Author

Topic: Does revealing one private key compromise an entire deterministic wallet? (Read 900 times)

legendary
Activity: 1204
Merit: 1002
RUM AND CARROTS: A PIRATE LIFE FOR ME
Does that mean I should create a new electrum wallet?

are you in some sort of situation you're not mentioning? It's hard for people to give you advice to such a vague question.
legendary
Activity: 1400
Merit: 1013
If it is using the 'type-2' public derivation, e.g. as is the case for all keys in a current armory wallet (IIRC), and the attacker knows the extended public key (e.g. attacker has a watching wallet) then yes.

This is why in BIP32 the recommended top level uses the 'type-1' private derivation which doesn't have this surprising property (but also lacks the nifty ability for a untrusted party to generate addresses for the wallet).
That's why I think implementations should add an extra level of structure such that you create a different xpub for every entity from whom you receive funds.

I know, quadratic scaling, but it's worth it for the added safety.
newbie
Activity: 13
Merit: 0
Does that mean I should create a new electrum wallet?
staff
Activity: 4284
Merit: 8808
If it is using the 'type-2' public derivation, e.g. as is the case for all keys in a current armory wallet (IIRC), and the attacker knows the extended public key (e.g. attacker has a watching wallet) then yes.

This is why in BIP32 the recommended top level uses the 'type-1' private derivation which doesn't have this surprising property (but also lacks the nifty ability for a untrusted party to generate addresses for the wallet).
legendary
Activity: 1400
Merit: 1013
newbie
Activity: 13
Merit: 0
Does revealing one private key compromise an entire deterministic wallet? 
Jump to: