“How is the private key calculated using the

elliptic curve mathematical computation?” “If transactions are public, why can’t someone launch

a brute-force [attack] and guess the private key, knowing the fact that we have

quantum computers now?” Let’s start with the first question for Rojit. Private keys are numbers, that’s all they are. If you wanted to generate a private key, you

can do so fairly easily using just pen and paper. A private key is a number that is 256 bits long.

A bit is either 0 or 1. How do we calculate a bit? The easiest way would be to flip a coin. Take a big sheet of paper and a coin. Flip [the coin].

If it’s heads, write down 1. If it’s tails, write down 0. Repeat this 256 times. Now you have a binary private

key, written on your piece of paper, generated randomly. If somebody else tried to do the same thing, they would have to try 10 ^ 77 times in order

to produce the same private key (on average). That private key is just a number [like 3 or 7], [though those would be] very easy to crack, not

very random [out of the vast possibilities], but still. [With] that private key, the elliptic curve mathematics

that follow is to take a known point on the elliptic curve. When I say point, that means an X,Y

coordinate on the line drawn by the function. If you take the elliptic curve function of Bitcoin, and

when drawn on a piece of paper it creates a line. That line is in the form of curve, an

elliptic curve, and it looks a bit like a squid. There is a very specific point on the line of that

elliptic curve called the generator point. It’s a set of X,Y coordinates that is pre-defined. Everybody uses the same one.

We write it down as ‘G’ for generator point. The public key is simply the point

‘G’ multiplied by the private key. If my private key is 3, then my

public key is 3 multiplied by ‘G.’ You might say, “Well, that’s very easy! If I know the

public key is 3 multiplied by ‘G’ and I know what ‘G’ is,” “why don’t I divide by ‘G’ and

then I know your private key?” The reason is because you can’t do division on

the elliptic curve. Division doesn’t exist [there]. You know 3 multiplied by ‘G’ is the public key,

but you can’t figure out that 3 is the private key, even though you know what the value of ‘G’ is. That’s how the elliptic curve computation works. Now, what does multiplication by

a scaler mean on the elliptic curve? What does it mean to take a point and multiply it by 3?

How do you multiply X,Y coordinates by 3? This has a specific meaning on the elliptic curve. To add ‘G’ to itself, to do ‘G’ plus ‘G,’ you take the

tangent of the [generator] point on the elliptic curve. The tangent is a specific mathematical construct. You draw the tangent at the point of ‘G’ and at some

point that tangent will touch the elliptic curve again. That is one of the properties of elliptic curves. If you take the tangent of a point on the elliptic curve,

the tangent will bisect the elliptic curve at another point. If you flip that point on the axis, that is ‘2G.’ Drawing a line between the two

points is how you add them up. You can create a multiple because 3 multiplied by ‘G,’

is simply ‘G’ plus ‘G’ plus ‘G.’ You can keep adding ‘G.’ Essentially, all private to public key computation is that:

taking ‘G’ and adding it to itself, with your private key. That’s the number you generated randomly. When you do that, you still end up with

some X,Y coordinate on the curve. Every time you add the points, you [end up somewhere

on the curve] and that point is your public key. You know that point, [but] you simply

have no idea how you got there. “Do all private keys start with the number 5?” No, Bill. Private keys encoded with wallet import

format (WIF) start with the number 5. But those that correspond to compressed

public keys can start with the letter ‘K’ or ‘L.’ You will see private keys for wallet

import format [that start with a 5]. When they’re ‘with compressed,’ as it’s called,

they start with a ‘K’ or ‘L’ instead of a 5. “How do you ensure the private key is transmitted

securely and privately into the blockchain?” This is also a point of confusion. The private key is

never transmitted anywhere [on the blockchain].” What you transmit is a signature, which is

a number produced from the private key… by a special equation that anyone can check. By checking that against your public key, they

can confirm you know what the private key is, but they don’t know / cannot

know what the private key is. That little trick ensures that you can sign as many times

as you want, transmit as many signatures [as you want], and people will only be able to verify that you know

the private key, but nobody else does. “Please explain key collision. Also, please

give an example of encryption collision.” ‘Collision’ as a word is mostly used for hashes. Perhaps what you’re asking is related

to the very next question. Jason asks, “Is it possible to generate a private key

that is already being used?” Yes Jason, it is possible. It is absolutely improbable, however. Even if you were trying to do this deliberately, by

generating a trillion new private keys every second, and then recruited a billion people to generate a trillion

keys each, all you would do is touch the very surface… of the absolutely enormous number [of

possible] private keys that [could] exist. This is something that a lot of people have

difficulty wrapping their heads around; the idea that the [number of possible private keys] is

so large that you will never ever get through them. The number of possible private keys is 2 ^ 256.

It’s not quite, but for rounding purposes it’s 2 ^ 256. The main idea doesn’t change,

no matter how much you round this. 2 ^ 256 is equivalent in decimal to 10 ^ 77.

That’s 10 with 77 zeros after it. Let’s say you could generate a billion keys per second.

How much is a billion keys? That is 10 ^ 9. What you’re doing now is taking 10 ^ 77 and

dividing it by 10 ^ 9, which is a billion keys. What you’re left with is 10 ^ 68. You cut

that number from 10 ^ 77 down to 10 ^ 68. That’s 10 with 68 zeroes [after it]. That’s how many [possible keys

you may still have to generate]… to [find] a private key that

matches somebody else’s. Let’s say you take a billion people and

they all try a billion keys per second. Instead of 10 ^ 68, it will now be 10 ^ 59. It may seem like you’re making progress, but not really. Because a billion seconds would

mean that you would be no closer. You would be down to 10 ^ 50 with

a billion people trying a billion keys. I’m using very big, big numbers here. Let’s say that you were able to do all of that for a year,

and then you decided to do it for a billion years. As you can see, if we take off nine more digits from

the end of this [exponent], it doesn’t get much smaller. You’re still looking at numbers

that are unfathomably large. At this rate, the amount of time it would take you

to run through all private key combinations… exceeds the total time of the universe’s existence. Which, depending on whether you apply science

or not, is either 13.4 billion years or 6,000 years. “If transactions are public, why can’t someone launch

a brute-force [attack] and guess the private key,” “knowing the fact that we have

quantum computers available now?” I already gave you the answer as to why you can’t guess

the private key by trying [to generate] all possible keys. You will run out of time. The sun will extinguish,

its nuclear fusion reactions will end. The universe will expand into nothingness.

Civilizations will come and go. And you will still be trying to [guess] private keys.

That’s the scale of numbers we’re talking about. But what about quantum computers?

Does that change the equation? Yes, it does. With a quantum computer, you could actually work out

all possible combinations of a 256-bit number instantly, as long as you had a quantum

computer [with sufficient qubits]. If you follow news about quantum computing,

you know we currently have 5 to 10 qubits. The progress of adding each additional

qubit is actually slowing down. To quote Peter Todd and one of his

memorable memes that I really like: “Quantum computing may be the one area of

science that scales worse than blockchains.” Quantum computers are not getting to 256 qubits

anytime soon. In fact, you would only need 128 qubits… to break [the elliptic curve function in

Bitcoin], but we are very far from there. What happens when quantum computers become

available? We have to change cryptographic algorithms. There are algorithms that are better in terms of

protecting against quantum computing [attacks]. We don’t need to use those algorithms [yet] because

there are not quantum computers with enough qubits to be able to crack Bitcoin’s private keys. The next question comes from Sesame Meow: “Quantum attacks on Bitcoin and

how to protect against them.” “I just listened to an Epicenter podcast about

quantum threats to Bitcoin. Here is their paper.” “From what I understand, quantum computing effects

would start to kick in, at the earliest, during 2027.” “Attacks on proof-of-work are straightforward

to address, but attacks on ECDSA… for [unconfirmed] transactions are a credible threat.” “I’m aware of the argument that if the ECDSA is broken,

we are worried about a lot of other things.” “Focusing on Bitcoin: how easily can Bitcoin incorporate

quantum-safe public key signature schemes?” “Does it require a complete overhaul of the

code, a hard fork, or a soft fork? What?” Sesame Meow, do not fret! Yes, it’s it’s true that

quantum effects could limit the lifetime of the ECDSA. All cryptographic algorithms have a limited lifetime.

The good news is that ECDSA can easily be replaced. It can be replaced with a very simple soft fork. One of the important innovations that came

with the introduction of Segregated Witness, was the ability to have a script version

number that allows soft fork upgrades to the scripting language within Bitcoin. This was introduced and activated on August 1st 2017.

It means other signature schemes can be introduced, by a simple soft fork. The first of such schemes [will be] Schnorr signatures,

[acting] in conjunction with or in addition to ECDSA. A lot of this isn’t about replacing ECDSA, but rather

about adding more signature algorithms so that… people can choose which signature algorithms

they want to use and effectively migrate their funds… to more secure signature algorithms. Schnorr signatures, which are about to be introduced,

have been in testing and development for quite a while. They are one of the soft fork upgrades that can be done with the script versioning capability

and Segregated Witness. But they’re not the only one. Bitcoin could introduce

quantum-safe signature schemes with a soft fork, just by using the script versioning. It’s actually a very simple soft fork.

It’s completely optional. It’s not mandatory. It’s opt-in. People can choose to use it, if they want to.

If they don’t, they can continue to what they used before, which may be ECDSA or something else. It can be introduced incrementally so that different

parts of the system upgrade and [add] support slowly, just like we’ve seen with the new

bech32 address format for SegWit. Some wallets support it, some don’t.

Gradually, the ecosystem is evolving. Quantum attacks on Bitcoin? Not as scary as

you might think. 2027 is a very long way away. Within the next decade, the number of [security]

improvements that could be made to introduce… quantum-safe digital signatures in Bitcoin,

and the ease by which these could be done, really [makes it] not a problem. Let’s see what other bogeymen and scary thoughts

we can banish with all of these questions, which are showing a high level

of anxiety in the Bitcoin space. Before we continue to the next question, remember: when engaging in cryptocurrencies, it is important

every now and then to take a deep breath. Realize that there are many things in life that

are more important, and the end is not near. The apocalypse is not coming,

Bitcoin is not dead or dying. It is going to be okay. The roller-coaster is part of the

show. Don’t worry too much about all of these things. A lot of the articles and academic papers you read

have come out with a sensationalist [title] and they say: “We’ve discovered a fatal flaw

that will be the end of Bitcoin!” They mostly address academic edge cases that are

very hard to apply and fairly easy to mitigate. But that’s not what they’re going to

tell you in the sensationalist headline. They’re not going to write a headline that says: “Edge case discovered; will have minimal impact and

be easily mitigated, but we wrote a great paper about it!” No. They’re going to say: “Doom! Gloom! Bitcoin’s dead!” Don’t believe it.

If(andreas) likes++; first = true;

Smashed the like……..

Can we fund someone to do diagrams and animations to these?

YouTuber aantonop = { "teacher'', 1," awesome"};

I love these videos so much

10:10 was hilarious!

This is a great video that could be made even greater with some animated graphics to explain it visually.

"I'm taking very very big numbers!"πππ

CryptoNick taking notes

way over my head but I watched anyway, i'm an oldie and close to death

I hope everyone understood that….LOL

Great info – Thanks

Thanks for this Q&A Aantonop…. The explanation you provide about guessing private keys at minute 9ish, is similar to one by 3blue1brown, and your viewers might be interested in watching this video on SHA256, https://youtu.be/S9JGmA5_unY

Andreas getting yogi on us. LOL Namaste Andreas.

I know it's very, veeery improbable. Billions of people with trillions of computers until the end of universe and time as we know. But from time to time I generate a single key and check if there are any funds.

Hey Andreas, a visual explanation of how to generate private and public keys by hand would be amazing. Would definitely help increase security!!!

Best Line: In fact at this rate the amount of time it would take you to run through all private keys combinations exceeds the total time of the universe's existence, which depending on whether you apply science or not is either thirteen point four billion years or six thousand years!

10:40 LMAO. Listen to the GOAT

16:38 haha. Nice

I wouldn't be surprised if it ever came out that Andreas is actually Satoshi

Love your common sense!

As always, thanks so much!

All I can say is thank you for being in bitcoin.

Damn your friken smart bro! Thank you for educating us ππΌπ€πΌ

The big question is, what is a public key? Asking for CryptoNick.

great video

11:03 That's the best quantum FUD busting I've heard. Thanks Andreas.

So many level 0 questions, ie quantum computers breaking private code, clearly humans need to read more before getting on the forum and typing away to glory. There should be some method of filtering questions like that do in stack overflow

Hi Andreas, Most of the times blockchain is referenced with respect to financial traction. Could you please help highlight its use case wrt to other applications like immutable database of say… land records or healthcare data ?

I'm going to translate all your videos into spanish, It's my small contribution to the bitcoin community. π

These videos are so great, thanks for making them!

A few corrections: 10^77 is 10 with 76 zeroes after it, not 77. 10^77 / 10^9 is 10^68 not 10^65. Divide by another billion and it is 10^59, not 10^54, another billion is 10^50, not 10^43.

Thanks for the great video as always

Ending was lol

Move back, u r too close to the camera , jesus

Love AA but would work much better with graphics/animation.

Question : Is is possible that two miners might complete a " proof of work " simultaneously ? If so who gets rewarded the "coin" ?

10:28 Zing! hahahaha

MATH ERROR in VIDEO: Isn't 10^77 / 10^9 = 10^68, not 10^65 as you say at around 8:45 of this video?

But Bitcoin is dead. It died so many times it is just impossible it survived .. π

All of the videos you put out are gold Andreas! Having you help beginners over and over again is so valuable to the crypto community. Your explanations really get the point across in a friendly way

There are 10^77 possible combinations of private keys…there are also around 10^77 atoms in the observable universe. 1 private key per atom. That's how big

If the Public address is fundamentaly used to receive bitcoins. And if the Private key allows you to spend or transfer bitcoins stored at that address. Wouldn't the Private key also become public knowledge and subject towards being hacked ?…

These numbers are crazy huge. Really blows the mind.

Mr. aantonop , I got my Mastering Bitcoin book around 6 months ago, I absolutely devoured it and had to leave a review! Jam-packed with clear information from the beginning to the end. Great work!

The bit where Andreas talks about guessing private key probabilities… mind melt. This guyβs wit is dry and razor sharp, love it, the guy is epic.

But, if the Public address is fundamentally used to receive bitcoins. And if the Private

key allows you to spend or transfer bitcoins stored at that address. Wouldn't

the Private key also become public knowledge and subject towards being hacked

?…

I have no idea what he said, but I watched the whole video π€―

What?

SO YOUR TELLING ME CHRISTIANS HAVE THE BEST CHANCE OF CRACKING THE CODE??!!!!lol

kindly reach out for @cyberblaze_bliz on IG he is pretty cool to help you recover your lost key and Bitcoin

HI I DONT UNDERSTAND THE DIFFERENCE BETWEEN A PRIVATE KEY AND A WALLET ADDRESS. I'M NEW TO THIS AND HAVE MY CRYPTO ON A HARD WALLET LEDGER..WHERE IS THE PRIVATE HEY? THERE'S NO INSTRUCTIONS ON THIS FOR ANYONE NEW! THANKS TO ANYONE WHO HELPS!

You have good intentions, but you need to stop talking about elliptical curves and tangents because it's too difficult to understand.. If you really want to grow your channel, think of trying to explain bitcoin to a Labrador retriever. You will draw a large audience by explaining complicated subjects visually and in terms people can understand. Good luck

Just wanted to say a big thank you Andreas, my mind is finally at ease about the security of the privacy key i thought it was binary but the scale/size of 256bit is soo immense , I also see Why it's so incredible important to store this number securely not only from others but for yourself as trying to get a copy/duplicate is virtual impossible, correct me if I have erred please ,cheers

Thanks to the team cyybererenacom for a job well done

Expertetools, tech did a successful hack transfer of 3btc to my wallet