|
birr
|
 |
November 10, 2015, 05:44:49 AM
Last edit: November 10, 2015, 06:52:41 AM by birr |
|
A private key has 256 bits, or 64 hex characters. The private key in this example is be1583452771c1def6789be9ab5086bf3c18dd47aa99d785056ba330bcda7aaf Prepending 0x80 is the first step in converting to WIF. This wiki has a good explanation: https://en.bitcoin.it/wiki/Wallet_import_formatOf course the wallet details tab on bitaddress.org will do the conversion for you, also brainwallet.org, or similar tools. Safest to go to github for this kind of thing. |
|
|
|
|
|
|
|
|
|
"If you don't want people to know you're a scumbag then don't be a scumbag." -- margaritahuyan
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
windpath
Legendary
 Offline
Activity: 1258
Merit: 1027
|
|
November 10, 2015, 02:56:34 PM |
|
This tool works, but requires share format conversion. It's not very easy, but doable.
Let's take this 2-of-3 example from the spec:...
Thanks for taking the time to put this together! I got all the way up to "converting the result with Base58Check", thats where you lost me. I did review https://en.bitcoin.it/wiki/Base58Check_encoding but again, ended up feeling like it was greek. This has been a good exercise, and I will continue learning about the cryptography, but I'm really looking for something the average guy can use (i.e. me) to easily assemble Shamir's Secret Sharing keys into a Bitcoin WIF private key, does this not exist? |
|
|
|
|
|
birr
|
|
November 10, 2015, 04:27:23 PM
Last edit: November 10, 2015, 04:40:59 PM by birr |
|
This tool works, but requires share format conversion. It's not very easy, but doable.
Let's take this 2-of-3 example from the spec:...
Thanks for taking the time to put this together! I got all the way up to "converting the result with Base58Check", thats where you lost me. I did review https://en.bitcoin.it/wiki/Base58Check_encoding but again, ended up feeling like it was greek. This has been a good exercise, and I will continue learning about the cryptography, but I'm really looking for something the average guy can use (i.e. me) to easily assemble Shamir's Secret Sharing keys into a Bitcoin WIF private key, does this not exist? Let's pick up where cetus left off. There are tools on the web you can use to convert the private key from hex to WIF. For example, bitaddress.org. Refer to my previous post. To demonstrate the process: go to bitaddress.org and click on "wallet details.". Copy the private key be1583452771c1def6789be9ab5086bf3c18dd47aa99d785056ba330bcda7aaf (64 hex characters = 256 bits, the length of a private key. The prepended hex characters 80 are not part of the private key.) into the "private key" field. Bitaddres will then show the private key in WIF format, in text and qr code both. For this example it's okay to work online; however, when the time comes to work with addresses containing real funds, you should work offline. To do this, save the HTML of bitaddress.org, disconnect from the internet, and bring up bitaddress.org from the file where you saved it. Bitaddress.org will run in your browser even when disconnected from the internet. The safest way to save bitaddress.org is by downloading the HTML from github. Apparently, passguardian shows a "reconstructed secret" with a couple of zeroes prepended. As I mentioned above, these extra characters aren't in the private key, properly defined. The private key consists of 64, count 'em, 64 hex characters for the statutory 256 bits. |
|
|
|
|
cetus
Newbie
Offline
Activity: 22
Merit: 0
|
|
November 10, 2015, 06:58:00 PM |
|
Thanks birr for explaining the private key conversion, I wasn't familiar with online tools that could do that (just knew they existed). Apparently, passguardian shows a "reconstructed secret" with a couple of zeroes prepended. As I mentioned above, these extra characters aren't in the private key, properly defined. The private key consists of 64, count 'em, 64 hex characters for the statutory 256 bits.
Just want to clarify this bit. In Mycelium Entropy, the 'secret' is the entire WIF-formatted sequence (without the checksum), not just the private key: - <prefix: 2 hex digits> <key: 64 hex digits> for an uncompressed key, or
- <prefix: 2 hex digits> <key: 64 hex digits> '01' for a compressed key.
A "compressed" private key (actually, a private key which is to be used with a compressed public key) starts with K or L and is the most common type and the default. An "uncompressed" private key starts with a 5. Note the extra byte at the end when compressed keys are used. The prefix is 80 for Bitcoin, EF for Bitcoin testnet, B0 for Litecoin etc. The algorithm used by PassGuardian uses the first '1' bit for its own purposes and therefore removes it from the result, so the prefix becomes 00 for Bitcoin, 6F for testnet, 30 for Litecoin etc. While the prefix can easily be discarded, it's important to watch out for the extra 01 byte at the end. If it is present, and the total length is 68 hex characters, then it's the compressed key marker and should also be discarded; in that case, the key should be converted to WIF with the 'compressed' option set. Like you say, there are multiple online tools which can do that last step of converting the raw key to a base-58 encoded WIF. Some take the 64 hex digits of the key and ask you for additional information (coin type and compression). There might be others, which take the whole sequence including the prefix and optionally the suffix, and convert it to Base58Check; then the coin type and compression do not need to be decoded manually.
It would be nice if a tool existed to reassemble keys from Entropy shares. However, the algorithm is not something Mycelium-specific. If something happens with the wallet app, the keys can always be recovered using a combination of general purpose tools. |
|
|
|
|
|
birr
|
|
November 11, 2015, 12:28:14 PM
Last edit: November 11, 2015, 12:44:30 PM by birr |
|
Let's get out of the trees and take a look at the forest.
Mycelium Entropy generates split keys using Shamir's Secret Sharing Scheme.
There's a choice to be made between SSSS and multi-sig. Multi-sig is built into the bitcoin protocol. As such, it'll be around for a very long time. Probably as long as Bitcoin itself. SSSS is not part of Bitcoin.
Quoting from a Reddit on the subject:
[–]GibbsSamplePlatter 2 points 9 months ago
With multisig you don't have to bring together the pieces to make a valid transaction. Just pass the transaction from device to device, signing until it's ready. SSSS requires all the pieces end up on a single device for computation of private key.
permalinksavegive gold
[–]NancyClifford 2 points 9 months ago
Ssss slpits a single secret. Multisig uses multiple secrets to sign a statement.
permalinksavegive gold
[–]PixelPhobiac 2 points 9 months ago
SSSS distributes one private key, Multi-signature address distributes signing authority over an address.
Mycelium Entropy isn't for everybody. In my opinion, it isn't suitable for inheritance funds that will remain untouched for many years. You need a properly functioning Mycelium Wallet -- and Mycelium servers -- to claim funds using Mycelium Entropy split keys. Twenty, 30 or 50 years from now that may be a problem. You can't expect people to go through such an elaborate process as was described in the preceding posts of this thread.
|
|
|
|
|
cetus
Newbie
Offline
Activity: 22
Merit: 0
|
|
November 11, 2015, 02:12:15 PM |
|
This has been a good exercise, and I will continue learning about the cryptography, but I'm really looking for something the average guy can use (i.e. me) to easily assemble Shamir's Secret Sharing keys into a Bitcoin WIF private key, does this not exist?
I couldn't resist the temptation, so here it is now: https://mycelium.com/assets/entropy/checksalt/sss.html. It's not very well tested yet, though. Also, as far as I know, iOS does not fully support in-browser video/image capture. |
|
|
|
|
windpath
Legendary
Offline
Activity: 1258
Merit: 1027
|
|
November 11, 2015, 03:03:20 PM |
|
This has been a good exercise, and I will continue learning about the cryptography, but I'm really looking for something the average guy can use (i.e. me) to easily assemble Shamir's Secret Sharing keys into a Bitcoin WIF private key, does this not exist?
I couldn't resist the temptation, so here it is now: https://mycelium.com/assets/entropy/checksalt/sss.html. It's not very well tested yet, though. Also, as far as I know, iOS does not fully support in-browser video/image capture. YES! This, exactly this.  Have not played around with it yet, will try later today, thank you very much for your efforts. Drop this on a USB key stored with each share, and a copy in the cloud just in case, and Entropy's SSS scheme is now a long term viable solution for coin storage. |
|
|
|
|
|
Zeroxal
|
|
November 21, 2015, 12:04:46 PM |
|
Does it support signing messages yet?
|
|
|
|
|
|
RustyNomad
|
|
November 21, 2015, 12:13:59 PM |
|
Does it support signing messages yet?
Yes it does on the Android version. |
|
|
|
|
|
|
|
BlackFor3st
|
|
December 03, 2015, 05:55:27 PM |
|
Hello,
does the Mycelium Wallet change the sender address repeatedly. Is it possible to send two times or more from the same address? thx.
|
|
|
|
|
RustyNomad
|
|
December 03, 2015, 06:05:55 PM |
|
When you send funds/bitcoin they are sent from the address or addresses on which the coins reside.
