Author

Topic: [PRIVACY WARNING] Sharing your raw unsigned Electrum tx will reveal MPK! (Read 206 times)

legendary
Activity: 3682
Merit: 1580
Electrum supports watch only wallets for all deterministic wallet types so you can derive all addresses in the wallet with the xpub and if any private keys leak you can derive the xprv and get all the coins.

Maybe the mpk is in the unsigned tx so that offline wallets can sign the transaction? Electrum supports a cold storage setup. They are migrating to psbt which also incorporates the xpub in the unsigned tx.
legendary
Activity: 1042
Merit: 2805
Bitcoin and C♯ Enthusiast
AFAIK this can not be a security risk since Electrum uses hardened keys when it derives each of them using BIP32. Someone might need to confirm this.


TL;DR: Electrum raw unsigned transactions contain the master public key of the wallet, which means ALL the addresses of that wallet will be known.

In the past it has happened that someone has some issues with signing their transaction with their offline wallet or some other issue and they are asked to post their unsigned tx here. While this can be necessary in some cases to find the problem but it is worth issuing a warning to them that they are losing a great deal of their privacy. They are not just sharing one public key, they are instead sharing ALL of their public keys since the raw unsigned transaction contains their master public key.

Here is a test transaction on TestNet:
The wallet master public key:
Code:
tpubD6NzVbkrYhZ4XDUCSwr7Hgi2EDnxVthfLN9gmJZzHoMVYnbFGxafVWQ5pSEijmbg5b9ac3wJuvYGZ6X7PvX9bU9aVQ2vX2pUi9grDsAdggJ

The raw unsigned transaction spending 1 input:
Code:
0100000001164da872049fd8ea5024a89ba73221ca4ed7fbf3d027023bef7c878fe1b13538010000005701ff4c53ff043587cf000000000000000000580e8e00eed10f8ee39b8d0e9602935c0f6f4acae6b531185d0013e7432438590387447aa43f4b68c366e9a2e6fee6df5181e1969c834d87322b6906825088004800000000fdffffff01b2ae9b00000000001976a9149f9a7abd600c0caa03983a77c8c3df8e062cb2fa88ac49221300

Let's break it down:
ScriptSig:
Code:
01ff4c53ff043587cf000000000000000000580e8e00eed10f8ee39b8d0e9602935c0f6f4acae6b531185d0013e7432438590387447aa43f4b68c366e9a2e6fee6df5181e1969c834d87322b6906825088004800000000

Human Readable ScriptSig:

0xff


0xff
version: 043587cf
ExtendedKeyDepth: 00
ParentFingerPrint: 00000000
ChildNumber: 00000000
ChainCode: 580e8e00eed10f8ee39b8d0e9602935c0f6f4acae6b531185d0013e743243859
PublicKey: 0387447aa43f4b68c366e9a2e6fee6df5181e1969c834d87322b69068250880048

ExtendedKeyDepth (depth of the used key, here it is 0 since it is the first address): 00000000

Base58EncodingWithChecksum of the bold part is
Code:
tpubD6NzVbkrYhZ4XDUCSwr7Hgi2EDnxVthfLN9gmJZzHoMVYnbFGxafVWQ5pSEijmbg5b9ac3wJuvYGZ6X7PvX9bU9aVQ2vX2pUi9grDsAdggJ

P.S. This works with all Electrum wallet types.
Jump to: