Does signing message leak private key?

BrewMaster

legendary

Activity: 2114

Merit: 1293

There is trouble abrewing

Quote from: 60BTC on December 05, 2019, 01:01:27 PM

there have been some cases
https://bitcointalksearch.org/topic/bad-signatures-leading-to-5582152538-btc-theft-so-far-271486

that case is not related to your concern. it is a bad implementation of ECDSA that affected normal wallets and HD wallets alike.

Quote

I am concerned if i sign a same message from 2 different address (that are generated from same seed) then how to be sure same 'k' value isn't used? There is a possibility for someone to recover private key from both the signatures right that sign the same message?

if the wallet you were using had a terrible code then it could happen but you mentioned Electrum. this wallet is a good one and the code is solid. it is using a method for generating the random k value known as RFC-6979, it deterministically creates the digital signature so the RNG problems don't exist here at all.

here is some references you can read:
RFC doc: https://tools.ietf.org/html/rfc6979
electrum source code: https://github.com/spesmilo/electrum/blob/428b63822b359d56d6ececabf406a43589545d24/electrum/ecc.py#L417
the library it calls: https://github.com/warner/python-ecdsa/blob/aea736c610752bf1478febfd15b11c711debcf61/src/ecdsa/keys.py#L1022-L1055
there is also libsec256k1 which electrum uses but i couldn't find the code there. you can look into that too.
https://tools.ietf.org/html/rfc6979

bitmover

legendary

Activity: 2352

Merit: 6089

bitcoindata.science

Quote from: 60BTC on December 05, 2019, 12:41:27 PM

Consider this situation. I generate an electrum wallet. So electrum generates multiple address's from the same seed. That means all the address are somehow connected.

Those keys are connect, but through a one-way function. Like a hash is a one-way function.

Take a look at Antonopoulous, Mastering bitcoin

Quote from: 60BTC on December 05, 2019, 12:41:27 PM

So if i sign a message say "This is to be signed" with Address 1 and sign the same message "This is to be signed" with Address 2 in electrum wallet and post both the signature online. Then will someone be able to recover my private key of any of the address? Please need some explanation here? I am worried and confused if we sign the same message from 2 two different address of same seed and then can the private key or seed be recovered from both signatures?

When you paste only your signed message, you paste only your Public Address, a message and a signature. The signature is only related to that message, it is not a signature which could be used with any message.
If you change one letter in your message the signature will be invalid.

You can play around here to understand how signed messages work.
https://brainwalletx.github.io/

60BTC

newbie

Activity: 24

Merit: 0

Quote from: BrewMaster on December 05, 2019, 12:52:17 PM

Quote from: 60BTC on December 05, 2019, 12:41:27 PM

That means all the address are somehow connected.

no it doesn't mean that. it means your keys were created pseudo randomly from a random entropy instead of each from a different random entropy. the end result (the keys) are still considered random and unrelated.

Quote

So if i sign a message say "This is to be signed" with Address 1 and sign the same message "This is to be signed" with Address 2 in electrum wallet and post both the signature online. Then will someone be able to recover my private key of any of the address?

to put it simply, if it were possible to find your private key from a signature like what you explained then nobody could ever use an HD wallet because the signature you create for a message is using the same algorithm as the signature you create for a transaction.

there have been some cases
https://bitcointalksearch.org/topic/bad-signatures-leading-to-5582152538-btc-theft-so-far-271486

I am concerned if i sign a same message from 2 different address (that are generated from same seed) then how to be sure same 'k' value isn't used? There is a possibility for someone to recover private key from both the signatures right that sign the same message?

BrewMaster

legendary

Activity: 2114

Merit: 1293

There is trouble abrewing

Quote from: 60BTC on December 05, 2019, 12:41:27 PM

That means all the address are somehow connected.

no it doesn't mean that. it means your keys were created pseudo randomly from a random entropy instead of each from a different random entropy. the end result (the keys) are still considered random and unrelated.

Quote

So if i sign a message say "This is to be signed" with Address 1 and sign the same message "This is to be signed" with Address 2 in electrum wallet and post both the signature online. Then will someone be able to recover my private key of any of the address?

to put it simply, if it were possible to find your private key from a signature like what you explained then nobody could ever use an HD wallet because the signature you create for a message is using the same algorithm as the signature you create for a transaction.

60BTC

newbie

Activity: 24

Merit: 0

Consider this situation. I generate an electrum wallet. So electrum generates multiple address's from the same seed. That means all the address are somehow connected.
So if i sign a message say "This is to be signed" with Address 1 and sign the same message "This is to be signed" with Address 2 in electrum wallet and post both the signature online. Then will someone be able to recover my private key of any of the address? Please need some explanation here? I am worried and confused if we sign the same message from 2 two different address of same seed and then can the private key or seed be recovered from both signatures?

Topic: Does signing message leak private key? (Read 146 times)