Does a multi-sig wallet protect from random private key attacks?

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: nosferatu8701 on May 11, 2022, 09:15:18 AM

I ran it randomly. I'm not concerned that someone will guess my private key with the intention of guessing "my" private key. I'm concerned about somebody stumbling upon my private key by running these softwares at scale (one instance can run 1 million combinations per second. If someone were to run 10,000 instances they will most likely come across keys which have bitcoin in them)

Is it still that random if you came across keys which someone has already swept? It definitely doesn't sound very random to me.

The key space is 2^256. Do the calculations for someone running 1 million instances of 1 million tries per second. How long would it take for someone to find a key assuming that there are 2 billion keys currently. There is tons of math being done on this, so it might be better to just google it first. We would've done something about it if it is really a security risk.

Rate: 1,000,000 * 1,000,000
Key space: 2^256
Number of keys: 2,000,000,000

Ps. That is still many many times of earth's existence.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: nosferatu8701 on May 10, 2022, 11:53:31 PM

This is the post and the other comments that follow it.

https://www.reddit.com/r/Bitcoin/comments/ukuzsu/comment/i7ru02b/?utm_source=share&utm_medium=web2x&context=3

My primary concern is dictionary attacks.

That post refer to 24 words recovery phrase generated by Ledger. But he's being paranoid since brute-forcing 24 words combination with 2048 words as dictionary is very expensive. It's different case if he don't trust RNG on Ledger.

Quote from: nosferatu8701 on May 10, 2022, 11:53:31 PM

I know and have tried using rotorcuda and fialka to run random private key attacks and trying to find private keys. In fact, I have already found a few private keys (unfortunately they were already emptied before by someone else).

Did you run it randomly or on very specific range?

nosferatu8701

newbie

Activity: 7

Merit: 24

Quote

Did you run it randomly or on very specific range?

I ran it randomly. I'm not concerned that someone will guess my private key with the intention of guessing "my" private key. I'm concerned about somebody stumbling upon my private key by running these softwares at scale (one instance can run 1 million combinations per second. If someone were to run 10,000 instances they will most likely come across keys which have bitcoin in them)

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: nosferatu8701 on May 10, 2022, 11:53:31 PM

In fact, I have already found a few private keys (unfortunately they were already emptied before by someone else).

If I choose a number between 2 and 4 and not choose 2 and 4 themselves and you guess my number that doesn't mean you can read my mind.

That is the simple way of saying what you have found is not a "normal" private key. You have found the solution to some sort of puzzle where you searched in an extremely reduced search space.

Quote

~ run such brute force attacks for random keys ~

Why do you think those keys were "random"?

Quote

I'm sure that North Korea and other big malicious actors would be running far bigger operations to brute force random keys.

Not just NK but if all the 194 countries joined forces and tried brute forcing bitcoin private keys and continued doing it for decades, they still wouldn't be able to find any.

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: nosferatu8701 on May 10, 2022, 11:53:31 PM

This is the post and the other comments that follow it.

https://www.reddit.com/r/Bitcoin/comments/ukuzsu/comment/i7ru02b/?utm_source=share&utm_medium=web2x&context=3

My primary concern is dictionary attacks. I know and have tried using rotorcuda and fialka to run random private key attacks and trying to find private keys. In fact, I have already found a few private keys (unfortunately they were already emptied before by someone else). However, this is very much a possibility. The fact that me, an individual can run such brute force attacks for random keys with little knowledge concerns me. I'm sure that North Korea and other big malicious actors would be running far bigger operations to brute force random keys. I may go so far as to even say that these whale alerts that we see on twitter (that some bitcoin was moved after 10-11 years) may be such crackers stumbling on these private keys.

I want to protect myself from such attacks by using multi sig. My assumption was that the Bitcoin chain requires the 2 signatures and this enforcement is done on chain. However those reddit comments and the ones in this thread too suggest otherwise.

That is just fear mongering. Dictionary attacks and bruteforce attacks of that sorts are meant to target non-random and weak keys. They are neither effective, in terms of time and space as well as the cost to yield anything. Anyone can run brute force attacks to generate millions and millions of keys but with the key space so big, it would be impossible for them to find anything at all.

There is nothing to protect at all because no one in the world can feasibly bruteforce any keys generated correctly. If they could, then we would've done something about it by now.

nosferatu8701

newbie

Activity: 7

Merit: 24

Quote from: dkbit98 on May 09, 2022, 10:33:00 AM

Quote from: nosferatu8701 on May 08, 2022, 03:52:00 AM

Is the above true? If an attacker were to randomly come across my private key, he can move the funds without requiring the origin keys that resulted in the multi sig?

