Bitcoin Forum>Bitcoin>Development & Technical Discussion
Pages:
Author

Topic: Single address accounts (Read 2135 times)

kokjo
legendary
Activity: 1050
Merit: 1000
You are WRONG!
Single address accounts
July 11, 2011, 04:57:39 PM
#30
Quote from: ampkZjWDQcqT on July 11, 2011, 04:46:30 PM
Quote from: kjj on July 11, 2011, 02:15:17 PM
[...]

How about this then: In SSL, the server's private key is not used for encryption, nor for hashing, nor for any other operation, cryptographic or otherwise, of anything that is released to any other party.

If not to perform cryptographic operations, what do you think it's the purpose of a cryptographic key?.

hey! don't step on him!

he said:
client gets the server cert.
the client encrypts a random key he/she choses, with the public key from the cert.
and sends it to the server.

the server decryptes the random key
the server responses with an encrypted message, to proof that he/she knows the private key.
ampkZjWDQcqT
member
Activity: 70
Merit: 10
GNU is not UNIX
Re: Single address accounts
July 11, 2011, 04:46:30 PM
#29
Quote from: kjj on July 11, 2011, 02:15:17 PM
[...]

How about this then: In SSL, the server's private key is not used for encryption, nor for hashing, nor for any other operation, cryptographic or otherwise, of anything that is released to any other party.

If not to perform cryptographic operations, what do you think it's the purpose of a cryptographic key?.
kokjo
legendary
Activity: 1050
Merit: 1000
You are WRONG!
Re: Single address accounts
July 11, 2011, 04:01:05 PM
#28
Quote from: kjj on July 11, 2011, 03:42:46 PM
Quote from: kokjo on July 11, 2011, 03:17:32 PM
Quote from: kjj on July 11, 2011, 03:07:41 PM
Quote from: kokjo on July 11, 2011, 02:43:32 PM
the client can often force a DH key-agreement to happen. it requires the server to sign with the private key.

Reference?
http://www.ietf.org/rfc/rfc5246.txt

p. 91-92
F.1.1.3.  Diffie-Hellman Key Exchange with Authentication

Quote
When Diffie-Hellman key exchange is used, the server can either
supply a certificate containing fixed Diffie-Hellman parameters or
use the server key exchange message to send a set of temporary
Diffie-Hellman parameters signed with a DSA or RSA certificate.

also every certificate is signed by an CA.

I stand corrected.  SSL implementations that ignore all the SHOULDs and warnings in that section do actually have the option to use their private keys directly.
apache has it enabled by default.
it only requiers the client to only allows DH in the ClientHello message, and the server supports DH.

anyway it does not matter. signatures are useless for the propose of getting information about the private key.
signatures only gives proof that the other party have access the the private key.
kjj
legendary
Activity: 1302
Merit: 1026
Re: Single address accounts
July 11, 2011, 03:42:46 PM
#27
Quote from: kokjo on July 11, 2011, 03:17:32 PM
Quote from: kjj on July 11, 2011, 03:07:41 PM
Quote from: kokjo on July 11, 2011, 02:43:32 PM
the client can often force a DH key-agreement to happen. it requires the server to sign with the private key.

Reference?
http://www.ietf.org/rfc/rfc5246.txt

p. 91-92
F.1.1.3.  Diffie-Hellman Key Exchange with Authentication

Quote
When Diffie-Hellman key exchange is used, the server can either
supply a certificate containing fixed Diffie-Hellman parameters or
use the server key exchange message to send a set of temporary
Diffie-Hellman parameters signed with a DSA or RSA certificate.

also every certificate is signed by an CA.

I stand corrected.  SSL implementations that ignore all the SHOULDs and warnings in that section do actually have the option to use their private keys directly.
kokjo
legendary
Activity: 1050
Merit: 1000
You are WRONG!
Re: Single address accounts
July 11, 2011, 03:17:32 PM
#26
Quote from: kjj on July 11, 2011, 03:07:41 PM
Quote from: kokjo on July 11, 2011, 02:43:32 PM
the client can often force a DH key-agreement to happen. it requires the server to sign with the private key.

Reference?
http://www.ietf.org/rfc/rfc5246.txt

p. 91-92
F.1.1.3.  Diffie-Hellman Key Exchange with Authentication

Quote
When Diffie-Hellman key exchange is used, the server can either
supply a certificate containing fixed Diffie-Hellman parameters or
use the server key exchange message to send a set of temporary
Diffie-Hellman parameters signed with a DSA or RSA certificate.

also every certificate is signed by an CA.
kjj
legendary
Activity: 1302
Merit: 1026
Re: Single address accounts
July 11, 2011, 03:07:41 PM
#25
Quote from: kokjo on July 11, 2011, 02:43:32 PM
the client can often force a DH key-agreement to happen. it requires the server to sign with the private key.