Example:
Address A has a balance of 1 bitcoin
Address B has a balance of 0.5 bitcoin
Address C has a zero balance
If you want to send say 1.2 btc then both address A and B will be used. Address C will not be used as there is no funds on that address. So the 'send' address will depend on which address or addresses have funds on them at the time as well as on the amount you are sending.
A sending address can be used more than once as it will be used until the balance is zero. If you send funds to that same address again then it will be used again as a 'send' address.
|
|
|
|
|
|
StevenS
|
|
December 04, 2015, 09:31:21 PM |
|
A sending address can be used more than once as it will be used until the balance is zero.
But this will not typically happen when using HD wallets. For example: Address A has a balance of 1 bitcoin Address B has a balance of 0.5 bitcoin If you send 1.2 BTC to address 'X' (the company that you're paying), then it will send 1 BTC from 'A' and 0.5 BTC from 'B". 'X' will receive 1.2 BTC, and the other 0.3 BTC (minus the transaction fee) will be sent to a new 'change' address 'C'. After this transaction: Address A will have a zero balance. Address B will have a zero balance. Address C will have a balance of 0.2999 BTC (approximately, depending on the transaction fee). Address X (whose private key is owned by the person you're paying) will have a balance of 1.2 BTC. A future transaction you generate may use address 'C', but it won't use 'A' or 'B' again because they are empty. If you send funds to that same address again then it will be used again as a 'send' address.
That will be the only way that 'A' or 'B' could be used again. But the only time you would use the same address for receiving bitcoin would be if you used it as a static "donate" address or something like that. |
|
|
|
|
|
StevenS
|
|
December 04, 2015, 09:40:27 PM |
|
I just received a Trezor!
I'd like to transfer some bitcoin from my existing Mycelium HD account to my new Trezor account, but if possible I'd like to do it one address at a time, in order to maintain privacy by not linking separate addresses.
Is there an easy way to select one address from an Mycelium HD wallet and send all the BTC from just that one address?
|
|
|
|
|
|
trasla
|
|
December 05, 2015, 12:30:56 AM |
|
Is there an easy way to select one address from an Mycelium HD wallet and send all the BTC from just that one address?
No, there is no easy way to do it. You either have to make sure the amounts you send plus fees are each equal or slightly less than the output sizes (starting with the oldest), or use an external tool to extract single private keys and then import them as single address accounts again. Sorry. |
|
|
|
|
|
birr
|
|
December 05, 2015, 05:56:14 AM |
|
I just received a Trezor!
I'd like to transfer some bitcoin from my existing Mycelium HD account to my new Trezor account, but if possible I'd like to do it one address at a time, in order to maintain privacy by not linking separate addresses.
Is there an easy way to select one address from an Mycelium HD wallet and send all the BTC from just that one address?
Use a tool like this https://bip32jp.github.io/english/to generate the private keys. You can download the deterministice key generator from github. Be sure to work offline. I forget which derivation path you need to use for mycelium. There are probably other tools that will do the same job, maybe even better than the one I linked to. I just wanted to get you pointed in the right direction. |
|
|
|
|
vlc
Newbie
Offline
Activity: 11
Merit: 0
|
|
December 07, 2015, 06:31:51 PM |
|
Is there a way to copy the wallet private key to paper and then DELETE the private key from Mycelium ?
|
|
|
|
|
|
trasla
|
|
December 07, 2015, 08:21:23 PM |
|
Is there a way to copy the wallet private key to paper and then DELETE the private key from Mycelium ?
Are you talking about a single private key, or the master seed for all HD accounts? You can create a backup of all keys and then wipe the app data or delete single key accounts from your wallet. |
|
|
|
|
|
birr
|
|
December 12, 2015, 03:51:56 AM |
|
I think mycelium needs to improve the way it calculates fees. I submitted a transaction with the "normal" fee. It took an hour to get the first confirmation.
d75f3a16f84351a7cb23e24c0b082b8acb5ce4bc33f28fbe5a77a738842020bb
|
|
|
|
|
|
trasla
|
|
December 12, 2015, 10:09:20 PM |
|
I think mycelium needs to improve the way it calculates fees. I submitted a transaction with the "normal" fee. It took an hour to get the first confirmation.
d75f3a16f84351a7cb23e24c0b082b8acb5ce4bc33f28fbe5a77a738842020bb
There were 50 minutes without a block at that time. That just happens, 10 minutes between blocks is only the average, it can sometimes be faster or slower. |
|
|
|
|
|
