Bitcoin Forum

I recently read how this Vanity Pool (https://bitcointalk.org/index.php?topic=84569.0) works. I may haven't understood it well, but does this “private and public key addition” have the same security as a normal address? Also, if we assume that k1 + k2 = k3, why would pk1 + pk2 = pk3? (where k = private key and pk = public key)

Isn't there a simpler way to achieve this by multi-sig? You'll generate two private keys and compute their public keys. You'll keep secret your k1 and give to the pool the k2 and the pk1. Then the pool can brute force your 2-of-2 multi-sig address without knowing k1. It can work for segwit addresses, not sure for legacy.

Yes.
ECDSA is associative. Remember that G + G = 2G, this is the same concept. (G being generator point).

(2K + 4K)G = 6KG

6KG being your ECDSA public key.

2K + 4K = 6K

K3 being your ECDSA private key.
You don't give the pool your private keys. Multisig requires two keys that has no relation.

A pool works by submitting to it, along with the address prefix, a normal public key that you have generated. You also generate its corresponding public key.

In the vanity generation process, every time you inspect a searched private key, you compute its public key, you combine it with the public key you provided and then you do RIPEMD160/SHA256 and base58 encoding on that result, and only then comparing the result with your prefix.

Then for the resulting private key you get, you combine it with the private key of the submitted public key, to get the private key that corresponds to the public key listed in the results.

The combination process could be anything, but it's usually addition or multiplication because that's what bitaddress.org supports.

I'll attach an image soon, I'm in the process of making it and it should make things easier to understand.

edit:

https://i.imgur.com/bpcjRBo.png