How to avoid address collision in Ethereum?

This is an interesting question I received from one of my student.

In Ethereum, because addresses are not centrally managed, it’s possible to have 2 times the same addresses, owned by 2 different people… These means that these 2 people will be able to sign transactions with the same address, and potentially could steal Ether from each other. That’s a big issue isn’t it? How Ethereum deal with it?

To understand this issue, we need to take a step back and understand how Ethereum addresses are generated.

How Ethereum addresses are generated?

Let’s start with a big misconception: Ethereum addresses are NOT managed by the Ethereum blockchain. Nope. Ethereum addresses are managed by wallets.

Ok…But what are wallets then? wallets are software EXTERNAL to the Ethereum blockchain, controlled by each user. These wallets control user private keys and addresses, and can sign transactions.

Alright, but what does it has to do with our original topic? Well, Ethereum addresses are generated by wallets in a 2-step process:

  1. A private key is randomly generated. This is a very large number. It’s used to sign transactions.
  2. A public key is derived from the private key. This is also a very large number. To go from a private key to a public key, you need to use “Elliptic cryptography”. This involves complex Math, but as a dapp developer what is important to understand is that is that You can go from the private key to the public key easily, but not the other way around. It’s what makes the private key secure.
  3. The address is finally derived from the public key, by hashing the public key and taking the last 40 characters. This address is what is used to identify participants on the blockchain, not the public key

How about collision then?

It’s possible that 2 wallets, belonging to 2 totally different people, randomly generate the SAME private key. The public key and the address will also be the same. Which means these 2 different persons will be able to BOTH sign transactions with the same same address.

Ethereum DOES NOT deal with this. Not directly at this. There is absolutey no code in Ethereum that deals with this collision problem.

However, Ethereum does not NEED to deal with this problem. Maths do. The probability that 2 wallets generate the same random number in a human lifetime is so low that it’s probably never going to happen.

So rest at peace, and continue to believe in Maths!