|
Title: Security of a message signed with bitcoin-core Post by: uldbitcoin on February 10, 2020, 03:29:50 PM deleted
Title: Re: Security of a message signed with bitcoin-core Post by: jackg on February 10, 2020, 03:34:32 PM There's technically always a chance but it's much like signing a transaction and offers the same security.
If you have a modern computer the random nber it generates should be good enough to keep your private key secure... Message digest, message and public key can all be released publicly and are when a transaction is signed and broadcast to the blockchain anyway. Title: Re: Security of a message signed with bitcoin-core Post by: AB de Royse777 on February 10, 2020, 03:36:47 PM As long as your private key is safe, you will not need to be worry about anything else. Also it does not matter if you have signed it using Bitcoin core or anything else.
I think Jackg also said the same thing above. Title: Re: Security of a message signed with bitcoin-core Post by: ranochigo on February 10, 2020, 04:17:54 PM I just wanted to know if it is really safe to disclose : message, public key, signed hash to open world. There's really no chance of anyone finding my private key from the signed hash ? There is a chance. ECDSA hash signatures can be reverse engineered to produce the private key if the variables used in the signature generation is not random enough. In addition, the private keys can also be derived from the public key by a sufficiently powerful quantum computer and the luxury of the time. With the current state of technology (and the latest Bitcoin Core) , its nothing to be worried about and there isn't more risk from this than to send a transaction. I'm just wondering because if this feature is not possible in bitcoin-core client for segwit address, maybe it's for a security reason... It isn't a security issue but more of the fact that there isn't any standards for signing messages with bech32 addresses yet. Title: Re: Security of a message signed with bitcoin-core Post by: BrewMaster on February 10, 2020, 04:50:02 PM If you have a modern computer the random nber it generates should be good enough to keep your private key secure... first of all security of RNG has nothing to do with the computer being modern, it is about how it was implemented. secondly there are no random numbers being generated when creating a signature (both during message signing or transaction signing). everything is being done deterministically, meaning nonce is generated using your key and the message utilizing HMAC function. Title: Re: Security of a message signed with bitcoin-core Post by: BrewMaster on February 11, 2020, 05:26:00 PM secondly there are no random numbers being generated when creating a signature (both during message signing or transaction signing). everything is being done deterministically, meaning nonce is generated using your key and the message utilizing HMAC function. Wrong, k value must be randomly generated. 2 signature with same k value can be used to find out private key of your Bitcoin. k has to be a number that can not be guessed. that is why it is suggested to choose a random one, but later on they realized that you can't rely on RNGs so they came up with a new idea to generate it deterministically using your private key and the message being signed. that is why when you sign same message with same private key you always get the same exact signature. check out RFC-6979 for more details. in fact nowadays most wallet only use an RNG once per wallet and that is when you create the wallet to generate your seed then every future private key and every signature's k is being generated deterministically without needing RNGs anymore. |