Author

Topic: How do private keys work, a detailed explanation please (Read 1803 times)

legendary
Activity: 3472
Merit: 4801
the thread can be closed Smiley

It's your thread.

You can close it.

Just click the "Lock Topic" button at the lower left corner after you scroll all the way to the bootom of the page.
newbie
Activity: 42
Merit: 0
there are lots of useful info on bitcoin wiki and bitcoin documentation
https://en.bitcoin.it/wiki/Private_key

I`ve read that thanks

A nice read that help you understanding cryptography is Applied Cryptography by Bruce Scheiner, its a little bit old, but does have enough information to get around and understand the cryptography concepts.

I know how cryptography functions, i was just curious how it is applied in bitcoin technology and what backdoors could possibly exist that could compromise the security of my funds  Grin

Feel free to check this out then, im not a developer but this is a really interesting read

https://bitcoin.org/en/developer-documentation

Ok but i`m not into it's coding structure or to get over technical, i`m not interested in that right now, i just wanted a brief understanding about the private key and how it relates to the network.

I understand it now, so thanks for all the help, the thread can be closed Smiley
hero member
Activity: 518
Merit: 500
there are lots of useful info on bitcoin wiki and bitcoin documentation
https://en.bitcoin.it/wiki/Private_key
legendary
Activity: 1143
Merit: 1000
A nice read that help you understanding cryptography is Applied Cryptography by Bruce Scheiner, its a little bit old, but does have enough information to get around and understand the cryptography concepts.

I know how cryptography functions, i was just curious how it is applied in bitcoin technology and what backdoors could possibly exist that could compromise the security of my funds  Grin

Feel free to check this out then, im not a developer but this is a really interesting read

https://bitcoin.org/en/developer-documentation
newbie
Activity: 42
Merit: 0
A nice read that help you understanding cryptography is Applied Cryptography by Bruce Scheiner, its a little bit old, but does have enough information to get around and understand the cryptography concepts.

I know how cryptography functions, i was just curious how it is applied in bitcoin technology and what backdoors could possibly exist that could compromise the security of my funds  Grin
legendary
Activity: 1143
Merit: 1000
A nice read that help you understanding cryptography is Applied Cryptography by Bruce Scheiner, its a little bit old, but does have enough information to get around and understand the cryptography concepts.
sr. member
Activity: 467
Merit: 267
So i find more of a security issue the following:[/b]
-the corrupting of the Armory client by either a phishing site gives fake download file with hacked armory keylogger protocol built in.
Of course i use PGP verification every time I download, but it still has a light chance
-more likely is that if a virus gets downloaded from a faucet (high probability of viruses there), but i got good antivirus, so every time a file tries to modify something either it needs admin acces from PC or if its an injector then the antivirus should detect that
Even if your online PC is 100% compromised, your funds are safe as long as you follow the armory cold storage workflow. In particular - check what you are signing.

Quote
-the other security concern is the 51% attack and somehow a client infiltrating the network and reversing transactions:
for example a fake/malicious exchange will quickly reverse the transactions before enough confirmations apply
51% of the total hashing power is insanely hard to get. Currently, it is like finding a single grain of sand in the world. And even if someone can, he will go after the big addresses. Some of them have tens of millions of $.

Quote
-or another security issue is the corrupt blockchain, as someone could infiltrate the chain and fill it up with fake blockchain contents so that after he could mess up a few accounts
Same as above

Quote
What do you think about these security problems?
Don't worry
newbie
Activity: 42
Merit: 0

Brute-forceing is rarely an issue anymore these days. The biggest threat is someone gaining access to your machine and being able to record your keystrokes and/or mouse movements as you type in your password. The strongest crypto-system in the world is useless if the attackers has the relevant access codes.

Well thats impossible because i use cold storage on a non networked PC. The only way to obtain my private key is if the USB that i use gets infested with a virus, which is impossible as there is only 1 file ever in the USB and that is the signature file which is signing the transactions.

Not even hidden virus files could get there.

So i find more of a security issue the following:

-the corrupting of the Armory client by either a phishing site gives fake download file with hacked armory keylogger protocol built in.
Of course i use PGP verification every time I download, but it still has a light chance
-more likely is that if a virus gets downloaded from a faucet (high probability of viruses there), but i got good antivirus, so every time a file tries to modify something either it needs admin acces from PC or if its an injector then the antivirus should detect that
-the other security concern is the 51% attack and somehow a client infiltrating the network and reversing transactions:
for example a fake/malicious exchange will quickly reverse the transactions before enough confirmations apply
-or another security issue is the corrupt blockchain, as someone could infiltrate the chain and fill it up with fake blockchain contents so that after he could mess up a few accounts

What do you think about these security problems?
hero member
Activity: 728
Merit: 500

Armory should have a master seed that you can back up.  As long as all the addresses are created with the same Armory wallet, all of the private keys and addresses can be recovered from that single seed.  If you import private keys that were generated in another wallet, then you will need to make sure that you keep track of those private keys.


Hmm interesting, so if armory creates a wallet, all the private keys originate from a single seed that will match with all adresses created in that wallet correct? Also i just noticed that the armory says that its enough to back up the wallet 1 time, forever, no matter if later i generate 50 more adresses, that can be recovered from the old wallet too?
Correct.

Quote
(Of course unless i import external keys from other adresses, that do not match the seed, then i have to back it up again ?)
Correct.

Quote
That being said, isn't this a security problem? I mean if all private keys are generated from a single seed, then a clever hacker could obtain the key and breach the entire wallet,and steal all bitcoins, whereas if i got 5 adresses uniquely generated, then if 1 private key is compromised then the others could be relatively safe (if of course the wallet itself is not stolen)
In theory you might be right, but in practice users that use wallet-software with uniquely generated addresses still store these addresses on the same machine (and even in the same file), encrypted with the same password. So any hacker that gains access to the machine can steal 100 private keys as easily as a single one. In that sense, having a single master seed is no less secure.

Quote
The other question is, that how to private keys generate? I mean i though that private keys are given randomly to each adress. But if you say that armory can generate private keys from a seed, then obviously the armory client generates the private key as it wishes, insteadof letting the bitcoin network give a random key?
You should read up on how addresses and private keys are related to eachother and the process with which they are generated. In short: Generation starts with a private key, which is nothing more than a number between 0 and . From this number, using funky math, a public key is calculated and from the public key one can obtain the address. It is not a matter of "giving a private key to an address" as you state. The key is also not provided to the user by the network, the user can pick the private key all by himself. If you would like to use 1234567890 as your private key, then by all means, noone will stop you.

This method of distributing / generating keys relies on the fact that the number of possible private keys and the number of possible addresses is so mindbogglingly large that it's extremely likely that the sun will die before we run into a genuine case of two properly generated random numbers ending up as the same private key. Of course, if you use a poor random number generator (or come up with self-made private keys like 1234567890), this is no longer the case.

So this makes the armory client itself a target for hackers, because it can generate seeds from an algorithm, if a hacker breaches the algo, then it could make it vulnerable for clients to use this "unique seed" system?

Quote
Of course i see that armory uses AES-256 encryption which is the best to my knowledge, but obviously nobody would brute force it, so until any backdoor or vulnerability arises with armory it could pose a big security concern for all users, isnt it so?
Brute-forceing is rarely an issue anymore these days. The biggest threat is someone gaining access to your machine and being able to record your keystrokes and/or mouse movements as you type in your password. The strongest crypto-system in the world is useless if the attackers has the relevant access codes.
sr. member
Activity: 467
Merit: 267
All the security is based on the same assumptions. True, if you break the master key algo you can claim all the wallet contents. But it is as difficult to break the Armory algo than to break a single address. If an attacker knows how to do that, he could simply repeat the process with all your addresses. Actually he would go after the address that holds thousands of bitcoins and retire on his private island.
It does make your master key more valuable to protect. But it's easier to be careful about one key than to be careful about a thousand keys.

PS: Armory algo is public and has been peer-reviewed.

TL;DR - If you have ten locks of the same model on your door, it's not more secure than having a single one.
newbie
Activity: 42
Merit: 0

Armory should have a master seed that you can back up.  As long as all the addresses are created with the same Armory wallet, all of the private keys and addresses can be recovered from that single seed.  If you import private keys that were generated in another wallet, then you will need to make sure that you keep track of those private keys.


