Bitcoin Forum
October 20, 2017, 06:47:32 PM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Wallet with hidden key, plausible deniability - salting password with WIF key  (Read 1355 times)
Michael_S
Sr. Member
****
Offline Offline

Activity: 278


Bitcoin-Note-and-Voucher-Printing-Empowerer


View Profile
December 07, 2013, 07:08:59 PM
 #1

This is a suggestion for a best practice key management technique for everybody, using tools available today!
At the end I am also suggesting a corresponding feature enhancement for clients/apps that support key control.

The situation:
You are printing a paper wallet and store it somewhere in your house or flat.

The Problem:
A thief may rob your paper wallet and steal your bitcoins, just the same way he could steal your gold treasure.

A first solution today:
You print an encrypted paper wallet (BIP38), see e.g. bitaddress.org, current version 2.6.5 (or later)

But the Problem:
The thief may hold a gun against your head and kindly ask you to disclose the password. Now the encryption is of little help for you, the only thing you could do is to say you forgot the password, but this may not seem plausible to the thief.

The SOLUTION:
Combine the concept of "paper wallet"  with the concept of "my own password" and "brain wallet", as follows:

1.) You print out your paper wallet, with e.g. Private Key = "5MyPrivatePaperWaLLetKey"

2.) You are making up yourself a 1st (easy) dummy password, e.g. "MyFirstSimplePW" and create the following concatenated string "5MyPrivatePaperWaLLetKeyMyFirstSimplePW"
2b.) You use this as the input of the brainwallet tool (which just calculates priv key = SHA256(input). This gives you (after format conversion to WIF) the second private key "5MySecondPrivateKey"

3.) You are thinking of a 2nd (difficult) serious passphrase, e.g. "My_very-s3ri0UsP4s5PhRA5e" and create the following concatenated string "5MyPrivatePaperWaLLetKeyMy_very-s3ri0UsP4s5PhRA5e"
3b.) You use this as the input of the brainwallet tool. This gives you the third private key "5MyThirdReaLLySafePrivateKey"

4.1) You transfer a very small amount (e.g. 1% of your total BTC savings) to the Address of Key 1.
4.2) You transfer a bigger amount (maybe 10% of your total BTC savings) to the Address of Key 2.
4.3) You transfer the vast amount (e.g. 89% of your BTC savings) to the Address of Key 3.

Note: Of course you print out at least two copies of this paper wallet and deposit them at very different places.

With this best practice you now enjoy the following nice features:
  • Your keys are immune against brain wallet brute force attacks, even if your password/passphrase is weak, because it is salted with the "private key 1"!
  • Theft detection and avoidance: In case that your paper wallet gets secretly stolen, you will still realize this theft as soon as the thief redeems the balance of "Key 1" (you can configure a watch-only wallet on your smartphone, e.g. Android app "wallet balance" or "bitcoin balance", to monitor this "indicator address")! Now you will have enough time to move the funds of Key 2 and Key 3 to a new safe address. Probably the thief will never know that there exist further keys that can be derived from that paper wallet's private key and a password, so you would not have to bother about key 2 and key 3 at all. But even if he knew, he would have to brute-force and check against the blockchain every time he tries a new password, because any password that he tries yields a valid key. So he does not know when to stop because he does not know how many times you have performed "step 2" (see above) with different password. So this would be a hopeless task for the poor thief.
  • If a thief puts a gun at your head and asks you for the paper wallet, you give him the paper wallet and he is probably happy.
  • Plausible deniability: If the thief knows about this "best-practice trick", he may ask you for the password/passphrase that is to be salted with this paper wallet's private key to yield the "hidden" private key. So you tell him your "simple password" from step 2 above. There is no way the thief can tell how many other such passwords exist. There could be none, or only one. There could be two. There could be hundreds. So you will for sure never tell the thief your third safe passphrase, so the 89% of your BTC savings (in this example) are save against even violent theft.

Finally, the same scheme can also be applied to electronic wallets of course. One suggestion for bitcoin client developers: It might be nice and really useful to incorporate this in any bitcoin client that supports key control (coin control), i.e selection of the keys were to spend from:
  • In the "spend" dialog, user selects the own address from which to spend.
  • Then there is an optional field called something like "salt priv key with a password". If this field is filled with some content, then the client will create the concatenation "<WIF_format_of_selected_key><password>" and calculate the SHA256 hash from that. The resulting 256 bit sequence is the new private key! The client checks the balance of this key's address, and if there is indeed a balance, it can spend from it.
  • This is nice because I can carry with me an ARBITRARY number of hidden keys per each "obvious key" in my wallet. And nobody can prove how many keys I really have.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508525252
Hero Member
*
Offline Offline

Posts: 1508525252

View Profile Personal Message (Offline)

Ignore
1508525252
Reply with quote  #2

1508525252
Report to moderator
1508525252
Hero Member
*
Offline Offline

Posts: 1508525252

View Profile Personal Message (Offline)

Ignore
1508525252
Reply with quote  #2

1508525252
Report to moderator
1508525252
Hero Member
*
Offline Offline

Posts: 1508525252

View Profile Personal Message (Offline)

Ignore
1508525252
Reply with quote  #2

1508525252
Report to moderator
naphto
Sr. Member
****
Offline Offline

Activity: 392


View Profile
December 07, 2013, 07:38:02 PM
 #2

Someone wanted to reply here:

https://bitcointalk.org/index.php?topic=361439.new#new

Hi,

I registered to reply to that post:
https://bitcointalk.org/index.php?topic=361386.0

I would like to reply with a link to this bugtracker entry because it requests specifically what the thread emulates:
https://github.com/bitcoin/bitcoin/issues/3212

Can someone post that link there for me, or allow me to do it myself?

Thanks
TippingPoint
Legendary
*
Offline Offline

Activity: 905



View Profile
December 07, 2013, 07:39:09 PM
 #3

Thank you for the ideas.

And there is no reason that a paper Bitcoin wallet has to always look like a paper Bitcoin wallet.

https://bitcointalk.org/index.php?topic=327277.msg3535036#msg3535036

virtualmaster
Hero Member
*****
Offline Offline

Activity: 504



View Profile
December 07, 2013, 08:35:06 PM
 #4

Here is my advise:
https://bitcointalk.org/index.php?topic=359644.msg3853593#msg3853593

Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
Namecoinia.org  -  take the planet in your hands
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba   |  NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S
Michael_S
Sr. Member
****
Offline Offline

Activity: 278


Bitcoin-Note-and-Voucher-Printing-Empowerer


View Profile
December 07, 2013, 09:20:10 PM
 #5

Thanks naphto / kgbxcbk, seems to be a similar idea indeed.

For the rest: Please do not dump everything that comes to your mind on "paperwallets" into this thread if it is otherwise unrelated to the OP (at least I do not see a relation).

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!