Preventing loss of Bitcoin addresses

[27QVUTZj8rgZP1]

People said Bitcoin private keys should be random, and generated from a random source. OK, I agree.

But I see there is a problem with that kind of usage as losing keys are very easy and remembering all of them is not practical.

Deterministic wallets solve the problem, but you still have to rely on complicated parsing of data and software to interpret them.


Then why not simply one pick a random private key:

Code:

0x72401339D3318F8FA1707C21447D220ED03D1086E1D0388F976C8DE223619C77

And mask it with a random pattern, for example I know I will not use more than 4 294 967 296 addresses in my lifetime then we can do:

Code:

0xFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
and
0x72401339D3318F8FA1707C21447D220ED03D1086E1D0388F976C8DE223619C77
------------------------------------------------------------------
0x72401339D3318F8000000001447D220ED03D1086E1D0388F976C8DE223619C77

Then I know all my private keys are within the range:

Code:

0x72401339D3318F8000000001447D220ED03D1086E1D0388F976C8DE223619C77 - 0x72401339D3318F8FFFFFFFF1447D220ED03D1086E1D0388F976C8DE223619C77

And this can be applied to most (if not all) coins. A single point of failure, we can even write it down on a piece of paper easily; no need to track thousands of random private keys that can get lost or a big and complicated to parse file you can't write down.


I am not saying everyone should adopt this method or anything, this choice is personal.


My question is: There are any known problems or risks of using such a method? Is there a weakness somehow for using addresses like that? It is OK "x and x+1" private keys, or should this be avoided?


Thank you!


EDIT:
Probably a less riskier, more realistic, yet simple alternative (about 1 million addresses, which is more than enough for most people):

Random key:

Code:

0x397263A2C8131ABE3BEF02ECCA92F3AC751C50B7232816A9767B0386710DA6DF

Random mask:

Code:

0xFFFFFFF0FFFFFFFFFFFFF0FFFFFFFFFF0FFFF0FFFFFFFFFFFFFFFFF0FFFFFFFF

Addresses range:

Code:

0x397263A0C8131ABE3BEF00ECCA92F3AC051C50B7232816A9767B0380710DA6DF - 0x397263AFC8131ABE3BEF0FECCA92F3ACF51C5FB7232816A9767B038F710DA6DF

It may be a bit inconvenient to generate many addresses, but just a quick script will do that. The important is that you just need one key and one mask, the rest is just simple.

[achow101]

If one of your private keys were compromised, then whoever has that private key will be able to figure out the rest of your private keys. All they have to do is go a few billion keys +/- of the one they have and they can get all of the private keys that you will ever use.

BIP32 derivation is vastly superior. In order to figure out all of your private keys, an attacker would need to know the master private key and the derivation paths. This means that if one of your private keys were compromised, your whole wallet isn't compromised. It is far easier to protect one key than it is to protect billions of keys.

[27QVUTZj8rgZP1]

If one of your private keys were compromised, then whoever has that private key will be able to figure out the rest of your private keys. All they have to do is go a few billion keys +/- of the one they have and they can get all of the private keys that you will ever use.

BIP32 derivation is vastly superior. In order to figure out all of your private keys, an attacker would need to know the master private key and the derivation paths. This means that if one of your private keys were compromised, your whole wallet isn't compromised. It is far easier to protect one key than it is to protect billions of keys.

OK, we know the risks of getting stolen are higher. But I still believe the benefits outweighs the risks, just be careful. But are there any technical risks?

BIP32 seems too complicated, I am looking for something I can calculate in mind without effort. Then can easily obtained by hand, without additional code I may not have access to, and still secure (i.e. not technically exploitable).


What if we change the way its range is obtained to a less obvious one, like this. The good thing is that we can set our own simple customized rules:

Random key:

Code:

0x72401339D3318F8FA1707C21447D220ED03D1086E1D0388F976C8DE223619C77

Random mask:

Code:

0xFFFF00FFFFFFFF00FFFFFFFFFFFFFFFF00FFFFFFFFFFFFFFFFFF00FFFFFFFFFF

In this case, valid range would be:

Code:

0x72400039D3318F00A1707C21447D220E003D1086E1D0388F976C00E223619C77 - 7240FF39D3318FFFA1707C21447D220EFF3D1086E1D0388F976CFFE223619C77

Not sure if one would even bother try the same thing you did with the other to figure out near keys, that is in case any of my keys are stolen.

Or we can try more tricky things, yet without loosing simplicity and portability (i.e. can be write down in a piece of paper, easily remembered, easy to execute).


Thank you for reading!

[cr1776]

If one of your private keys were compromised, then whoever has that private key will be able to figure out the rest of your private keys. All they have to do is go a few billion keys +/- of the one they have and they can get all of the private keys that you will ever use.

BIP32 derivation is vastly superior. In order to figure out all of your private keys, an attacker would need to know the master private key and the derivation paths. This means that if one of your private keys were compromised, your whole wallet isn't compromised. It is far easier to protect one key than it is to protect billions of keys.

OK, we know the risks of getting stolen are higher. But I still believe the benefits outweighs the risks, just be careful. But are there any technical risks?

BIP32 seems too complicated, I am looking for something I can calculate in mind without effort. Then can easily obtained by hand, without additional code I may not have access to, and still secure (i.e. not technically exploitable).


What if we change the way its range is obtained to a less obvious one, like this. The good thing is that we can set our own simple customized rules:

Random key:

Code:

0x72401339D3318F8FA1707C21447D220ED03D1086E1D0388F976C8DE223619C77

Random mask:

Code:

0xFFFF00FFFFFFFF00FFFFFFFFFFFFFFFF00FFFFFFFFFFFFFFFFFF00FFFFFFFFFF

In this case, valid range would be:

Code:

0x72400039D3318F00A1707C21447D220E003D1086E1D0388F976C00E223619C77 - 7240FF39D3318FFFA1707C21447D220EFF3D1086E1D0388F976CFFE223619C77

Not sure if one would even bother try the same thing you did with the other to figure out near keys, that is in case any of my keys are stolen.

Or we can try more tricky things, yet without loosing simplicity and portability (i.e. can be write down in a piece of paper, easily remembered, easy to execute).


Thank you for reading!

You can always write up a BIP and implement something with your proposal and see if there is demand for it knowing the strengths and weaknesses.