Is a hidden derivation path enough to keep Bitcoin secure after compromised ?

[kimjaepil]

(Subtitle: How to protect my coin even if the mnemonic/passphrases are robbed)

If a hacker has acquired my mnemonic and passphrase, how does He look up the balance?

Of course He is going to run the program,

Maybe there are all the balance in the first 2 to 30 addresses of the first account of each wallet type, right?

That is, if many people put it all in m/84'/0'/0/0~m/84'/0'/0'/0/20 (for example) as cold wallet default setting

Spotted my coin in an instant!

By the way, if I put the coin in a specific index of a specific account, will the hacker be able to find my coin???

In order to put two elements (a mnemonic and a passphrase) and find all the accounts and all the corresponding indexes, you need to browse all the addresses that the private key can have.

However, the number of addresses that a single private key can have is

Starting with the address varying depending on the wallet for what purpose (which may also be p2tr, p2wpkh, p2pkh, or Multisig1/1), there are number factors in the following cases.

In other words, in terms of the derived path of the HD wallet (based on bip44)

> m / purpose' / coin_type' / account' / change / address_index

Purpose: 44, 48, 49, 84, 86 (number 5) depending on wallet purpose
coin_type : Bitcoin 0
account : account (number 2^32)
change : ex/in : received address 0/ change address 1 (number 2)
address_index: address serial number (number 2^32)


To check the balance of all addresses that one private key has

5 x 2^32 x 2^32 = 1.8 x 10^20 addresses exist.

It takes 1.8x10^15 seconds to search for every address (even if it is a supercomputer) =58,454,204 years

What if my coin is at m/86'/0'/1096823754'/1/1189356152 address?

It takes 10 million years to discover, even if He is lucky.

[dzungmobile]

(Subtitle: How to protect my coin even if the mnemonic/passphrases are robbed)

If a hacker has acquired my mnemonic and passphrase, how does He look up the balance?

When a hacker has your wallet mnemonic seed, he can import it and steal your bitcoin. He does need to check all addresses in that wallet, if he import it and see bitcoin there, he will send your bitcoin to his wallet without need to know what addresses of yours have bitcoin. I meant he does not need to choose UTXOs for his sending.

If you are fearful that your wallet is hacked, and balance is still there, you must sweep your fund to a new wallet. Do it as fastest as possible because a hacker can do his job faster than you.

[Hatchy]

If a hacker has acquired my mnemonic and passphrase, how does He look up the balance?

It takes 10 million years to discover, even if He is lucky

In summary of what you meant to say, using a unique derivation path and address index, will add extra security to your wallet? but then, your mnemonic and seedphrase already gotten by a hacker = lost funds.. there's may not be any explanation after that. It won't take couple of minutes for him to empty the wallet.. its just better to store your keys securely to avoid loss of funds..

Also, if you are also smart and fast, at the time the hacker had sent the funds and still awaiting confirmation, if the transaction was RBF enabled, you can decide to make a new transaction with higher fee and send it to another wallet which key is secured... But like I said, that's if you are aware during the time it happened..

[Frankolala]

The moment a hacker gets access to your mnemonic and passphrase, it means that your bitcoin is gone because those are what anyone that understand wallet even if he's not a hacker needs to steal your coins by importing them on electrum wallet and there's nothing you can do to stop the thief, only if you are faster than the thief to sweep your funds to a new wallet, if he hasn't transferred the funds. Your post is only about someone trying to generate the same private keys as yours, that's when the chance of getting the same private is very tiny and can take 10 million years like you said. However, it's good to keep your back up seed phrase in a separate place from where you keep your backup pass phrase so that it will be impossible for anyone that has access to either your seed phrase or passphrase to have access to your wallet without the other.

[Mia Chloe]

Hacking most of the time is to steal funds. That's the more reason hackers target your keys or your seed phrase. Hackers need those keys to remove funds from your wallet since a transaction has to be signed with the keys for it to be valid on the Blockchain. If you feel your keys or funds are in jeopardy the first thing you need to do is make your funds change spending keys. And to do that you will need to sweep the funds from that wallet.

