Author

Topic: Old txn formula - from to same address (Read 155 times)

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
March 28, 2023, 07:51:08 AM
#7
i just recall something along these lines of old txns prior to change addresses being mandated.
What you're asking in the OP is if somebody could work out the key from a reused address, as far as I understand; that's what it essentially is, a reused address (for no obvious reason).

If you meant the private key, then no. Nobody could work it out with just a transaction which empties an output to the same address. If you meant the public key, then every transaction reveals it, regardless of whether it reuses addresses or not.
member
Activity: 107
Merit: 10
if you want to lie *cough*use your data; not mine.
March 28, 2023, 07:39:10 AM
#6
Sorry guys i should of been more clear...  
not talking about a reuse aspect nor do i want people to argue over the question... i just recall something along these lines of old txns prior to change addresses being mandated.

Correct me if i am wrong .. but if you send payments to yourself without a change address, wasnt it possible to have a leak sorta speak..
Not referring to the reused R value which is not present...





or something where you use the rsz to narrow down the results.. etc ...
legendary
Activity: 2268
Merit: 18748
March 27, 2023, 07:28:42 AM
#5
What a classic insane piece of franky1 rambling nonsense.

topic title is about OLD transactions
you saying about stuff after 2013.. becomes redundant
Reused k values are possible with any transaction since day 1 of bitcoin.

and while you say that stuff pre 6979 is a risk
Nope, never said that.

so its not as vulnerable as you think
I never said it was.

one of the many great things satoshi done was leave funds on keys he used as it helps prove the security of even the most basic of transaction formats
I never said that old transactions were vulnerable.

the old stuff is not a case of "rapidly have their coins stolen"
Nope, didn't say that either.

so cool down on the "rapidly stolen" ability of things you dont understand
Maybe you should try reading what I wrote rather than just launching in to one of your usual diatribes arguing against random strawmen.

All that I stated was that if you reuse a k value, your coins will be stolen. This is a simple fact. I made no statement whatsoever regarding old transactions being vulnerable or anything pre-6979 being vulnerable. This is all nonsense you made up simply to argue against.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
March 27, 2023, 07:28:38 AM
#4
It is impossible to work out the private key of such transaction, unless k value is reused as said above. No matter how many times you use an address, you only reveal the public key and the respective signature.

firstly there is no point making a transaction to send all funds to the same address..
You might want to leave a message. So, you burn 0 coins with OP_RETURN and send the rest to the same address.

and while you say that stuff pre 6979 is a risk.. again satoshi has respends of same address and 14 years of opportunity.. no one has bruted his funds
Reusing k value is irrelevant to Satoshi's P2PK funds. Just because he didn't it doesn't mean you can't create such transaction.
legendary
Activity: 2268
Merit: 18748
March 27, 2023, 06:53:37 AM
#3
So from 123abc --->  to 123abc  ...
If you had 2 of these you would be able to pull the key from it from what i recall...
I assume, since you are talking about 2 or more transactions, you are referring to the situation where a wallet would reuse k values. If you have two transactions spending coins from the same address and therefore using the same private key, and these two transactions also use the same k value (and therefore have the same r value), then it is possible to calculate the private key for that address.

However, this situation is a well known vulnerability, and there is no current wallet software I am aware of which utilizes reused k values. If there was, all its users would fairly rapidly have their coins stolen. Most good wallets will generate the k value deterministically using RFC 6979, ensuring a different k value for each transaction.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
March 27, 2023, 02:02:59 AM
#2
If you have a wallet where the txn is to the same address as the sender ... without any change address... what was the formula to be able to derive the key from it ?

So from 123abc --->  to 123abc  ...
If you had 2 of these you would be able to pull the key from it from what i recall...
Derive the key from it, pull the key from it, what did you mean?

Do you want to derive a private key from a public address?

It is impossible because if it is possible, your bitcoin will be stolen, my bitcoin will be stolen and bitcoin will have zero value.

Mastering Bitcoin (Keys, Addresses - chapter 4)

https://github.com/bitcoinbook/bitcoinbook/raw/develop/images/mbc2_0401.png

Private Key > Public Key (By Elliptic Curve Multiplication) > Bitcoin Address (By Hash Function, One-way).

You can not go from Bitcoin Address > Public Key > Private Key.
member
Activity: 107
Merit: 10
if you want to lie *cough*use your data; not mine.
March 27, 2023, 01:17:52 AM
#1
If you have a wallet where the txn is to the same address as the sender ... without any change address... what was the formula to be able to derive the key from it ?

So from 123abc --->  to 123abc  ...
If you had 2 of these you would be able to pull the key from it from what i recall...

This really doesnt apply now since change addresses are used but if anyone knows  the format i would appreciate it... 

Thanks.
Jump to: