bag full of nickels I take to the Senior Center to play sheepshead.
                                      Michael Mattias
                                      Tal Systems (retired)
                                      Port Washington WI USA
                                      [email protected]


                                      • #20
                                        Originally posted by David Clarke View Post

                                        Would you use the number as it was sent by the web site or would running that through sha-256 be a good idea, or a bad idea!

                                        I remember reading that passing something through a hash twice actually can make it less secure.

                                        Again - my goal is to generate Bitcoin private keys.
                                        NOT true (caveat on the type of hash used). In fact, this is the basis for highly secure password systems (key stretched hashing algorithms like bycrypt, PBKDF2, etc.) designed to help prevent high speed brute-forcing using time or memory bound techniques.
                                        <b>George W. Bleck</b>
                                        <img src=''>