Signing a message? Expose coins | Bitcointalksearch.org

jubalix

legendary

Activity: 2632

Merit: 1023

Quote from: DannyHamilton on April 07, 2017, 11:06:37 AM

Quote from: jubalix on April 07, 2017, 05:22:41 AM

so the whole idea by satoshi to include the change addresses was to make it alot more secure......

is this right?

No.

The whole idea by Satoshi to use a new address for every transaction output was to increase privacy significantly and to make it just a tiny bit more secure.

When you first receive a transaction output using an address that has never been used before, the output is protected by 3 cryptographic algorithms (ECDSA, SHA256, and RIPEMD160). To get to your private key mathematically from your address, an attacker would need to find significant mathematical weaknesses in three significantly different algorithms simultaneously.

Once you spend that output (or sign a message using the private key that is associated with the address) you reveal the ECDSA public key. After that, the output is protected ONLY by ECDSA.

ECDSA is very secure already, so adding the extra layers doesn't really make it ALOT more secure, but if a weakness is ever discovered in ECDSA, it will help to have the additional layers in place.

thanks exactly what i was looking for....

DannyHamilton

legendary

Activity: 3472

Merit: 4801

Quote from: jubalix on April 07, 2017, 05:22:41 AM

so the whole idea by satoshi to include the change addresses was to make it alot more secure......

is this right?

No.

The whole idea by Satoshi to use a new address for every transaction output was to increase privacy significantly and to make it just a tiny bit more secure.

When you first receive a transaction output using an address that has never been used before, the output is protected by 3 cryptographic algorithms (ECDSA, SHA256, and RIPEMD160). To get to your private key mathematically from your address, an attacker would need to find significant mathematical weaknesses in three significantly different algorithms simultaneously.

Once you spend that output (or sign a message using the private key that is associated with the address) you reveal the ECDSA public key. After that, the output is protected ONLY by ECDSA.

ECDSA is very secure already, so adding the extra layers doesn't really make it ALOT more secure, but if a weakness is ever discovered in ECDSA, it will help to have the additional layers in place.

jubalix

legendary

Activity: 2632

Merit: 1023

Quote from: ranochigo on April 07, 2017, 07:04:12 AM

Quote from: jubalix on April 07, 2017, 05:22:41 AM

See this is what I thought....I remember going over this about 3 years ago but cant find the thread....So to recap my understanding, a change address is used because it means you have not exposed Huh

?

Using a change address is used for two purposes:
1. Ensure privacy.
Using change address makes it harder to link addresses together.
Eg. A --> B (Destination) + C (Change)
A --> B (Destination) + A (Change)

For the first example, you can accurately determine which is the destination.

2. To eliminate ANY security risk associated with address reuse.

Quote from: jubalix on April 07, 2017, 05:22:41 AM

and so you are relying purely on elliptic curves or some such which are not provably secure....so the whole idea by satoshi to include the change addresses was to make it alot more secure......

is this right?

What? ECDSA is used in anything needed to prove the a signature associated with your address is valid (in transactions etc). It is secure as of now but address reuse prevents this issue. But yes, there is next to 0 risk for you to lose coins if ECDSA can be reversed if you never reuse address.

ok i see...as i thought.....thanks....needed to confirm this

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: jubalix on April 07, 2017, 05:22:41 AM

See this is what I thought....I remember going over this about 3 years ago but cant find the thread....So to recap my understanding, a change address is used because it means you have not exposed Huh

?

Using a change address is used for two purposes:
1. Ensure privacy.
Using change address makes it harder to link addresses together.
Eg. A --> B (Destination) + C (Change)
A --> B (Destination) + A (Change)

For the first example, you can accurately determine which is the destination.

2. To eliminate ANY security risk associated with address reuse.

Quote from: jubalix on April 07, 2017, 05:22:41 AM

and so you are relying purely on elliptic curves or some such which are not provably secure....so the whole idea by satoshi to include the change addresses was to make it alot more secure......

is this right?

