Deterministic Address and Quantum Computing

[adaseb]

On Reddit there is a lot of talk about public keys being easily crackable in the near future due to the advancement of Quantum computing.

Many wallets such as Electrum use Deterministic keys, so one seed can create hundreds of addresses and if you know the private key of 1 address you can easily derive the private keys of the addresses remaining in the wallet.

So lets say some individual with 1000 BTC in their wallet, never reuses the same address, each transaction change goes to a brand new change address. However since the keys are deterministic can't someone find the private key of the unspend address since they can easily follow the trail and crack the public key of a spent transaction and use that to find all the wallets BTC address and change addresses?

[achow101]

On Reddit there is a lot of talk about public keys being easily crackable in the near future due to the advancement of Quantum computing.

Many wallets such as Electrum use Deterministic keys, so one seed can create hundreds of addresses and if you know the private key of 1 address you can easily derive the private keys of the addresses remaining in the wallet.

So lets say some individual with 1000 BTC in their wallet, never reuses the same address, each transaction change goes to a brand new change address. However since the keys are deterministic can't someone find the private key of the unspend address since they can easily follow the trail and crack the public key of a spent transaction and use that to find all the wallets BTC address and change addresses?

No, that is not how HD wallets work. The private keys are not derived in a chain one after the other. They are all derived from a master private key. It is a tree structure, not a linked list. This means that if the master private key is discovered, then all of the private keys in the wallet are known. However if only 1 child private key is known, then no other private keys can be derived. The only caveat to that is if non-hardened derivation were used and the master public key were known then the master private key can be derived and from there the rest of the child private keys.

This does not require any sort of quantum computing at all either.

[adaseb]

On Reddit there is a lot of talk about public keys being easily crackable in the near future due to the advancement of Quantum computing.

Many wallets such as Electrum use Deterministic keys, so one seed can create hundreds of addresses and if you know the private key of 1 address you can easily derive the private keys of the addresses remaining in the wallet.

So lets say some individual with 1000 BTC in their wallet, never reuses the same address, each transaction change goes to a brand new change address. However since the keys are deterministic can't someone find the private key of the unspend address since they can easily follow the trail and crack the public key of a spent transaction and use that to find all the wallets BTC address and change addresses?

No, that is not how HD wallets work. The private keys are not derived in a chain one after the other. They are all derived from a master private key. It is a tree structure, not a linked list. This means that if the master private key is discovered, then all of the private keys in the wallet are known. However if only 1 child private key is known, then no other private keys can be derived. The only caveat to that is if non-hardened derivation were used and the master public key were known then the master private key can be derived and from there the rest of the child private keys.

This does not require any sort of quantum computing at all either.

I did not know that.

Because when I exported my private keys in Electrum there is a warning "EXPOSING A SINGLE PRIVATE KEY CAN COMPROMISE YOUR ENTIRE WALLET!"

So if 1 Private Key is exposed AND one's computer gets hacked which has only the watching address, they can get the Master Public key from there and calculate the rest of the private keys in the wallet using those 2 variables?

[achow101]

I did not know that.

Because when I exported my private keys in Electrum there is a warning "EXPOSING A SINGLE PRIVATE KEY CAN COMPROMISE YOUR ENTIRE WALLET!"

So if 1 Private Key is exposed AND one's computer gets hacked which has only the watching address, they can get the Master Public key from there and calculate the rest of the private keys in the wallet using those 2 variables?

Yes. This only applies to non-hardened derivation, which is what most wallets use (including Electrum) as that is what allows for watching only wallets. Hardened derivation prevents this but also means that you can't have a watching-only wallet as easily (it requires going back to the offline machine to generate a bunch more addresses instead of generating from the master public key).

[adaseb]

I did not know that.

Because when I exported my private keys in Electrum there is a warning "EXPOSING A SINGLE PRIVATE KEY CAN COMPROMISE YOUR ENTIRE WALLET!"

So if 1 Private Key is exposed AND one's computer gets hacked which has only the watching address, they can get the Master Public key from there and calculate the rest of the private keys in the wallet using those 2 variables?

Yes. This only applies to non-hardened derivation, which is what most wallets use (including Electrum) as that is what allows for watching only wallets. Hardened derivation prevents this but also means that you can't have a watching-only wallet as easily (it requires going back to the offline machine to generate a bunch more addresses instead of generating from the master public key).

So as long as you keep your Master Public Key safe there is a very low chance of someone finding your Master Private Key even if they manage to use a Quantum computer and crack 1 private key from a public key that was used in a previous transaction in the same wallet?

[achow101]

So as long as you keep your Master Public Key safe there is a very low chance of someone finding your Master Private Key even if they manage to use a Quantum computer and crack 1 private key from a public key that was used in a previous transaction in the same wallet?

Yes. If someone has a quantum computer that can get private keys from public keys, then if that person gets just your Master Public Key, you're screwed anyways as they can then get your Master Private Key.

[adaseb]

So as long as you keep your Master Public Key safe there is a very low chance of someone finding your Master Private Key even if they manage to use a Quantum computer and crack 1 private key from a public key that was used in a previous transaction in the same wallet?

Yes. If someone has a quantum computer that can get private keys from public keys, then if that person gets just your Master Public Key, you're screwed anyways as they can then get your Master Private Key.

Ok now I understand. Thanks for your help.