|
Title: Deterministic Address and Quantum Computing Post by: adaseb on June 23, 2017, 10:13:06 PM On Reddit there is a lot of talk about public keys being easily crackable in the near future due to the advancement of Quantum computing.
Many wallets such as Electrum use Deterministic keys, so one seed can create hundreds of addresses and if you know the private key of 1 address you can easily derive the private keys of the addresses remaining in the wallet. So lets say some individual with 1000 BTC in their wallet, never reuses the same address, each transaction change goes to a brand new change address. However since the keys are deterministic can't someone find the private key of the unspend address since they can easily follow the trail and crack the public key of a spent transaction and use that to find all the wallets BTC address and change addresses? Title: Re: Deterministic Address and Quantum Computing Post by: achow101 on June 23, 2017, 10:17:36 PM On Reddit there is a lot of talk about public keys being easily crackable in the near future due to the advancement of Quantum computing. No, that is not how HD wallets work. The private keys are not derived in a chain one after the other. They are all derived from a master private key. It is a tree structure, not a linked list. This means that if the master private key is discovered, then all of the private keys in the wallet are known. However if only 1 child private key is known, then no other private keys can be derived. The only caveat to that is if non-hardened derivation were used and the master public key were known then the master private key can be derived and from there the rest of the child private keys. Many wallets such as Electrum use Deterministic keys, so one seed can create hundreds of addresses and if you know the private key of 1 address you can easily derive the private keys of the addresses remaining in the wallet. So lets say some individual with 1000 BTC in their wallet, never reuses the same address, each transaction change goes to a brand new change address. However since the keys are deterministic can't someone find the private key of the unspend address since they can easily follow the trail and crack the public key of a spent transaction and use that to find all the wallets BTC address and change addresses? This does not require any sort of quantum computing at all either. Title: Re: Deterministic Address and Quantum Computing Post by: adaseb on June 23, 2017, 10:30:36 PM On Reddit there is a lot of talk about public keys being easily crackable in the near future due to the advancement of Quantum computing. No, that is not how HD wallets work. The private keys are not derived in a chain one after the other. They are all derived from a master private key. It is a tree structure, not a linked list. This means that if the master private key is discovered, then all of the private keys in the wallet are known. However if only 1 child private key is known, then no other private keys can be derived. The only caveat to that is if non-hardened derivation were used and the master public key were known then the master private key can be derived and from there the rest of the child private keys. Many wallets such as Electrum use Deterministic keys, so one seed can create hundreds of addresses and if you know the private key of 1 address you can easily derive the private keys of the addresses remaining in the wallet. So lets say some individual with 1000 BTC in their wallet, never reuses the same address, each transaction change goes to a brand new change address. However since the keys are deterministic can't someone find the private key of the unspend address since they can easily follow the trail and crack the public key of a spent transaction and use that to find all the wallets BTC address and change addresses? This does not require any sort of quantum computing at all either. I did not know that. Because when I exported my private keys in Electrum there is a warning "EXPOSING A SINGLE PRIVATE KEY CAN COMPROMISE YOUR ENTIRE WALLET!" So if 1 Private Key is exposed AND one's computer gets hacked which has only the watching address, they can get the Master Public key from there and calculate the rest of the private keys in the wallet using those 2 variables? Title: Re: Deterministic Address and Quantum Computing Post by: achow101 on June 23, 2017, 11:21:49 PM I did not know that. Yes. This only applies to non-hardened derivation, which is what most wallets use (including Electrum) as that is what allows for watching only wallets. Hardened derivation prevents this but also means that you can't have a watching-only wallet as easily (it requires going back to the offline machine to generate a bunch more addresses instead of generating from the master public key).Because when I exported my private keys in Electrum there is a warning "EXPOSING A SINGLE PRIVATE KEY CAN COMPROMISE YOUR ENTIRE WALLET!" So if 1 Private Key is exposed AND one's computer gets hacked which has only the watching address, they can get the Master Public key from there and calculate the rest of the private keys in the wallet using those 2 variables? Title: Re: Deterministic Address and Quantum Computing Post by: adaseb on June 23, 2017, 11:29:33 PM I did not know that. Yes. This only applies to non-hardened derivation, which is what most wallets use (including Electrum) as that is what allows for watching only wallets. Hardened derivation prevents this but also means that you can't have a watching-only wallet as easily (it requires going back to the offline machine to generate a bunch more addresses instead of generating from the master public key).Because when I exported my private keys in Electrum there is a warning "EXPOSING A SINGLE PRIVATE KEY CAN COMPROMISE YOUR ENTIRE WALLET!" So if 1 Private Key is exposed AND one's computer gets hacked which has only the watching address, they can get the Master Public key from there and calculate the rest of the private keys in the wallet using those 2 variables? So as long as you keep your Master Public Key safe there is a very low chance of someone finding your Master Private Key even if they manage to use a Quantum computer and crack 1 private key from a public key that was used in a previous transaction in the same wallet? Title: Re: Deterministic Address and Quantum Computing Post by: achow101 on June 23, 2017, 11:42:35 PM So as long as you keep your Master Public Key safe there is a very low chance of someone finding your Master Private Key even if they manage to use a Quantum computer and crack 1 private key from a public key that was used in a previous transaction in the same wallet? Yes. If someone has a quantum computer that can get private keys from public keys, then if that person gets just your Master Public Key, you're screwed anyways as they can then get your Master Private Key.Title: Re: Deterministic Address and Quantum Computing Post by: adaseb on June 24, 2017, 12:36:27 AM So as long as you keep your Master Public Key safe there is a very low chance of someone finding your Master Private Key even if they manage to use a Quantum computer and crack 1 private key from a public key that was used in a previous transaction in the same wallet? Yes. If someone has a quantum computer that can get private keys from public keys, then if that person gets just your Master Public Key, you're screwed anyways as they can then get your Master Private Key.Ok now I understand. Thanks for your help. |