Today, we’ll be learning about Ethereum accounts and the math behind creating one. To interact with Ethereum in any meaningful way, you need to have a user account.
The simplest way to create an account on Ethereum is by using the Mist Ethereum wallet, which is an application that allows you to manage and interact with multiple Ethereum accounts. Launching the application will sync to the black chain, meaning it download the entire blockchain data to the blockchain, which can take upwards of 100 gigabytes, so be warned.
When you first launch the application, it will walk you through creating an account and setting a password for it. It’s very important that you never forget this password to maintain access to the account, there is no forgot your password option. Your new account then shows up in the wallet section of the app and it has a balance of zero. Clicking on the account will give us more details about it and provide some options for putting some real ether into it. The main thing to note is the public address, which you will share with other people.
Another way to create an account is via the command line. If you download the Go Ethereum Client of GETH, can simply invoke GETH account new to create an account. This will prompt you to enter a password which again you should never forget and at the end it prints out the public address of your new account. You can create as many accounts as you like and you can view them all by typing GETH Account List. Note that this also shows the account we created in Ethereum Wallet.
Another interesting thing to note is that we don’t even have to be connected to the blockchain or even the internet to create an account. It can happen entirely offline. How is this possible? We know what we need to generate a cryptographic key pair which consists of a public and private key. But don’t we have to register this key pair somewhere? What if someone else is already using this key pair? Even though it’s technically possible, it is highly, highly, improbable.
Let’s talk about why. There are three steps involved in generating an Ethereum public address. The first step is to generate a private key which is just a random number represented by 256 bits. The second step is to use elliptic curve cryptography to generate a 512 bit public key. Each private key maps to exactly one public key. The third and final step is to calculate the Keccak256 has of the public key and then keep the right most 160 bits of the Keccak256 hash to get the public address. This is essentially a mapping of 256 bit private keys to 160 bit public addresses. Meaning each account has more than one private key.
Security is achieved in the randomness of selecting the private key. As long as you get something sufficiently random and not like one or two, it’s highly unlikely that someone else would also generate the same private key. To give you a sense of how many possible private keys there are let’s take a look at some numbers. There are 10,000 possible four digit iPhone passcodes. So if someone were to try to break into your phone by guessing each passcode, it would be pretty hard because they would have a one 1 in 10,000 chance of getting it right. But it would be fairly easy for a computer to try 10,000 passcodes pretty quickly. Apple also claims a 1 in 50,000 chance of a fingerprint ID matching a strangers and a 1 in a million chance of a face ID matching making your phone more secure.
At a few orders of magnitude larger to we have seven and a half billion humans on the planet and we estimate that the big bang took place some 14 billion years ago. Larger still we estimate around 400 billion different stars just in our own galaxy. Many, many orders of magnitude larger still, we estimate that there are around seven times 10 to the power of 27 atoms in the average adult male weighing 150 pounds. Many orders larger still we estimate that are 1.3 times 10 to the power of 50 atoms in the earth. And even larger still, we come to the total number of possible private keys using 256 bits, one times 10 to the power of 77. This number is so big that if we took all the numbers we just talked about before and added them all up, they still wouldn’t even be half of this number. It’s unbelievably big. So the chances of someone randomly generating the same private key is sufficiently that it’s practically impossible.
Staging a brute force attack by trying each possible private key would also require an unachievable amount of computational power, like a planet sized computer working since the beginning of time.