[Beginner question] Vanity from Xpub

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: Hispo on September 21, 2021, 08:48:17 PM

I guess it is this way because during the initial "discovery" a wallet does with one's public keys to find the funds, the software does not care to search beyond the first tens of unused paths. Right?

Your wallet can't possible search every possible derivation path to look for funds. The process of doing so is just the same process as you would go through with your proposal to generate vanity addresses. It is time consuming, and the sheer number of possible paths means your wallet would still be going (and would barely have scratched the surface) when the sun engulfs the Earth in ~5 billion years' time. You need to remember the specific derivation path you used or you will likely never find it again.

Some wallets use what is known as a "gap limit", which is usually set at around 10-20. When you import a seed phrase, your wallet will scan the first 20 (for example) addresses. If it finds one which has been used, it will scan the next 20 from that address. Once it finds 20 in a row which haven't been used, it stops scanning.

Quote from: Hispo on September 21, 2021, 08:48:17 PM

Trezor actually allows their users to import an already existing seed.

A seed phrase, yes, but not individual private keys as you would have if you generated vanity address in the traditional manner.

pooya87

legendary

Activity: 3430

Merit: 10505

Quote from: Hispo on September 21, 2021, 08:48:17 PM

I guess it is this way because during the initial "discovery" a wallet does with one's public keys to find the funds, the software does not care to search beyond the first tens of unused paths. Right?

That's for addresses not for paths. The derivation path is either manually set by the user or decided by the wallet using the version number (in Electrum seeds for example) and other means and will be fixed. Then on that derivation path they only search X number of child addresses (like 10) and if they were used they will derive more until they find X addresses that weren't used.

Hispo

legendary

Activity: 1162

Merit: 2025

Leading Crypto Sports Betting & Casino Platform

Quote from: ranochigo on September 20, 2021, 10:58:03 AM

Quote from: Hispo on September 20, 2021, 10:54:47 AM

Even with Hierarchical Deterministic wallets?

If you don't remember the path, then you don't have access to your funds.

I see.
I guess it is this way because during the initial "discovery" a wallet does with one's public keys to find the funds, the software does not care to search beyond the first tens of unused paths. Right?

If this is the case then indeed, the problem would be more difficult than I initially assumed.

Quote from: o_e_l_e_o on September 20, 2021, 11:18:44 AM

If you want your vanity addresses' private keys to be stored on a hardware wallet, then yes, this is the only way to do it since hardware wallets will not allow you to import external private keys for obvious reasons.

Trezor actually allows their users to import an already existing seed.
This was implemented to securely replace one hardware wallet for another one in case of loss/ destruction of the device but having the seed available.

Anyways, thanks for your replies. I already have a better grasp of the problem and the complexity behind it.
If there is no further activity, I may lock the topic soon.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: Hispo on September 20, 2021, 10:54:47 AM

I was thinking like, managing all your vanity with your main seed and without exposing it to the internet or an internet connected computer.

If you want your vanity addresses' private keys to be stored on a hardware wallet, then yes, this is the only way to do it since hardware wallets will not allow you to import external private keys for obvious reasons. But a hardware wallet is not the only type of cold storage, and you can easily have airgapped vanity addresses using an airgapped computer.

Quote from: Hispo on September 20, 2021, 10:54:47 AM

Even with Hierarchical Deterministic wallets?

As ranochigo explained, if you lose your derivation path then you may never find it again, given the absolutely enormous number of possible derivation paths. Further, if you make a mistake it will be much harder to fix than with a private key.

With a WIF private key, we know the number of characters and it includes a checksum. If we miss out, add, swap, or substitute a character or two it is easy to brute force. With a derivation path we have no idea. If it is wrong you may have missed out an entire level, which could be any number, in any location, could be hardened or unhardened. You might have added a level, missed out or added hardening, etc. You could end up with a derivation path with 30, 50, 100 levels in it. Far easier to make a mistake when trying to write it down as back up.

ranochigo

legendary

Activity: 2954

Merit: 4158

Quote from: Hispo on September 20, 2021, 10:54:47 AM

Even with Hierarchical Deterministic wallets?

Yes. Your vanity addresses are going to be scattered around the different derivation paths, so if you need to use a specific address, you need to input quite a large and arbitrary number. If you don't remember the path, then you don't have access to your funds. It is obviously possible to bruteforce it but it would be too much effort and in certain cases not feasible. If you still have to take note of the derivation path and the index when using your wallet, then I reckon there is no benefits over a split key generation.

Vanitysearch is a common program used for individual vanity generation.

Hispo

legendary

Activity: 1162

Merit: 2025

Leading Crypto Sports Betting & Casino Platform

Quote from: pooya87 on September 19, 2021, 11:26:22 PM

Quote from: Hispo on September 19, 2021, 06:34:05 PM

I had something on my mind like a little program which would ask for the user to introduce their public key and then the prefix of choice, once that is done, the program would withdraw computing power from the computer to start looking for the desired address.

That's the principle that the third party vanity creators, or vanity pools use. They get user's public key and then report back a number that was added to that pubkey.
The problem here would be storing the final result. The cold storage still has to be updated with the final private key or at least the difference (the number of times G was added to the pubkey) should be stored so that user doesn't have to perform the same long operation each time they want to access the funds.

Do you know where could I find the program used by vanity creators?
Perhaps, knowing the path which leads to the desired address, one could manipulate Electrum (which would store the public keys of a Trezor or Ledger, in order to show de address)

Quote from: o_e_l_e_o on September 20, 2021, 03:43:01 AM

Quote from: odolvlobo on September 19, 2021, 10:37:22 PM

Quote from: Hispo on September 19, 2021, 06:34:05 PM

I thought this would be an advantage because if you are using a cold wallet, you could use vanity addresses without exposing the private keys.

Hey, that's not a bad idea.

Am I missing something here? It is trivially easy to use vanity addresses in a cold wallet without exposing the private keys using the more traditional methods of generating them.

Run your vanity generator on an airgapped computer, collect the private keys from all the addresses you want you use and import them in to an airgapped wallet such as Electrum. Then just take your addresses over to an online computer and create a watch only wallet with them.

I was thinking like, managing all your vanity with your main seed and without exposing it to the internet or an internet connected computer.

Something like: Go to your Ledger/Trezor, copy-paste your xpub to a program to get a vanity, you get a vanity address.
You want another?
You do the same again, and again all without managing several xpriv's, the only seed would keep stored withit the Trezor/Ledger the whole time.

The only problem I see would the the computing power and the fact the xpubs being exposed are still a problem, not as severe as seeds being exposed, though.

Quote from: ranochigo on September 20, 2021, 12:19:24 AM

Quote from: Hispo on September 19, 2021, 06:34:05 PM

I had something on my mind like a little program which would ask for the user to introduce their public key and then the prefix of choice, once that is done, the program would withdraw computing power from the computer to start looking for the desired address.

I thought this would be an advantage because if you are using a cold wallet, you could use vanity addresses without exposing the private keys.
Also, people who have several inputs/outputs may share customized addresses for differente purposes, how several people do already, but without managing several private keys.

By introducing complex derivation paths and indexes, you risk losing your funds if you don't know the exact path and index.

Even with Hierarchical Deterministic wallets?

pooya87

legendary

Activity: 3430

Merit: 10505

Quote from: o_e_l_e_o on September 20, 2021, 03:43:01 AM

Run your vanity generator on an airgapped computer,

Some people use old computers (an old second hand laptop for example) to use as a dedicated air-gap system to be used to store the offline wallet, sign,... Obviously such systems are slow and generating a vanity address within reasonable time is out of the question. Split key method could help in this case so that they can use their main system that may be stronger.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: odolvlobo on September 19, 2021, 10:37:22 PM

Quote from: Hispo on September 19, 2021, 06:34:05 PM

I thought this would be an advantage because if you are using a cold wallet, you could use vanity addresses without exposing the private keys.

