Probability of Checksum Failure
Probability of Checksum Failure
No checksum is 100% perfect. There is always a tiny, theoretical chance that a mistyped address will "Accidentally" result in a valid checksum. In Bitcoin, we manage this risk by ensuring the probability is so low that it will likely never happen in the history of the network.
1. The 1-in-4-Billion Odds
As we noted, a 4-byte checksum (32 bits) has $2^{32}$ possible values.
-
If you type a completely random string of characters, the chance that the last 4 bytes will match the hash of the first 21 bytes is 1 in 4,294,967,296.
-
The Reality: You aren't typing random characters. You are making a small typo (one or two characters). The hashing algorithm ensures that even a single-bit change in the input results in a completely random-looking output, preserving these odds.
2. Comparing Standards
| Format | Bits | Odds of Accidental Validity |
|---|---|---|
| BIP39 (12 words) | 4 bits | 1 in 16 |
| BIP39 (24 words) | 8 bits | 1 in 256 |
| Base58Check | 32 bits | 1 in 4.2 Billion |
| Bech32 | 30 bits | 1 in 1.07 Billion |
Wait, why is Bech32 (1 in 1 billion) considered "Better" than Base58 (1 in 4 billion)?
- BCH Codes vs. Hashing: While the "Random Guess" odds are slightly lower, Bech32 is specifically designed to catch 100% of the errors humans actually make (swapping characters, typing one wrong letter). Base58 might miss a specific combination of swapped letters, whereas Bech32 never will.
3. The "Collision" Attack
Could a hacker create two different addresses that have the same checksum?
-
Yes, easily. But it doesn't help them.
-
The goal of the checksum isn't to prevent "Collisions" (security); it's to prevent "Errors" (reliability).
-
A hacker can't use a checksum collision to steal your money, because they would still need the private key for the address they are "colliding" with.
4. Why not use 64 bits?
If we used an 8-byte checksum, the odds of failure would be 1 in 18 quintillion.
-
Bitcoin developers decided this was "Overkill."
-
At 1 in 4 billion, even if every person on Earth made one address typo per day, a "Collision" would only occur once every few years, and even then, the funds would only be "Lost" if that typo'd address happened to belong to someone else (which is impossible).
In the final section, we will build a Python Checksum Auditor.
TeachMeBitcoin is an ad-free, open-source educational repository curated by a passionate team of Bitcoin researchers and educators for public benefit. If you found our articles helpful, please consider supporting our hosting and ongoing content updates with a clean donation: