Bitcoin Forum
October 20, 2018, 01:35:44 AM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: What wallet is deterministic AND uses compressed keys?  (Read 2375 times)
Dabs
Staff
Legendary
*
Offline Offline

Activity: 2142
Merit: 1105



View Profile
October 20, 2014, 03:56:38 PM
 #1

What wallet is deterministic AND uses compressed keys?

By deterministic, I mean where with a master public key, one can derive thousands of watch-only addresses, but the corresponding private keys are of the compressed type that begins with letter K or L.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1539999344
Hero Member
*
Offline Offline

Posts: 1539999344

View Profile Personal Message (Offline)

Ignore
1539999344
Reply with quote  #2

1539999344
Report to moderator
1539999344
Hero Member
*
Offline Offline

Posts: 1539999344

View Profile Personal Message (Offline)

Ignore
1539999344
Reply with quote  #2

1539999344
Report to moderator
dabura667
Sr. Member
****
Offline Offline

Activity: 478
Merit: 250


View Profile
November 03, 2014, 12:13:16 PM
 #2

What wallet is deterministic AND uses compressed keys?

By deterministic, I mean where with a master public key, one can derive thousands of watch-only addresses, but the corresponding private keys are of the compressed type that begins with letter K or L.

BreadWallet, Mycelium, web.hivewallet.com, Electrum (starting with any wallet made on ver. 2.0 onward... not released yet, but available on github)

My Tip Address:
1DXcHTJS2DJ3xDoxw22wCt11FeAsgfzdBU
Dabs
Staff
Legendary
*
Offline Offline

Activity: 2142
Merit: 1105



View Profile
November 03, 2014, 04:22:55 PM
 #3

What wallet is deterministic AND uses compressed keys?

By deterministic, I mean where with a master public key, one can derive thousands of watch-only addresses, but the corresponding private keys are of the compressed type that begins with letter K or L.

BreadWallet, Mycelium, web.hivewallet.com, Electrum (starting with any wallet made on ver. 2.0 onward... not released yet, but available on github)

Seems I will be waiting for Electrum version 2. Thanks. (I use Windows, but Linux would be fine as well.)

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
CIYAM
Legendary
*
Offline Offline

Activity: 1876
Merit: 1000


Ian Knowles - CIYAM Lead Developer


View Profile WWW
November 03, 2014, 04:25:10 PM
 #4

Seems I will be waiting for Electrum version 2. Thanks. (I use Windows, but Linux would be fine as well.)

Any particular reason you want type 2 deterministic addresses?

They are actually less secure than type 1 (i.e. one private key hacked means all are done).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
dabura667
Sr. Member
****
Offline Offline

Activity: 478
Merit: 250


View Profile
November 03, 2014, 04:41:29 PM
 #5

They are actually less secure than type 1 (i.e. one private key hacked means all are done).

If you're only using one account of a Type 2, it's actually the same.

The MPK and 1 private key can give you the master private key weakness is still there in Electrum's Type 1 deterministic.

If you were using tons of accounts with 0 hardened keys, then yeah... that would make it more dangerous... I guess.

My Tip Address:
1DXcHTJS2DJ3xDoxw22wCt11FeAsgfzdBU
CIYAM
Legendary
*
Offline Offline

Activity: 1876
Merit: 1000


Ian Knowles - CIYAM Lead Developer


View Profile WWW
November 03, 2014, 04:45:19 PM
 #6

If you're only using one account of a Type 2, it's actually the same.

Agreed - but the OP would not have wanted Type 2 if he was just after 1 private key (and stated as much).

The MPK and 1 private key can give you the master private key weakness is still there in Electrum's Type 1 deterministic.

If you were using tons of accounts with 0 hardened keys, then yeah... that would make it more dangerous... I guess.

There is a paper that was published showing how Type 2 keys (even when hardened) are not as secure as Type 1 - I have not seen a satisfactory reply to this paper yet (although I don't claim to understand all the details in order to judge it's merit myself).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
dabura667
Sr. Member
****
Offline Offline

Activity: 478
Merit: 250


View Profile
November 03, 2014, 04:53:07 PM
 #7

Agreed - but the OP would not have wanted Type 2 if he was just after 1 private key (and stated as much).
When I say "Accounts" I don't mean private keys. I mean separate branches of the Type 2 tree that can be separated in the Wallet software as separate wallets, but still be recovered by the same seed.

