Bitcoin Forum
June 17, 2024, 03:20:52 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Keeping the addresses generated from deterministic wallet PubKey seed secret.  (Read 1094 times)
No_2 (OP)
Hero Member
*****
Offline Offline

Activity: 901
Merit: 1033


BTC: the beginning of stake-based public resources


View Profile
December 07, 2015, 12:06:40 PM
Merited by ABCbits (2)
 #1

I have the following use case: I want to generate a series of public keys from which to create Bitcoin addresses from a deterministic wallet, but I do not want anyone to know or be able to predict what my sequence of addresses will be.

So my question is: can I keep the public key seed on a cold storage machine and generate public keys on an as needed basis without revealing what the next public key or address in the sequence is likely to be?
achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 3430
Merit: 6705


Just writing some code


View Profile WWW
December 07, 2015, 12:41:58 PM
 #2

Yes. There is no need for anyone to know what your master public key is.

No_2 (OP)
Hero Member
*****
Offline Offline

Activity: 901
Merit: 1033


BTC: the beginning of stake-based public resources


View Profile
December 08, 2015, 11:45:08 AM
 #3

I should be clearer: I don't want anyone to be able to work out what the next address in the sequence will be, e.g. if I've generated 100 addresses in sequence and used them publicly will anyone be able to guess what address 101 would be without the pubkey seed?
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1520


No I dont escrow anymore.


View Profile WWW
December 08, 2015, 11:52:22 AM
Merited by ABCbits (1)
 #4

I should be clearer: I don't want anyone to be able to work out what the next address in the sequence will be, e.g. if I've generated 100 addresses in sequence and used them publicly will anyone be able to guess what address 101 would be without the pubkey seed?

isnt this given with hardened keys?

-> https://bitcoin.org/en/developer-guide#hardened-keys

Assuming you also keep the xpub key secret as knightdk suggested.

Im not really here, its just your imagination.
hhanh00
Sr. Member
****
Offline Offline

Activity: 467
Merit: 266


View Profile
December 09, 2015, 06:40:14 AM
 #5

You don't need hardened keys for this scenario. If you only publish the addresses, no-one can figure out the next in sequence.

shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1520


No I dont escrow anymore.


View Profile WWW
December 09, 2015, 08:45:28 AM
 #6

You don't need hardened keys for this scenario. If you only publish the addresses, no-one can figure out the next in sequence.

So you can never spend the coins because this would expose the public key which would allow to derive further addresses?

Im not really here, its just your imagination.
Carlton Banks
Legendary
*
Offline Offline

Activity: 3430
Merit: 3074



View Profile
December 09, 2015, 11:37:04 AM
Merited by ABCbits (2)
 #7

You don't need hardened keys for this scenario. If you only publish the addresses, no-one can figure out the next in sequence.

So you can never spend the coins because this would expose the public key which would allow to derive further addresses?

But surely the public key of a single address cannot be used to infer the value of the xpub that generated it? The link to hardened keys suggests that the public key and the corresponding chaincode need to be exposed for that to be possible, so what am I missing?

Vires in numeris
hhanh00
Sr. Member
****
Offline Offline

Activity: 467
Merit: 266


View Profile
December 09, 2015, 01:59:04 PM
 #8

You don't need hardened keys for this scenario. If you only publish the addresses, no-one can figure out the next in sequence.

So you can never spend the coins because this would expose the public key which would allow to derive further addresses?

Well, you can also use the public key as long as you don't show the chain code.

shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1520


No I dont escrow anymore.


View Profile WWW
December 09, 2015, 09:21:34 PM
 #9

For now thanks for the answers even though it was not my thread. I feel I need more time reading and thinking about it.

Im not really here, its just your imagination.
fbueller
Sr. Member
****
Offline Offline

Activity: 412
Merit: 275


View Profile
December 11, 2015, 02:05:48 PM
 #10

If you return only a public key, it's impossible to derive anything else in sequence.

A key is derived as Px + H(Chaincode || Keydata). It's impossible to guess the input to this second part, so you're all good.

You probably don't need to leak more than the public key - don't reveal any extended public keys.

Bitwasp Developer.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!