Reference?
kokjo
legendary
Activity: 1050
Merit: 1000
You are WRONG!
Re: Single address accounts
July 11, 2011, 02:43:32 PM
#24
Quote from: kjj on July 11, 2011, 02:25:06 PM
Quote from: kokjo on July 11, 2011, 02:09:53 PM
Quote from: kjj on July 11, 2011, 01:21:30 PM
Quote from: kokjo on July 11, 2011, 12:51:26 PM
on a busy SSL server, things gets signed and encrypted, 1000 times per second. with the same 1024/2048 bit key. they are not broken (yet).

Dude.  SSL never encrypts anything with the server's private key.  Never.
partly true.

but it is used(to sign) in the key-exchange protocol, to prevent a 3. party for modifying the protocol messages.

No, it isn't.  In SSL, the client encrypts the premaster secret (a number used to derive the symmetric session key) using the server's public key.  The server decrypts it using the private key.  At no time does the server ever emit anything directly derived from its private key.

SSL uses symmetric encryption for the payload.  PKC is only used to securely exchange that session key, and the entire exchange protocol was designed to protect the server's private key from re-use.
the client can often force a DH key-agreement to happen. it requires the server to sign with the private key.
kjj
legendary
Activity: 1302
Merit: 1026
Re: Single address accounts
July 11, 2011, 02:31:29 PM
#23
Quote from: kokjo on July 11, 2011, 02:27:37 PM
Quote from: kjj on July 11, 2011, 02:15:17 PM
How about this then: In SSL, the server's private key is not used for encryption, nor for hashing, nor for any other operation, cryptographic or otherwise, of anything that is released to any other party.
LOL! TROLL!

then what is it used for, please enlighten us with your superior knowledge.

Already answered in the post just above yours.
kokjo
legendary
Activity: 1050
Merit: 1000
You are WRONG!
Re: Single address accounts
July 11, 2011, 02:27:37 PM
#22
Quote from: kjj on July 11, 2011, 02:15:17 PM
How about this then: In SSL, the server's private key is not used for encryption, nor for hashing, nor for any other operation, cryptographic or otherwise, of anything that is released to any other party.
LOL! TROLL!

then what is it used for, please enlighten us with your superior knowledge.
kjj
legendary
Activity: 1302
Merit: 1026
Re: Single address accounts
July 11, 2011, 02:25:06 PM
#21
Quote from: kokjo on July 11, 2011, 02:09:53 PM
Quote from: kjj on July 11, 2011, 01:21:30 PM
Quote from: kokjo on July 11, 2011, 12:51:26 PM
on a busy SSL server, things gets signed and encrypted, 1000 times per second. with the same 1024/2048 bit key. they are not broken (yet).

Dude.  SSL never encrypts anything with the server's private key.  Never.
partly true.

but it is used(to sign) in the key-exchange protocol, to prevent a 3. party for modifying the protocol messages.

No, it isn't.  In SSL, the client encrypts the premaster secret (a number used to derive the symmetric session key) using the server's public key.  The server decrypts it using the private key.  At no time does the server ever emit anything directly derived from its private key.

SSL uses symmetric encryption for the payload.  PKC is only used to securely exchange that session key, and the entire exchange protocol was designed to protect the server's private key from re-use.
kjj
legendary
Activity: 1302
Merit: 1026
Re: Single address accounts
July 11, 2011, 02:15:17 PM
#20
Quote from: dinox on July 11, 2011, 01:58:29 PM
Quote from: kjj on July 11, 2011, 01:21:30 PM
Quote from: kokjo on July 11, 2011, 12:51:26 PM
on a busy SSL server, things gets signed and encrypted, 1000 times per second. with the same 1024/2048 bit key. they are not broken (yet).

Dude.  SSL never encrypts anything with the server's private key.  Never.

Dude. Bitcoin never encrypts anything with the user's private key. Never.

Like the signature?  Are you going to quibble that the ECDSA step isn't technically an encryption because it can't be reversed?

How about this then: In SSL, the server's private key is not used for encryption, nor for hashing, nor for any other operation, cryptographic or otherwise, of anything that is released to any other party.
kokjo
legendary
Activity: 1050
Merit: 1000
You are WRONG!
Re: Single address accounts
July 11, 2011, 02:09:53 PM
#19
Quote from: kjj on July 11, 2011, 01:21:30 PM
Quote from: kokjo on July 11, 2011, 12:51:26 PM
on a busy SSL server, things gets signed and encrypted, 1000 times per second. with the same 1024/2048 bit key. they are not broken (yet).

Dude.  SSL never encrypts anything with the server's private key.  Never.
partly true.

but it is used(to sign) in the key-exchange protocol, to prevent a 3. party for modifying the protocol messages.
dinox
full member
Activity: 126
Merit: 100
Re: Single address accounts
July 11, 2011, 01:58:29 PM
#18
Quote from: kjj on July 11, 2011, 01:21:30 PM
Quote from: kokjo on July 11, 2011, 12:51:26 PM
on a busy SSL server, things gets signed and encrypted, 1000 times per second. with the same 1024/2048 bit key. they are not broken (yet).

Dude.  SSL never encrypts anything with the server's private key.  Never.

