Bitcoin Forum
November 22, 2017, 06:35:13 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Deterministic Address and Quantum Computing  (Read 481 times)
adaseb
Legendary
*
Offline Offline

Activity: 1428



View Profile
June 23, 2017, 10:13:06 PM
 #1

On Reddit there is a lot of talk about public keys being easily crackable in the near future due to the advancement of Quantum computing.

Many wallets such as Electrum use Deterministic keys, so one seed can create hundreds of addresses and if you know the private key of 1 address you can easily derive the private keys of the addresses remaining in the wallet.

So lets say some individual with 1000 BTC in their wallet, never reuses the same address, each transaction change goes to a brand new change address. However since the keys are deterministic can't someone find the private key of the unspend address since they can easily follow the trail and crack the public key of a spent transaction and use that to find all the wallets BTC address and change addresses?


FORTUNEJACK.COM[
                            
9 BTC WELCOME PACK FOR 1ST 5 DEPOSITS
FREE 1,000 mBTC daily for LuckyJack winners
[
          
]
1511375713
Hero Member
*
Offline Offline

Posts: 1511375713

View Profile Personal Message (Offline)

Ignore
1511375713
Reply with quote  #2

1511375713
Report to moderator
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511375713
Hero Member
*
Offline Offline

Posts: 1511375713

View Profile Personal Message (Offline)

Ignore
1511375713
Reply with quote  #2

1511375713
Report to moderator
1511375713
Hero Member
*
Offline Offline

Posts: 1511375713

View Profile Personal Message (Offline)

Ignore
1511375713
Reply with quote  #2

1511375713
Report to moderator
1511375713
Hero Member
*
Offline Offline

Posts: 1511375713

View Profile Personal Message (Offline)

Ignore
1511375713
Reply with quote  #2

1511375713
Report to moderator
achow101
Moderator
Legendary
*
Offline Offline

Activity: 1218


17kKQppUsngUiByDsce4JXoZEjjpvX9bpR


View Profile WWW
June 23, 2017, 10:17:36 PM
 #2

On Reddit there is a lot of talk about public keys being easily crackable in the near future due to the advancement of Quantum computing.

Many wallets such as Electrum use Deterministic keys, so one seed can create hundreds of addresses and if you know the private key of 1 address you can easily derive the private keys of the addresses remaining in the wallet.

So lets say some individual with 1000 BTC in their wallet, never reuses the same address, each transaction change goes to a brand new change address. However since the keys are deterministic can't someone find the private key of the unspend address since they can easily follow the trail and crack the public key of a spent transaction and use that to find all the wallets BTC address and change addresses?
No, that is not how HD wallets work. The private keys are not derived in a chain one after the other. They are all derived from a master private key. It is a tree structure, not a linked list. This means that if the master private key is discovered, then all of the private keys in the wallet are known. However if only 1 child private key is known, then no other private keys can be derived. The only caveat to that is if non-hardened derivation were used and the master public key were known then the master private key can be derived and from there the rest of the child private keys.

This does not require any sort of quantum computing at all either.

          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
.
|
.
|
          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
unthy
adaseb
Legendary
*
Offline Offline

Activity: 1428



View Profile
June 23, 2017, 10:30:36 PM
 #3

On Reddit there is a lot of talk about public keys being easily crackable in the near future due to the advancement of Quantum computing.

Many wallets such as Electrum use Deterministic keys, so one seed can create hundreds of addresses and if you know the private key of 1 address you can easily derive the private keys of the addresses remaining in the wallet.

So lets say some individual with 1000 BTC in their wallet, never reuses the same address, each transaction change goes to a brand new change address. However since the keys are deterministic can't someone find the private key of the unspend address since they can easily follow the trail and crack the public key of a spent transaction and use that to find all the wallets BTC address and change addresses?
No, that is not how HD wallets work. The private keys are not derived in a chain one after the other. They are all derived from a master private key. It is a tree structure, not a linked list. This means that if the master private key is discovered, then all of the private keys in the wallet are known. However if only 1 child private key is known, then no other private keys can be derived. The only caveat to that is if non-hardened derivation were used and the master public key were known then the master private key can be derived and from there the rest of the child private keys.

