Does signing message leak private key?

[60BTC]

Consider this situation. I generate an electrum wallet. So electrum generates multiple address's from the same seed. That means all the address are somehow connected.
So if i sign a message say "This is to be signed" with Address 1 and sign the same message "This is to be signed" with Address 2 in electrum wallet and post both the signature online. Then will someone be able to recover my private key of any of the address? Please need some explanation here? I am worried and confused if we sign the same message from 2 two different address of same seed and then can the private key or seed be recovered from both signatures?

[1715153090]

1715153090

[1715153090]

1715153090

[BrewMaster]

That means all the address are somehow connected.

no it doesn't mean that. it means your keys were created pseudo randomly from a random entropy instead of each from a different random entropy. the end result (the keys) are still considered random and unrelated.

So if i sign a message say "This is to be signed" with Address 1 and sign the same message "This is to be signed" with Address 2 in electrum wallet and post both the signature online. Then will someone be able to recover my private key of any of the address?

to put it simply, if it were possible to find your private key from a signature like what you explained then nobody could ever use an HD wallet because the signature you create for a message is using the same algorithm as the signature you create for a transaction.

[60BTC]

That means all the address are somehow connected.

no it doesn't mean that. it means your keys were created pseudo randomly from a random entropy instead of each from a different random entropy. the end result (the keys) are still considered random and unrelated.

So if i sign a message say "This is to be signed" with Address 1 and sign the same message "This is to be signed" with Address 2 in electrum wallet and post both the signature online. Then will someone be able to recover my private key of any of the address?

to put it simply, if it were possible to find your private key from a signature like what you explained then nobody could ever use an HD wallet because the signature you create for a message is using the same algorithm as the signature you create for a transaction.

there have been some cases
https://bitcointalk.org/index.php?topic=271486.0

I am concerned if i sign a same message from 2 different address (that are generated from same seed) then how to be sure same 'k' value isn't used? There is a possibility for someone to recover private key from both the signatures right that sign the same message?

[bitmover]

Consider this situation. I generate an electrum wallet. So electrum generates multiple address's from the same seed. That means all the address are somehow connected.

Those keys are connect, but through a one-way function. Like a hash is a one-way function.

Take a look at Antonopoulous, Mastering bitcoin

D Wallets (BIP-32/BIP-44)
Deterministic wallets were developed to make it easy to derive many keys from a single "seed." The most advanced form of deterministic wallets is the HD wallet defined by the BIP-32 standard. HD wallets contain keys derived in a tree structure, such that a parent key can derive a sequence of children keys, each of which can derive a sequence of grandchildren keys, and so on, to an infinite depth. This tree structure is illustrated in Type-2 HD wallet: a tree of keys generated from a single seed.

https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc#hd-wallets-bip-32bip-44

There is a mathematical relation between all derived private keys from the Seed, however no one can break this mathematical relation just with a signed message.

So if i sign a message say "This is to be signed" with Address 1 and sign the same message "This is to be signed" with Address 2 in electrum wallet and post both the signature online. Then will someone be able to recover my private key of any of the address? Please need some explanation here? I am worried and confused if we sign the same message from 2 two different address of same seed and then can the private key or seed be recovered from both signatures?

When you paste only your signed message, you paste only your Public Address, a message and a signature. The signature is only related to that message, it is not a signature which could be used with any message.
If you change one letter in your message the signature will be invalid.

You can play around here to understand how signed messages work.
https://brainwalletx.github.io/

[BrewMaster]

there have been some cases
https://bitcointalk.org/index.php?topic=271486.0

that case is not related to your concern. it is a bad implementation of ECDSA that affected normal wallets and HD wallets alike.

I am concerned if i sign a same message from 2 different address (that are generated from same seed) then how to be sure same 'k' value isn't used? There is a possibility for someone to recover private key from both the signatures right that sign the same message?

if the wallet you were using had a terrible code then it could happen but you mentioned Electrum. this wallet is a good one and the code is solid. it is using a method for generating the random k value known as RFC-6979, it deterministically creates the digital signature so the RNG problems don't exist here at all.

here is some references you can read:
RFC doc: https://tools.ietf.org/html/rfc6979
electrum source code: https://github.com/spesmilo/electrum/blob/428b63822b359d56d6ececabf406a43589545d24/electrum/ecc.py#L417
the library it calls: https://github.com/warner/python-ecdsa/blob/aea736c610752bf1478febfd15b11c711debcf61/src/ecdsa/keys.py#L1022-L1055
there is also libsec256k1 which electrum uses but i couldn't find the code there. you can look into that too.
https://tools.ietf.org/html/rfc6979