Dude. Bitcoin never encrypts anything with the user's private key. Never.
kjj
legendary
Activity: 1302
Merit: 1026
Re: Single address accounts
July 11, 2011, 01:21:30 PM
#17
Quote from: kokjo on July 11, 2011, 12:51:26 PM
on a busy SSL server, things gets signed and encrypted, 1000 times per second. with the same 1024/2048 bit key. they are not broken (yet).

Dude.  SSL never encrypts anything with the server's private key.  Never.
codemojo
jr. member
Activity: 35
Merit: 4
Re: Single address accounts
July 11, 2011, 12:56:10 PM
#16
Quote from: kjj on July 11, 2011, 11:43:26 AM
We can't expire keys, and we can't compress ( =randomize) scripts.  The one thing that we do is discourage key re-use.  We should not abandon the one good practice that we are capable of doing without a damn good reason, even though we are pretty confident that we are safe doing so.

Thanks for your insight, very interesting. The way I see it now is, if the person holding the single-address account doesn't care that much about his money being stolen (like maybe he only keeps small amounts there), then this approach would be sane. I mean, I'm mostly concerned about this patch having a negative impact on some other unrelated bitcoin user, or the network as a whole. For example, could this behavior make another user less anonymous, or make some other client break (because there is a direct cycle - an input is the same as an output), etc...
kokjo
legendary
Activity: 1050
Merit: 1000
You are WRONG!
Re: Single address accounts
July 11, 2011, 12:51:26 PM
#15
Quote
I've read it, thanks.
you does not sound like you have.

Quote
You may want to flip through it again so that you can see how every other cryptosystem other than bitcoin takes great pains to minimize and obfuscate use of the private key, and how every PKI system in the world, again not counting bitcoin, insists on using expiration dates for keys.
example please.

Quote
Bitcoin private keys have no expiration date, and are used to sign plaintexts that are partially repetitive and predictable.  If these factors don't make your sphincter tighten, you missed some big lessons from the history of cryptanalysis.
LOL! expiration date! the only reason for them is for 512 bit RSA keys, and for CAs to earn money.

512bit RSA was secure in 1990 and broken(practicaly) in 1999.
samething thing now:
bitcoin private keys today are secure. in 10 years they may not be.

on a busy SSL server, things gets signed and encrypted, 1000 times per second. with the same 1024/2048 bit key. they are not broken (yet).

it has nothing to do with key reuse.

Quote
We can't expire keys, and we can't compress ( =randomize) scripts.
which is good.

Quote
The one thing that we do is discourage key re-use.  We should not abandon the one good practice that we are capable of doing without a damn good reason, even though we are pretty confident that we are safe doing so.
Abandon good practice? did you ever hear of X.509?
i would like to abandon it, as fast as possible.

kjj
legendary
Activity: 1302
Merit: 1026
Re: Single address accounts
July 11, 2011, 11:43:26 AM
#14
I've read it, thanks.

You may want to flip through it again so that you can see how every other cryptosystem other than bitcoin takes great pains to minimize and obfuscate use of the private key, and how every PKI system in the world, again not counting bitcoin, insists on using expiration dates for keys.

Bitcoin private keys have no expiration date, and are used to sign plaintexts that are partially repetitive and predictable.  If these factors don't make your sphincter tighten, you missed some big lessons from the history of cryptanalysis.

We can't expire keys, and we can't compress ( =randomize) scripts.  The one thing that we do is discourage key re-use.  We should not abandon the one good practice that we are capable of doing without a damn good reason, even though we are pretty confident that we are safe doing so.
kokjo
legendary
Activity: 1050
Merit: 1000
You are WRONG!
Re: Single address accounts
July 11, 2011, 11:02:25 AM
#13
Quote from: kjj on July 11, 2011, 10:45:29 AM
Quote from: imperi on July 11, 2011, 10:26:44 AM
What if we don't care about secrecy with transactions?

Secrecy isn't the issue.  The issue is attackers gradually learning bits of your private key.
an attacker is learning nothing, that the whole point of publickey-cryptography.

go look it up on Wikipedia, before talking about anything you don't know anything about.
or go read some bruce schneier, he have made a good heavy book, about cryptography.
(you know the big red one, with a ufo on the front)
kjj
legendary
Activity: 1302
Merit: 1026
Re: Single address accounts
July 11, 2011, 10:45:29 AM
#12
Quote from: imperi on July 11, 2011, 10:26:44 AM
What if we don't care about secrecy with transactions?

Secrecy isn't the issue.  The issue is attackers gradually learning bits of your private key.
imperi
full member
Activity: 196
Merit: 101
Re: Single address accounts
July 11, 2011, 10:26:44 AM
#11
Quote from: kjj on July 11, 2011, 12:44:00 AM
Pick up any book on cryptography, open it to any page, stab your finger into any paragraph, and you will find a warning about key re-use.  We don't think that our current systems have any serious weaknesses in this department, but virtually every cryptosystem in history has been weakened and then broken because keys were used multiple times.

Best practice for security: use each key once, and only once.
Not best practice, but still pretty good: allow multiple uses, but discourage.
Worst practice: design a system that keeps using one key over and over and over again.

What if we don't care about secrecy with transactions?
Pages:
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: