Bitcoin Forum
May 23, 2019, 12:33:35 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Infinite addresses using a single private key?  (Read 169 times)
KingZee
Sr. Member
****
Offline Offline

Activity: 574
Merit: 413


Check your coin privilege


View Profile
January 07, 2019, 06:40:08 PM
Merited by Stedsm (2), ETFbitcoin (2), bones261 (2), Coin-Keeper (2), HeRetiK (1)
 #1

I never knew you could create multisig addresses using the same private key.

Random address : 15UtBTjD2EHS2gUTZ2RdBQCfFtCZHxd1Ru

Multisig Address 3QaTKCjKjMQRgAjUVQi7S94TyZZ7bR9oJ9 : https://coinb.in/?verify=512103b5bbd33b80cd439c49d4a147b01ba19a91fc1761b9abb1ea742e8f1da8b6400151ae

Another Multisig Address 37y3f9tePAS5s6uRoBejGxSBYUkY2yaXK3 : https://coinb.in/?verify=512103b5bbd33b80cd439c49d4a147b01ba19a91fc1761b9abb1ea742e8f1da8b640012103b5bbd33b80cd439c49d4a147b01ba19a91fc1761b9abb1ea742e8f1da8b6400152ae

and so on...

Effectively making you the sole owner of these addresses because they can all be spent using the same private key, and hypothetically speaking you could generate an infinite amount of them..

Is there a security flaw in this that I'm not seeing? Is spending coins to/from these addresses safe?

1558571615
Hero Member
*
Offline Offline

Posts: 1558571615

View Profile Personal Message (Offline)

Ignore
1558571615
Reply with quote  #2

1558571615
Report to moderator
GET 25 FREE SPINS AT REGISTRATION
GET 100% BONUS ON FIRST DEPOSIT
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1558571615
Hero Member
*
Offline Offline

Posts: 1558571615

View Profile Personal Message (Offline)

Ignore
1558571615
Reply with quote  #2

1558571615
Report to moderator
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1652
Merit: 1766

Use SegWit and enjoy lower fees.


View Profile WWW
January 07, 2019, 07:09:50 PM
 #2

Is there a security flaw in this that I'm not seeing? Is spending coins to/from these addresses safe?

Probably only the fact that you don't gain security benefit from multisig address & your Bitcoin will be stolen even if one private key is revealed to thief.

But aside from that, AFAIK it should be safe to send/spend to/from that address as long as the script is valid. If the one who make such multisig script can make this mistake which increase tx size/fee, i doubt he can make proper script.

KingZee
Sr. Member
****
Offline Offline

Activity: 574
Merit: 413


Check your coin privilege


View Profile
January 07, 2019, 08:15:09 PM
 #3

Is there a security flaw in this that I'm not seeing? Is spending coins to/from these addresses safe?

Probably only the fact that you don't gain security benefit from multisig address & your Bitcoin will be stolen even if one private key is revealed to thief.

But aside from that, AFAIK it should be safe to send/spend to/from that address as long as the script is valid. If the one who make such multisig script can make this mistake which increase tx size/fee, i doubt he can make proper script.

Yes I know that this completely ignores the concept of multisig because I'm using a single private key, but that's not the security risk I meant. I'm talking about the cryptographic signature weakness and such, I have very little knowledge on the field so it would be great if someone can confirm if using the same private key to sign txes from all these addresses could weaken it.

The cases I linked above are also a 1-of-n multisigs, so technically the output script isn't going to get bigger every time because only one signature is required.. It's really cool because you just need the input and you can build a transaction for all these addresses, exactly the same way you would for a normal address. Cheesy I'm almost tempted to start doing this myself but I really need more insight on the mathematical part..

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1652
Merit: 1766

Use SegWit and enjoy lower fees.


View Profile WWW
January 07, 2019, 08:35:56 PM
Merited by KingZee (1)
 #4

The cases I linked above are also a 1-of-n multisigs, so technically the output script isn't going to get bigger every time because only one signature is required..

I'm not sure about if you can re-use signature to reduce script size, but i'm sure script size is going bigger as you need to state same public key multiple times.

A bit off-topic, i found formula to predict multi-sig size which can help you predict actual script size at https://bitcoin.stackexchange.com/a/52720

KingZee
Sr. Member
****
Offline Offline

Activity: 574
Merit: 413


Check your coin privilege


View Profile
January 07, 2019, 08:38:56 PM
 #5

The cases I linked above are also a 1-of-n multisigs, so technically the output script isn't going to get bigger every time because only one signature is required..

I'm not sure about if you can re-use signature to reduce script size, but i'm sure script size is going bigger as you need to state same public key multiple times.

A bit off-topic, i found formula to predict multi-sig size which can help you predict actual script size at https://bitcoin.stackexchange.com/a/52720

Ah yes I forgot about the public key of the address included in the script, I only remembered the multiple signatures vs a single signature needed.. You're right about that part.

Abdussamad
Legendary
*
Offline Offline

Activity: 2114
Merit: 1147



View Profile WWW
January 07, 2019, 08:41:28 PM
 #6

Wait till you here about deterministic wallets Smiley

achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 1778
Merit: 2379


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
January 07, 2019, 10:19:53 PM
Merited by DarkStar_ (5), KingZee (2), bones261 (1), HeRetiK (1)
 #7

Even though it isn't strictly address reuse, you have basically the same problem as address reuse. Once you spend an output, people will see the public key and can link your transactions together. Furthermore, once people know how you are constructing your addresses, it is trivial to pregenerate all of your addresses to see how much money you are receiving.

Also, you will be paying more and more in transaction fees each time you spend as the redeemScript grows larger. You will also be limited to 20 addresses using one key as OP_CHECKMULTISIG only allows up to 20 keys. If you use the Large multisig construction, you could go up to 67 addresses.

This construction is still secure cryptographically. It's the same as reusing addresses.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!