Bitcoin Forum
July 21, 2018, 09:44:55 PM *
News: Latest stable version of Bitcoin Core: 0.16.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Deterministic Address and Quantum Computing  (Read 508 times)
adaseb
Legendary
*
Online Online

Activity: 1666
Merit: 1058



View Profile
June 23, 2017, 10:13:06 PM
 #1

On Reddit there is a lot of talk about public keys being easily crackable in the near future due to the advancement of Quantum computing.

Many wallets such as Electrum use Deterministic keys, so one seed can create hundreds of addresses and if you know the private key of 1 address you can easily derive the private keys of the addresses remaining in the wallet.

So lets say some individual with 1000 BTC in their wallet, never reuses the same address, each transaction change goes to a brand new change address. However since the keys are deterministic can't someone find the private key of the unspend address since they can easily follow the trail and crack the public key of a spent transaction and use that to find all the wallets BTC address and change addresses?


.FORTUNE.JACK.
      ▄▄███████▄▄
   ▄████▀▀ ▄ ██████▄
  ████ ▄▄███ ████████
 █████▌▐███▌ ▀▄ ▀█████
███████▄██▀▀▀▀▄████████
█████▀▄▄▄▄█████████████
████▄▄▄▄ █████████████
 ██████▌ ███▀████████
  ███████▄▀▄████████
   ▀█████▀▀███████▀
      ▀▀██████▀▀
         
         █
...FortuneJack.com                                             
...THE BIGGEST BITCOIN GAMBLING SITE
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██
█████████▀███████████▄
██████████▀   ▀██████████
█████████▀       ▀█████████
████████           ████████
████████▄   ▄ ▄   ▄████████
██████████▀   ▀██████████
 ▀██
█████████████████████▀
  ▀██
███████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
#JACKMATE
WIN 1 BTC
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████▀█████▀██████████
███████▀░░▀░░░░░▀░░▀███████
██████▌░░░░░░░░░░░░░▐██████
██████░░░░██░░░██░░░░██████
█████▌░░░░▀▀░░░▀▀░░░░▐█████
██████▄░░▄▄▄░░░▄▄▄░░▄██████
████████▄▄███████▄▄████████

███████████████████████████
███████████████████████████
▀█████████████████████████▀
1532209496
Hero Member
*
Offline Offline

Posts: 1532209496

View Profile Personal Message (Offline)

Ignore
1532209496
Reply with quote  #2

1532209496
Report to moderator
1532209496
Hero Member
*
Offline Offline

Posts: 1532209496

View Profile Personal Message (Offline)

Ignore
1532209496
Reply with quote  #2

1532209496
Report to moderator
1532209496
Hero Member
*
Offline Offline

Posts: 1532209496

View Profile Personal Message (Offline)

Ignore
1532209496
Reply with quote  #2

1532209496
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1532209496
Hero Member
*
Offline Offline

Posts: 1532209496

View Profile Personal Message (Offline)

Ignore
1532209496
Reply with quote  #2

1532209496
Report to moderator
1532209496
Hero Member
*
Offline Offline

Posts: 1532209496

View Profile Personal Message (Offline)

Ignore
1532209496
Reply with quote  #2

1532209496
Report to moderator
1532209496
Hero Member
*
Offline Offline

Posts: 1532209496

View Profile Personal Message (Offline)

Ignore
1532209496
Reply with quote  #2

1532209496
Report to moderator
achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 1470
Merit: 1471


3F1Y9yquzvY6RWvKbw2n2zeo9V5mvBhADU


View Profile WWW
June 23, 2017, 10:17:36 PM
 #2

On Reddit there is a lot of talk about public keys being easily crackable in the near future due to the advancement of Quantum computing.

Many wallets such as Electrum use Deterministic keys, so one seed can create hundreds of addresses and if you know the private key of 1 address you can easily derive the private keys of the addresses remaining in the wallet.

So lets say some individual with 1000 BTC in their wallet, never reuses the same address, each transaction change goes to a brand new change address. However since the keys are deterministic can't someone find the private key of the unspend address since they can easily follow the trail and crack the public key of a spent transaction and use that to find all the wallets BTC address and change addresses?
No, that is not how HD wallets work. The private keys are not derived in a chain one after the other. They are all derived from a master private key. It is a tree structure, not a linked list. This means that if the master private key is discovered, then all of the private keys in the wallet are known. However if only 1 child private key is known, then no other private keys can be derived. The only caveat to that is if non-hardened derivation were used and the master public key were known then the master private key can be derived and from there the rest of the child private keys.