Immediately you notice, create a new wallet on another device that hasn't been compromised and move all the funds from the old wallet to the new one making sure your internet is good and you make use of a huge fee so it gets confirmed as quickly as possible. You don't want to risk a transaction like that being cancelled by the hackers.

[kimjaepil]

(Subtitle: How to protect my coin even if the mnemonic/passphrases are robbed)

If a hacker has acquired my mnemonic and passphrase, how does He look up the balance?

When a hacker has your wallet mnemonic seed, he can import it and steal your bitcoin. He does need to check all addresses in that wallet, if he import it and see bitcoin there, he will send your bitcoin to his wallet without need to know what addresses of yours have bitcoin. I meant he does not need to choose UTXOs for his sending.

If you are fearful that your wallet is hacked, and balance is still there, you must sweep your fund to a new wallet. Do it as fastest as possible because a hacker can do his job faster than you.

I wonder that How can he send balance when he doesn't even know if the private key has a UTXO with or without a balance?


Hackers don't even know what purpose wallet the owner of the private key made with mnemonic (p2tr, p2wpkh, p2pkh, p2sh) so they can send the balance?
The hacker needs to know the UTXO that the wallet has to specify the input of the transaction,
How can he create a transaction when he doesn't know UTXO?

[dzungmobile]

I wonder that How can he send balance when he doesn't even know if the private key has a UTXO with or without a balance?
Hackers don't even know what purpose wallet the owner of the private key made with mnemonic (p2tr, p2wpkh, p2pkh, p2sh) so they can send the balance? Impossible

If your story is true, rather than arguing with me, you must move your bitcoin to a new wallet, then when you finished that transaction with confirmations from Bitcoin miners, you can return to this thread, and argue with me again.
You said what you lost is a wallet mnemonic seed, that means hacker has access to all private keys in that wallet.

Wallets, it's a chapter 5 in Mastering Bitcoin book. Reading it can help you understand about wallet mnemonic seed and a Hierarchical Deterministic (HD) key generation (BIP32).

HD wallet: a tree of keys generated from a single seed.

[kimjaepil]

I wonder that How can he send balance when he doesn't even know if the private key has a UTXO with or without a balance?
Hackers don't even know what purpose wallet the owner of the private key made with mnemonic (p2tr, p2wpkh, p2pkh, p2sh) so they can send the balance? Impossible

If your story is true, rather than arguing with me, you must move your bitcoin to a new wallet, then when you finished that transaction with confirmations from Bitcoin miners, you can return to this thread, and argue with me again.
You said what you lost is a wallet mnemonic seed, that means hacker has access to all private keys in that wallet.

Wallets, it's a chapter 5 in Mastering Bitcoin book. Reading it can help you understand about wallet mnemonic seed and a Hierarchical Deterministic (HD) key generation (BIP32).

HD wallet: a tree of keys generated from a single seed.

you don't understand what I mean.
if My bitcoin is at m/86'/0'/1096823754'/1/1189356152, you can not figure out my balance.
How do you find the UTXO unless I wouldn't say that?

[LoyceV]

What if my coin is at m/86'/0'/1096823754'/1/1189356152 address?

Chances are the attacker will never find your coins. BUT: making up your one "encryption scheme" largely increases the chance of losing access yourself! What makes you think you'll remember 1096823754 and 1189356152 and their exact locations 5 years from now? Read how I lost and regained access to my made-up brainwallet: it's a risk.
If you want to add "something" extra on top of the seed words, why not extend the seed with a 13th (or 25th) custom passphrase? That's a much more standard method of adding time in case your seed gets compromised.

How to protect my coin even if the mnemonic/passphrases are robbed

To think about: what are the odds of getting robbed, and what are the odds of losing access yourself? This has always been the one compromise in Bitcoin I'm not entirely comfortable with.

Dear signature spammers, what's with the shitposting on the tech board without understanding or even reading what OP wrote?

