Author

Topic: [Idea] Chain-Wallet proposal. (Read 607 times)

member
Activity: 75
Merit: 10
April 10, 2013, 09:52:53 PM
#2
You have described a deterministic wallet. I think Casascius came up with this in 2011.

I think a simple example works as follows - start with secret exponent sha256(seed:x), with x being some arbitrary number (ie 0) and then incrementing for each new key pair. "seed" is the secret.

In your case, you are using the addition of two private keys as the seed. You always need to keep at least two adjacent key pairs to keep the chain going. Exploiting any two adjacent keys would reveal all subsequent keys. Such a scenario may be more vulnerable to attack or loss as private keys are likely to be contained within bitcoind wallets (which may or may not be connected to the Internet). Two "secrets" are also required to be remembered.

A traditional deterministic wallet seed is not stored within a bitcoind wallet.

legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
April 10, 2013, 01:49:31 PM
#1
Hi.

I am not the most technical person around here, but just a while ago I had an idea about what I call chain-wallet, though it's technically chain-address. The idea is, that if you lose a recent wallet, you can rebuild all the private keys up to a point from the very first wallet created, i.e an earlier backup. The idea is not fully developed, but I am going to share it in case it has any potential.

My concept originates from the ability to add/multiply private keys as explained here https://bitcointalksearch.org/topic/vanity-pool-vanity-address-generator-pool-84569. My idea was that when a wallet is created two addresses will act as the chain.

How it works:

We have two keyparis
A90A68C771F23095A7C718D14194B878F750DB6F753B677E9844B443802031C6
0422a5fe731a2defd69e3fe171e1c44631c9b2787cb17128a8d133b2996f497fd1dbee5038819f2 bfd4c935470b06f03715ff4d4ed15e2a601b0214c868fc87bc2

Which map to address 1F1DxSNtzXCQmP1R5LNPWEZhg16C1F6W6

We have another keypair
E6C96DC5C8E08906E23178477995E3AEA720C3ED235842107215F6C87B2DBC9B
0487ff35583bba2957478f2fdbc2ba7b6516dab939fdb81f1b904bc9883b31e8d4e5c19789066eb 0b44b96f85d14b7852c8dc428b5e84edc65d17627433ec80388

Which map to address 16XpPAVfkkuhCUZAV5HyxxjnipGYiY87HG

The chain then starts by adding
A90A68C771F23095A7C718D14194B878F750DB6F753B677E9844B443802031C6
to
E6C96DC5C8E08906E23178477995E3AEA720C3ED235842107215F6C87B2DBC9B

Which produces this key pair
8FD3D68D3AD2B99C89F89118BB2A9C28E3C2C275E94B09534A884C7F2B17AD20
04194E595F5F0E153DFEE02891CB42783532C1F756E678E576A1D1FAD1B2CDEB4675AE0DE6E7BF7 745E448A00AC354A686CFAC2243DC9423B8EB1AF510EB590329

and maps to address
1FG8mrvWK9cD5ZfUaZQPUY2c5oZH33MVu

Then, the second private key
E6C96DC5C8E08906E23178477995E3AEA720C3ED235842107215F6C87B2DBC9B
gets added with the third
8FD3D68D3AD2B99C89F89118BB2A9C28E3C2C275E94B09534A884C7F2B17AD20

which produces this keypair
769D445303B342A36C2A096034C07FD8D034A97C5D5AAB27FCCBE4BAD60F287A
04D40B04AFA3515400F42474E0367C74955143A5E221D3A0E95D2788EDA8758EE053EFAF2EC1B5D 1C983B8AE59B14FECC62CD2A3E2157CEAB58D6408C09AA7DC04

and we end up with address 1BXS8ax6rZtqSzxH5jikhL4Zt2DfN7cDE

So now, if Alice created a wallet, and backed it up, then say a year later after a lot of usage she deleted her wallet, and uses this old backup, she can still recover her private keys FOR EVERY address, because they all form a chain.

Now, I see a few problems with this, but again, I am not a very technical person so bear with me
  • 1)Adding big numbers to big numbers will eventually lead to a number > than the one allowed by secp256k1, and that is where the chain breaks into a new branch, but wallet recovery still has higher percentage of success. I however cannot fully verify this as vanitygen's source code suggests something else is done than just simple BN_add i.e BN_add_mod()
    2)Slow process. Basically, when the chain begins, the produced public key must be compared to all of the ones in the blockchain to see if it exists and whether to stop. Thus recovering MAY take a while especially if you had a lot of private keys.

EDIT:I was told that some clients may have similar functionality, I guess I was late to the game.
Jump to: