Author

Topic: Infinite addresses using a single private key? (Read 291 times)

staff
Activity: 3458
Merit: 6793
Just writing some code
January 07, 2019, 05:19:53 PM
#6
Even though it isn't strictly address reuse, you have basically the same problem as address reuse. Once you spend an output, people will see the public key and can link your transactions together. Furthermore, once people know how you are constructing your addresses, it is trivial to pregenerate all of your addresses to see how much money you are receiving.

Also, you will be paying more and more in transaction fees each time you spend as the redeemScript grows larger. You will also be limited to 20 addresses using one key as OP_CHECKMULTISIG only allows up to 20 keys. If you use the Large multisig construction, you could go up to 67 addresses.

This construction is still secure cryptographically. It's the same as reusing addresses.
legendary
Activity: 3682
Merit: 1580
Wait till you here about deterministic wallets Smiley
sr. member
Activity: 938
Merit: 452
Check your coin privilege
The cases I linked above are also a 1-of-n multisigs, so technically the output script isn't going to get bigger every time because only one signature is required..

I'm not sure about if you can re-use signature to reduce script size, but i'm sure script size is going bigger as you need to state same public key multiple times.

A bit off-topic, i found formula to predict multi-sig size which can help you predict actual script size at https://bitcoin.stackexchange.com/a/52720

Ah yes I forgot about the public key of the address included in the script, I only remembered the multiple signatures vs a single signature needed.. You're right about that part.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
The cases I linked above are also a 1-of-n multisigs, so technically the output script isn't going to get bigger every time because only one signature is required..

I'm not sure about if you can re-use signature to reduce script size, but i'm sure script size is going bigger as you need to state same public key multiple times.

A bit off-topic, i found formula to predict multi-sig size which can help you predict actual script size at https://bitcoin.stackexchange.com/a/52720
sr. member
Activity: 938
Merit: 452
Check your coin privilege
Is there a security flaw in this that I'm not seeing? Is spending coins to/from these addresses safe?

Probably only the fact that you don't gain security benefit from multisig address & your Bitcoin will be stolen even if one private key is revealed to thief.

But aside from that, AFAIK it should be safe to send/spend to/from that address as long as the script is valid. If the one who make such multisig script can make this mistake which increase tx size/fee, i doubt he can make proper script.

Yes I know that this completely ignores the concept of multisig because I'm using a single private key, but that's not the security risk I meant. I'm talking about the cryptographic signature weakness and such, I have very little knowledge on the field so it would be great if someone can confirm if using the same private key to sign txes from all these addresses could weaken it.

The cases I linked above are also a 1-of-n multisigs, so technically the output script isn't going to get bigger every time because only one signature is required.. It's really cool because you just need the input and you can build a transaction for all these addresses, exactly the same way you would for a normal address. Cheesy I'm almost tempted to start doing this myself but I really need more insight on the mathematical part..
sr. member
Activity: 938
Merit: 452
Check your coin privilege
I never knew you could create multisig addresses using the same private key.

Random address : 15UtBTjD2EHS2gUTZ2RdBQCfFtCZHxd1Ru

Multisig Address 3QaTKCjKjMQRgAjUVQi7S94TyZZ7bR9oJ9 : https://coinb.in/?verify=512103b5bbd33b80cd439c49d4a147b01ba19a91fc1761b9abb1ea742e8f1da8b6400151ae

Another Multisig Address 37y3f9tePAS5s6uRoBejGxSBYUkY2yaXK3 : https://coinb.in/?verify=512103b5bbd33b80cd439c49d4a147b01ba19a91fc1761b9abb1ea742e8f1da8b640012103b5bbd33b80cd439c49d4a147b01ba19a91fc1761b9abb1ea742e8f1da8b6400152ae

and so on...

Effectively making you the sole owner of these addresses because they can all be spent using the same private key, and hypothetically speaking you could generate an infinite amount of them..

Is there a security flaw in this that I'm not seeing? Is spending coins to/from these addresses safe?
Jump to: