Topic: Wallet with fixed number of keys? (Read 1815 times)

Your private key is far, Far, FAR more likely to be brute-forced (or cracked due to an as-yet undiscovered weakness in ECDSA) if you re-use addresses.

To crack an address that has never yet spent any bitcoins, you have to get through 3 cryptographic functions: ECDSA, SHA-256, and RIPEMD-160.

To crack an address that has spent bitcoins in the past, you only have to deal with ECDSA.  The SHA-256 and RIPEMD-160 solution has already been broadcast to the entire network, and is permanently stored in the blockchain.

If you are truly concerned about the "chance" that someone "might" figure out one of your private keys, then you should use a new bitcoin address for every transaction, and never re-use addresses.

Since you asked, the answer is if there is a collision, or if someone decides to attempt a brute force on the private key. Yes, I know the universe may blow up before that happens (thermodynamics, 256 bits, etc) but the person could also get lucky.

I also understand, that the best way to steal a wallet and its coins is through old school social engineering, whether that is digital (malware) or analogue (camera in the sky aimed at your keyboard as you type), next to the threat of physical violence (either to you or someone else.)

The probability is "almost never", however it is not "never."

Again, I just like the choice. Others can use deterministic wallets if they want. Or brain wallets for that matter. I just don't want to think about it, for the same reason I do a lot of other things automatically without having to think about the chances or possibilities while still being alert and aware of your surroundings and environment. (For example, carrying concealed weapons for defense, fire extinguishers, insurance.)

I'm sure you understand where this is coming from, wherein a lot of bitcoin users are geeks or technical people, a lot may seem paranoid but actually aren't.

There are also the careless users who generate a vanity key and forget to secure the private key properly (leaving it all over the place.)

And how would just one key be compromised?  If an attacker gets your passphrase, scrapes your decryption key from RAM, has a keylogger, etc,  they get them all.  I'm very curious what situation leads to the compromise of a single key but not the others...

I'm talking about the risk of one private key being compromised. I understand that if a wallet file is compromised, everything is gone, no matter what client you use.

Even if the reference client includes deterministic wallet functions, I would still prefer the random wallet, and hope it can be retained. Wallets that can import private keys would also work.

I just want the choice of using my randomly generated keys.

But you have the same risk with a fixed number of keys.  If your fixed pool of keys is compromised, then it's no different than a deterministic wallet.  They get your wallet, and any time in the future, they can empty your account.

Here's why you'll agree with me:  In your example of a fixed set of keys, you are simply creating a new pool of keys every now and then, or when you suspect they are compromised.  Well, why couldn't you just do the same thing with a deterministic wallet?  Use 100 keys  in the deterministic wallet (which you can do with Armory by setting "Send change back to first input address" and "Remember my choice"), and then you retire it every now and then and create a new deterministic wallet.  With Armory, you can even keep the old wallet around in case you need it, or someone else sends it money.

In both cases, you're creating a pool of keys, and changing them every so often.  The difference is that with the deterministic wallet, each pool of keys can be backed up with only a couple lines of easily-typed data, instead of 100 lines of individual private keys. 

Even better than messing with change addresses:  just use each wallet for 2 months, and then create a new one and switch.  Then you can get new addresses for every transaction, which is much simpler, helps maintain your privacy, and your attack surface is identical to using a random set of keys that will be changed in 2 months. 

This is especially important, because the days of random-key wallets is going away.  There's just too much benefit to them... all the major clients are moving over.  Including Bitcoin-Qt and Multibit. 

Thanks for the Armory info, that is close to what I would want, so just a little bit more and it will do what I want. Sort of.

I am against deterministic wallets because I do not want to take the chance that my wallet will be compromised. Yes, I understand it is negligibly small. With a random wallet, if one private key is compromised, I can take steps to secure the rest of my coins knowing that the other private keys are probably not yet compromised.

If my deterministic wallet gets compromised (the root key), then my whole wallet is gone. By the time I find out, all my coins would probably have already been stolen.

This problem is different from a stolen wallet.dat file. In both cases, you might lose all your coins if someone has physical access to your private key file wallet, or you get a trojan or other malware.

I can confidently say that due to my computing practices, the chances of having my wallet remotely stolen or compromised is a lot smaller than someone getting physical access to my machine. I just don't get random malware, despite using Windows. And if my machine is stolen, being encrypted, I have enough time to transfer my coins to a new wallet.

Besides, I want control of my private keys, I also use vanity keys (or private keys generated randomly by another software.)

You might want to implement a deterministic wallet with a fixed number of keys (and no new ones get added) for one wallet, that might make me change my mind.

The way I understand it, deterministic wallets currently implemented allow for unlimited key generation, or 13 billion keys in your example.

Good, I thought that it generates 100 addresses after using previous hundred. After seeing the first quoted sentence and no objections to it, it looked to me like change addresses are generated independently.

If you take a penny out of the penny jar, Bitcoin puts one back in. Use one of the reserve addresses, and Bitcoin will generate another to keep the reserve address pool size constant.

WAT? It doesn't take change address from the 100 already generated? It would mean that after every outbound tx you have to do backup.

the blockchain.info wallet has a fixed number of "random" keys. just import your generated private keys or let it generate some for you.

The MultiBit wallets have a fixed number of keys in a wallet.
You create new ones manually and that is it. They are random, not deterministic.

It is not quite what you want though as the change address is the address of the first transaction output you are sending from.

In general, Armory is going to pick the oldest addresses for sending new coins, so you would probably get the behavior you want.  It also has coin-control in "Expert" mode, so you could super-customize its behavior if you wanted (though, age of coins is not displayed).

I'm curious why you are so against deterministic wallets -- the number of ways that a deterministic wallet could be compromised that a random-key wallet would avoid, is basically non-existent (in an overwhelming majority of use cases).  There's a reason Bitcoin-Qt/bitcoind will be moving to deterministic wallets by default:  the advantages are staggering, with very little impact to security. 

I know about Electrum. Thanks for the tip about the reference client or Armory. What I want may be in Armory's "expert" mode and custom change behavior, but I want the client to pick maybe the oldest address that wasn't yet used for the change. So the bitcoins go around in circles within the fixed wallet, not just to originating address.

Bitcoin Spinner is one app, but it uses only 1 key, and it's for Android. Good for the phone but I'm also interested in a computer version.

I do not want a deterministic wallet. I want a randomly generated wallet. Specifically, I do not want a sequence of keys that can come out from a single password or root key as in the case of deterministic wallets.

I understand what they are, they have advantages, but I simply don't want them.

Electrum - one backup good for life. Well, one backup in a few places actually.

Great choice if you want a lightweight client that doesn't need to download the blockchain.

First of all, if your concern is backups, then use a client that has "deterministic wallets" (Armory and Electrum).  That means that all addresses are derived from root key information and only needs to be backed up once.  Ever.  Seriously, you can use 13 billion addresses, and you'll still be backed up.  Put a copy in your safe-deposit box, and you're good.  Forever.

Second of all, if you have other reasons for wanting to keep your key pool limited, then you can use Armory in "Expert" usermode, generate as many addresses as you want, then set the "Custom Change Behavior" to always send the change back to one of the originating addresses.  This guarantees that sending coins will not create a new address in the wallet to receive change, and it will stay within the addresses that already have coins.  After that, when you want to receive coins, you simply go into your wallet, select the address you want to receive to, and copy the address (or click "Receive payment to this address" to get the payment request dialog).

Then you will always be receiving coins to your existing addresses, and change will only be sent back to them.

My guess is, though, that you really just want a deterministic wallet.

The reference client Bitcoin-Qt attempts to keep you from re-using keys for purposes of increased anonymity and security.

Is there a wallet or client that can fix your private keys to an arbitrary number?

I understand the satoshi client uses the wallet.dat and starts with 100 keys, so you can back that up and not be worried for the next 100 transactions.

However, as soon as you request for a new address, the satoshi client generates a new key. Your wallet now has 101 keys. This will keep adding up, essentially forever, or however how many transactions you have.

What I want is some sort of feature that fixes the number of keys, or does not create a new key without you specifically authorizing the client software to do so.

This way, I can set an arbitrary number, to say, 200 keys. If I have more than 200 transactions already, some of those keys will have a low balance or maybe even zero, so I can re-use those keys.