This does not require any sort of quantum computing at all either.

adaseb
Legendary
*
Online Online

Activity: 1666
Merit: 1058



View Profile
June 23, 2017, 10:30:36 PM
 #3

On Reddit there is a lot of talk about public keys being easily crackable in the near future due to the advancement of Quantum computing.

Many wallets such as Electrum use Deterministic keys, so one seed can create hundreds of addresses and if you know the private key of 1 address you can easily derive the private keys of the addresses remaining in the wallet.

So lets say some individual with 1000 BTC in their wallet, never reuses the same address, each transaction change goes to a brand new change address. However since the keys are deterministic can't someone find the private key of the unspend address since they can easily follow the trail and crack the public key of a spent transaction and use that to find all the wallets BTC address and change addresses?
No, that is not how HD wallets work. The private keys are not derived in a chain one after the other. They are all derived from a master private key. It is a tree structure, not a linked list. This means that if the master private key is discovered, then all of the private keys in the wallet are known. However if only 1 child private key is known, then no other private keys can be derived. The only caveat to that is if non-hardened derivation were used and the master public key were known then the master private key can be derived and from there the rest of the child private keys.

This does not require any sort of quantum computing at all either.

I did not know that.

Because when I exported my private keys in Electrum there is a warning "EXPOSING A SINGLE PRIVATE KEY CAN COMPROMISE YOUR ENTIRE WALLET!"

So if 1 Private Key is exposed AND one's computer gets hacked which has only the watching address, they can get the Master Public key from there and calculate the rest of the private keys in the wallet using those 2 variables?


.FORTUNE.JACK.
      ▄▄███████▄▄
   ▄████▀▀ ▄ ██████▄
  ████ ▄▄███ ████████
 █████▌▐███▌ ▀▄ ▀█████
███████▄██▀▀▀▀▄████████
█████▀▄▄▄▄█████████████
████▄▄▄▄ █████████████
 ██████▌ ███▀████████
  ███████▄▀▄████████
   ▀█████▀▀███████▀
      ▀▀██████▀▀
         
         █
...FortuneJack.com                                             
...THE BIGGEST BITCOIN GAMBLING SITE
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██
█████████▀███████████▄
██████████▀   ▀██████████
█████████▀       ▀█████████
████████           ████████
████████▄   ▄ ▄   ▄████████
██████████▀   ▀██████████
 ▀██
█████████████████████▀
  ▀██
███████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
#JACKMATE
WIN 1 BTC
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████▀█████▀██████████
███████▀░░▀░░░░░▀░░▀███████
██████▌░░░░░░░░░░░░░▐██████
██████░░░░██░░░██░░░░██████
█████▌░░░░▀▀░░░▀▀░░░░▐█████
██████▄░░▄▄▄░░░▄▄▄░░▄██████
████████▄▄███████▄▄████████

███████████████████████████
███████████████████████████
▀█████████████████████████▀
achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 1470
Merit: 1471


3F1Y9yquzvY6RWvKbw2n2zeo9V5mvBhADU


View Profile WWW
June 23, 2017, 11:21:49 PM
 #4

I did not know that.

Because when I exported my private keys in Electrum there is a warning "EXPOSING A SINGLE PRIVATE KEY CAN COMPROMISE YOUR ENTIRE WALLET!"

So if 1 Private Key is exposed AND one's computer gets hacked which has only the watching address, they can get the Master Public key from there and calculate the rest of the private keys in the wallet using those 2 variables?
Yes. This only applies to non-hardened derivation, which is what most wallets use (including Electrum) as that is what allows for watching only wallets. Hardened derivation prevents this but also means that you can't have a watching-only wallet as easily (it requires going back to the offline machine to generate a bunch more addresses instead of generating from the master public key).

adaseb
Legendary
*
Online Online

Activity: 1666
Merit: 1058



View Profile
June 23, 2017, 11:29:33 PM
 #5

I did not know that.

Because when I exported my private keys in Electrum there is a warning "EXPOSING A SINGLE PRIVATE KEY CAN COMPROMISE YOUR ENTIRE WALLET!"