Hey, that's not a bad idea.

Am I missing something here? It is trivially easy to use vanity addresses in a cold wallet without exposing the private keys using the more traditional methods of generating them.

Run your vanity generator on an airgapped computer, collect the private keys from all the addresses you want you use and import them in to an airgapped wallet such as Electrum. Then just take your addresses over to an online computer and create a watch only wallet with them.

ranochigo

legendary

Activity: 2954

Merit: 4158

Quote from: Hispo on September 19, 2021, 06:34:05 PM

I had something on my mind like a little program which would ask for the user to introduce their public key and then the prefix of choice, once that is done, the program would withdraw computing power from the computer to start looking for the desired address.

I thought this would be an advantage because if you are using a cold wallet, you could use vanity addresses without exposing the private keys.
Also, people who have several inputs/outputs may share customized addresses for differente purposes, how several people do already, but without managing several private keys.

Split-key vanity generation basically fulfills all that you're looking for, without additional complexity. By introducing complex derivation paths and indexes, you risk losing your funds if you don't know the exact path and index. In addition, because there is an extra step when converting your seed and an arbitrary derivation path and index during the generation, there is likely some additional resources needed in the process as well.

I can see a point if you're looking for multiple vanity addresses in succession within a seed. That would definitely be harder than just generating them individually.

pooya87

legendary

Activity: 3430

Merit: 10505

Quote from: Hispo on September 19, 2021, 06:34:05 PM

I had something on my mind like a little program which would ask for the user to introduce their public key and then the prefix of choice, once that is done, the program would withdraw computing power from the computer to start looking for the desired address.

That's the principle that the third party vanity creators, or vanity pools use. They get user's public key and then report back a number that was added to that pubkey.
The problem here would be storing the final result. The cold storage still has to be updated with the final private key or at least the difference (the number of times G was added to the pubkey) should be stored so that user doesn't have to perform the same long operation each time they want to access the funds.

odolvlobo

legendary

Activity: 4298

Merit: 3209

Quote from: Hispo on September 19, 2021, 06:34:05 PM

Quote from: odolvlobo on September 19, 2021, 04:35:29 AM

Is there an advantage to generating a vanity address from an extended key? Note that it is also slower than the standard method.

I thought this would be an advantage because if you are using a cold wallet, you could use vanity addresses without exposing the private keys.

Hey, that's not a bad idea.

Hispo

legendary

Activity: 1162

Merit: 2025

Leading Crypto Sports Betting & Casino Platform

Quote from: odolvlobo on September 19, 2021, 04:35:29 AM

Is there an advantage to generating a vanity address from an extended key? Note that it is also slower than the standard method.

Quote from: o_e_l_e_o on September 19, 2021, 05:05:30 AM

Quote from: odolvlobo on September 19, 2021, 04:35:29 AM

Is there an advantage to generating a vanity address from an extended key? Note that it is also slower than the standard method.

The only advantage I can see is that you can back up a single seed phrase and one or more derivation paths, rather than individual private keys, although if your derivation paths are particularly long or complex then there is just as much risk as making a mistake with them as there would be with a private key (and probably harder to brute force a mistake than it is with individual private keys).

I suppose as well when spending from your vanity address you'll have a ready made supply of change addresses available to you, which you wouldn't have with individual private keys.

Quote from: pooya87 on September 19, 2021, 05:52:37 AM

Quote from: o_e_l_e_o on September 19, 2021, 05:05:30 AM

I suppose as well when spending from your vanity address you'll have a ready made supply of change addresses available to you, which you wouldn't have with individual private keys.

Considering that a vanity address by nature is an address that is reused I don't think the ability to create more change addresses can be considered a benefit, the same address could be used for change as well.

I had something on my mind like a little program which would ask for the user to introduce their public key and then the prefix of choice, once that is done, the program would withdraw computing power from the computer to start looking for the desired address.

