Author

Topic: Security of a message signed with bitcoin-core (Read 226 times)

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
February 11, 2020, 11:18:46 PM
#8
secondly there are no random numbers being generated when creating a signature (both during message signing or transaction signing). everything is being done deterministically, meaning nonce is generated using your key and the message utilizing HMAC function.

Wrong, k value must be randomly generated. 2 signature with same k value can be used to find out private key of your Bitcoin.

k has to be a number that can not be guessed. that is why it is suggested to choose a random one, but later on they realized that you can't rely on RNGs so they came up with a new idea to generate it deterministically using your private key and the message being signed. that is why when you sign same message with same private key you always get the same exact signature. check out RFC-6979 for more details.

in fact nowadays most wallet only use an RNG once per wallet and that is when you create the wallet to generate your seed then every future private key and every signature's k is being generated deterministically without needing RNGs anymore.

I'm stand corrected, i completely forget about RFC-6979 and thinking about ECDSA in theory.
legendary
Activity: 2128
Merit: 1293
There is trouble abrewing
secondly there are no random numbers being generated when creating a signature (both during message signing or transaction signing). everything is being done deterministically, meaning nonce is generated using your key and the message utilizing HMAC function.

Wrong, k value must be randomly generated. 2 signature with same k value can be used to find out private key of your Bitcoin.

k has to be a number that can not be guessed. that is why it is suggested to choose a random one, but later on they realized that you can't rely on RNGs so they came up with a new idea to generate it deterministically using your private key and the message being signed. that is why when you sign same message with same private key you always get the same exact signature. check out RFC-6979 for more details.

in fact nowadays most wallet only use an RNG once per wallet and that is when you create the wallet to generate your seed then every future private key and every signature's k is being generated deterministically without needing RNGs anymore.
legendary
Activity: 2128
Merit: 1293
There is trouble abrewing
If you have a modern computer the random nber it generates should be good enough to keep your private key secure...

first of all security of RNG has nothing to do with the computer being modern, it is about how it was implemented.
secondly there are no random numbers being generated when creating a signature (both during message signing or transaction signing). everything is being done deterministically, meaning nonce is generated using your key and the message utilizing HMAC function.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
I just wanted to know if it is really safe to disclose : message, public key, signed hash to open world.
There's really no chance of anyone finding my private key from the signed hash ?

There is a chance. ECDSA hash signatures can be reverse engineered to produce the private key if the variables used in the signature generation is not random enough. In addition, the private keys can also be derived from the public key by a sufficiently powerful quantum computer and the luxury of the time.

With the current state of technology (and the latest Bitcoin Core) , its nothing to be worried about and there isn't more risk from this than to send a transaction.
I'm just wondering because if this feature is not possible in bitcoin-core client for segwit address, maybe it's for a security reason...
It isn't a security issue but more of the fact that there isn't any standards for signing messages with bech32 addresses yet.
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
As long as your private key is safe, you will not need to be worry about anything else. Also it does not matter if you have signed it using Bitcoin core or anything else.

I think Jackg also said the same thing above.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
There's technically always a chance but it's much like signing a transaction and offers the same security.

If you have a modern computer the random nber it generates should be good enough to keep your private key secure...

Message digest, message and public key can all be released publicly and are when a transaction is signed and broadcast to the blockchain anyway.
newbie
Activity: 7
Merit: 1
deleted
Jump to: