Title: "Best Practices" when using BIP 32 master public keys Post by: NRF on March 11, 2015, 12:54:46 AM I apologize because this question has been asked before quite a few time all over the internet (here too) and there have been a lot of answers. I just want to be sure that I don't shoot myself in the foot.
So, for arguments say lets say I am using pycoin's (https://github.com/richardkiss/pycoin) ky tool and I generate a mpk with "ku create" and get the mpk value. I can the grab 10 keys using like this. Code: ku xpub661MyMwAqRbcEp8XttK9d2edcSGdtgB5Jjti3upwRiwGYPMFRBJHLe994uMuyLubJWbhzqUtBtYmGfpjHxVbDCjGPboCg3b5wWNGkxavC3B -a -s0-9 I have 3 questions. 1. Assuming I keep control of the master private key and start giving out those addresses have I shot myself in the foot? 2. How many public keys can I generate like this? it seems I can use -s999999999 3. Is there a better way? Title: Re: "Best Practices" when using BIP 32 master public keys Post by: dabura667 on March 11, 2015, 12:21:20 PM 1. Assuming I keep control of the master private key and start giving out those addresses have I shot myself in the foot? 2. How many public keys can I generate like this? it seems I can use -s999999999 3. Is there a better way? 1. Assuming you keep a record of which index you gave to whom, I see no problem. 2. 2,147,483,648 keys per MPK (remember, in HD wallets, any pubkey can be turned into an MPK... so basically limitless... but for 1 single MPK, you're limited to a little over 2 billion keys. 3. Depends on exactly what you want to do with the addresses. Giving out for simple payments, fine... just NEVER GIVE OUT A SINGLE PRIVATE KEY TO ANY OF THOSE ADDRESSES. (Remember: 1 MPK + 1 private key of an address generated from it = the Master Private Key for that MPK can be calculated.) Title: Re: "Best Practices" when using BIP 32 master public keys Post by: NRF on March 11, 2015, 08:37:58 PM NEVER GIVE OUT A SINGLE PRIVATE KEY TO ANY OF THOSE ADDRESSES. (Remember: 1 MPK + 1 private key of an address generated from it = the Master Private Key for that MPK can be calculated.) Noted, I had been aware but it is good to reiterate. One last question, and this is more about client/wallet behavior than anything else and I am probably pushing s*@t up hill. Given the master private or master public key can you do something like a Peter Todd proof-of-solvency to gain the value or is it a "loop through keys" job? Title: Re: "Best Practices" when using BIP 32 master public keys Post by: Envrin on March 12, 2015, 07:20:39 AM One last question, and this is more about client/wallet behavior than anything else and I am probably pushing s*@t up hill. Given the master private or master public key can you do something like a Peter Todd proof-of-solvency to gain the value or is it a "loop through keys" job? Public -> Private is basically impossible, so nothing to worry about there, if someone gets your public key. Private -> Private is obviously possible though. More than likely they would just loop through the keys. As a side note, make sure whatever you're using to sign transactions is legit. If you sign your transactions using malicious code that specifies the nonce to use for signing, then yeah, they'll be able to obtain your private key after gathering some signatures from the blockchain. |