|
April 26, 2014, 10:13:53 PM |
|
This is why deterministic wallets are being so widely embraced. It is all upside, and no practical downsides except in community-unsupported use-cases where people want to reveal some of their private keys but not others.
Given any subset of private keys or public keys in a deterministic wallet, no matter how many, there is no way to know they are related, an extra piece of metadata stored in the wallet file called the "chaincode". Without the chaincode, it's all perfectly private.
This applies to Armory deterministic wallets, as well as BIP 32 wallet (which Armory will be migrating to, soon). In fact, BIP 32 has an additional, related feature that we plan to leverage for identity verification / webs-of-trust: you can give out your root public key (such as on your business card), and then provide a piece of metadata with each address you distribute, which proves that address is linked to the root public key on your business card. However, this proof does nothing more: it doesn't now allow them to prove any other addresses are related, it doesn't not let the sender generate any more of my own addresses. And I, as the receiver, don't have to provide the proof if I don't want them to know it's related to my root public key. So I can remain anonymous if I want to, or I can prove identity if I want to. They would need to have the chaincode in the wallet to learn any more-- and if they have access to my wallet, they have all that info anyway.
|