Author

Topic: Do I understand wallets correctly? (Read 717 times)

member
Activity: 111
Merit: 10
December 03, 2017, 03:27:45 PM
#8
Thanks decryptionary  Grin I checked out your site, loved it and have recommended it to a bunch of people!
newbie
Activity: 23
Merit: 0
December 03, 2017, 12:12:10 PM
#7
Quote
Everything checks except here. There are 2 types of Desktop wallets. One is as you described "full client" that downloads whole blockchain but there are some wallets that are SPV wallets. They don't need to keep whole blockchain, only fraction of it to be able serve as wallet Smiley.

If you are looking for really simple definitions of things like wallet, keys, address, and SPV I'd like to invite you to check out my passion project. It's called Decryptionary and it's the simplest crypto dictionary.

You can find a simple definition of SPV at this link:

https://decryptionary.com/dictionary/simplified-payment-verification/

If you're a beginner, I recommend you check out my walkthroughs. They'll introduce you to crypto, show you how to buy your first coins and keep them safe.

https://decryptionary.com/what-is-cryptocurrency/
legendary
Activity: 2296
Merit: 1014
June 18, 2017, 05:56:35 AM
#6
Types of wallet
Desktop
You download the blockchain and have a copy of the keys and wallet address.

Everything checks except here. There are 2 types of Desktop wallets. One is as you described "full client" that downloads whole blockchain but there are some wallets that are SPV wallets. They don't need to keep whole blockchain, only fraction of it to be able serve as wallet Smiley.
SPV clients are multibit and electrum.
newbie
Activity: 20
Merit: 0
June 18, 2017, 04:45:22 AM
#5
Thank you so much for all the information in your responses. Nobody here has to spend the time reading and replying to my (long) OP so thank you for time. There's so much info it's difficult for me to respond to each point but I have certainly learned a lot from reading through. I will continue to try to understand how the blockchains work and how transactions are made but I feel its going to take some time before it all sinks in! I'll keep re-reading achow101's part about scripts and look into this further.

As a newbie to it all, I feel its important to properly understand how wallets work and the responses to my OP really have helped. In doing this a lot of other questions can be answered. I did try Jaxx and have accrued a small balance but the security issue that popped up in the news (and, for me, its quite buggy) reduced my confidence in that type of wallet. I don't want to use online wallets so I will just have to 'bite the bullet' and buy a couple of big drives for a RAID 1 array and download the blockchains. I don't really plan on spending my balances, just exchanging until I have enough to let (hopefully) appreciate so eventually I'll probably use paper wallets.   

There's a lot of good info here so I hope others will find these messages and learn from them.

Thank you!
legendary
Activity: 4466
Merit: 3391
June 06, 2017, 04:44:55 PM
#4
Unfortunately, people mistakenly use "public key" when they mean "Bitcoin address". Here are simple definitions:
  • seed - Used by a wallet to generate private keys. Keep this secret because anyone with this can generate your private keys and spend your bitcoins.
  • private key - Necessary to spend bitcoins. Keep this secret because anyone with your private keys can spend your bitcoins.
  • public key - Derived from a private key.
  • Bitcoin address - Derived from a public key. In very simple terms, bitcoins are sent to a Bitcoin address.
  • wallet - Tracks balances. Creates transactions. A wallet holds typically holds a seed, but may also (or instead) hold private keys.
  • passphrase - used to encrypt a seed, wallet file, or private key. It is not a seed.

Transactions are not encrypted. The private key is used to sign a transaction. The signature and public key (which are included in the transaction) prove that you have the private key that corresponds to the bitcoin address of the bitcoins being spent and that the transaction has not been tampered with.

Your description of an online wallet is not quite accurate. The reality is that the site (Coinbase, for example) has a wallet. You do not have a wallet, you have an account. If bitcoins are sent to your deposit address (in their wallet), your account is credited. If you want to spend bitcoins, they send bitcoins from their wallet to the address you specify and debit your account. Also, if you send bitcoins to someone else on the site, the proper accounts are credited and debited and there is no transaction on the block chain.

