Author

Topic: What wallet is deterministic AND uses compressed keys? (Read 2413 times)

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
If you need a deterministic wallet I think GreenAddress is the best one: https://greenaddress.it/en/
I'm talking about desktop or full node types of wallets, not web wallets or online wallets.

Also, that website just fails to load on me right now.
hero member
Activity: 658
Merit: 500
If you need a deterministic wallet I think GreenAddress is the best one: https://greenaddress.it/en/
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Hi, What's the difference between Type 1 and Type 2 deterministic addresses? According to my research Type 1 will reveal the private keys, since that's what you generate first.

With Type 1 deterministic addresses if you managed to crack a private key it won't help you to crack another (you need the seed for that) but with Type 2 if you crack *any* private key then it has been proven that you can crack any other (key hardening can be used in Type 2 to make that much more difficult of course).

Having watch only wallets is not necessarily a reason to want to use Type 2 wallets (you are perhaps trading convenience for security).

It would be simple enough to generate 10K Type 1 deterministic addresses (that are based upon compressed keys) offline with a file that could hold just the public keys of these to be transferred via QR code (might take about 50-100 QR codes) which would be safer than any other method.

If you are keen on doing this then perhaps let's see if we can work out something (it is something I could add to the CIYAM Safe https://susestudio.com/a/kp8B3G/ciyam-safe).
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Hi, What's the difference between Type 1 and Type 2 deterministic addresses? According to my research Type 1 will reveal the private keys, since that's what you generate first.

What I want is a way to have an online wallet have watch-only addresses. The private keys will be on my offline or better protected online computers. But I prefer that the addresses are of the compressed types (with private keys that begin with letter L or K, instead of number 5.)

I do not need them to be hierarchical.

The alternative is to create completely random addresses in huge numbers as needed, upload the public keys or addresses to the web server (or bitcoind full node), but keep the private keys on a separate computer.

However, with that method, I would need to update the hot wallet from time to time (which isn't a big deal).

My original plan was to generate ten thousand addresses, which should last me about a year, unless I get more than that many users on my website.

I'm also waiting for Armory to include support for compressed keys, and then that would be my preferred wallet.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
The only difference is that Type 1 lowers your exposure by not allowing for advanced auditing features (which could temp you into giving away sensitive information)

Thanks (it seems you know this stuff better than me) - so you do agree that Type 1 is the *safer* option unless you really need the Type 2 functionality?

(I have implemented a Type 1 deterministic Wallet for CIYAM but am still weighing up whether to "go the extra mile" to provide Type 2 as well although eventually I will do so by offering a choice of either type)
sr. member
Activity: 475
Merit: 252
Agreed - but the OP would not have wanted Type 2 if he was just after 1 private key (and stated as much).
When I say "Accounts" I don't mean private keys. I mean separate branches of the Type 2 tree that can be separated in the Wallet software as separate wallets, but still be recovered by the same seed.

There is a paper that was published showing how Type 2 keys (even when hardened) are not as secure as Type 1 - I have not seen a satisfactory reply to this paper yet (although I don't claim to understand all the details in order to judge it's merit myself).
This paper was basically stating that "Because the purpose of Type 2 was to make it easier for auditing by giving people MPKs of individual branches of the hierarchy etc... it leads to over-exposure of many MPKs at many levels, and therefore increases the risk of being compromised... in comparison a Type 1 will only have ONE MPK, and exposing that gets rid of all financial privacy, so people will probably protect it more."

However, mathematically the weakness is exactly the same. Any MPK at any level in the hierarchy combined with any private key from any branch below that MPK can leak the master private key that corresponds with the MPK.

The only difference is that Type 1 lowers your exposure by not allowing for advanced auditing features (which could temp you into giving away sensitive information)
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
If you're only using one account of a Type 2, it's actually the same.

Agreed - but the OP would not have wanted Type 2 if he was just after 1 private key (and stated as much).

The MPK and 1 private key can give you the master private key weakness is still there in Electrum's Type 1 deterministic.

If you were using tons of accounts with 0 hardened keys, then yeah... that would make it more dangerous... I guess.

There is a paper that was published showing how Type 2 keys (even when hardened) are not as secure as Type 1 - I have not seen a satisfactory reply to this paper yet (although I don't claim to understand all the details in order to judge it's merit myself).
sr. member
Activity: 475
Merit: 252
They are actually less secure than type 1 (i.e. one private key hacked means all are done).

If you're only using one account of a Type 2, it's actually the same.

The MPK and 1 private key can give you the master private key weakness is still there in Electrum's Type 1 deterministic.

If you were using tons of accounts with 0 hardened keys, then yeah... that would make it more dangerous... I guess.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Seems I will be waiting for Electrum version 2. Thanks. (I use Windows, but Linux would be fine as well.)

Any particular reason you want type 2 deterministic addresses?

They are actually less secure than type 1 (i.e. one private key hacked means all are done).
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
What wallet is deterministic AND uses compressed keys?

By deterministic, I mean where with a master public key, one can derive thousands of watch-only addresses, but the corresponding private keys are of the compressed type that begins with letter K or L.

BreadWallet, Mycelium, web.hivewallet.com, Electrum (starting with any wallet made on ver. 2.0 onward... not released yet, but available on github)

Seems I will be waiting for Electrum version 2. Thanks. (I use Windows, but Linux would be fine as well.)
sr. member
Activity: 475
Merit: 252
What wallet is deterministic AND uses compressed keys?

By deterministic, I mean where with a master public key, one can derive thousands of watch-only addresses, but the corresponding private keys are of the compressed type that begins with letter K or L.

BreadWallet, Mycelium, web.hivewallet.com, Electrum (starting with any wallet made on ver. 2.0 onward... not released yet, but available on github)
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
What wallet is deterministic AND uses compressed keys?

By deterministic, I mean where with a master public key, one can derive thousands of watch-only addresses, but the corresponding private keys are of the compressed type that begins with letter K or L.
Jump to: