簡要說明 比特幣地址生成的過程，可能存在的攻擊，以及乙太坊地址的生成過程

1. Bitcoin & Ethereum
Address
陳伯韋 ( Chen Po Wei )
https://www.facebook.com/PWChenD

2. Self introduction
• 學歷
• 北大 碩士研究生
• 目前任職
• Bitcoin 比特幣中文社團 管理員 (『工人智慧』看貼文)
• 論文著述
• Chen, Po-Wei, Bo-Sian Jiang, and Chia-Hui Wang. "Blockchain-based payment
collection supervision system using pervasive Bitcoin digital wallet." 2017 IEEE 13th
International Conference on Wireless and Mobile Computing, Networking and
Communications (WiMob). IEEE, 2017.
• 江柏憲、陳伯韋、王家輝、何建明,”匿名加密貨幣與實名商家交易的有效行動支付監督平
臺之建置與實作-以比特幣為例,” TANET2017 臺灣網際網路研討會, Oct. 25-27, 2017

3. 加密貨幣市場 Market Cap: $631,339,916,895 / 24h Vol: $40,690,150,614 /
BTC Dominance: 50.7%

4. Bitcoin Address

5. 雜湊函數
• 雜湊函數 = 散列函數 = 哈希函數 = Hash Function
• 包括：
• 訊息摘要(Message Digest，MD)
• 安全雜湊演算法(Secure Hash Algorithm，SHA)
• RIPEMD-160
• 特色
• 擴散性(Diffusion) 只要有一個bit的變化就會完全不同
• 不可逆性(Irreversible) 如 1TB的檔案做SHA-256 很難反推
• 抗碰撞性(Collision resistance) 很難遇到不同的輸入 有同樣的輸出

6. h0 := 0x6a09e667
h1 := 0xbb67ae85
h2 := 0x3c6ef372
h3 := 0xa54ff53a
h4 := 0x510e527f
h5 := 0x9b05688c
h6 := 0x1f83d9ab
h7 := 0x5be0cd19
s0 := (a rightrotate 2) xor (a rightrotate 13) xor(a rightrotate 22)
s1 := (e rightrotate 6) xor (e rightrotate 11) xor(e rightrotate 25)
maj:= (a and b) xor (a and c) xor(b and c)
ch := (e and f) xor ((not e) and g)
t1 := h + s1 + ch + k[i] + w[i]
t2 := s0 + maj
Initialize variables
h：= g
g：= f
f：= e
e：= d + t1
d：= c
c：= b
b：= a
a：= t1 + t2
h0：= h0 + a
h1：= h1 + b
h2：= h2 + c
h3：= h3 + d
h4：= h4 + e
h5：= h5 + f
h6：= h6 + g
h7：= h7 + h
t1
t2
SHA

8. Base58
• Base58字母表，Base58
就是由不包括（0，O，
l，I）的大小寫字母和
數字組成。
• 123456789ABCDEFGHJK
LMNPQRSTUVWXYZabc
defghijkmnopqrstuvwxy
z
Value Character Value Character Value Character Value Character
0 1 1 2 2 3 3 4
4 5 5 6 6 7 7 8
8 9 9 A 10 B 11 C
12 D 13 E 14 F 15 G
16 H 17 J 18 K 19 L
20 M 21 N 22 P 23 Q
24 R 25 S 26 T 27 U
28 V 29 W 30 X 31 Y
32 Z 33 a 34 b 35 c
36 d 37 e 38 f 39 g
40 h 41 i 42 j 43 k
44 m 45 n 46 o 47 p
48 q 49 r 50 s 51 t
52 u 53 v 54 w 55 x
56 y 57 z

9. Bitcoin Address 生成 過程
1KwA4fS4uVuCNjCtMivE7m5ATbv93UZg8V

10. 大型比特幣對撞機
Large Bitcoin Collider

11. 攻擊的目標：256bit的私鑰

13. https://lbc.cryptoguru.org/stats

14. Taylor, Michael Bedford. "The Evolution of Bitcoin Hardware." Computer 50.9 (2017): 58-66.

15. • 2017-10-30: over 8000 tn keys searched, Gkeys
forfeiture, Pot payout
• 2017-10-16: Again speed increase ~28% on GPU
systems
• 2017-09-01: End of GPUAuth4All initiative
• 2017-08-01: Happy Birthday LBC! 1 year. GPUAuth4All
• 2017-04-23: 52bits, 4280 tn keys searched
• 2017-04-09: 51bits, 2140 tn keys searched
• 2017-03-25: 50bits, 1120 tn keys searched, >500
Mkeys/s
• 2017-03-23: over 1000 tn keys searched
• 2017-03-09: 49bits, 560 tn keys searched
• 2017-01-27: 48bits, 280 tn keys searched
• 2016-11-11: 47bits, 140 tn keys searched
• 2016-10-21: 46bits, 70 tn keys searched, ~70 Mkeys/s
• 2016-10-09: 45bits, 35 tn keys searched
• 2016-10-01: 44bits, 17.65 tn keys searched
• 2016-09-27: 43bits, 8.75 tn keys searched, 23.5
Mkeys/s
• 2016-09-25: 42bits, 5 tn keys searched, 18.8 Mkeys/s
• 2016-09-23: 41bits, 3 tn keys searched
• 2016-09-21: 40bits searched
• 2016-09-20: Testing new client prototype 13x speedup
• 2016-09-19: 2nd bounty found (claimed some 20h later)
• 2016-09-18: observed and fixed a nasty Windows bug.
Pool rollback!
• 2016-09-17: stats with 24h find probability
• 2016-09-14: 500 bn keys (1 tn addresses) searched
• 2016-09-10: New client available 3x speedup
• 2016-09-07: Windows clients - although quite bad -
available
• 2016-08-29: 1st "real" pool bounty found
• 2016-08-10: pool inception - roughly 0.15 Mkeys/s
• 16 Jul/Aug: stand-alone experiments, then client and
pool development
• 2016-07-28: standalone client: 36bits searched
https://lbc.cryptoguru.org/trophies
已經完成 1.3*1016 私鑰生成範圍：1.1579209*1077

17. Brain Wallet

18. 攻擊目標：人類想出來的詞彙

21. 導入 多一點口令Address

22. 資金流動

23. Brain Wallet Attack

25. Brain Wallet Attack
• 生成字典檔案
• 將字典的 單字轉換成 private key
• 將private key 轉換成 真正的bitcoin address
• 利用blockchain.info 的api 詢問該地址的餘額狀況

28. Abstract
• 我們評估了大約3000億個密碼。
• 我們於2011年9月至2015年8月期間僅識別價值約10萬美元的
884個腦錢包。
• 我們發現，除了21個錢包外，所有的錢都是在24小時內錢被轉走，
但通常在幾分鐘之內。
• 我們沒有發現任何證據表明，腦錢包的用戶加載比特幣選擇更強
的密碼，但我們發現密碼更弱的發現腦袋更快地破解。
嘗試範圍：3*1011

29. Quantum computing
and Bitcoin Address
量子計算和比特幣地址

34. 美國國家標準技術研究所

35. https://ibmcai.com/2016/03/15/quantum-computing-time-for-venture-capitalists-to-put-chips-on-the-table/

37. Ethereum Address

38. Ethereum address Random
PrivateKey (256bit)
SECP256k1
PublicKey (512bit)
sha3.keccak_256()
sha3.keccak(256bit)
頭:0x+sha末40位(hex)
ETH address(160bit)
One
Two
Three
Four
./ethereum-wallet-generator.py
Private key:
eff415edb6331f4f67bdb7f1ecc639da9bcc0550b100bb275c7b5
b21ce3a7804
Public key:
d6dd5241c03bf418b333c256057ee878c34975d6abda075d58e
4b9780f4a8659fcc096b6ad763d8e5914f7daa0b7351398b1eb6
458e95ac41a2711a0651f3fc6
Address: 0x4206f95fc533483fae4687b86c1d0a0088e3cd48

39. Ethereum
Random
PrivateKey (256bit)
SECP256k1
PublicKey (512bit)
sha3.keccak_256()
sha3.keccak(256bit)
頭:0x+sha末40位(hex)
ETH address(160bit)
One
Two
Three
Four
Bitcoin
少了較驗機制

40. Thanks for listening~

41. 參考文獻
• Vasek, Marie, et al. "The Bitcoin brain drain: a short paper on the use and abuse of bitcoin brain wallets."
Financial Cryptography and Data Security, Lecture Notes in Computer Science. Springer (2016).
• Gilbert, Henri, and Helena Handschuh. "Security analysis of SHA-256 and sisters." International workshop
on selected areas in cryptography. Springer, Berlin, Heidelberg, 2003.
• Chen, Po-Wei, Bo-Sian Jiang, and Chia-Hui Wang. "Blockchain-based payment collection supervision
system using pervasive Bitcoin digital wallet." 2017 IEEE 13th International Conference on Wireless and
Mobile Computing, Networking and Communications (WiMob). IEEE, 2017.
• 江柏憲、陳伯韋、王家輝、何建明,”匿名加密貨幣與實名商家交易的有效行動支付監督平臺之建置與實作-以比特
幣為例,” TANET2017 臺灣網際網路研討會, Oct. 25-27, 2017
• http://programmermagazine.github.io/201401/htm/message2.html