Author

Topic: Generating new receiving addresses (public keys) on watch-only wallet? (Read 787 times)

sr. member
Activity: 350
Merit: 251
Dolphie Selfie
It uses a deterministic algorithm to derive the public key from an initial value, which happens to be the same as the public key derived from a private key which has been derived from a private initial value.

In ELI5-Terms it's like two mazes on top of each other. Both mazes have the same layout, so if you know a path in the bottom maze you also know the path in the top maze. In the top maze the secret keys are hidden in various locations, while in the bottom maze the corresponding public keys are stored at the same locations. Only the maze on the bottom can be entered from the public, while the maze on top can be entered only via a guarded door. However at every place, where a secret key is stored in the top maze, there is a hatch in the floor which allows you to look down at the public key at the same place in the bottom maze.

In case it's not clear already: In this example a maze would be the deterministic algorithm, the entry points of the mazes would be the two initial values and the path through the maze are the parameters which make the deterministic algorithm derive a specific key.

EDIT: Of course, in the above maze-analogy the obvious catch of this setup becomes visible, too: As the bottom maze's door is open to the public, it can be entered by anyone. So a malicious maze visitor could go to the location of a public key in the maze and replace it with his own.


A more technological explanation can be found here: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
Armory does not yet support BIP0032, but the current implementation is similiar.

newbie
Activity: 1
Merit: 0
[tl;dr - how can Armory generate new receiving addresses when it does not have access to private key information?]

Hi all,

This is probably a stupid question, but please be so kind as to answer it anyway.

I set up an offline Armory instance yesterday, and exported a watch-only version of my cold wallet. I assumed this watch-only version would only have the public keys of my wallet's addresses, but apparently there's more? I noticed it is possible to generate new receiving addresses (public keys) on the on-line Armory instance which only has access to the watch-only version of my cold wallet. Great feature - but wait a second...

I was always told that when generating a key pair, the public key is a representation of the subset of the key data. E.g., for RSA, that's modulus n (based on secret primes p and q), and exponent e. So, in order to be able to generate a public key, one needs to have access to information that is (or will be) part of the private key.

Although I understand the way Armory generates predictable wallet addresses (key pairs), I don't understand how it is able to generate new public keys (receiving addresses) for a watch-only wallet, without having access to the relevant secret information that is (hopefully!) only stored in my cold wallet.

I'm sure it's all mathematically sound - but can someone provide me with some background reading material? Thanks!
Jump to: