4 general questions to Armory

[leifg]

Hello everyone,

I am currently using Armory for my cold storage. The hot wallet never saw an internet connection and was backuped to a paper wallet. Everything was done with the 0.90 Ubuntu version.

I also created a watch only copy of my wallet to see my balance.

I currently don't have any problems but still would like to know how Armory works in detail.

First, this is how I understood Armory works (correct me if I'm wrong):

Armory has a deterministic way to create new keys based on a seed. All public keys are the same no matter if they are created from the hot wallet or the watch only wallet (I actually tested this, just generating a few new keys in both wallets).

OK now to my questions:
1. If the private keys are not stored in the watch only wallet, how can a new public key be created, that maps to the new private key in the hot wallet?
2. Is the seed of the wallet also stored in the watch only copy?
3. If one of my private key will be compromised, will an attacker be able to generate all following private keys (for example if he has the watch only copy)?
4. Will an attacker have any use for the watch only wallet (other than seeing my BTC balance)?

hope these questions make sense

[spin]

Ok here's my very lay/noob understanding: 

Basically because of how the math works you have a formula for moving from privatekey1 to the next privatekey2.  The same formula used on publickey1 gives you publickey2.  So given the watch only wallet just works with the public keys and the hot wallet works with the private keys also. Applying the same formula.

[gweedo]

1) Cause it knows how many addresses are in the watch-only wallet and using math can only come up with the public key not the private key.

2) Not the seed that can come up with private keys just the public keys.

3) No he would need the seed.

4) Nope

[Kupsi]

3. If one of my private key will be compromised, will an attacker be able to generate all following private keys (for example if he has the watch only copy)?

Yes, if he has the chaincode.

A full Armory wallet is just

1x Root Private Key
1x Root Public Key
1x Chaincode


A watching-only Armory wallet is just

1x Root Public Key
1x Chaincode

So basically watching-only wallets don't have any private key data at all, and the chain code is just a constant that is carried through all the calculations.  With the priv key + chaincode, you can compute all private keys.  With public key + chain, you can compute all public keys that match the private keys produced on the full/offline wallet.

The chaincode and public key are not security-sensitive.  Someone getting them is a breach of privacy, not security.  All internet security is based on the fact that the public key is widely distributed (i.e. "public") and that the scheme maintains full security as long as no one else has the private key.

You should always assume that revealing a private key from a deterministic wallet will reveal all siblings.   In Armory wallets, if private key x is revealed with the chaincode, all private keys >= X+1 are revealed.

But I don't spend much time worrying about this.  We do not support or claim to support any use cases where private keys are intentionally revealed.  And if your wallet is unintentionally compromised, they will all be revealed anyway.