Hmm interesting, so if armory creates a wallet, all the private keys originate from a single seed that will match with all adresses created in that wallet correct? Also i just noticed that the armory says that its enough to back up the wallet 1 time, forever, no matter if later i generate 50 more adresses, that can be recovered from the old wallet too?
(Of course unless i import external keys from other adresses, that do not match the seed, then i have to back it up again ?)

That being said, isn't this a security problem? I mean if all private keys are generated from a single seed, then a clever hacker could obtain the key and breach the entire wallet,and steal all bitcoins, whereas if i got 5 adresses uniquely generated, then if 1 private key is compromised then the others could be relatively safe (if of course the wallet itself is not stolen)

The other question is, that how to private keys generate? I mean i though that private keys are given randomly to each adress. But if you say that armory can generate private keys from a seed, then obviously the armory client generates the private key as it wishes, insteadof letting the bitcoin network give a random key?

So this makes the armory client itself a target for hackers, because it can generate seeds from an algorithm, if a hacker breaches the algo, then it could make it vulnerable for clients to use this "unique seed" system?

Of course i see that armory uses AES-256 encryption which is the best to my knowledge, but obviously nobody would brute force it, so until any backdoor or vulnerability arises with armory it could pose a big security concern for all users, isnt it so?
legendary
Activity: 3472
Merit: 4801
2)Or if i lose my wallet, but my wallet contained liek 10 adresses, and i got only 9 private keys on paper, then the 10th adress if had some bitcoins is that lost forever?
Correct.

Ok but in this case the other 9 adresses that contained bitcoins could be recovered??

Yes, the addresses could be recovered.  Those addresses may (or may not) still have the bitcoins in them depending on the wallet you were using and the transactions that you created.

That being said, how do i know which adress how much bitcoin does it contain, because obviously i dont want to store my bitcoins in like 100 adresses, i would store them on 3-4 tops, and use the others only to receive them.

Bitcoins are always stored with the address where they are received.  The only way to move them to a new address is to create a transaction that sends the bitcoins to the new address.

I use Armory wallet and there i didnt figured it out yet how to view this, it only shows the total balance but not the individual adresses balance, hmm?

Armory should have a master seed that you can back up.  As long as all the addresses are created with the same Armory wallet, all of the private keys and addresses can be recovered from that single seed.  If you import private keys that were generated in another wallet, then you will need to make sure that you keep track of those private keys.

newbie
Activity: 42
Merit: 0
2)Or if i lose my wallet, but my wallet contained liek 10 adresses, and i got only 9 private keys on paper, then the 10th adress if had some bitcoins is that lost forever?
Correct.

Ok but in this case the other 9 adresses that contained bitcoins could be recovered??

That being said, how do i know which adress how much bitcoin does it contain, because obviously i dont want to store my bitcoins in like 100 adresses, i would store them on 3-4 tops, and use the others only to receive them.

I use Armory wallet and there i didnt figured it out yet how to view this, it only shows the total balance but not the individual adresses balance, hmm?

Please explain this, thanks!

legendary
Activity: 3472
Merit: 4801
How do private keys work, please a detailed explanation,

A detailed explanation? Describing how private keys work? Ok, read this:

http://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm

and this:
http://en.wikipedia.org/wiki/Elliptic_curve_cryptography

in the sense that how do they interact with the wallet,client,etc.

The wallet stores (and typically generates) the private keys.  They are used for calculating the public key and the bitcoin address.  They are also used for signing the transactions.

For example:

1)does each adress have a private key?

Yes.

2)Or if i lose my wallet, but my wallet contained liek 10 adresses, and i got only 9 private keys on paper, then the 10th adress if had some bitcoins is that lost forever?

Correct.

Ok please answer the upper 2 questions, and additionally give me a link or a more detailed explanation about private keys, thanks Smiley

Links:
https://en.bitcoin.it/wiki/Private_key
https://en.bitcoin.it/wiki/Wallet_import_format

newbie
Activity: 42
Merit: 0
How do private keys work, please a detailed explanation, in the sense that how do they interact with the wallet,client,etc.

For example:

1)does each adress have a private key?

2)Or if i lose my wallet, but my wallet contained liek 10 adresses, and i got only 9 private keys on paper, then the 10th adress if had some bitcoins is that lost forever?

Ok please answer the upper 2 questions, and additionally give me a link or a more detailed explanation about private keys, thanks Smiley
Jump to: