Creating Bitcoin Private Keys with Dice
Hopefully you have heard of Bitcoin, the up-and-coming online virtual currency. Unlike normal currencies, which are run by governments, Bitcoin has no central authority or controlling organization. Instead, every computer that runs Bitcoin software has a chance to become part of the network, processing transactions and keeping things running smoothly. This makes Bitcoin the only currency that is truly by the people, for the people.
While many Bitcoin wallet apps are good enough to store everyday walking-around money, storing larger amounts of money requires extra security. This is no different from cash. For example, many stores will limit the amount of money in their cash registers and put the rest in their safe. This article explains a high-security method of storing Bitcoins.
Bitcoin Private Keys
The Bitcoin network is based on a distributed ledger, called the "blockchain". The blockchain contains a log of every Bitcoin transaction that has ever taken place since the beginning of time, and it is shared publicly with all the computers on the network. A typical transaction has a "from" address (addresses are like account numbers), a "to" address, and an amount to send. Any computer on the network can add up the transactions to see exactly how many bitcoins each address contains. This makes cheating virtually impossible, since all funds are publicly accounted for.
Having the addresses and transactions out in the open means the Bitcoin network needs some other way to determine who "owns" each address, so that only the true owner can spend the funds. This is where the private key comes in. Each valid Bitcoin address has an associated private key, which is like a password to unlock the funds at the address. Since anybody who knows the key can spend the funds, the key must be kept absolutely secret. The key also needs to be kept safe, since losing the key would make spending the funds impossible.
Generating a private key is easy - just pick any random number between 1 and 115792089237316195423570985008687907852837564279074904382605163141518161494337. If the number is truly random, you can rest assured that nobody on Earth will ever guess the same number ever again. The range of valid keys is 78 digits long, which is almost unimaginably huge. It's in the same ballpark as the number of atoms in the universe, which is around 80 digits long. If someone else tries to guess your private key, they probably won't even land in the same star, let alone pick the same atom.
A Bitcoin addresses is just a scrambled version of the corresponding private key. This scrambling is a one-way street, so there there is no way to get the private key back from the public address. On the other hand, since the two numbers are related, it's still possible for the key-holder to prove that they own the address without revealing the private key itself. The mathematics behind this are quite sophisticated, but they involve using the private key to generate a "signature" on each Bitcoin transaction, which can then be checked using the public address. This is why only people who know the private key can spend the funds associated with an address.
Although their size and randomness make private keys pretty-much un-guessable, guessing is only half the problem. A hacker doesn't need to guess if they can just steal a private key off someone's PC. Even worse, a hacker might convince someone to use a fake "random number" generator that only produces keys the hacker knows about. This is where dice come in.
Dice
Dice are a great way to generate secure random numbers, since there is no software involved. The most straightforward way to generate a highly-secure Bitcoin private key is to use a pair of 16-sided hexadecimal dice:
This pair of dice is specially designed to produce a single byte of computer information each time it is rolled. Since a Bitcoin private key is just a 32-byte random number, rolling these dice 32 times will produce a private key directly in hexadecimal format, with no further processing. There are no computers involved, so security is perfect (at least for the key-generation).
It is also possible to use 6-sided dice, although it takes a little more processing to convert the results into a proper 32-byte number. There are 6-sided dice instructions at the bottom of this article.
Finding the Public Address
If generating a secure private key is the easy part, finding the corresponding public address is the hard part. There is no practical way to do this by hand, so a computer needs to be involved. Since the goal is to prevent hackers from stealing the private key, it is best not to do this on a normal, internet-connected computer. Instead, the computer should be sealed off from from the outside world, so there is no way for the private key to leak out.
To get a leak-proof environment for public address calculation, reboot your computer into an Ubuntu 12.04 live CD environment. There are plenty of instructions explaining how to do this. The important thing about the live CD environment is that it does not write anything to the hard disk, so all traces of the private key will vanish once the computer is rebooted.
Once inside the virtual machine, download a copy of the bitcoin-bash-tools script and place it in the "Home" folder. If you would rather not download things from within the live CD environment, you can always download the script to a USB memory stick before rebooting, and then copy it to the "Home" folder once inside the live CD environment.