I thought this would be an advantage because if you are using a cold wallet, you could use vanity addresses without exposing the private keys.
Also, people who have several inputs/outputs may share customized addresses for differente purposes, how several people do already, but without managing several private keys.

pooya87

legendary

Activity: 3430

Merit: 10505

Quote from: o_e_l_e_o on September 19, 2021, 05:05:30 AM

I suppose as well when spending from your vanity address you'll have a ready made supply of change addresses available to you, which you wouldn't have with individual private keys.

Considering that a vanity address by nature is an address that is reused I don't think the ability to create more change addresses can be considered a benefit, the same address could be used for change as well.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: odolvlobo on September 19, 2021, 04:35:29 AM

Is there an advantage to generating a vanity address from an extended key? Note that it is also slower than the standard method.

The only advantage I can see is that you can back up a single seed phrase and one or more derivation paths, rather than individual private keys, although if your derivation paths are particularly long or complex then there is just as much risk as making a mistake with them as there would be with a private key (and probably harder to brute force a mistake than it is with individual private keys).

I suppose as well when spending from your vanity address you'll have a ready made supply of change addresses available to you, which you wouldn't have with individual private keys.

odolvlobo

legendary

Activity: 4298

Merit: 3209

Is there an advantage to generating a vanity address from an extended key? Note that it is also slower than the standard method.

Hispo

legendary

Activity: 1162

Merit: 2025

Leading Crypto Sports Betting & Casino Platform

Thanks everyone for the replies, I shall move the topic, so hopefully I will get even more help.

pooya87

legendary

Activity: 3430

Merit: 10505

It simply makes no sense to use an extended key to derive a single vanity address. Extended keys by nature are designed to be used for many child keys not only a single one. If you want to create 1 vanity address you have to generate 1 key (hence using an initial seed).

You can always adapt the method in a weird way though. For example the extended pubkey can be used as the seed, eg. use the pubkey at m/0'/0 to start the search and increment that key millions of times to find the desired address then compute its private key by adding the number of times you incremented the pubkey to the private key at m/0'/0.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: ?? on ??

No, neither can you get it from ypub or zpub.

Sure you can. Just use the xpub to derive addresses until you find the prefix you want.

Quote from: khaled0111 on September 14, 2021, 06:05:30 PM

As far as I know, you can derive only up to 2³¹-1 public addresses (non-hardened) from an xPub, so this might be the only limitation.

You can only have 2³¹ - 1 unhardened indexes at each level in the derivation path, but your derivation path can have a total of 255 additional levels after your master key m. That gives you a total of (2³¹ - 1)²⁵⁵ possible derivation paths which do not use any hardened derivations, which is still far in excess of the total number of valid public keys.

ranochigo

legendary

Activity: 2954

Merit: 4158

You can theoretically have more than enough derivation path to find the desired vanity addresses without having to switch keys. The prefix or the pattern of the addresses are independent of the seed or any other factors, so you'd have to keep track of the derivation path as well as the index. It can be quite tedious but it would allow you to have all of the vanity addresses being derived from a seed, but with differing path and non-sequential indexes.

Hispo

legendary

Activity: 1162

Merit: 2025

Leading Crypto Sports Betting & Casino Platform

Quote from: ?? on ??

Quote from: Hispo on September 14, 2021, 04:49:29 PM

I have got a question: Is it possible to get a vanity address from xpub?

No, neither can you get it from ypub or zpub.

To create vanity address, why do you not try the normal ways

[GUIDE] How To Create Vanity Address (Segwit)
[Guide] How to create your customized Bitcoin-Address (vanitygen) – step by step

I have already used the "normal way" to experiment..
I was holding up to the hope there was a more efficient way to generate them without force bruting a private key. Besides, handling a private key per vanityaddress is... not comfy.

But thanks for the straight forward reply.

Topic: [Beginner question] Vanity from Xpub (Read 292 times)