multibit restore process

[Johnctb]

I have a theoretical/knowledge question on how multibit can restore bitcoins that are owned by me. If I'm correct, Multibit uses the secret words to create keys. The public part is used to generate bitcoin addresses and the private part is used to prove ownership of the address. Multibit uses an offline database to store all information like the keys already generated, transactions and so forth. From the manual I understand that if all this offline multibit info (the wallet/database) is lost, it can still recover the bitcoins owned by me/the balance based on the secret words, as the keys are generated in a deterministic manner.  But, how exactly does it know which address are mine? And further more, how does it now it has all of them?

My assumption is that it would  re-generate the keys (afaik they should be equal to the keys that were generated in the original wallet) and then use the blockchain to re-compose my balance. However, this would mean it should scan the entire blockchain, won't that take for ages? Further more, if I'm a heavy bitcoin user and already generated more then 10.000 addresses, then it should scan all of them? And how does it know I 'only' have 10.000 addresses? It could well be 100.000. At a given point I would probably notice that it's still incomplete as my balance is not matching, but suppose I totally forgot how much bitcoins I had.
Any light shed on this would be appreciated :-)

[achow101]

 But, how exactly does it know which address are mine?

Because the addresses are deterministically generated from the seed. The seed is a large random number (it's really a private key) and is supposed to be unique for each person.

And further more, how does it now it has all of them?

My assumption is that it would  re-generate the keys (afaik they should be equal to the keys that were generated in the original wallet) and then use the blockchain to re-compose my balance. However, this would mean it should scan the entire blockchain, won't that take for ages? Further more, if I'm a heavy bitcoin user and already generated more then 10.000 addresses, then it should scan all of them? And how does it know I 'only' have 10.000 addresses? It could well be 100.000. At a given point I would probably notice that it's still incomplete as my balance is not matching, but suppose I totally forgot how much bitcoins I had.
Any light shed on this would be appreciated :-)

It doesn't. That's why the seed words are not necessarily a catch all backup. The best backup is to actually backup the wallet files periodically. When you restore from a seed it will generate some number of addresses, but it does not know that whether it has generated too many or too little addresses.

In order to get the balances, it does actually have to scan the blockchain. It will actually request from connected nodes the transactions pertaining to your addresses (and while doing so potentially leak information).

[Johnctb]

In order to get the balances, it does actually have to scan the blockchain. It will actually request from connected nodes the transactions pertaining to your addresses (and while doing so potentially leak information).

Couldn't it use the blockchain offline?

[achow101]

In order to get the balances, it does actually have to scan the blockchain. It will actually request from connected nodes the transactions pertaining to your addresses (and while doing so potentially leak information).

Couldn't it use the blockchain offline?

And how do you plan on getting the blockchain offline and keep it up do date? Keeping the blockchain on your local computer is not running an SPV wallet which Multibit is. At that point, you are running a full node which defeats the purpose of a SPV wallet.

[Abdussamad]

However, this would mean it should scan the entire blockchain, won't that take for ages?

The answer to your question is bloom filters. It's supposed to be a way to request transaction data from full nodes without revealing your addresses. Unfortunately the theory doesn't hold out in practice and it does leak out info about your addresses:

http://bitcoin.stackexchange.com/a/40949

Further more, if I'm a heavy bitcoin user and already generated more then 10.000 addresses, then it should scan all of them? And how does it know I 'only' have 10.000 addresses? It could well be 100.000. At a given point I would probably notice that it's still incomplete as my balance is not matching, but suppose I totally forgot how much bitcoins I had.
Any light shed on this would be appreciated :-)

Deterministic wallets employ a concept called a gap limit or "lookahead". Think of the gap limit as the number of unused addresses (as in no transactions on the blockchain) from the index of the last used address that the wallet keeps watching. So for example in electrum the gap limit is 20. Other wallets have more or less. If you have a large block of unused addresses and that block is larger than your gap limit then it's quite possible that multibit won't look for transactions there. Then you have to manually instruct multibit to increase its gap limit. You can do this in electrum so I'm sure there is a way to tell multibit to do the same.

Couldn't it use the blockchain offline?

What you can do is have a split setup where you have an offline wallet with the secret seed and an online wallet that only contains the public keys i.e. a watch-only wallet. You create transactions on the online wallet, sneakernet it to the offline wallet for signing and then back to the online wallet to broadcast it. Armory and electrum support this sort of "cold storage" setup.