The beautiful thing about this script is that it is only 150 lines of relatively straightforward code, so it is easy to audit. Trusting this code is easier than trusting a long, complicated web page filled with Javascript, which would be the alternative to using this script.
Once the script is downloaded, ensure that the live CD environment has no internet connection by un-checking the "Enable Networking" menu item:
At this point, there should be no way for information to leak out of the live CD environment. The live CD doesn't store anything on the hard disk, and there is no network connection. Everything that happens from now on will be lost when the computer is rebooted.
Now, start the "Terminal" program, and type the following command:
source ~/bitcoin.sh
This will load the address-calculation script. Now, use the script to find the Bitcoin address for your private key:
newBitcoinKey 0x(your dice digits)
Replace the part that says "(your dice digits)" with 64 digits found by rolling your pair of hexadecimal dice 32 times. Be sure there is no space between the "0x" and your digits. When all is said and done, your terminal window should look like this:
ubuntu@ubuntu:~$ source ~/bitcoin.sh
ubuntu@ubuntu:~$ newBitcoinKey 0x8010b1bb119ad37d4b65a1022a314897b1b3614b345974332cb1b9582cf03536
---
secret exponent: 0x8010B1BB119AD37D4B65A1022A314897B1B3614B345974332CB1B9582CF03536
public key:
X: 09BA8621AEFD3B6BA4CA6D11A4746E8DF8D35D9B51B383338F627BA7FC732731
Y: 8C3A6EC6ACD33C36328B8FB4349B31671BCD3A192316EA4F6236EE1AE4A7D8C9
compressed:
WIF: L1WepftUBemj6H4XQovkiW1ARVjxMqaw4oj2kmkYqdG1xTnBcHfC
bitcoin address: 1HV3WWx56qD6U5yWYZoLc7WbJPV3zAL6Hi
uncompressed:
WIF: 5JngqQmHagNTknnCshzVUysLMWAjT23FWs1TgNU5wyFH5SB3hrP
bitcoin address: 113Pfw4sFqN1T5kXUnKbqZHMJHN9oyjtgD
ubuntu@ubuntu:~$
The script produces two public addresses from the same private key. The "compressed" address format produces smaller transaction sizes (which means lower transaction fees), but it's newer and not as well-supported as the original "uncompressed" format. Choose which format you like, and write down the "WIF" and "bitcoin address" on a piece of paper. The "WIF" is just the private key, converted to a slightly shorter format that Bitcoin wallet apps prefer.
Double-check your paper, and reboot your computer. Aside from the copy on the piece of paper, the reboot should destroy all traces of the private key. Since the paper now holds the only copy of the private key, do not lose it, or you will lose the ability to spend any funds sent to the address!
Any time you want to check the balance at this address, simply visit blockchain.info and type the Bitcoin address into the search box. This will show all transactions associated with this address on the public ledger. It will also show a QR code, which you can use to receive funds into the address. Feel free to bookmark this public-address page for easy reference in the future.
When the time comes to spend the funds, most Bitcoin wallet apps have an option to import funds from a paper wallet. These apps will ask for the private key, which you can simply copy from the piece of paper. Once this happens, though, the funds are only as secure as the wallet app they are transferred into.
Of course, all this security is unnecessary if you just want to experiment, and don't intend to store any funds using the key. If you don't want to reboot your PC, you can test these instructions inside a virtual machine such as VirtualBox. An even easier option to visit offlinebitcoins.com and enter the hexadecimal private key into the "Secret Exponent" box. The web page will generate the Bitcoin address corresponding to the private key.
Using 6-sided Dice
To generate a Bitcoin private key using normal, six-sided dice, just follow the procedure above, but also download a copy of the dice2key script into the live CD "Home" directory.
Once the environment has been disconnected from the internet, run the following command to convert the dice rolls into a 32-byte hexadecimal number:
source dice2key (100 six-sided dice rolls)
The result will be a 64-digit hexadecimal number, exactly as if you had rolled a pair of hexadecimal dice 32 times. The rest of the steps are the same after this point.
French Translation by Kate Bondareva