So if 1 Private Key is exposed AND one's computer gets hacked which has only the watching address, they can get the Master Public key from there and calculate the rest of the private keys in the wallet using those 2 variables?
Yes. This only applies to non-hardened derivation, which is what most wallets use (including Electrum) as that is what allows for watching only wallets. Hardened derivation prevents this but also means that you can't have a watching-only wallet as easily (it requires going back to the offline machine to generate a bunch more addresses instead of generating from the master public key).

So as long as you keep your Master Public Key safe there is a very low chance of someone finding your Master Private Key even if they manage to use a Quantum computer and crack 1 private key from a public key that was used in a previous transaction in the same wallet?



.FORTUNE.JACK.
      ▄▄███████▄▄
   ▄████▀▀ ▄ ██████▄
  ████ ▄▄███ ████████
 █████▌▐███▌ ▀▄ ▀█████
███████▄██▀▀▀▀▄████████
█████▀▄▄▄▄█████████████
████▄▄▄▄ █████████████
 ██████▌ ███▀████████
  ███████▄▀▄████████
   ▀█████▀▀███████▀
      ▀▀██████▀▀
         
         █
...FortuneJack.com                                             
...THE BIGGEST BITCOIN GAMBLING SITE
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██
█████████▀███████████▄
██████████▀   ▀██████████
█████████▀       ▀█████████
████████           ████████
████████▄   ▄ ▄   ▄████████
██████████▀   ▀██████████
 ▀██
█████████████████████▀
  ▀██
███████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
#JACKMATE
WIN 1 BTC
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████▀█████▀██████████
███████▀░░▀░░░░░▀░░▀███████
██████▌░░░░░░░░░░░░░▐██████
██████░░░░██░░░██░░░░██████
█████▌░░░░▀▀░░░▀▀░░░░▐█████
██████▄░░▄▄▄░░░▄▄▄░░▄██████
████████▄▄███████▄▄████████

███████████████████████████
███████████████████████████
▀█████████████████████████▀
achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 1470
Merit: 1471


3F1Y9yquzvY6RWvKbw2n2zeo9V5mvBhADU


View Profile WWW
June 23, 2017, 11:42:35 PM
 #6

So as long as you keep your Master Public Key safe there is a very low chance of someone finding your Master Private Key even if they manage to use a Quantum computer and crack 1 private key from a public key that was used in a previous transaction in the same wallet?
Yes. If someone has a quantum computer that can get private keys from public keys, then if that person gets just your Master Public Key, you're screwed anyways as they can then get your Master Private Key.

adaseb
Legendary
*
Online Online

Activity: 1666
Merit: 1058



View Profile
June 24, 2017, 12:36:27 AM
 #7

So as long as you keep your Master Public Key safe there is a very low chance of someone finding your Master Private Key even if they manage to use a Quantum computer and crack 1 private key from a public key that was used in a previous transaction in the same wallet?
Yes. If someone has a quantum computer that can get private keys from public keys, then if that person gets just your Master Public Key, you're screwed anyways as they can then get your Master Private Key.

Ok now I understand. Thanks for your help.

.FORTUNE.JACK.
      ▄▄███████▄▄
   ▄████▀▀ ▄ ██████▄
  ████ ▄▄███ ████████
 █████▌▐███▌ ▀▄ ▀█████
███████▄██▀▀▀▀▄████████
█████▀▄▄▄▄█████████████
████▄▄▄▄ █████████████
 ██████▌ ███▀████████
  ███████▄▀▄████████
   ▀█████▀▀███████▀
      ▀▀██████▀▀
         
         █
...FortuneJack.com                                             
...THE BIGGEST BITCOIN GAMBLING SITE
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██
█████████▀███████████▄
██████████▀   ▀██████████
█████████▀       ▀█████████
████████           ████████
████████▄   ▄ ▄   ▄████████
██████████▀   ▀██████████
 ▀██
█████████████████████▀
  ▀██
███████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
#JACKMATE
WIN 1 BTC
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████▀█████▀██████████
███████▀░░▀░░░░░▀░░▀███████
██████▌░░░░░░░░░░░░░▐██████
██████░░░░██░░░██░░░░██████
█████▌░░░░▀▀░░░▀▀░░░░▐█████
██████▄░░▄▄▄░░░▄▄▄░░▄██████
████████▄▄███████▄▄████████

███████████████████████████
███████████████████████████
▀█████████████████████████▀
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!