Bitcoin has wallets that don't require you to download the entire block chain. Most currencies don't, so you will have to download the block chain or store your coins in somebody else's wallet.
staff
Activity: 3458
Merit: 6793
Just writing some code
June 06, 2017, 12:50:34 PM
#3
When a Bitcoin is sent to your public key the message is sent encrypted. Your private key is able to decrypt this info so that the transaction completes. In the unlikely event that somebody is able to create your public key from thier private key, your private key adds a signature to the public key to verify it was derived from your private key. This ensures that the private key that made the public key is the only key that can decrypt messages sent to the public key. This signature check is only made when the received Bitcoins are attempted to be spent/exchanged. It is only at this point it will be known if a 'hacker' private key received the transaction.
No. There is no encryption that goes on in transactions or blocks. There isn't even anything "sent" to a public key nor is there any such an object as a "Bitcoin". How transactions actually work is that outputs are created which have a specific set of requirements that must be met in order to be allowed to spend from the output. Those requirements are in the form of a script. The script is a mini program that is executed when another transaction is created that spends from that output. It actually consists of two parts, the output script (which goes in the output being spent), and the input script (which goes in the inputs section of the transaction spending the output). When concatenated together (input script cat with output script), the script must result in true by the end of its execution.

Public and private keys come into this because the most common output type requires signature checking. It is called Pay to Pubkey Hash (P2PKH). These outputs require that a signature and public key are provided in the input script. The output script specifies that the hash of the public key must match the hash provided in the output (that hash comes from the Bitcoin address). Then it specifies that the
signature verifies to the public key with the message it signed being a special form of the spending transaction.

Wallet, spends/exchanges
A wallet is a collection of keys (private, public, wallet address) used to access/view relevant parts of the blockchain (the information, not the actual data). This is almost always some software to put these keys to use. Using your private key you can view the amount of Bitcoins you own, send payments and make a public key so that you can receive payments. The wallet is given an address that is a hash derived from the public key. Payments can be made to this wallet address. All I know is that the wallet address is used as an extra level of protection from private keys being reverse engineered from a public key. This is because the signiture check is only made when the received funds are attempted to be used. The wallet address hash adds protection through extra security and discouragement associated to the time element.
There is no such thing as a wallet address. There are multiple Bitcoin addresses in a wallet, but only one associated with each public key. There is not a single address for one wallet though.

Addresses serve other purposes too. They are much smaller than a public key so it moves the cost from the sender to the receiver. They are also shorter and easier to remember and give out than public keys.

Desktop
You download the blockchain and have a copy of the keys and wallet address.
Not necessarily. You don't need to have the full blockchain for the vast majority of desktop wallets. These wallets are called SPV wallets and they only need the headers chain. SPV wallets rely on other people running full nodes and connect to these full nodes with some special parameters. This way they can find out about their transactions and the blocks they are included in but don't need to actually download the entire blockchain. However you do lower your security and privacy in doing this as you are trusting someone else not to give you bad information.

These keys are stored in wallet.dat (or similar). You absolutely must make backups of this file.
Only 1 wallet actually uses a wallet.dat file; every wallet has its own wallet file and format, the wallet.dat is just the one specific to Bitcoin Core.

If you take the desktop wallet route, do you need to download the blockchain for all the currencies you use? I ask because at first I wanted to mine Ethereum. It took 10hrs to download the blockchain and takes up 20gb of my 128gb bootdrive. Space is one thing but the time it all takes is something akin to late 90's downloading. I should have done more reading because the dag is bigger than my vram. So I tried Monero. This didn't download any blockchain and just works by typing in a single line command into the miner and its off. Can desktop wallets work without downloading the blockchain?

My next task is to decide on a wallet... I thought about using the official desktop wallet for each currency I use but the blockchain download is putting me off. Any suggestions?
For the best security and privacy, you should use the wallet which downloads the entire blockchain.
legendary
Activity: 1568
Merit: 1031
June 06, 2017, 11:45:17 AM
#2
You are pretty much correct in almost everything you said. An online wallet however doesn't necessarily store your private keys, an exchange does though. If we take Blockchain.info wallet for example, the wallet.dat is indeed on their physical servers however the password that encrypts these wallets is not stored in their database which means you are the only one who can decrypt it, Its still unsafe to use them though, as online wallets are usually a target for hacking and anyone with access to the wallet file could try and brute force it.

