[Ethereum] Account uniqueness guaranteed

accountsaddressescryptographySecurity

When we create an account in the Ethereum main network, how does the protocol guarantee the unique address of an account? Since even if we are not connected to the network we can create an account, is there a possibility of two accounts getting the same address? Is the account information kept in the blockchain ?

Best Answer

Quoting Chris613 on ethereum forum about cpp ethereum :

  1. A 256-bit Private Key is initialized with random data

  2. The secret is tested for being an acceptable key, which just means non-zero and less than "the order of the curve" which I think is an upper range after which keys are weak (corrections welcome).

  3. A 512-bit Public Key is generated from that secret and tested by secp256k1_ecdsa_pubkey_verify. I don't fully understand this check without more research (key types), but my understanding is that any number can be a valid secret key, and generating a public key from it should always be reliable (corrections welcome).

  4. The Public Key is hashed with SHA-3 [Keccak-256] to produce a 256-bit output. The upper 96 bits are discarded, and the lower 160 bits become the Address.

So as the hashing algorithm used for the address has a very very big number of possibilities and a very very low rate of collisions, final addresses should be unique.

As you can't guess a PK from its address, creating a PK that matches the address would require to try a lot of PK combinations before finding a match. So this is not about brute-forcing addresses, but trying public keys and then private keys to finally match an address.

None is known to have succeed to do it today.

A quantum computer could probably do that but one able to do this sort of calculation still doesn't exist. Next generation of crypto money will have to take quantum computer in account for sure.

Edit: Private keys must be less than the order of the curve because otherwise they will 'loop back around' and be equal to other people's private keys, due to how EC groups work. Think of an analogue clock: at 13:00, the clock points to 1. What's happening here is similar, but using a much larger number (just under 2^256). On a clock this is fine because we know whether it's morning or afternoon, but here same private key => same public key => same address, meaning if two private keys are equivalent, the owners of both could access and form valid transactions originating from the same account.

The public key check is checking it's a valid, rational point of the curve. This is pretty much just checking that the two 256 bit numbers are whole numbers and satisfy a formula necessary for all the arithmetic to hold correctly.

Hash functions are actually not entirely broken under quantum cryptography, so the address -> public key stage could still be fairly robust. However, calculating people's private keys from their public keys would be trivial, and so next gen cryptocurrencies will have to take in quantum crypto indeed!

Related Topic