Do online and offline wallet computers need to have the same operating system?

etotheipi

legendary

Activity: 1428

Merit: 1093

Core Armory Developer

Quote from: Dabs on May 07, 2013, 02:49:27 AM

Ok, where again, is the documentation, explaining how the root and chain can produce the public keys only, without revealing the private keys?

From what I understand about bitcoin, at least in the QT client, it generates the private key first, then it derives the public key from that.

I'm guessing, I'm just curious about the "watching wallet" part, as that one is where all the public keys are coming from.

There's not good documentation about it. It's a mathematical trick, made possible by elliptic curve math, that requires a little bit of math background to really understand.

It allows you to create one one private key, compute that one public key from it, and then give them both the same random number (chaincode). From that, you can produce a [near-]infinite string of private keys on the offline computer, and the [near-]infinite string of public keys on the online computer, knowing that they are the public keys associated with the offline computer private keys. The online computer only needs the root public key and chaincode to do the computation.

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Ok, where again, is the documentation, explaining how the root and chain can produce the public keys only, without revealing the private keys?

From what I understand about bitcoin, at least in the QT client, it generates the private key first, then it derives the public key from that.

I'm guessing, I'm just curious about the "watching wallet" part, as that one is where all the public keys are coming from.

13Charlie

full member

Activity: 218

Merit: 100

Quote from: notig on March 01, 2013, 11:50:35 PM

One question I have though... you mention "private keys" in plural. Doesn't it just generate one private key? (is there a point of a wallet having more than 1 private key? I know having multiple public keys can be good because you may not want people watching your transactions)

Seems that you have been misinformed.
Every public Bitcoin address has it's own individual private key. If you have a wallet with 154 public addresses, you have a wallet with 154 private keys.

etotheipi

legendary

Activity: 1428

Merit: 1093

Core Armory Developer

Quote from: notig on March 01, 2013, 11:50:35 PM

I'm fairly comfortable with the idea and I am going to give it a try. One question I have though... you mention "private keys" in plural. Doesn't it just generate one private key? (is there a point of a wallet having more than 1 private key? I know having multiple public keys can be good because you may not want people watching your transactions)

It's best to use a different address for every transaction you receive. Otherwise, every person you transact with will be able to see every transaction you've ever made and your entire balance. That's a pretty serious privacy issue, especially if you hold a lot of Bitcoins.

Every time you hit the "Receive Bitcoins" button, you're going to get the next address in that infinite chain of addresses. Since thye're all derived from that initial seed, you don't have to backup each one of them, you only have to backup the seed. If your HDD dies, you only have to install Armory on another computer and "Restore from Paper Backup." Armory will recompute all the same addresses, and show you the same balance you had before. You'll still lose all the comments/labels that were stored in the other wallet, but better than losing the coins!

notig

sr. member

Activity: 294

Merit: 250

Quote from: etotheipi on March 01, 2013, 10:58:22 PM

Quote from: notig on March 01, 2013, 10:53:02 PM

Quote from: etotheipi on March 01, 2013, 10:32:25 PM

Any OS that handles USB keys will work (and runs Armory). See the Armory Quick Start Guide

As for memorizing the data... it's a lot of data, and it's not in a good form to memorize it. As Justus pointed out, you would want to memorize the root key and chain code, since all private keys are derived from that, but it is 64 bytes (128 hex characters). I don't know if you can/should try to memorize that. And I don't support any such activities that lead to your life savings going to the grave with you when you get hit by a bus ...

ahaa. Well I wouldn't plan to not make any backups. I would just feel an additional layer of security if I also had it memorized. 128 is not hard for me. I did a bet once when I was little where I remembered pie to 100 digits in I think 1 hour.

I don't really know what a deterministic wallet is so I'll read about it.

So there is a root key and a chain code and it derives more than one private key?

With a deterministic wallet, there is a root piece of information (in Armory it's a "Root Key" and "Chain Code", in other applications it's just a "seed"). In all cases, that root information is used to derive all addresses ever created by the wallet. If the wallet is destroyed, you can "Restore Paper Backup" and put that data back in, and it will generate the same [almost-]infinite sequenece of addresses it did the first time.

Even more importantly, because of the algorithm it uses to derive the private keys, you can actually generate the same sequence of addresses only knowing the public keys. Hence the "watching-only wallet" -- you copy it once from the offline computer to online computer (it's just a copy of the wallet but without the private keys blanked out), and it will produce the same sequence of public keys (and hence, addresses) as the full wallet does on the offline computer. So you can use the watching-only wallet identically to a full wallet (generate addresses, monitor incoming payments), but you just can't send funds without getting a signature from the offline computer.

I think the process is documented well enough in the program itself, and there's the Offline Wallet Tutorial for backup. Let me know if you still find anything confusing!

-Alan

I'm fairly comfortable with the idea and I am going to give it a try. One question I have though... you mention "private keys" in plural. Doesn't it just generate one private key? (is there a point of a wallet having more than 1 private key? I know having multiple public keys can be good because you may not want people watching your transactions)

On a last note... I heard in an upcoming bitcoin client release (not sure if it's true) that they will some integrate vanity addresses. Is that also possible with armory?

etotheipi

legendary

Activity: 1428

Merit: 1093

Core Armory Developer

Quote from: notig on March 01, 2013, 10:53:02 PM

Quote from: etotheipi on March 01, 2013, 10:32:25 PM

Any OS that handles USB keys will work (and runs Armory). See the Armory Quick Start Guide

As for memorizing the data... it's a lot of data, and it's not in a good form to memorize it. As Justus pointed out, you would want to memorize the root key and chain code, since all private keys are derived from that, but it is 64 bytes (128 hex characters). I don't know if you can/should try to memorize that. And I don't support any such activities that lead to your life savings going to the grave with you when you get hit by a bus ...

ahaa. Well I wouldn't plan to not make any backups. I would just feel an additional layer of security if I also had it memorized. 128 is not hard for me. I did a bet once when I was little where I remembered pie to 100 digits in I think 1 hour.

I don't really know what a deterministic wallet is so I'll read about it.

So there is a root key and a chain code and it derives more than one private key?

With a deterministic wallet, there is a root piece of information (in Armory it's a "Root Key" and "Chain Code", in other applications it's just a "seed"). In all cases, that root information is used to derive all addresses ever created by the wallet. If the wallet is destroyed, you can "Restore Paper Backup" and put that data back in, and it will generate the same [almost-]infinite sequenece of addresses it did the first time.

Even more importantly, because of the algorithm it uses to derive the private keys, you can actually generate the same sequence of addresses only knowing the public keys. Hence the "watching-only wallet" -- you copy it once from the offline computer to online computer (it's just a copy of the wallet but without the private keys blanked out), and it will produce the same sequence of public keys (and hence, addresses) as the full wallet does on the offline computer. So you can use the watching-only wallet identically to a full wallet (generate addresses, monitor incoming payments), but you just can't send funds without getting a signature from the offline computer.

I think the process is documented well enough in the program itself, and there's the Offline Wallet Tutorial for backup. Let me know if you still find anything confusing!

-Alan

notig

sr. member

Activity: 294

Merit: 250

Quote from: etotheipi on March 01, 2013, 10:32:25 PM

Any OS that handles USB keys will work (and runs Armory). See the Armory Quick Start Guide

As for memorizing the data... it's a lot of data, and it's not in a good form to memorize it. As Justus pointed out, you would want to memorize the root key and chain code, since all private keys are derived from that, but it is 64 bytes (128 hex characters). I don't know if you can/should try to memorize that. And I don't support any such activities that lead to your life savings going to the grave with you when you get hit by a bus ...

ahaa. Well I wouldn't plan to not make any backups. I would just feel an additional layer of security if I also had it memorized. 128 is not hard for me. I did a bet once when I was little where I remembered pie to 100 digits in I think 1 hour.

I don't really know what a deterministic wallet is so I'll read about it.

So there is a root key and a chain code and it derives more than one private key?

edit: what advantages would there be of using armory to say... just going to bitaddress.org and printing out a paper wallet backup? I guess you could perform transactions easier with armory so if you spent your coins often it would help....

etotheipi

legendary

Activity: 1428

Merit: 1093

Core Armory Developer

Any OS that handles USB keys will work (and runs Armory). See the Armory Quick Start Guide

As for memorizing the data... it's a lot of data, and it's not in a good form to memorize it. As Justus pointed out, you would want to memorize the root key and chain code, since all private keys are derived from that, but it is 64 bytes (128 hex characters). I don't know if you can/should try to memorize that. And I don't support any such activities that lead to your life savings going to the grave with you when you get hit by a bus ...

justusranvier

legendary

Activity: 1400

Merit: 1013

Quote from: notig on March 01, 2013, 09:48:31 PM

one other related question........ will armory let you see your own private key on the offline computer in case you want to memorize it as well?

I think so. For sure it shows up when you print out a paper backup.

Note that Armory uses a deterministic wallet so all the keys are generated from one private key and a chain code.

notig

sr. member

Activity: 294

Merit: 250

one other related question........ will armory let you see your own private key on the offline computer in case you want to memorize it as well?

notig

sr. member

Activity: 294

Merit: 250

thanks. I guess i'll get a netbook after all then.

justusranvier

legendary

Activity: 1400

Merit: 1013

No. A transaction is just data, it has nothing to do with the OS.

notig

sr. member

Activity: 294

Merit: 250

Suppose you want to sign transactions with the offline computer. Is it necessary they are the same OS?

Topic: Do online and offline wallet computers need to have the same operating system? (Read 1105 times)