This does not require any sort of quantum computing at all either.

I did not know that.

Because when I exported my private keys in Electrum there is a warning "EXPOSING A SINGLE PRIVATE KEY CAN COMPROMISE YOUR ENTIRE WALLET!"

So if 1 Private Key is exposed AND one's computer gets hacked which has only the watching address, they can get the Master Public key from there and calculate the rest of the private keys in the wallet using those 2 variables?


FORTUNEJACK.COM[
                            
9 BTC WELCOME PACK FOR 1ST 5 DEPOSITS
FREE 1,000 mBTC daily for LuckyJack winners
[
          
]
achow101
Moderator
Legendary
*
Offline Offline

Activity: 1218


17kKQppUsngUiByDsce4JXoZEjjpvX9bpR


View Profile WWW
June 23, 2017, 11:21:49 PM
 #4

I did not know that.

Because when I exported my private keys in Electrum there is a warning "EXPOSING A SINGLE PRIVATE KEY CAN COMPROMISE YOUR ENTIRE WALLET!"

So if 1 Private Key is exposed AND one's computer gets hacked which has only the watching address, they can get the Master Public key from there and calculate the rest of the private keys in the wallet using those 2 variables?
Yes. This only applies to non-hardened derivation, which is what most wallets use (including Electrum) as that is what allows for watching only wallets. Hardened derivation prevents this but also means that you can't have a watching-only wallet as easily (it requires going back to the offline machine to generate a bunch more addresses instead of generating from the master public key).

          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
.
|
.
|
          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
unthy
adaseb
Legendary
*
Offline Offline

Activity: 1428



View Profile
June 23, 2017, 11:29:33 PM
 #5

I did not know that.

Because when I exported my private keys in Electrum there is a warning "EXPOSING A SINGLE PRIVATE KEY CAN COMPROMISE YOUR ENTIRE WALLET!"

So if 1 Private Key is exposed AND one's computer gets hacked which has only the watching address, they can get the Master Public key from there and calculate the rest of the private keys in the wallet using those 2 variables?
Yes. This only applies to non-hardened derivation, which is what most wallets use (including Electrum) as that is what allows for watching only wallets. Hardened derivation prevents this but also means that you can't have a watching-only wallet as easily (it requires going back to the offline machine to generate a bunch more addresses instead of generating from the master public key).

So as long as you keep your Master Public Key safe there is a very low chance of someone finding your Master Private Key even if they manage to use a Quantum computer and crack 1 private key from a public key that was used in a previous transaction in the same wallet?



FORTUNEJACK.COM[
                            
9 BTC WELCOME PACK FOR 1ST 5 DEPOSITS
FREE 1,000 mBTC daily for LuckyJack winners
[
          
]
achow101
Moderator
Legendary
*
Offline Offline

Activity: 1218


17kKQppUsngUiByDsce4JXoZEjjpvX9bpR


View Profile WWW
June 23, 2017, 11:42:35 PM
 #6

So as long as you keep your Master Public Key safe there is a very low chance of someone finding your Master Private Key even if they manage to use a Quantum computer and crack 1 private key from a public key that was used in a previous transaction in the same wallet?
Yes. If someone has a quantum computer that can get private keys from public keys, then if that person gets just your Master Public Key, you're screwed anyways as they can then get your Master Private Key.

          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
.
|
.
|
          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
unthy
adaseb
Legendary
*
Offline Offline

Activity: 1428



View Profile
June 24, 2017, 12:36:27 AM
 #7

So as long as you keep your Master Public Key safe there is a very low chance of someone finding your Master Private Key even if they manage to use a Quantum computer and crack 1 private key from a public key that was used in a previous transaction in the same wallet?
Yes. If someone has a quantum computer that can get private keys from public keys, then if that person gets just your Master Public Key, you're screwed anyways as they can then get your Master Private Key.

Ok now I understand. Thanks for your help.

FORTUNEJACK.COM[
                            
9 BTC WELCOME PACK FOR 1ST 5 DEPOSITS
FREE 1,000 mBTC daily for LuckyJack winners
[
          
]
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!