Bitcoin Forum
November 02, 2024, 04:08:02 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Offline key generation  (Read 4494 times)
Timo Y (OP)
Legendary
*
Offline Offline

Activity: 938
Merit: 1001


bitcoin - the aerogel of money


View Profile
October 29, 2010, 12:19:33 PM
Last edit: October 29, 2010, 12:30:56 PM by foreverdamaged
 #1

I am trying to set up a "savings account" where I can be 100% certain that the private key of a bitcoin address never comes in contact with the internet:

1. generate a private/public key pair while not connected to other peers, on an offline machine.
2. copy only the public key to the online machine.
3. connect to peers
4. receive payments
5. copy private key to online machine only to send a payment.

Is this doable?

GPG ID: FA868D77   bitcoin-otc:forever-d
theymos
Administrator
Legendary
*
Offline Offline

Activity: 5376
Merit: 13348


View Profile
October 29, 2010, 12:31:58 PM
 #2

It's technically possible, but Bitcoin isn't yet able to import/export keys. You could probably do something like that by swapping wallet files around, though the "checking" account wouldn't detect transactions to the "savings" account.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1008


1davout


View Profile WWW
October 29, 2010, 10:30:19 PM
 #3

I don't really see the point of copying the public key to the online machine.

In any case, in my understanding, you can receive money on an offline wallet, if you just copy the up to date block chain to the offline machine the correct balance should appear for your wallet.

Your safety measures become moot once you copy the private key over to the online machine to make a payment.

Still in my understanding, the most secure way of making a payment would be to get a fresh block chain to the offline machine, somehow export a signed transaction to a USB stick and then broadcast it from an online machine, this way, your private key *never* gets in contact with the internet

Timo Y (OP)
Legendary
*
Offline Offline

Activity: 938
Merit: 1001


bitcoin - the aerogel of money


View Profile
November 03, 2010, 08:19:09 PM
 #4

In any case, in my understanding, you can receive money on an offline wallet, if you just copy the up to date block chain to the offline machine the correct balance should appear for your wallet.

Yes you can, but in my undestanding, that offline wallet needs to have been online at least once, otherwise its public key(s) are not known to the bitcoin network. If you try to send money to a bitcoin address that has never been online you'll get an error message - try it.

Hence the need to copy only the public key to the online machine.

GPG ID: FA868D77   bitcoin-otc:forever-d
Gavin Andresen
Legendary
*
Offline Offline

Activity: 1652
Merit: 2301


Chief Scientist


View Profile WWW
November 03, 2010, 08:26:28 PM
 #5

Yes you can, but in my undestanding, that offline wallet needs to have been online at least once, otherwise its public key(s) are not known to the bitcoin network.

That's not right-- the person paying you doesn't know your public key, they just know your bitcoin address (which is a 160-bit hash of your public key).

You can (and I have) send bitcoins to ANY 160-bit bitcoin address, whether or not there actually is a public/private keypair corresponding to that address.

How often do you get the chance to work on a potentially world-changing project?
nelisky
Legendary
*
Offline Offline

Activity: 1540
Merit: 1002


View Profile
November 03, 2010, 08:49:42 PM
 #6

Yes you can, but in my undestanding, that offline wallet needs to have been online at least once, otherwise its public key(s) are not known to the bitcoin network.

That's not right-- the person paying you doesn't know your public key, they just know your bitcoin address (which is a 160-bit hash of your public key).

You can (and I have) send bitcoins to ANY 160-bit bitcoin address, whether or not there actually is a public/private keypair corresponding to that address.


Are those coins lost? Or if someone were to magically get a wallet that corresponded to that public key, would it then be deposited into their account? (Chances of course very small)
[/quote

Could that be an attack vector? I know chances are very *very* slim, but what if I was to put 100 high powered machines generating keys at random, would that potentially net me access to someone else's wallet, or part thereof?
theymos
Administrator
Legendary
*
Offline Offline

Activity: 5376
Merit: 13348


View Profile
November 03, 2010, 09:09:35 PM
 #7

Are those coins lost? Or if someone were to magically get a wallet that corresponded to that public key, would it then be deposited into their account? (Chances of course very small)
If someone happened to generate a colliding address, the amount would be added to their account. It's so unlikely that the coins should be considered lost.

See http://www.bitcoin.org/wiki/doku.php?id=address

Could that be an attack vector? I know chances are very *very* slim, but what if I was to put 100 high powered machines generating keys at random, would that potentially net me access to someone else's wallet, or part thereof?

No. It's too unlikely. It'd never be profitable, and it probably isn't even possible to do in any reasonable time frame (<20 years).

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1008


1davout


View Profile WWW
November 03, 2010, 09:13:24 PM
 #8

Could that be an attack vector? I know chances are very *very* slim, but what if I was to put 100 high powered machines generating keys at random, would that potentially net me access to someone else's wallet, or part thereof?

Yes. But I think it's pretty unlikely, but who knows, if bitcoins get really widespread and they're very fractioned, lots of addresses might end up with positive balance, thus increasing your chances.

However I'm way too lazy to even think of putting figures in front of such a statement Cheesy

davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1008


1davout


View Profile WWW
November 03, 2010, 09:45:32 PM
 #9

Sha-1 has 4 billion times as many combinations as a 120 bit md5... for an idea of how many possibilities there are for a 160-bit combo.

Good luck.
brb, building quantum computer

ribuck
Donator
Hero Member
*
Offline Offline

Activity: 826
Merit: 1060


View Profile
November 03, 2010, 09:47:43 PM
 #10

brb, building quantum computer
Your quantum computer will have much more profitable targets than trying to find some very sparsely-distributed bitcoin keys.
davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1008


1davout


View Profile WWW
November 03, 2010, 09:49:43 PM
 #11

brb, building quantum computer
Your quantum computer will have much more profitable targets than trying to find some very sparsely-distributed bitcoin keys.
I'll probably be both dead and alive simultaneously when quantum computers actually show up

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!