Bitcoin Forum
November 23, 2017, 10:24:16 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
   Home   Help Search Donate Login Register  
Pages: [1]
Author Topic: Questions Regarding BIP32 Security  (Read 1514 times)
Sr. Member
Offline Offline

Activity: 323

View Profile
February 20, 2015, 06:32:36 PM

I'm trying to wrap my head around the security implications of HD wallets. The vulnerability I'm a bit unclear on is where a private key and a master public key together can leak a master private key.

As far as I understand HD-wallets, they consist of a pair of master keys, derived "account master keys", and then a pair of keys for every single address in every account. Say my xpub master key is known, what would someone with a single private key be able to do with this? My guess is that he could get the private account key, thus getting access to all the coins in that account, but not any other accounts. Correct? Any other things I should be aware of?

Secondly, apparently there is this thing called hardened keys as well that makes this leaking impossible, which is why it is isolated to single accounts. I assume there is some sort of drawback of this, since otherwise all keys should be derived in this manner. What's the deal here?

If there is any other non-intuitive possibility of leakage of private keys that I'm unaware of, please tell me.

Hero Member
Offline Offline

Posts: 1511432656

View Profile Personal Message (Offline)

Reply with quote  #2

Report to moderator
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Full Member
Offline Offline

Activity: 138

View Profile WWW
October 18, 2016, 11:18:04 PM

Check out this article written by Vitalik Buterin, it will answer your question... basically, do not give *any* private keys to people that should not be able to spend....ever Smiley and do not give out *any* private keys when anyone in a company has a "master public key" (or extended public key...) * A peer-to-peer market for buying and selling decentralized, Digital Currencies. Intelligent, trustworthy, and secure.
Hero Member
Offline Offline

Activity: 854


View Profile
October 18, 2016, 11:20:45 PM

I have just asked the same question a few hours ago, what a coincidence, check here:

Pages: [1]
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!