Bitcoin Forum

Bitcoin => Hardware wallets => Topic started by: dex9 on July 17, 2015, 07:06:21 PM



Title: Trezor wallet private key security
Post by: dex9 on July 17, 2015, 07:06:21 PM
I suspect my question is dumb, but still - after 30 minutes of active search I haven't found an answer, so here it goes.

We know that Trezor's architecture is such that it keeps private keys inside the device and never exposes them (that's what we read in the FAQ: http://doc.satoshilabs.com/trezor-faq/ )
We also know that whenever new Bitcoin address is generated, there is a pair of keys - public and private associated with each address, and the only way to spend balance from the given address is via its private key.

So in my understanding, if the wallet is guarded by Trezor, then each new address generated for such wallet should be generated by Trezor (otherwize private keys would be exposed).
However, my experience with Trezor proves that it is not the case.
After I set up my account and wallet at https://mytrezor.com/ with the Trezor device, I detached the device and had no problem generating as many new addresses for my wallet as I like (with no Trezor attached). Consequently, private keys for these new addresses could NOT have been stored in Trezor.

So my question is - where are the private keys for the generated addresses are stored, and if not in the device - then what's the purpose of the device? What other private keys does it keep and how does it help protect the balance in my Bitcoin addresses, if their private keys are not in Trezor?

Maybe I should check Trezor's source for an answer, but I figured I post here first...


Title: Re: Trezor wallet private key security
Post by: Carlton Banks on July 17, 2015, 07:17:07 PM
I suspect my question is dumb, but still - after 30 minutes of active search I haven't found an answer, so here it goes.

We know that Trezor's architecture is such that it keeps private keys inside the device and never exposes them (that's what we read in the FAQ: http://doc.satoshilabs.com/trezor-faq/ )
We also know that whenever new Bitcoin address is generated, there is a pair of keys - public and private associated with each address, and the only way to spend balance from the given address is via its private key.

So in my understanding, if the wallet is guarded by Trezor, then each new address generated for such wallet should be generated by Trezor (otherwize private keys would be exposed).
However, my experience with Trezor proves that it is not the case.
After I set up my account and wallet at https://mytrezor.com/ with the Trezor device, I detached the device and had no problem generating as many new addresses for my wallet as I like (with no Trezor attached). Consequently, private keys for these new addresses could NOT have been stored in Trezor.

So my question is - where are the private keys for the generated addresses are stored, and if not in the device - then what's the purpose of the device? What other private keys does it keep and how does it help protect the balance in my Bitcoin addresses, if their private keys are not in Trezor?

Maybe I should check Trezor's source for an answer, but I figured I post here first...


Trezor uses a concept called "deterministic" public keys. From the private key, a solitary master public key is derived. From that single master public key, any number of extended public key can be derived. Each extended public key corresponds to a Trezor "account". For each extended public key, any number of actual public keys (i.e. bitcoin address) can be derived.

So, the private keys are only on the device, but either the master public key, or any of the xpub keys are transmitted from the device to both your web browser and to mytrezor.com servers. So, the private keys are not designed or intended to leave the device, and they are not required to generate new addresses safely.


Title: Re: Trezor wallet private key security
Post by: d4n13 on July 17, 2015, 09:05:02 PM
However, my experience with Trezor proves that it is not the case.
After I set up my account and wallet at https://mytrezor.com/ with the Trezor device, I detached the device and had no problem generating as many new addresses for my wallet as I like (with no Trezor attached). Consequently, private keys for these new addresses could NOT have been stored in Trezor.
The process you describe indicates that the wallet program you use is not properly supporting Trezor.  You likely have a mixed bag of keys.  Attempting to generate keys when Trezor is detached should flag an error.  If it doesn't, open an issue against the wallet maker and ask Trezor to remove that wallet maker from their support list.

You are right to be concerned.


Title: Re: Trezor wallet private key security
Post by: dex9 on July 18, 2015, 04:43:08 AM
However, my experience with Trezor proves that it is not the case.
After I set up my account and wallet at https://mytrezor.com/ with the Trezor device, I detached the device and had no problem generating as many new addresses for my wallet as I like (with no Trezor attached). Consequently, private keys for these new addresses could NOT have been stored in Trezor.
The process you describe indicates that the wallet program you use is not properly supporting Trezor.  You likely have a mixed bag of keys.  Attempting to generate keys when Trezor is detached should flag an error.  If it doesn't, open an issue against the wallet maker and ask Trezor to remove that wallet maker from their support list.

You are right to be concerned.
Transaction Rescue Bounty Campaign (https://bitcointalk.org/index.php?topic=1123441.0), ... Charitable Transaction Rescue Service (https://bitcointalk.org/index.php?topic=1123063.0)



I am using Trezor's manufacturer website https://mytrezor.com/ . Are you saying that Trezor website is not properly supporting Trezor?


Title: Re: Trezor wallet private key security
Post by: dex9 on July 18, 2015, 05:01:51 AM
Trezor uses a concept called "deterministic" public keys. From the private key, a solitary master public key is derived. From that single master public key, any number of extended public key can be derived. Each extended public key corresponds to a Trezor "account". For each extended public key, any number of actual public keys (i.e. bitcoin address) can be derived.

So, the private keys are only on the device, but either the master public key, or any of the xpub keys are transmitted from the device to both your web browser and to mytrezor.com servers. So, the private keys are not designed or intended to leave the device, and they are not required to generate new addresses safely.

Thank you, that makes some sense. Going to research "deterministic" public keys...


Title: Re: Trezor wallet private key security
Post by: d4n13 on July 18, 2015, 06:15:09 AM
However, my experience with Trezor proves that it is not the case.
After I set up my account and wallet at https://mytrezor.com/ with the Trezor device, I detached the device and had no problem generating as many new addresses (PUBLIC KEYS) for my wallet as I like (with no Trezor attached). Consequently, private keys for these new addresses could NOT have been stored in Trezor.
Highlights added are mine.

The process you describe indicates that the wallet program you use is not properly supporting Trezor.  You likely have a mixed bag of keys.  Attempting to generate PRIVATE keys when Trezor is detached should flag an error.  If it doesn't, open an issue against the wallet maker and ask Trezor to remove that wallet maker from their support list.
Highlights added are mine

I am using Trezor's manufacturer website https://mytrezor.com/ . Are you saying that Trezor website is not properly supporting Trezor?
I too need to read up more on HD Keygen