StellarKeys

StellarKeys - Key space of Stellar

Summary

StellarKeys leaks all private keys that are mathematically possible. While users are learning cryptography of Stellar I will put some cryptographic puzzles which are hidden randomly between specific hex bits. It will provide new users to the community because people will try to find prizes and try to learn how Stellar is working. You can use chat within website to discuss about StellarKeys.

Goal

Show how Stellar cryptography works. Create puzzle games to make Stellar more interesting to get new users for the community while they are working on it.

Roadmap

~~Add balance indicator to public keys.~~ DONE
Create query page for compromised wallets.
~~Generic burn address generator (up to 52 char) Such as : https://horizon-testnet.stellar.org/accounts/GALAXYISREALORNOTTHEQUESTIONISHERENOTSTELLARMERTHEREBVSI~~ DONE
Toggle switch for livenet/testnet

Website

https://stellarkeys.space/

You can ask any question about StellarKeys in here. Have a good exploring!

stellarkeys

Balance indicator

Update!

Balance indicator added
Burn address generator added (https://stellarkeys.space/b/u/r/n)

nebolsin

Do you have something up on the puzzle side already? I love puzzles, and I'm curious to find those "hidden randomly between specific hex bits" and learn more about cryptography.

What drives my interest is the fact that I've recently participated in a very similar activity — during the November airdrop round in stellar.public#spacedrop channel on keybase user @erayd published a few educational puzzles where users could get an XLM reward if they can figure out how to extract it. You can find all the currently active challenges, as well as a description for the solved ones, on this page: https://erayd.keybase.pub/puzzles.html. I liked the idea of 'earn by learning' so I later contributed a few puzzles based on the less known features and quirks of Stellar.

I look forward to seeing the new challenges you've come up with, and in the meantime, I'd like to share a few thoughts about the current state of stellarkeys.space.

First of all, it's a bit misleading that you use the term "leaked keys" for the list, which you generate on the fly by going sequentially through all possible Ed25519 private keys. Probability of finding the existing account is about 0.0000000000000000000000000000000000000000000000000000000000000000000007, which I guess many orders of magnitude smaller than any reasonable "probability of coming to life" estimation, no matter how you define it.

For sure, a lot of folks will enjoy jumping through random pages just for fun, which brings us to the next issue — on every page load by every user results in 25 separate requests to the public Horizon server to load the balances. During the next spacedrop round, it could be a few thousand users constantly navigating through pages, trying to catch the winds of luck, and that will put unnecessary load on SDF's Horizon instances, affect other projects, and might even work as a DDoS attack. That's not in the best interests of the community, so please don't do this. You can use your own Horizon deployment or switch to a more effective algorithm.

My last comment is about the burn address generator, which is also an incorrect and misleading naming for the tool, given what it does. For the "real" burn address used by SDF, they had a secret key, and they used it to properly lock the account (set the master weight to zero). This setup guarantees that the funds will never escape this account and get into the circulation, which is what "burned" implies. Your tool generates a valid public address but doesn't have the corresponding secret key to lock the account. The funds are not really "burned" and can get back to circulation if the account's secret key is found in the future (for example, by some lucky user of your tool).

stellarkeys

nebolsin Hey, I'm very happy with your detailed comment.

Puzzles are on the way. I'm trying to prepare different types of puzzles to reach everyone.
I used the term "Leaked keys" to draw attention and same for "probability of coming to life" argument. There are certainly 115792089237316195423570985008687907853269984665640564039457584007913129639935 public keys and
currently 4180117 accounts exist on Stellar network so it means probability of finding exist account is 0.0000000000000000000000000000000000000000000000000000000000000000000000361000654
Yes, I'm already working on a load balancer algorithm which is handling client to use different Horizon endpoints every page request.
Actually you defined what is burn address with "...valid public address but doesn't have the corresponding secret key to lock the account." You're right about it is not like set the master weight to zero but mathematically they're burned . Of course situations like a weakness about ed25519 algorithm but if someone can found weakness all accounts will be under same risk. Anyway, you have a point maybe I should add a description text about it.

dzham

stellarkeys There are certainly 115792089237316195423570985008687907853269984665640564039457584007913129639935 public keys

Actually, there are only 3618502788666131106986593281521497120414687020801267626233049500247285301248 unique public keys.

stellarkeys

dzham

Key calculation range is
Hex : 000...0000 - fff...fff
or
Decimal : 0 to 115792089237316195423570985008687907853269984665640564039457584007913129639935

I didn't say there is unique 115792089...9639935 key exist. The number given is count of public keys on StellarKeys. Doesn't matter there is a collision or not. Also the discussion is probability of finding the existing account not finding unique exist account.

dzham

stellarkeys

The number of possible public keys is 2^251.

Ed25519 is basically Schnorr, with a few extra steps.
The Schnorr private key is generated by hashing the input seed, and masking away five bits, as follows: 01xxxxxx.......xxxxx000. The Schnorr private key is then used to generate the public key, with only 251 bits of entropy.

(Each Stellar public key can be generated by 32 different seeds)

dzham

Either way, assuming the whole population of the earth reloads the site once a second for a whole year, it'll still take _10⁵⁰ years before you find the seed for a public key with a non-zero balance. Not very useful.

cballou

I'm assuming this stemmed from the author trying to see if he could find any accounts generated by bad seeding algorithms, as was brought to the public attention by an Ethereum issue:

https://cointelegraph.com/news/blockchain-bandit-has-stolen-45-000-eth-by-guessing-weak-private-keys-report-claims

Interesting nonetheless 🙂