Electrum deterministic address questions

[RealBitcoin]

▣If one third party person knows a BTC address that is part of an electrum wallet, can he generate the other bitcoin addresses in that wallet based on that one address?

▣What if he knows multiple addresses, can he derive all addresses from that info?


▣Or only the master public key can generate the addresses?


▣How to keep the master public key hidden, so that nobody can know the addresses in that wallet? (because it's not protected like the private key)

[shorena]

If one third party person knows a BTC address that is part of an electrum wallet, can he generate the other bitcoin addresses in that wallet based on that one address?

No.

What if he knows multiple addresses, can he derive all addresses from that info?

No.

Or only the master public key can generate the addresses?

Yes.

How to keep the master public key hidden, so that nobody can know the addresses in that wallet? (because it's not protected like the private key)

Dont let anyone get your wallet file, which you should do anyway to avoid brute force attacks on your private keys.

[RealBitcoin]

If one third party person knows a BTC address that is part of an electrum wallet, can he generate the other bitcoin addresses in that wallet based on that one address?

No.

What if he knows multiple addresses, can he derive all addresses from that info?

No.

Or only the master public key can generate the addresses?

Yes.

How to keep the master public key hidden, so that nobody can know the addresses in that wallet? (because it's not protected like the private key)

Dont let anyone get your wallet file, which you should do anyway to avoid brute force attacks on your private keys.

Thanks, another quick question:


If a third party knows several addresses from the same electrum wallet, can he associate them with eachother, meaning that can he prove it that those addresses belong to the same wallet , without knowing the master pub key of course?

So if they know   A , B ,C addresses that are in the same wallet, can he prove that A B C are derived from the same master public key without knowing the master pub key?

Dont let anyone get your wallet file, which you should do anyway to avoid brute force attacks on your private keys.

Interesting but what if it's an electrum watch-only address.

The watch only is derived from the pub key, however it doesnt contain the private key.

So they can still obtain the pub key if you watch your money from a watch only wallet, and that can hurt your privacy.

[shorena]

-snip-
If a third party knows several addresses from the same electrum wallet, can he associate them with eachother, meaning that can he prove it that those addresses belong to the same wallet , without knowing the master pub key of course?

So if they know   A , B ,C addresses that are in the same wallet, can he prove that A B C are derived from the same master public key without knowing the master pub key?

Maybe, if the addresses are spend linked, yes. If not, not. Spend linked means that you use coins you received on A, B and C to create a single transaction. E.g. this TX -> https://blockchain.info/tx/dfb7be5a382e2575e52c7c09289c5eb04f9acecb117c54ae0921ce014977cb90
links 1ASFyXYMd7ffy5AFyoGnvQpc9dmxcN4438 to 1EQA6THR6wCgV8ZeuoZiVqEAMGb9S5sKJT

This method is not perfect as we two could create a TX together to fool people (usually called "CoinJoin" or "SharedCoin"), but its commonly accepted as "proof" when finding connections between addresses, at least here in the forum.

Dont let anyone get your wallet file, which you should do anyway to avoid brute force attacks on your private keys.

Interesting but what if it's an electrum watch-only address.

The watch only is derived from the pub key, however it doesnt contain the private key.

So they can still obtain the pub key if you watch your money from a watch only wallet, and that can hurt your privacy.

AFAIK a watch only wallet isnt protected by the password, so yes. A watch only wallet getting stolen would compromise your privacy, but not your coins.