What? ECDSA is used in anything needed to prove the a signature associated with your address is valid (in transactions etc). It is secure as of now but not reusing addresses prevents this issue. But yes, there is next to 0 risk for you to lose coins if ECDSA can be reversed if you never reuse address.

jubalix

legendary

Activity: 2632

Merit: 1023

Quote from: Quartx on April 07, 2017, 12:41:49 AM

Quote from: jubalix on April 07, 2017, 12:01:18 AM

Does signing a message expose coins on that address in anyway,

eg is it equivalent of sending some coins from an address and not using a change address?

and by expose I mean lessen security....

A block explorer essentially lists all transactions made from any address involved in transactions that has been confirmed or going to be.

Signing with an address has the same coin exposing impact as sending a transaction.

If you transactions using any change addresses can be found on a block explorer, it is already exposed. Signing a message will not increase said risk. I think it is a non factor.

See this is what I thought....I remember going over this about 3 years ago but cant find the thread....So to recap my understanding, a change address is used because it means you have not exposed Huh

? and so you are relying purely on elliptic curves or some such which are not provably secure....so the whole idea by satoshi to include the change addresses was to make it alot more secure......

is this right?

pedrog

legendary

Activity: 2786

Merit: 1031

Quote from: jubalix on April 07, 2017, 12:01:18 AM

Does signing a message expose coins on that address in anyway,

eg is it equivalent of sending some coins from an address and not using a change address?

and by expose I mean lessen security....

If you sign it at an offline computer the private key and wallet password are never exposed, if you do it in an online computer it is the same as sending coins as you need to unlock the wallet.

Qartada

hero member

Activity: 546

Merit: 500

Quote from: ranochigo on April 07, 2017, 01:22:58 AM

Signing a message will reduce your privacy in a sense that once you give them a signed message with your identity, they will know you control that address.

That's the key thing here. So what's then important is that the pseudonym you use to reveal your address also can't be linked to your identity because your pseudonym used to reveal your address is then linked to your address. If people found out your identity from your Bitcointalk account, which I would hope they can't, that's when your security would be compromised because they'd then know your identity and Bitcoin address. You're about 99.999% safe.

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Signing a message will reduce your privacy in a sense that once you give them a signed message with your identity, they will know you control that address.

Signing a message and sharing it would in a sense reduce security. Your public key can be calculated from that. Not a concern since every transaction you make will reveal it anyway.

Not using change address doesn't really reduce your security, it just reduces your anonymity. However, with that, there is something that it exposes; your public key. Even though it is a 'public' key, someone knowing it wont be entirely good either. You can calculate your private key from your public key. It is has to be done with a quantum computer. And that happening before we have a solution would be at the least of my worries.

Quartx

hero member

Activity: 1036

Merit: 504

Becoming legend, but I took merit to the knee :(

Quote from: jubalix on April 07, 2017, 12:01:18 AM

Does signing a message expose coins on that address in anyway,

eg is it equivalent of sending some coins from an address and not using a change address?

and by expose I mean lessen security....

A block explorer essentially lists all transactions made from any address involved in transactions that has been confirmed or going to be.

Signing with an address has the same coin exposing impact as sending a transaction.

If you transactions using any change addresses can be found on a block explorer, it is already exposed. Signing a message will not increase said risk. I think it is a non factor.

Iranus

hero member

Activity: 1792

Merit: 534

Leading Crypto Sports Betting & Casino Platform

If you sign a message from an address, anyone can go and search on a block explorer and find the Bitcoin in that address and transactions that have gone to or from that address. It won't necessarily compromise your security, provided that you're quite sure the address can't be linked to you. You won't be exposing your private key, so your Bitcoin would still be safe provided that what you use to sign the message also isn't linked to you.

jubalix

legendary

Activity: 2632

Merit: 1023

Does signing a message expose coins on that address in anyway,

eg is it equivalent of sending some coins from an address and not using a change address?

and by expose I mean lessen security....

Topic: Signing a message? Expose coins (Read 1309 times)