Author

Topic: Understand the basics, help me understand deeper (Read 1046 times)

member
Activity: 115
Merit: 10
December 11, 2013, 06:37:46 PM
#5
Thanks for all the good replies and pointers to articles. I did a bit of searching through some of these, but some were somewhat light on, and left me with more questions. I'll do some more reading... Tongue
legendary
Activity: 3472
Merit: 4801
So each private key is a string which I sign with my wallet address to send from. Is that correct?

No.

Each private key is a random 256 bit number.  These numbers are used by the wallet to calculate signatures for transactions after the wallet creates the transactions.

What is this 'signing' process?

It is an ECDSA signature using the Secp256k1 curve.

I guess it needs to be one way or else everyone can derive your private keys, so this must be shorthand for 'using a hashing algorithm with the private key as the input and verifying the output is the address you are trying to use'. Is this understanding correct? Or over-simplified?

Yes, it is one way as long as the signature is calculated properly using a random value for k.

Oversimplified.

Suppose Alice wants to send a signed message to Bob. Initially, they must agree on the curve parameters (CURVE, G, n). In addition to the field and equation of the curve, we need G, a base point of prime order on the curve; n is the multiplicative order of the point G.

Alice creates a key pair, consisting of a private key integer dA, randomly selected in the interval [1, n-1]; and a public key curve point QA = dA * G. We use * to denote elliptic curve point multiplication by a scalar.

For Alice to sign a message m, she follows these steps:

    Calculate e = HASH(m), where HASH is a cryptographic hash function.
    Let z be the Ln leftmost bits of e, where Ln is the bit length of the group order n.
    Select a random integer k from [1, n-1].
    Calculate the curve point (x1, y1) = k * G.
    Calculate r = x1 mod n. If r = 0, go back to step 3.
    Calculate s = k-1(z + rdA) mod n. If s = 0, go back to step 3.
    The signature is the pair (r, s).

What format is this .dat file?

levelDB

Is it simply a list of private key strings?

No, there is additional information in there.

What is the length of each key?

256 bits

Is it fixed?

It is not a string.  It is a 256 bit number.

Is it some sort of open-source database structure?

levelDB

Or just a flat file?

No.

In the future could your private keys be something other than a list of strings?

They are not a list of strings. They are 256 bit numbers.  This could change if the signature algorithm is changed, but so long as we continue to use the current ECDSA algorithm with the Secp256k1 curve, private keys will continue to be 256 bit numbers.

Like presumably you could hash the raw bytes of a favourite photo or something? Wildly insecure probably, but anyway, off-topic...

Yes, you can already do this.  Hashing a favorite photo with SHA-256 will result in a 256 bit number that can typically be used as a private key.

As you said, this is "Wildly insecure".

Until I encrypt the wallet using the function in bitcoin-qt - is the wallet essentially wide open for anyone with access to the file to read my private keys?

Yes.

Why is wallet file encryption optional then?

Freedom of choice for the user to be as stupid as they like.

Truecrypt offers real on-the-fly volume encryption, so I could store my wallet in there indefinitely, but I can't find a way to point bitcoin-qt to use my encrypted volume to look for my wallet instead of the default /home/.~bitcoinqt or whatever it is. I see there's a datadirectory (or something?) parameter, but I don't want to carry around a 12Gb (and counting) volume and have to keep syncing the blockchain to it. Is there also a 'walletdirectory' or something parameter? That would be awesome...

No.  At this time, there is no "walletdirectory" parameter.

I don't know much about Truecrypt. Perhaps you could create a symlink for the wallet.dat file between your datadirectory and your Truecrypt volume?
legendary
Activity: 3682
Merit: 1580
I get that my public address is simply the public part of a key pair.

No, a bitcoin address is a hash with checksum of your public key. It is not the public key itself.

Quote
So each private key is a string which I sign with my wallet address to send from. Is that correct?

No. A private key is basically a really, really large number. You sign transactions using your private key not your address.

Quote
What format is this .dat file?

leveldb I think. More info: https://en.bitcoin.it/wiki/Wallet

Quote
What is the length of each key? Is it fixed?

See more about private keys: https://en.bitcoin.it/wiki/Private_key

Quote
Like presumably you could hash the raw bytes of a favourite photo or something? Wildly insecure probably, but anyway, off-topic...

Yes it's possible. You do an sha256sum of any file to get a private key. There is more to it than that but it's possible. Search the forums for more info. There are a few scripts that people have shared that can generate private keys using a file as input.

Quote
Until I encrypt the wallet using the function in bitcoin-qt - is the wallet essentially wide open for anyone with access to the file to read my private keys?

Yes.

The wiki is probably the best place for technical details: https://en.bitcoin.it/wiki/Main_Page
sr. member
Activity: 378
Merit: 250
See this thread for one method of using the -datadir start command parameter:

https://bitcointalk.org/?topic=4868.0
member
Activity: 115
Merit: 10
Sorry if this should be in Newbies, but I have a small/moderate level of understanding of the bitcoin network and thought this might be a good place to post because it relates specifically to bitcoin-qt (I'm using bitcoin-qt on Ubuntu)

I need to understand more about wallet addresses and cryptographic key pairs.

So I get how inputs, outputs, and change works with bitcoin. I get that my public address is simply the public part of a key pair. I get that my wallet.dat is actually a store of my private keys that I need to control.

I'm sure I could figure this out by inspecting the source code and so on, but I don't have the time right now.

Questions

So each private key is a string which I sign with my wallet address to send from. Is that correct?
What is this 'signing' process? I guess it needs to be one way or else everyone can derive your private keys, so this must be shorthand for 'using a hashing algorithm with the private key as the input and verifying the output is the address you are trying to use'. Is this understanding correct? Or over-simplified?

What format is this .dat file?
Is it simply a list of private key strings?
What is the length of each key? Is it fixed?
Is it some sort of open-source database structure? Or just a flat file?
In the future could your private keys be something other than a list of strings? Like presumably you could hash the raw bytes of a favourite photo or something? Wildly insecure probably, but anyway, off-topic...

Until I encrypt the wallet using the function in bitcoin-qt - is the wallet essentially wide open for anyone with access to the file to read my private keys?
Why is wallet file encryption optional then?

Last Question...

Truecrypt offers real on-the-fly volume encryption, so I could store my wallet in there indefinitely, but I can't find a way to point bitcoin-qt to use my encrypted volume to look for my wallet instead of the default /home/.~bitcoinqt or whatever it is. I see there's a datadirectory (or something?) parameter, but I don't want to carry around a 12Gb (and counting) volume and have to keep syncing the blockchain to it. Is there also a 'walletdirectory' or something parameter? That would be awesome...

Thanks a lot for any insight...
Jump to: