reply on: Publicly available/known xpubx (public keys), for review/research? \ stacker news ~bitcoin

pull down to refresh

68 sats \ 3 replies \ @optimism 26 Mar \ parent \ on: Publicly available/known xpubx (public keys), for review/research? bitcoin

When you say xpub, I am assuming you mean "eXtended public key`, per BIP-0032.

if someone has the private key to the wallet? Then they'd be able to just transfer all the bitcoin to a wallet they control, right?

Or does secret key mean the key to one address, and then people could reverse engineer the private key from that one?

Private key == Secret key - it's the same thing. I'll stick to private to reduce confusion now.

If someone has the private key to a single address derived from the xpub, and the xpub itself, then they can calculate all the private keys underneath that xpub - i.e. essentially the xprv. And yes, "your key, your coin" is also valid, so if you know the private key for any funds on chain, they are "yours".

See the BIP:

One weakness that may not be immediately obvious, is that knowledge of a parent extended public key plus any non-hardened private key descending from it is equivalent to knowing the parent extended private key (and thus every private and public key descending from it). This means that extended public keys must be treated more carefully than regular public keys. It is also the reason for the existence of hardened keys, and why they are used for the account level in the tree. This way, a leak of account-specific (or below) private keys never risks compromising the master or other accounts.

100 sats \ 2 replies \ @Signal312 OP 26 Mar

Thanks for your reply. I think I should have said "Master public key" or "extended public key", right?

So, if they had this - "private key to a single address derived from the xpub" -- AND they had the extended public key, then they could figure out the extended PRIVATE key, and basically steal your bitcoin, is that right?

But wouldn't it be really hard to get the "private key to a single address derived from the xpub"? How would you do that without actually having access to the full extended private key?

68 sats \ 1 reply \ @optimism 26 Mar

So, if they had this - "private key to a single address derived from the xpub" -- AND they had the extended public key, then they could figure out the extended PRIVATE key, and basically steal your bitcoin, is that right?

Yes.

But wouldn't it be really hard to get the "private key to a single address derived from the xpub"?

Yes, but "hard" does not equate impossible. And if you publish your extpub to prove that yes, you really have 2000 BTC, you're a target, congrats.

How would you do that without actually having access to the full extended private key?

How it was done with bybit (#898258): trick you into signing something for 1 of the addresses, something low risk, and then just sweep the whole address range under the xpub

100 sats \ 0 replies \ @Signal312 OP 26 Mar

Got it. Thanks!