[kimjaepil]

What if my coin is at m/86'/0'/1096823754'/1/1189356152 address?

Chances are the attacker will never find your coins. BUT: making up your one "encryption scheme" largely increases the chance of losing access yourself! What makes you think you'll remember 1096823754 and 1189356152 and their exact locations 5 years from now? Read how I lost and regained access to my made-up brainwallet: it's a risk.
If you want to add "something" extra on top of the seed words, why not extend the seed with a 13th (or 25th) custom passphrase? That's a much more standard method of adding time in case your seed gets compromised.

How to protect my coin even if the mnemonic/passphrases are robbed

To think about: what are the odds of getting robbed, and what are the odds of losing access yourself? This has always been the one compromise in Bitcoin I'm not entirely comfortable with.

Dear signature spammers, what's with the shitposting on the tech board without understanding or even reading what OP wrote?

you are absolutely right.
I don't use it like this m/86'/0'/1096823754'/1/1189356152

I just wondered whether how long will it take to find the balance (or is it possible to find it).
The answer is "impossible"

[Cricktor]

Your thread's title is sort of bad, because if you actually loose your private keys that control UTXOs, nothing prevents an attacker to spend your coins. Your mnemonic recovery words aren't your private keys!


I'm not so sure about the "impossible" part. If you hide your coins in some custom derivation path, an attacker has to exhaust the derivation path space if he doesn't have any clues about what derivation you've used.

When the attacker has your mnemonic recovery words then he only needs to perform the computationally somewhat expensive 2048x PBKDF2 rounds only once. Further derivations down the branches of the derivation path are far less expensive per index than the PBKDF2 rounds to get to the BIP32 root key derivation.

An attacker would've to build a database of Bitcoin addresses which hold UTXOs. Querying this database for any particular derivation path down from the BIP32 root key is surely a pain and likely not feasible for more than two unknown branches of the derivation path.

While BIP32 allows an index space of mostly 2³² per index, which wallet software actually supports such custom derivation paths? You might discover "funny" bugs while exploring custom derivation paths.

To secure a potential compromisation of mnemonic recovery words, I'd rather add a strong mnemonic passphrase instead of a custom derivation path. Reason is that brute-forcing a mnemonic passphrase is more computationally expensive because you always have to go through the 2048x PBKDF2 rounds for every try. This is very likely much slower than walking through derivation path indices.

[FatFork]

I just wondered whether how long will it take to find the balance (or is it possible to find it).
The answer is "impossible"

The answer is not "impossible". It depends on your custom "security" method.

But there is no additional advantage to this method. You will have much greater security by extending the seed phrase with a custom passphrase, because in that case you are not limited to just a numerical index, but you can use any combination of characters or even whole words and phrases. And it protects all addresses in your wallet, not just one.

[kimjaepil]

Your thread's title is sort of bad, because if you actually loose your private keys that control UTXOs, nothing prevents an attacker to spend your coins. Your mnemonic recovery words aren't your private keys!


I'm not so sure about the "impossible" part. If you hide your coins in some custom derivation path, an attacker has to exhaust the derivation path space if he doesn't have any clues about what derivation you've used.

When the attacker has your mnemonic recovery words then he only needs to perform the computationally somewhat expensive 2048x PBKDF2 rounds only once. Further derivations down the branches of the derivation path are far less expensive per index than the PBKDF2 rounds to get to the BIP32 root key derivation.

An attacker would've to build a database of Bitcoin addresses which hold UTXOs. Querying this database for any particular derivation path down from the BIP32 root key is surely a pain and likely not feasible for more than two unknown branches of the derivation path.

While BIP32 allows an index space of mostly 2³² per index, which wallet software actually supports such custom derivation paths? You might discover "funny" bugs while exploring custom derivation paths.

To secure a potential compromisation of mnemonic recovery words, I'd rather add a strong mnemonic passphrase instead of a custom derivation path. Reason is that brute-forcing a mnemonic passphrase is more computationally expensive because you always have to go through the 2048x PBKDF2 rounds for every try. This is very likely much slower than walking through derivation path indices.