I never heard of a single case of anyone losing coins with multisig setup with attack like you mentioned, and I couldn't find anything about reddit topic talking about this, so maybe you should post a link for us to see.
I know that more more co-signers you have in multisig setup, the harder it will be for attacker to stole your coins, and I don't see any real threat with this.
With new taproot addresses all transactions like the same, so there is no way you could know if transaction is single or multi sig, but that is not the case with older address types.

This is the post and the other comments that follow it.

https://www.reddit.com/r/Bitcoin/comments/ukuzsu/comment/i7ru02b/?utm_source=share&utm_medium=web2x&context=3

My primary concern is dictionary attacks. I know and have tried using rotorcuda and fialka to run random private key attacks and trying to find private keys. In fact, I have already found a few private keys (unfortunately they were already emptied before by someone else). However, this is very much a possibility. The fact that me, an individual can run such brute force attacks for random keys with little knowledge concerns me. I'm sure that North Korea and other big malicious actors would be running far bigger operations to brute force random keys. I may go so far as to even say that these whale alerts that we see on twitter (that some bitcoin was moved after 10-11 years) may be such crackers stumbling on these private keys.

I want to protect myself from such attacks by using multi sig. My assumption was that the Bitcoin chain requires the 2 signatures and this enforcement is done on chain. However those reddit comments and the ones in this thread too suggest otherwise.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: nosferatu8701 on May 08, 2022, 03:52:00 AM

Is the above true? If an attacker were to randomly come across my private key, he can move the funds without requiring the origin keys that resulted in the multi sig?

I never heard of a single case of anyone losing coins with multisig setup with attack like you mentioned, and I couldn't find anything about reddit topic talking about this, so maybe you should post a link for us to see.
I know that more more co-signers you have in multisig setup, the harder it will be for attacker to stole your coins, and I don't see any real threat with this.
With new taproot addresses all transactions like the same, so there is no way you could know if transaction is single or multi sig, but that is not the case with older address types.

pooya87

legendary

Activity: 3472

Merit: 10611

What you need to know about the attacks that you are thinking of is that such attacks don't affect you alone, they affect Bitcoin as a whole. Meaning for example if people could find HASH160 collisions, find public key (hash) collisions, script (hash) collisions and generally speaking anything that would let them spend someone else's coins and successfully pull off the attack, Bitcoin that we know will no longer exist so it won't matter if you are holding your coins in a multi-sig address.

The reason why Bitcoin works and keeps on growing is because such attacks are not possible and if there were the smallest possibilities of these attacks becoming possible in near future we would have changed the algorithm already.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: nosferatu8701 on May 08, 2022, 03:52:00 AM

I am currently using a multi-sig setup for my bitcoin wallet (Sparrow wallet).

Does using a multi-sig wallet protect me from random private key guessing attacks?

The answer depends on the script that is inside the coin inputs that you are trying to spend.

A random address sending you an output to a multisig address can be swiped if its individual private key is known, because the input (unlocking) script is a simple HASH160 call.

But if the multisig wallet creates a transaction and ensures that in the scripts of any outputs that signatures from two or more private keys are required, then this provides some resistance from these attacks.

In any case, if the wallet is multi-sig in name only (that only from the application the outputs need to be signed by multiple users but it emits normal output scripts to the blockchain), then it is just as vulnerable to a regular wallet.

Also, when sending a transaction to a multi-sig wallet, the software doesn't necessarily know whether the sending address is multisig (assume the address is not inside the wallet for this), so it cannot really send another transaction with the "proper" multisig script format.

nc50lc

legendary

Activity: 2534

Merit: 6080

Self-proclaimed Genius

Quote from: nosferatu8701 on May 08, 2022, 03:52:00 AM

-snip-
Is the above true? If an attacker were to randomly come across my private key, he can move the funds without requiring the origin keys that resulted in the multi sig?

It's true, but not in that scenario (are those the actual words from the source?).
The attacker could come across a different private key that produces a "scriptHash" that's exactly the same as your MultiSig's scriptHash.
In that case, he can use his own "redeem Script" and prvKey to spend your funds.
It's about the "collision" explained by BlackHatCoiner.

Quote from: nosferatu8701 on May 08, 2022, 05:15:04 AM

I used to think that multi sig is enforced on chain and the chain would require signature of both keys to move the funds.

If we disregard the collision of the scriptHash, just base it from your question above:
If the attacker came across your private key and want to spend the funds of the MultiSig setup, then he needs to come across the cosigners' private keys too.

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

Quote from: nosferatu8701 on May 08, 2022, 05:15:04 AM

I used to think that multi sig is enforced on chain and the chain would require signature of both keys to move the funds.

But, there's no way to distinguish if a P2SH is multi-sig (unless it's spent coins). It's in the form of "OP_HASH160

Topic: Does a multi-sig wallet protect from random private key attacks? (Read 227 times)