Storing and transferring cryptocurrencies requires a deeper understanding of Internet security protocols than your typical email or Facebook user is accustomed to. You have to set up a digital or hardware wallet, create a password and 2-factor authentication and store your 64 character private key. All while also making sure to copy and paste your exact public key when sending it to others to make sure your funds are transferred to you, and not someone else.
Of all of these components, the most important is the private key. It’s a secret code that if accessed by anyone else, would instantly give them access to your cryptocurrency funds.
Private keys are always randomly generated characters. With 64 characters that consist of letters and numbers, it’s hard to imagine that anyone could end up with the same private key as another user. But is this actually possible?
We discovered that there are 2 scenarios where this might happen:
1) Person A generates the same key pair (private key) as person B
2) Person A generates a different key pair, where the public key hashes to person B’s address (a hash collision)
Chances are rare as 2^128
According to a thread on Bitcointalk and the technical background of version 1 Bitcoin addresses, in order for scenario 1 to occur, person A would have to attack and break into a block that has the strength of 2^128 bits. , This is almost 69 billion times larger than earth’s mass in grams. Dan Boneh, a Stanford professor of cryptography, who published a video called “Exhaustive search attacks“, states that “anything that’s bigger than 2^90 is considered sufficiently secure” and “won’t ever generate the same address as someone else”.
For scenario 2 to happen, a collision of two of Bitcoin’s hash functions (RIPEMD-160 and SHA-256) would need to happen. As far as we know, neither RIPEMD-160 nor SHA-256 is known to have any vulnerability to hash collision attacks, making the random generation of 2 identical keys very unlikely.
Finally, we assume that all Bitcoin addresses are properly generated using a “true random” algorithm. However, there may be flaws if the mechanism for generating addresses does not mix the characters up enough or employs human calculation to produce the randomness, which exposes it to potential repetition because of our natural tendency to create patterns.
As it stands, we can be confident that our private keys are our own and are unique. However in the very rare event that 2 identical keys were generated, person A would probably be able to spend person B’s coins (and vice versa). In such a rare case, it would be a race between both coin holders to see who spends them first.