1. whatever it is BIP44 or BIP32, It doesn't do with database something like that, Hacker has to search every single addresses (one by one) to find valid UTXO. So it takes time.
2. the title is a little bit bad, right.  I don't use this dumb method.

[ABCbits]

It takes 1.8x10^15 seconds to search for every address (even if it is a supercomputer) =58,454,204 years

What if my coin is at m/86'/0'/1096823754'/1/1189356152 address?

It takes 10 million years to discover, even if He is lucky.

It's still extremely long, but it should not be as long as your initial calculation. Single RTX 4090 can convert 8554 million private key to address every second[1].

Code:

time = search space / RTX 4090 speed = 1.8x10^20 / 8.554x10^9 = 21042787000.23... seconds (667 years).

That speed exclude creating private child key from private parent key, but it should be negligible compared with converting private key to pubic key.

[1] https://asktom.cf/index.php?topic=5112311.msg63680043#msg63680043

[LoyceV]

2. the title is a little bit bad, right.

You can edit it, for example: "Is a hidden derivation path enough to keep Bitcoin secure after compromised seed phrase?"

[kimjaepil]

2. the title is a little bit bad, right.

You can edit it, for example: "Is a hidden derivation path enough to keep Bitcoin secure after compromised seed phrase?"

thank you for your opinoin.

[kimjaepil]

Code:

time = search space / RTX 4090 speed = 1.8x10^20 / 8.554x10^9 = 21042787000.23... seconds (667 years).

That speed exclude creating private child key from private parent key, but it should be negligible compared with converting private key to pubic key.

[1] https://asktom.cf/index.php?topic=5112311.msg63680043#msg63680043

It' s different  converting private key to pubkey with searching a UTXO linked to a every single addresses.

[DaveF]

Also, keep in mind if a hacker gets access to your machine and gets your seed there is a non zero possibility that they also have access to the rest of the information that would contain the derivation path.

And, there is also the possibility that even if they don't get that they may get some of your addresses. It would take a long time to find the path but as ABCBits pointed out it's not THAT long a time if you have or can rent enough GPU power.

-Dave

[ABCbits]

Code:

time = search space / RTX 4090 speed = 1.8x10^20 / 8.554x10^9 = 21042787000.23... seconds (667 years).

That speed exclude creating private child key from private parent key, but it should be negligible compared with converting private key to pubic key.

[1] https://asktom.cf/index.php?topic=5112311.msg63680043#msg63680043

It' s different  converting private key to pubkey with searching a UTXO linked to a every single addresses.

Good point, i forget about searching whether the generated address is on address/UTXO list. But FWIW you could create index/bloom filter and then load both list and index/bloom filter to RAM.

[DaveF]

Code:

time = search space / RTX 4090 speed = 1.8x10^20 / 8.554x10^9 = 21042787000.23... seconds (667 years).

That speed exclude creating private child key from private parent key, but it should be negligible compared with converting private key to pubic key.

[1] https://asktom.cf/index.php?topic=5112311.msg63680043#msg63680043

It' s different  converting private key to pubkey with searching a UTXO linked to a every single addresses.

Good point, i forget about searching whether the generated address is on address/UTXO list. But FWIW you could create index/bloom filter and then load both list and index/bloom filter to RAM.

Most people if they were doing this to crack something like this are going to be using farms of the NVida Tesla cards. Not 3090 / 4090 / etc general use graphics cards.

You can rent the V100 cards in bulk for less then $0.15 per hour and that's today. It's only getting cheaper. So once again, if you are talking a large enough amount of $ then then it can be overcome.

Probably still not worth it on either side. Too much risk on the users side of forgetting the path. Look at the number of posts we have with people who tried something different and now can't get to their coins. And for the person finding the keys unless you KNOW that the owner has 10+BTC and is not going to know you got their seed and move it before they find it, too much risk.

Just my view as always.

-Dave