There is a paper that was published showing how Type 2 keys (even when hardened) are not as secure as Type 1 - I have not seen a satisfactory reply to this paper yet (although I don't claim to understand all the details in order to judge it's merit myself).
This paper was basically stating that "Because the purpose of Type 2 was to make it easier for auditing by giving people MPKs of individual branches of the hierarchy etc... it leads to over-exposure of many MPKs at many levels, and therefore increases the risk of being compromised... in comparison a Type 1 will only have ONE MPK, and exposing that gets rid of all financial privacy, so people will probably protect it more."

However, mathematically the weakness is exactly the same. Any MPK at any level in the hierarchy combined with any private key from any branch below that MPK can leak the master private key that corresponds with the MPK.

The only difference is that Type 1 lowers your exposure by not allowing for advanced auditing features (which could temp you into giving away sensitive information)

My Tip Address:
1DXcHTJS2DJ3xDoxw22wCt11FeAsgfzdBU
CIYAM
Legendary
*
Offline Offline

Activity: 1876
Merit: 1000


Ian Knowles - CIYAM Lead Developer


View Profile WWW
November 03, 2014, 05:03:56 PM
 #8

The only difference is that Type 1 lowers your exposure by not allowing for advanced auditing features (which could temp you into giving away sensitive information)

Thanks (it seems you know this stuff better than me) - so you do agree that Type 1 is the *safer* option unless you really need the Type 2 functionality?

(I have implemented a Type 1 deterministic Wallet for CIYAM but am still weighing up whether to "go the extra mile" to provide Type 2 as well although eventually I will do so by offering a choice of either type)

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Dabs
Staff
Legendary
*
Offline Offline

Activity: 2142
Merit: 1105



View Profile
November 04, 2014, 12:05:36 PM
 #9

Hi, What's the difference between Type 1 and Type 2 deterministic addresses? According to my research Type 1 will reveal the private keys, since that's what you generate first.

What I want is a way to have an online wallet have watch-only addresses. The private keys will be on my offline or better protected online computers. But I prefer that the addresses are of the compressed types (with private keys that begin with letter L or K, instead of number 5.)

I do not need them to be hierarchical.

The alternative is to create completely random addresses in huge numbers as needed, upload the public keys or addresses to the web server (or bitcoind full node), but keep the private keys on a separate computer.

However, with that method, I would need to update the hot wallet from time to time (which isn't a big deal).

My original plan was to generate ten thousand addresses, which should last me about a year, unless I get more than that many users on my website.

I'm also waiting for Armory to include support for compressed keys, and then that would be my preferred wallet.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
CIYAM
Legendary
*
Offline Offline

Activity: 1876
Merit: 1000


Ian Knowles - CIYAM Lead Developer


View Profile WWW
November 04, 2014, 12:26:25 PM
 #10

Hi, What's the difference between Type 1 and Type 2 deterministic addresses? According to my research Type 1 will reveal the private keys, since that's what you generate first.

With Type 1 deterministic addresses if you managed to crack a private key it won't help you to crack another (you need the seed for that) but with Type 2 if you crack *any* private key then it has been proven that you can crack any other (key hardening can be used in Type 2 to make that much more difficult of course).

Having watch only wallets is not necessarily a reason to want to use Type 2 wallets (you are perhaps trading convenience for security).

It would be simple enough to generate 10K Type 1 deterministic addresses (that are based upon compressed keys) offline with a file that could hold just the public keys of these to be transferred via QR code (might take about 50-100 QR codes) which would be safer than any other method.

If you are keen on doing this then perhaps let's see if we can work out something (it is something I could add to the CIYAM Safe https://susestudio.com/a/kp8B3G/ciyam-safe).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
El Emperador
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500



View Profile WWW
November 09, 2014, 09:54:31 AM
 #11

If you need a deterministic wallet I think GreenAddress is the best one: https://greenaddress.it/en/

Dabs
Staff
Legendary
*
Offline Offline

Activity: 2142
Merit: 1105



View Profile
November 09, 2014, 02:35:39 PM
 #12

If you need a deterministic wallet I think GreenAddress is the best one: https://greenaddress.it/en/
I'm talking about desktop or full node types of wallets, not web wallets or online wallets.

Also, that website just fails to load on me right now.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!