Breaking up a private key into pieces

[daviducsb]

I have a Q for some of the cryptography connoisseurs out there.

If I break my private key into two and give each half to a relative, could a hypothetical thief hack into the rest of my private key by finding one of the two halves?

How much of a private key would one have to have access to in order to hack?

What if I lobbed off the first five and last five digits? Could someone who found the bulk of the key hack it?

I should know this by now but never enquired. Any help appreciated. Thx

[DeathAndTaxes]

If you cut a key with a key strength of 2^n in half then the key strength of either portion (assumed the attacker acquires the other portion) is reduced to in half to 2^(n/2).   An attacker would be 2^(n/2) times easier.

For 256 bit EDSA the full key has 128 bit strength security a half key then only has 64 bit strength if the attacker has the other portion.  While it may take some time and effort that is computationally feasible.  64 bit key strength should not be considered safe from brute force attack.  You have made the attackers job 2^64 = 18,446,744,073,709,551,616 easier. 

A much better option would be to XOR two 256 bit "partial keys" to create the final key.  Each partial key retains the full key strength.

[ozgur]

If you cut a key in half then the key strength of brute forcing the other half is reduced by half.

EDSA 256 bit keys has 128 bit strength security.

So if you cut it into two 128 bit "half keys" and the attacker has one it is only 64 bit key strength to resist an attack.  While it may take some time and effort that is computationally feasible.

A much better option would be to construct the partial keys using XOR making each key have full strength.

I know what you mean, but to make it clear;

it is not halved, it is 2^128 times easier

[DeathAndTaxes]

If you cut a key in half then the key strength of brute forcing the other half is reduced by half.

EDSA 256 bit keys has 128 bit strength security.

So if you cut it into two 128 bit "half keys" and the attacker has one it is only 64 bit key strength to resist an attack.  While it may take some time and effort that is computationally feasible.

A much better option would be to construct the partial keys using XOR making each key have full strength.

I know what you mean, but to make it clear;

it is not halved, it is 2^128 2^64 times easier

I updated the post, your right it is unclear.  A clarification though, 256 bit ECDSA only has 128 bit key strength so half the key would be 64 bit key strength (too weak for me to sleep well at night).

So it is 2^64 (or a whole hell of a lot) easier to break then the full key.

Still you are dead on with the larger point.  It SIGNIFICANTLY degrades the strength of the key and 64 bit is too close for comfort in my book.   Keys with 64 bit key strength have been broken in a distributed computing project as a demonstration.  It is almost certain that major nation states have the ability to break keys with 64 bit strength in a reasonable amount of time.

[J35st3r]

Depending on what you want to do with this, you could consider Shamir's secret sharing. It does rely on third party software, but there is an open source thread at https://bitcointalk.org/index.php?topic=142875.0 and also some discussion at https://bitcointalk.org/index.php?topic=148809.0

[Abdussamad]

Another option is to do it in the native bitcoin way and create a multi signature address:

https://people.xiph.org/~greg/escrowexample.txt

Then give each relative one private key.

Yet another option is to use Armory for this. Armory can create m of n backups but, I believe, only via the command line. Search the forum for that thread.

[daviducsb]

thanks all for the very solid info.  I will print this thread out to slowly reference

[deepceleron]

http://mywiki.wooledge.org/XyProblem

[Ecurb123]

If you cut a key with a key strength of 2^n in half then the key strength of either portion (assumed the attacker acquires the other portion) is reduced to in half to 2^(n/2).   An attacker would be 2^(n/2) times easier.

For 256 bit EDSA the full key has 128 bit strength security a half key then only has 64 bit strength if the attacker has the other portion.  While it may take some time and effort that is computationally feasible.  64 bit key strength should not be considered safe from brute force attack.  You have made the attackers job 2^64 = 18,446,744,073,709,551,616 easier. 

A much better option would be to XOR two 256 bit "partial keys" to create the final key.  Each partial key retains the full key strength.

thanks to the OP for the question I was thinking about it too, and thanks to DeathAndTaxes for the explanation.