An interesting story was recently published. Someone claimed to have generated the exact same Bitcoin address as the existing Wormhole burn address, years ago in a wallet.
This was actually posted as fiction on Yours.org. Most didn’t notice this was in the fiction section, so the post was taken as a serious claim. Some people actually believed the story. But for anyone with knowledge of the subject, the story is obviously false.
The odds of randomly generating the same address as someone else are so astronomically small, that any chance of this happening is negligible at this point in time.
This is one of the first things you learn in Bitcoin. If anyone can just create their own address, why can’t you create the same address as someone else? Or, if any can create unlimited addresses, won’t we someday run out?
Let’s go over some of the math because the size of these numbers are impressively gigantic.
Bitcoin addresses get generated from a 256 bit number which is the private key. This goes through some ECDSA math to get converted into a public key, which then is hashed by the RIPEMD-160 hash function, giving a 160 bit number known as the pubkeyhash.
From there, it gets encoded into an address. The total number of addresses is 2^160, or 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976
That’s a lot of addresses.
When 2 addresses end up being the same, that’s known as a collision. There’s 2 main kinds of collisions: pre-image collisions and birthday collisions.
A birthday collision is named after the so-called birthday paradox which says that given a set of size n, you can sample a smaller set and have 2 items be the same (with 50% probability) even if that smaller set is only the size of the square root of n (roughly).
So, for 365 possible birthdays, the square root of 365 is only 19. But the exact math works out to be about 23. So if you have 23 random people in a room, there’s a 50/50 chance 2 will share a birthday. This seems to be not many people, hence the birthday paradox.
Back to Bitcoin. A birthday collision could come from only 2^80 addresses. Still that’s
7 billion people on the planet could be generating a million addresses every single second, and after 5.47 years you would have a 50/50 chance of there being at least 1 collision somewhere between any two people’s addresses.
Obviously with that many addresses being generated, most would be empty and so the risks of actual Bitcoin address reuse are quite small. (Perhaps in the future, pubkeyhashes will be expanded to use even more bits.)
For the wormhole fantasy article, he is not talking about a birthday collision but rather a pre-image collision since he is claiming a collision against 1 specific address rather than a random collision among any 2 samples of a huge set.
For this, the collision is much harder. Since hash functions are considered one way functions, and assuming there’s no weaknesses (if there are, Bitcoin has problems), then its simply a brute force search. For a 50/50 chance, its O(n/2)…meaning you have to search at least half of the space of 2^160.
But its even worse for the hero of our story. If, as he claims, he was just randomly creating a few addressees manually, its essentially the entire search space against 1 in terms of probability.
In other words, the odds of him creating the exact wormhole address are 1 in 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976.
That’s 1.46 trillion trillion trillion trillion to 1 against.