Topic: Preventing loss of Bitcoin addresses (Read 543 times)

You can always write up a BIP and implement something with your proposal and see if there is demand for it knowing the strengths and weaknesses.

OK, we know the risks of getting stolen are higher. But I still believe the benefits outweighs the risks, just be careful. But are there any technical risks?

BIP32 seems too complicated, I am looking for something I can calculate in mind without effort. Then can easily obtained by hand, without additional code I may not have access to, and still secure (i.e. not technically exploitable).


What if we change the way its range is obtained to a less obvious one, like this. The good thing is that we can set our own simple customized rules:

Random key:

Random mask:

In this case, valid range would be:

Not sure if one would even bother try the same thing you did with the other to figure out near keys, that is in case any of my keys are stolen.

Or we can try more tricky things, yet without loosing simplicity and portability (i.e. can be write down in a piece of paper, easily remembered, easy to execute).


Thank you for reading!

If one of your private keys were compromised, then whoever has that private key will be able to figure out the rest of your private keys. All they have to do is go a few billion keys +/- of the one they have and they can get all of the private keys that you will ever use.

BIP32 derivation is vastly superior. In order to figure out all of your private keys, an attacker would need to know the master private key and the derivation paths. This means that if one of your private keys were compromised, your whole wallet isn't compromised. It is far easier to protect one key than it is to protect billions of keys.

People said Bitcoin private keys should be random, and generated from a random source. OK, I agree.

But I see there is a problem with that kind of usage as losing keys are very easy and remembering all of them is not practical.

Deterministic wallets solve the problem, but you still have to rely on complicated parsing of data and software to interpret them.


Then why not simply one pick a random private key:

And mask it with a random pattern, for example I know I will not use more than 4 294 967 296 addresses in my lifetime then we can do:

Then I know all my private keys are within the range:


And this can be applied to most (if not all) coins. A single point of failure, we can even write it down on a piece of paper easily; no need to track thousands of random private keys that can get lost or a big and complicated to parse file you can't write down.


I am not saying everyone should adopt this method or anything, this choice is personal.


My question is: There are any known problems or risks of using such a method? Is there a weakness somehow for using addresses like that? It is OK "x and x+1" private keys, or should this be avoided?


Thank you!


EDIT:
Probably a less riskier, more realistic, yet simple alternative (about 1 million addresses, which is more than enough for most people):

Random key:

Random mask:

Addresses range:

It may be a bit inconvenient to generate many addresses, but just a quick script will do that. The important is that you just need one key and one mask, the rest is just simple.