Cryptography, Entropy and the art of not winning a lottery ticket
With the new kids in town called “Blockchains”, I have ended up spending weeks if not months to really get a grip on how things function under the hood; and of the many, many, many things I learnt – I found one aspect of asymmetric cryptography the most interesting.
This wasn’t my first introduction with Asymmetric key encryption, but this was the first time I really worried about how reliable it is. Algorithms like RSA and Elliptic Curve Digital Signature Algorithm (ECDSA) which is used by Bitcoin and Ethereum, generate a private key. This key acts as root to derive a public key. In case of Ethereum, a hash of this public key is used to derive the (public) address of the account. I’m leaving the explanation of how and why it works to the experts, and jumping to my point.
If you noticed, the private key (password) and its address on the blockchain is generated by a computer out of thin air; just like a GUID is generated in most applications. This is all based on the principle that the odds of generating the same GUID are real low, putting all faith in probability. To be very honest, not having a 100% guarantee on security of these possibly high stake accounts scared me bit. That brought me to the question.
“What are the odds that someone ends up generating the same private key as me, and gains complete access to my Bitcoin address?”
A quick Google search led me to interesting answers all over the web. And of course, the probability is real low for a 160-bit address.
2^160 = 1,460,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000.
Though this is a large number, without a solid background of mathematics it is still difficult to remain convinced that no one on the face of earth will ever come across one of my keys simply by a stroke of luck. What did bring this number into solid perspective is the definition of Entropy (Physics. Not Information Theory).
Apparently, matter all around us acts the way it does because entropy dictates this behavior; also via probability. Entropy is the simplest form is a measurement of disorder. I’ll let the TED-Ed by Jeff Philips explain it in detail.
Now if you think of the probability of stumbling into a key twice; the probability of it really happening is close to the probability of a steady glass of water heating up while next to ice. Or as one Bitcoin Stack exchange user explains – “the odds of your computer burning down and turning into a million-dollar lottery ticket are better than you stumbling into a duplicate address”. Quite literally.
If that doesn’t assure you how close to impossible it is to stumble into a key for a valid account, nothing will. May the mathematical odds be in your favor.