Desktop wallets doesn't necessarily download the blockchain file. We have SPV wallets today like Electrum that doesn't need to download anything in order to work. Having a backup of wallet.dat is necessary in some wallets and not in others, some wallets use BIP39 or BIP44. In that case, you will need to take the backup of the passphrase given to you by the wallet (12 words in electrum's case -- taking the wallet.dat backup + password that encrypts it works too)

We also have some wallets that support multiple currencies such as Exodus.io, Jaxx.io and a few others, downloading the blockchain is not necessary in these cases.
newbie
Activity: 20
Merit: 0
June 06, 2017, 06:18:55 AM
#1
For the past day or so I have been trying to get my head around Bitcoins; where they come from and how they are managed. This is my understanding so far. Please could somebody tell me if I understand correctly? The info returned from google is a bit of a minefield and I don't really know what to take on board or ignore. I'm even having trouble working out what type of wallet some providers offer! A lot of websites just churn out sales patter about how secure and safe everything is... blah blah blah, but with minimal info about how they look after your keys.

My understanding so far,
Private/public keys
All Bitcoins are essentially held within the blockchain. The Bitcoins you own are protected by your private key. You need to know the private key to send/exchange Bitcoins.
This key is obviously something you don't want the world to know so a public key is derived from the private key. The private key cannot be found using the public key. Bitcoins cannot be sent using the public key but it can be made public so that you can receive Bitcoins.

When a Bitcoin is sent to your public key the message is sent encrypted. Your private key is able to decrypt this info so that the transaction completes. In the unlikely event that somebody is able to create your public key from thier private key, your private key adds a signature to the public key to verify it was derived from your private key. This ensures that the private key that made the public key is the only key that can decrypt messages sent to the public key. This signature check is only made when the received Bitcoins are attempted to be spent/exchanged. It is only at this point it will be known if a 'hacker' private key received the transaction.

Wallet, spends/exchanges
A wallet is a collection of keys (private, public, wallet address) used to access/view relevant parts of the blockchain (the information, not the actual data). This is almost always some software to put these keys to use. Using your private key you can view the amount of Bitcoins you own, send payments and make a public key so that you can receive payments. The wallet is given an address that is a hash derived from the public key. Payments can be made to this wallet address. All I know is that the wallet address is used as an extra level of protection from private keys being reverse engineered from a public key. This is because the signiture check is only made when the received funds are attempted to be used. The wallet address hash adds protection through extra security and discouragement associated to the time element.

Types of wallet
Online
The provider downloads the bloackchain for you, keeps hold of your private key (and associated public and wallet address) and you access it all using a username and password.
Desktop
You download the blockchain and have a copy of the keys and wallet address. These keys are stored in wallet.dat (or similar). You absolutely must make backups of this file.
Hardware
The keys are stored on a hardware device.
Paper
The keys are printed onto paper.

Hot store are keys that are produced/stored on a computer connected to the internet.
Cold store are keys produced/stored on a computer not connected to the internet.

I much prefer the idea of having a program (wallet) installed on my computer that gives me a file that is my private key so I can keep this key on a SD card (or three). I do this with pretty well everything... an sd card to decrypt my boot drive, an sd card with my password manager file (and another for the key to open the file) etc etc. I keep anything that can give access to something on its own sd card, along with a backup card.

If you take the desktop wallet route, do you need to download the blockchain for all the currencies you use? I ask because at first I wanted to mine Ethereum. It took 10hrs to download the blockchain and takes up 20gb of my 128gb bootdrive. Space is one thing but the time it all takes is something akin to late 90's downloading. I should have done more reading because the dag is bigger than my vram. So I tried Monero. This didn't download any blockchain and just works by typing in a single line command into the miner and its off. Can desktop wallets work without downloading the blockchain?

My next task is to decide on a wallet... I thought about using the official desktop wallet for each currency I use but the blockchain download is putting me off. Any suggestions?

If you're reading this you got to the end of my looong message!
Thank you for reading and any help
Jump to: