Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Author

Topic: Does revealing one private key spoil the seed? (Read 327 times)

Abdussamad
legendary
Activity: 3612
Merit: 1564
Does revealing one private key spoil the seed?
November 22, 2017, 10:03:47 AM
#8
Quote from: squarepeg on November 22, 2017, 09:52:50 AM
I see now why it would be recommended to move your coins to a new wallet.  However, the instructions on the electrum site only said to move to a completely new wallet if you planned to enter the seed into something untrustworthy like Electron Cash wallet.

Thing is sometimes people reuse addresses even if they shouldn't be doing it. So having potentially compromised addresses in a wallet is reason enough for me to create a new wallet IMO. Why risk it?

Quote
I see your point that it is only a vulnerability if the master public key is also revealed, but Electrum doesn't encrypt its watching wallets, so if you ever run a watching wallet on an internet-connected computer, there is a risk that the master public key could have been compromised at some point in time.  I don't think you have to actually display the public master key on your screen for it to be vulnerable to malware.

Well this is a whole different level of paranoia. I for one don't believe that having an unencrypted MPK on your file system somewhere means hackers have read that file and gotten their hands on my MPK. And if you're worried about things displayed on your screen then what about your seed? It was displayed on your screen when you created your wallet. I suppose someone could deploy a TEMPEST like system to get to you!
squarepeg
newbie
Activity: 13
Merit: 0
Re: Does revealing one private key spoil the seed?
November 22, 2017, 09:52:50 AM
#7
I see now why it would be recommended to move your coins to a new wallet.  However, the instructions on the electrum site only said to move to a completely new wallet if you planned to enter the seed into something untrustworthy like Electron Cash wallet.

Even if you move all your bitcoins to a new wallet, if you access your bitcoin cash first, then your bitcoin gold is exposed and vulnerable the instant you reveal the private keys in order to sweep the bitcoin cash into a bitcoin cash wallet, and vice versa.  There's really no way to do everything simultaneously -- something will always be at risk.

I see your point that it is only a vulnerability if the master public key is also revealed, but Electrum doesn't encrypt its watching wallets, so if you ever run a watching wallet on an internet-connected computer, there is a risk that the master public key could have been compromised at some point in time.  I don't think you have to actually display the public master key on your screen for it to be vulnerable to malware.
Abdussamad
legendary
Activity: 3612
Merit: 1564
Re: Does revealing one private key spoil the seed?
November 22, 2017, 09:43:06 AM
#6
Before trying to claim alt-coins you're supposed to move your coins to a new electrum wallet not just a different address in the same wallet. You can create a new wallet via file > new/restore.

The exposure of an address' private key by itself does not compromise your wallet. An attacker would also need the master public key of your wallet. That doesn't get exposed unless you actually expose it yourself. You can view the master public key via wallet > information. One use case for it is to create watch-only wallets.
squarepeg
newbie
Activity: 13
Merit: 0
Re: Does revealing one private key spoil the seed?
November 22, 2017, 09:21:05 AM
#5
Oh wow.  That really is disturbing.  I wish that Electrum had issued some kind of warning when I chose to display a private key.

The problem is that since Electrum is incompatible with bitcoin cash and bitcoin gold, there's really no way to access those coins without moving the individual private keys into another wallet.  I thought that would be safe to do provided the associated address was empty of bitcoin and would never be used again.  Very scary to hear that when combined with the public master key, that's enough to compromise other addresses generated from the same seed.
Lucius
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Re: Does revealing one private key spoil the seed?
November 22, 2017, 06:53:38 AM
#4
Quote from: squarepeg on November 21, 2017, 07:11:41 AM
I would be interested to know the theory behind this.  If the only attack is that you could try a bunch of random seeds and try to find one that generates a given private key, that's not any more viable than trying a bunch of random seeds and finding one that generates a given address.  So what is the mechanism by which you can reverse engineer a seed from one or more private keys?

I think it's difficult to give a precise answer to this question,and I'm not really familiar with the technique that would make it possible to create seed just from one private key.There is also very little discussion about it,although most agree that exposure of private key from Electrum may endanger the safety of whole wallet.What I was found that if you expose one private key+master public key it is possible to get your master private key.

There is one interesting discussion on this subject you can read and if you use search option on forum maybe you find something else.

https://bitcointalksearch.org/topic/how-electrum-works-why-you-should-be-careful-with-your-private-keys-657205
squarepeg
newbie
Activity: 13
Merit: 0
Re: Does revealing one private key spoil the seed?
November 21, 2017, 07:11:41 AM
#3
I would be interested to know the theory behind this.  If the only attack is that you could try a bunch of random seeds and try to find one that generates a given private key, that's not any more viable than trying a bunch of random seeds and finding one that generates a given address.  So what is the mechanism by which you can reverse engineer a seed from one or more private keys?
Lucius
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Re: Does revealing one private key spoil the seed?
November 21, 2017, 06:45:39 AM
#2
Quote from: squarepeg on November 21, 2017, 05:08:03 AM
I think the answer to this is "no", but would appreciate confirmation.  Thanks.  I want to make sure the other addresses in my wallet are still secure, even after revealing the private key to one of the addresses.

Private keys in Electrum wallet are generated from seed,so if you expose only one private key theoretically it is possible to generate seed from that private key.For that reason it is not smart to export your private keys from any HD wallet,only thing you need is your seed in a safe place.

I remember to see topic about this question where these issues are explained in more detail,if i find it i will put the link in the post.
squarepeg
newbie
Activity: 13
Merit: 0
Re: Does revealing one private key spoil the seed?
November 21, 2017, 05:08:03 AM
#1
I think the answer to this is "no", but would appreciate confirmation.  Thanks.  I want to make sure the other addresses in my wallet are still secure, even after revealing the private key to one of the addresses.
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Jump to: