35. On the Possibility of Bitcoin Address Collisions

35

On the Possibility of Bitcoin Address Collisions

BITCOIN ADDRESSES are created out of a hash of the public addresses, and concern was expressed about a possible collision, where two different individuals could by some random chance be assigned the same Bitcoin address. Note that a 160-bit hash yields 2 to the power of 160 or 1.46 x 1048 possibilities, and therefore the probability of a collision’s occurring is extremely remote.

Re: Bitcoin Address Collisions

Satoshi Nakamoto February 23, 2010 09:22:47 AM

NewLibertyStandard wrote:

Although extremely unlikely, what would happen if two Bitcoin clients generated the same Bitcoin address? Would payments be delivered to whichever client encountered the payment first? If there is a mechanism in place to prevent such collisions, please explain it.

There’s a separate public/private keypair for every bitcoin address. You don’t have a single private key that unlocks everything. Bitcoin addresses are a 160-bit hash of the public key, everything else in the system is 256-bit.

If there was a collision, the collider could spend any money sent to that address. Just money sent to that address, not the whole wallet.

If you were to intentionally try to make a collision, it would currently take 2^126 times longer to generate a colliding bitcoin address than to generate a block. You could have got a lot more money by generating blocks.

The random seed is very thorough. On Windows, it uses all the performance monitor data that measures every bit of disk performance, network card metrics, cpu time, paging etc. since your computer started. Linux has a built-in entropy collector. Adding to that, every time you move your mouse inside the Bitcoin window you’re generating entropy, and entropy is captured from the timing of disk ops.