@hasherstacker posted about 107 BTC moving to a burn address, so I asked how we can even tell it’s a burn address. @039ef40c01 replied:
The address 1111111111111111111114oLvT2 is what you get when you base58 + checksum the hash160 0000000000000000000000000000000000000000 so there may be a private key which gives a public key that hashes to that but seems unlikely.
This is way over my head, so can someone break it down for me in plain English? Also, are these types of addresses immune to quantum computing? Thanks!
Usually when you generate a key pair, you would first randomly produce the private key and then calculate the public key from the private key.
To make a Pay to Public Key Hash (P2PKH) output script from the public key, you would hash the public key and insert it into the following script:
OP_DUP OP_HASH160 OP_PUSHBYTES_20 <pubkeyhash> OP_EQUALVERIFY OP_CHECKSIGIn this case, instead of generating a private key, calculating the public key, and producing its hash, someone just put 000…000 for
<pubkeyhash>. Because it is extremely unlikely that someone would find the private key whose public key hashes to 000…000, funds sent to the resulting address are likely lost forever.This holds true even if CRQC make an appearance, because CRQC can only calculate the private key from a public key, but they cannot reverse hashes. The public key corresponding to this P2PKH is still unknown, the 000…000 took the place of the public key hash, not the public key.
They are not immune to QC attacks.
The easiest way for you to understand it is to play around with the concept. For example, go to https://www.md5hashgenerator.com/ and enter "hello" and hit "Generate" button. That should produce the hash 5d41402abc4b2a76b9719d911017c592.
Try enter a few hundred or thousand different strings. See if you can get a meaningful repeating pattern in your output hash.
The odds of any hash producing some sort of repeating pattern like 111111111111111.... is so low that you can assume that the you are being given a hash that the person doesn't know the source data to. Therefore its a burn address.
I think I get it. It’s not a real burn address, not like an unspendable UTXO. It’s burn address just because it’s crazy hard to get a private key that derives that address.
Exactly there is no "burn address" built into bitcoin code, but there are addresses that are so improbable that there is no real way someone holds the private key.
There are tools that generate "vanity addresses" (along with private key) but typically it becomes impossible after the first few chars. So you can probably easily generate private key for bc111XXXXX address but generating bc111111111111111... is impossible.
Isn't the probability of generating all types of wallet addresses the same? What makes this pattern different or even “impossible” if the function is the same for everyone?
Ps: Don’t worry, the link here helped.
It’s not impossible, it’s just that the number space is so enormous that it’s exceedingly unlikely that it will ever be found: every random private key you generate will map to one of 2160 possible P2PKH addresses.
Also see, Bitcoin Stack Exchange Is each Bitcoin address unique?
These funds will remain burnt even if CRQC make an appearance. The 000…000 was inserted in the position of the pubkey hash. The public key that hashes to 000…000 remains unknown.
You can see this by inspecting the details of an output that paid 111…14oLvT2`, e.g., on mempool.space:
I'll try to explain. In the beginning there were no Bitcoin addresses. You could "Pay to IP" (but anyone could claim those) and "Pay to Public Key" but those are long and ugly (an uncompressed public key is 65-bytes!) So Pay to Public Key Hash P2PKH was invented.
P2PKH takes the locking script, which may just be the public key needed to spend. Hashes it with sha256. Hashes it again with ripemd160. And then base58 encodes it (which removes lookalike characters etc). And then has a simple checksum on the end. This gave nice short addresses which humans can verify. And the checksum gave protection against mistyping or pasting a truncated address.
Since the beginning people have been abusing that base58 encode. I think 1111111111111111111114oLvT2 was the first burn address. Using an all zero hash160 result. But other famous burn addresses include 1CounterpartyXXXXXXXXXXXXXXXUWLpVr and 1ChancecoinXXXXXXXXXXXXXXXXXZELUFD. You just write 1 followed by any valid base58 characters and calculate the checksum on the end.
I expect an all zero hash160 is impossible. But for the others like 1CounterParty its likely a private key is probably possible. It will not be found until a quantum computer can reverse the hash160, reverse the sha256 and reverse public key to private key.
There is a better explanation here: https://bitcoin.stackexchange.com/a/1852
the link is great. thanks!
Still blows my mind that people can send real money to an address nobody can ever use again.