There exists a huge Bitcoin security threat that affects deterministic wallets, that people don't want to talk about. I have known about this for more than a year and I have arranged my Bitcoin security accordingly, and most tech experts as well, yet many newbies or laymen don't, so let me enlighten you.
I thought this threat is obvious, but apparently it's not since people are just now talking about it on Reddit, and I bet most people don't look into cryptography to secure their Bitcoins, which is a big problem, so let me explain it to you in laymen terms.
WARNING: THIS ONLY AFFECTS DETERMINISTIC WALLETS
- It only affects deterministic wallets that are based on BIP32, like Electrum, MultiBit and others.
- A deterministic wallet means that when you create a wallet you get a
seed, which is a collection of 12-24 words that is used to generate all addresses in that wallet. So all addresses are generated from the seed.
If you have a wallet that generates individual addresses, that each have separate non-related private keys, then you are not at risk, but most popular wallet softwares are already deterministic, so make sure you check how your wallet software works!
The problem is this, and it's a big one:
One weakness that may not be immediately obvious, is that knowledge of a parent extended public key plus any non-hardened private key descending from it is equivalent to knowing the parent extended private key (and thus every private and public key descending from it). This means that extended public keys must be treated more carefully than regular public keys.
So this means that if your expose your
xpub master public key, and 1 child private key, a hacker can easily steal all your money in the entire wallet !!!
- You operate a Bitcoin business, and all your funds are in a deterministic wallet. You get incoming and outgoing transactions based on your business, and all transactions are well organized into different addresses for different purpose.
- Your seed of the wallet is this:
barrel faint exclude skin ribbon pattern melt roof answer feed tip square absent, if someone would obtain this, they can steal all your money! TOTAL LOSS OF SECURITY
- You give out your
xpub661MyMwAqRbcGmnzJDQP1iFbuAY8yHAWZdCV7GdTrLh41XNHSqZ9doKs8XuQpJvbaKZqt6jSFGLEfpoLD5FzLucpCna5jE36QaXCVQAh3BCto your boss, or your private-contractors, or regulators, to prove that you have the money and you are transparent. They can only view your transaction with this, so it's only a TOTAL LOSS OF PRIVACY!
- Your wallet has the following 2 addresses: A:
16JxQgg41fcH6ZW2XUZJuBxBkEFFvyXTz9. Let's imagine that address A has 500 BTC on it, and address B is empty.
- You give out the private key of address B, in order to prove that you own this wallet which is part of the entire wallet that can be observed with the
xpubkey. This is in order to prove that you own this wallet, and by giving out key B you think you don't risk anything because it's empty.
- Now the private key of B is:
L5B5KNX6az4NsE8VScJ5nJNakFmbfJLXoQwk6WvU4T1Utcz13HVK, you give this out to somebody who has the
xpubalready and will verify your ownership of the wallet.
- And there is the catch, if somebody has both 1 private key and the master public key, he can derive the seed, and the private key of A.
- He will quickly calculate the private key of a which is
L3r13DAvCPvmACEPSqVfMDvRRnHcM8a8XgkgBWgKV5kns8bjJMaZ, and steal the 500 hypothetical Bitcoin that would be on that address.
Yes it would be this easy to steal all your money, and not just on address A, but on every other address that was derived from that seed!
- Don't give out both the master public key, and a child private key of the wallet. Although it's never recommended to give out private keys ever. You can always sign a transaction to prove ownership of the funds, no need to expose the private key.
- Also it's not recommended to give out the master public keys, you can just give out Bitcoin individual addresses to show your peers your transactions, but the public key is more sensitive information.
So let me rank each information by importance / risk:
- Seed = MAXIMUM SECURITY REQUIRED
- Child Private Key = MAXIMUM SECURITY REQUIRED
- Master Public Key = ELEVATED SECURITY REQUIRED (it is not quantum computer resistant) , LOSS OF WALLET PRIVACY
- Child Public Key = ELEVATED SECURITY REQUIRED (it is not quantum computer resistant) , LOSS OF ADDRESS PRIVACY
- Bitcoin Address = NO SECURITY REQUIRED (quantum computer resistant), LOSS OF ADDRESS PRIVACY
ALSO DON'T REUSE A BITCOIN ADDRESS, spending from a bitcoin address means that the child public key is revealed!