Pages:
Author

Topic: Legacy vs segwit (Read 330 times)

member
Activity: 116
Merit: 14
April 12, 2020, 01:31:04 PM
#23
Segwit addresses don't provide any more security, the purpose is to reduce fees for transactions.  The least secure address is one that is hosted by someone other than you, i.e. a custodial wallet or an exchange.  I say that because they have a greater risk of being hacked.  Of course this assumes that you are versed and capable of storing your private information in a private and secure way.  
Thank, for your feedback and explanation about fees, I will try to use some noncustodial exchange to receive my coins on my own address.

Your fund security depends on how you backup your wallet (its private key/ mnemonic seeds) and how your wallet backups work smoothly. How you keep your backups safely from threats of water, fire, and thieves (both off-line and online).

You can run wallet on your phones or computers but the vital step is backup. If you don't have backup, when you lost your devices or they get broken, you will lose bitcoin in your wallet.

Only download and upgrade wallet from official legit sites, not phishing ones. Example: Electrum vulnerability allows arbitrary messages, phishing

There are some SPV wallet like Electrum, that gives you extra security by extending seeds (their default seeds is 12, but you can extend more).

If you intend to run your wallet on mobile devices, I advice you to visit official site and get link to their apps for your OS. Don't search for wallet apps on Stores because it will put you under higher risks of fake apps in the air. Maybe you are not aware of this risk before reading my post.  Grin

Yes, I was aware but I wasn't knowing about the extending seeds and also the wallet backup thing. Thank you so much for explaining to me in such an easy and informative way.
legendary
Activity: 3472
Merit: 10611
April 11, 2020, 12:04:24 AM
#22
those that can't verify messages signed from a P2WPKH or P2SH/P2WPKH addresses can't do it because that part of their application is not capable of recognizing the "address type".

The problem is that "those that cant" = "all but electrum"

I just found a discussion where you did participate where a user claimed trezor and electrum made different  signing methods...
https://bitcointalksearch.org/topic/m.50817536

it is not the method, it is the optional first byte. we don't even need that first byte to verify a message!
let me explain the process of message signing and verification, maybe that helps in understanding why it is so trivial to implement.
the part that is the exact same thing:
1. normalize the input string (message) and add a fixed predefined string (Bitcoin Signed Message:\n) to the beginning then decode (convert to byte array) using UTF8 encoding.
2. compute SHA256 of SHA256 of the result from step 1
3. pass the 32 byte result to the ECDSA function to sign and return signature (r and s).
(* there is an extra step here i'll explain below)
4. encode the signature using base64
To verify:
5. decode signature using base64
6. perform steps 1 and 2 above to get the same hash
7. recover from 0 up to 4 possible public key(s) using result of step 5 and 6 (* extra explanation below)
8. convert the result(s) of step 7 to address of same type as user entered to see if they match
9. publish result of the match to user

these 9 steps are the exact same way that you sign and verify any message using ECDSA. these are sections 4.1.3 Signing Operation and 4.1.4 Verifying Operation and 4.1.6 Public Key Recovery Operation of SEC 1: Elliptic Curve Cryptography standard.
address type doesn't make any difference in these steps at all.


* now the extra step explanation the part that makes things be different:
the thing about public key recovery (step 7) is that it can recover up to 4 possible public keys from a given ECDSA signature on secp256k1 curve (usually it is just one though). it still doesn't make a difference in verification since we can still recover all 4 and check all 4 to see if any match the given address. but we can help the verifier to know which public key is the correct one and by doing that reduce its work.
in bitcoin we use hash of the public key and since hash of compressed key is different from hash of uncompressed key, that also makes a difference. so the verifier has to check up to 8 hashes (addresses) instead. we can help the verifier know this too.
so far both of these are happening by adding an additional byte to the beginning of the signature. it is a number between 27 and 34.
to indicate address type (P2PKH or P2SH/P2WPKH or P2WPKH) they decided to add another value to this first byte.

so in short it is that non-standard self-defined optional first byte that is making some tools not be able to verify the signature created by another tool even if they understand the address.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
April 10, 2020, 06:33:32 AM
#21
those that can't verify messages signed from a P2WPKH or P2SH/P2WPKH addresses can't do it because that part of their application is not capable of recognizing the "address type".

The problem is that "those that cant" = "all but electrum"

I just found a discussion where you did participate where a user claimed trezor and electrum made different  signing methods...
https://bitcointalksearch.org/topic/m.50817536
legendary
Activity: 3472
Merit: 10611
April 09, 2020, 11:01:32 PM
#20
Can you please elaborate what you mean by the devs being hard-assed?  Are they debating another method to sign messages with a segwit key?

i haven't closely followed the situation but i believe it has something to do with the fact that the way we currently sign messages is lacking some features which is why BIP322 exists. in fact core doesn't have other popular functionality either because of similar reasons (eg. mnemonic backups).

For now, electrum signature cannot be verified in most of the softwares....

any wallet/tool that can sign/verify a transaction can already verify message signatures from any address type. those that can't verify messages signed from a P2WPKH or P2SH/P2WPKH addresses can't do it because that part of their application is not capable of recognizing the "address type". it has nothing to do with the signature itself since as i said, the signature is the exact same thing with the exact same process and only 1 byte difference (recid).
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
April 09, 2020, 06:36:26 PM
#19
core devs are being too hard-assed about it in my opinion Smiley
we don't sign a message from an address. we sign a message using the private key just like we sign anything else including transactions with that private key. and the standard is already there (add a fixed string at the beginning -> double SHA256 hash -> sign -> encode with base64 with a recid).
that is what we have been doing all this time with legacy addresses and that is what Electrum continues to do with all types of addresses.

Can you please elaborate what you mean by the devs being hard-assed?  Are they debating another method to sign messages with a segwit key?
legendary
Activity: 3038
Merit: 2162
April 09, 2020, 04:44:05 PM
#18
Back then in 2016, when there was this whole "scaling debate", the anti-Bitcoin trolls were spreading misinformation that SegWit addresses/transactions are less secure, so if you are reading old articles or discussions as a beginner you still might encounter them. But don't worry, there's nothing unsecure about SegWit, it's actually even better, because it fixed the malleability problem, and this problem caused some losses of funds, though usually not for ordinary users, but for services.
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
April 09, 2020, 02:43:36 PM
#17
Agree. Even so, it is better to use a Segwit address in almost every situation.

I don't have funds in Legacy addresses anymore.

The only downside of segwit addresses is that they do not allow to sign messages. Only Electrum does, and its signature is not recognized by Bitcoin Core.

I've stayed with legacy addresses for my main funds because you never know when an airdrop or shitfork may strike. There were plenty that couldn't work with Segwit private or required signatures. And you never know, coins on quaint olde worlde addresses may become highly sought after by hipsters. We're moving into a weird future.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
April 09, 2020, 12:59:46 PM
#16
core devs are being too hard-assed about it in my opinion Smiley
we don't sign a message from an address. we sign a message using the private key just like we sign anything else including transactions with that private key. and the standard is already there (add a fixed string at the beginning -> double SHA256 hash -> sign -> encode with base64 with a recid).
that is what we have been doing all this time with legacy addresses and that is what Electrum continues to do with all types of addresses.

I don't have the technical knowledge to confirm what you are saying, but I believe you are correct.
But I think it is important that core validates that, so all wallets would simple sign and verify those messages.

For now, electrum signature cannot be verified in most of the softwares....
legendary
Activity: 3472
Merit: 10611
April 09, 2020, 11:44:45 AM
#15
The only downside of segwit addresses is that they do not allow to sign messages. Only Electrum does, and its signature is not recognized by Bitcoin Core.

SegWit DOES support sign message, but there weren't any standard about sign message so Electrum decide to make their own standard.
The only standard that i know is https://github.com/bitcoin/bitcoin/pull/16440, but it's still on progress.

core devs are being too hard-assed about it in my opinion Smiley
we don't sign a message from an address. we sign a message using the private key just like we sign anything else including transactions with that private key. and the standard is already there (add a fixed string at the beginning -> double SHA256 hash -> sign -> encode with base64 with a recid).
that is what we have been doing all this time with legacy addresses and that is what Electrum continues to do with all types of addresses.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
April 09, 2020, 08:37:36 AM
#14

SegWit DOES support sign message, but there weren't any standard about sign message so Electrum decide to make their own standard.
The only standard that i know is https://github.com/bitcoin/bitcoin/pull/16440, but it's still on progress.

Exactly.
So, if you need to sign messages to prove that you own the funds, it is better to use a Legacy address. That's the only advantage of legacy addresses.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
April 09, 2020, 06:46:37 AM
#13
If your concern is security of your Bitcoin, then what you should do is choosing good wallet. Hardware wallet (such as Ledger Nano S and Trezor One) is best choice if you could afford them, you just need to backup the mnemonic phrase (sometimes also called recovery phrase or seed phrase) and store the backup on secure location.

Agree. Even so, it is better to use a Segwit address in almost every situation.

I don't have funds in Legacy addresses anymore.

The only downside of segwit addresses is that they do not allow to sign messages. Only Electrum does, and its signature is not recognized by Bitcoin Core.
sr. member
Activity: 630
Merit: 265
April 09, 2020, 01:36:27 AM
#12
What kind of address is more secure to store bitcoin legacy or segwit Every wallet supports different address types. What kind of address is more secure to store bitcoin legacy or segwit? I think some exchanges follow different address formats
None of them are better or worse with regards to its security. Typr of Bitcoin doesn't affects its security but rather its structure. The only difference with them is that the transaction fee with segwit is cheaper than the legacy. Most of secured wallets such as Ledger are now using segwit address instead of legacy which obviously because it's cheaper thus it's a great choice to be considered.
legendary
Activity: 2408
Merit: 2226
Signature space for rent
April 09, 2020, 01:30:36 AM
#11
Before know how secure your bitcoin on Legacy or SegWit address, you should know how its work. So I will prefer to read this article to understand shortly, Bitcoin Legacy vs SegWit wallet address. What is the difference ?. I am not familiar with security of address, because a wallet or clients give security of your funds. Most of exchange using nested segwit or Legacy formats to generate address but it doesn't effect on their security. If you are really much worried about security then you may use a Hardware wallet like Ledger. Segwit & legacy both type address supported by Ledger.
legendary
Activity: 3472
Merit: 10611
April 08, 2020, 11:54:30 PM
#10
the purpose is to reduce fees for transactions.
to be more accurate, segwit is used to reduce the transaction size which leads to reducing fees.

you are both wrong.
SegWit does not reduce transaction size in fact in some cases such as witness inside a pay to script hash (nested SegWit) the transaction size is a lot higher than a normal (legacy) transaction. that is why purpose of SegWit has never been reduction of size or fees. it helped increase capacity in a backward compatible way and solved some malleability problems.
the reason why you end up paying less fees is because fees for the past ~3 years have been calculated based on transaction weight not size and SegWit transactions have less weight.
sr. member
Activity: 1498
Merit: 326
20BET - Premium Casino & Sportsbook
April 08, 2020, 10:48:09 PM
#9
 A Legacy address isn't  any more secure than the Segwit address.  The advantage of Segwit address to  Legacy address is in the fees..  It's slight but one will spend less fees when using Segwit addresses as compared to Legacy addresses.
Hello so in terms of security legacy and segwit is almost he same and still vulnerable. Ive quite noticed that exchange wallets are starting with 1 so they are still using legacy.

Ive read couples of guide about these and almost all suggest to shift on using segwit than this legacy. I think as long as we have the keys to our own wallet regardless of type it is more secure way. But I am using nested segwit address.
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
April 08, 2020, 10:03:42 PM
#8
I read some of the responses and some are really good. I have not much idea which is most secure in between Legacy and SegWit but I use multiSig SegWit to store my coins. I also use extended seed for it. The reason I prefer SegWit over Legacy is the fees. And multiSig with extended seeds gives me extra two layers of protection.

So basically I have 2/2 multiSig wallet. One cosigner is one device and another cosigner is another device. Chances for anyone to have both device and to find both cosigner keys are very low to move funds from my wallet.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
April 08, 2020, 08:58:09 PM
#7
Your fund security depends on how you backup your wallet (its private key/ mnemonic seeds) and how your wallet backups work smoothly. How you keep your backups safely from threats of water, fire, and thieves (both off-line and online).

You can run wallet on your phones or computers but the vital step is backup. If you don't have backup, when you lost your devices or they get broken, you will lose bitcoin in your wallet.

Only download and upgrade wallet from official legit sites, not phishing ones. Example: Electrum vulnerability allows arbitrary messages, phishing

There are some SPV wallet like Electrum, that gives you extra security by extending seeds (their default seeds is 12, but you can extend more).

If you intend to run your wallet on mobile devices, I advice you to visit official site and get link to their apps for your OS. Don't search for wallet apps on Stores because it will put you under higher risks of fake apps in the air. Maybe you are not aware of this risk before reading my post.  Grin
legendary
Activity: 2268
Merit: 2327
Marketing Campaign Manager |Telegram ID- @LT_Mouse
April 08, 2020, 08:02:34 PM
#6
And just to add this as you asked some services do not accept the native segwit address. Native segwit addresses start with bc1, using that may be a problem. In that case, you can use nested segwit which starts with 3.
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
April 08, 2020, 06:42:24 PM
#5
Segwit addresses don't provide any more security, the purpose is to reduce fees for transactions.  The least secure address is one that is hosted by someone other than you, i.e. a custodial wallet or an exchange.  I say that because they have a greater risk of being hacked.  Of course this assumes that you are versed and capable of storing your private information in a private and secure way. 

And just to add to this, if you're currently using a wallet(regardless if custodial or non-custodial) that's STILL using legacy addresses in 2020(though as far as I know like 95% are using SegWit already thankfully), please move to a different better service. One of the effective ways of sort of "forcing" services to use SegWit is to boycott them.
legendary
Activity: 2744
Merit: 3096
Top Crypto Casino
April 08, 2020, 06:41:26 PM
#4
the purpose is to reduce fees for transactions.
to be more accurate, segwit is used to reduce the transaction size which leads to reducing fees.
Pages:
Jump to: