Deterministic Wallets - Reading Assignment

1. What’s the advantage of using a Deterministic Wallet, as opposed to generating many different keypairs? You only need to back it up once as it stays backed up for ever, and as all future addresses are determined in advance.

2. What advantage does a Type-2 wallet have over Type-1? You secure the master private key but still generate new addresses via: Publickey(type,n) = Master_public_key + H(n|S|type)*point

3. What is the anonymity set for a receiver using a Deterministic Wallet? (hint: to someone who knows another of Bob’s addresses, how many other unknown addresses on the blockchain might be Bob’s?)
   As the addresses are only ever used once, then the anonymity set is all other unknown addresses.

1. A deterministic wallet can be backed up and restored via a known seed. Restoring it does not require any other information because any future addresses created using the same random seed are determined.

2. A Type-2 wallet provides an extra layer of security like being able to generate new public keys by using the master public key, which allows the master private key to be safely secured. Another advantage is, if a hacker gains access to an individual’s public key and random seed, the money locked to that address is inaccessible because unlocking them requires the private key. Also, the hacker will not be able to generate that individual’s private key without the master private key.

3. When new private and public keys are created for each transaction, there is no link to the master key and no history of transactions associated with the new addresses. This makes the anonymity set the same as the number of unknown addresses in the blockchain.

1. Having one master_private_key is less information to lose and if it can generate all the private keys from it then you never lose your holdings as long as you have it.
2. The master private key can be kept separate and secure of the others.
3. For a type-1 999, but for a type2 there is no limit.

The anonymity set is basically all unknown addresses on the blockchain. Because you are unable to determine what keys were derived from a specific master key. This is true for both type 1 and 2 wallets.

1. What’s the advantage of using a Deterministic Wallet, as opposed to generating many different keypairs?

It only needs to be backed up once and any future addresses can be created without the need to back up forever.

2. What advantage does a Type-2 wallet have over Type-1?

It would be more secure as you would need bother the public key and masterkey if you were going to try decryption. You can also continue to generate addresses with just the public key. It would only need backing up once and that backup would still be able to generate addresses in the wallet.

3. What is the anonymity set for a receiver using a Deterministic Wallet? (hint: to someone who knows another of Bob’s addresses, how many other unknown addresses on the blockchain might be Bob’s?)

Having a large number off addresses and the ability to generate them whenever you need to means you can just use them once and move on to another one. This way you spread the transactions making it more difficult to trace.

1.) The advantage of Deterministic wallets is the very small size and backup ability. The addresses are pre-generated. (Though easier, I feel could be a point of weakness)

2.) Advantage of type-2 is the fact that you can continue to change addresses with each transaction. But because of the formula used with the key- couldn’t this also be a vulnerability? (By process of elimination)

3.)Anonymity for a reciever can be set by changing the address with every transaction.

There is no way to determine what address was derived from a particular master key. From the outside there is no connection. It can only be made once the addresses are included in the same tx.
Type 2 wallets have a benefit of being able to generate new addresses by using the master public key which is particularly useful for merchants that want to deploy this key on a webstore to handle user payments without compromising security by having a private key deployed on a server.

I understand. Thank you!

1. It’s easier to backup.
2. A Type-2 wallet are more secure, because an attacker cannot deduce a private key based on past keys.
3. Basically, every address can be Bob’s.

1. The advantage of using a deterministic wallet as opposed to generating many key pairs is you can back it up once and it stays backed up forever.

2. The advantage of using a type-2 wallet over type-1 is

you can separately secure the Master_private_key, but still generate new addresses with Publickey

So a company/corporation/individual/entity can leave a public address exposed online and not have anyone reverse engineer their address to find their private key and steal their coins.

This is unlike the type-1 wallet where the master private key must be kept private by only the owner, and so only they can derive more public addresses from it. So for example if someone wanted to send the entity (see above example) a donation, the entity would first have to generate a public address manually and give it to the donor. Put it this way: imagine you wanted to keep your real-life physical address secret. Then every time you wanted to buy some e-commerce, you would had to generate a new address - whatever that means in a real world/physical setting - to give to the seller so they could send you your product. Very tedious!

3. With a deterministic wallet, you can generate a new address, that is tied to your private key, for every transaction. Thus the address will not be linked to any other public address. Hence the anonymity set for a receiver using a deterministic wallet will be the set of all unknown addresses.

I have a question:

H(n|S|type)

What does this notation mean in this context? It is different from the notation:

Privatekey(type,n)

which I do understand (a function Privatekey with inputs type and n).

EDIT: spelling

Tbh I’m not a mathematician so I can’t really help you explain what exactly does it mean… Its a function

Funnily enough I have a degree in Maths but I didn’t know what they were going on about either . But I dig some digging so here’s an explanation for what it means:

The unicode symbol U+2223 a.k.a.

|

can mean divisor, be part of the Bra-ket notation, or concatenation.

In the context of the forum, the | stands for concatenation; specifically the concatenation of “type”, “seed” and “n”, whatever “n” means.

concatenation example

Bra-ket notation example (slide 3 of the above link)

bra_ket_notation720×540 68.6 KB

A post by username “iddo” on page 4 of the forum gave some context as to how I came to this understanding.

The function

H(n|S|type)

is equivalent to

h(x) = hash(type|seed|x)

where “type” is the type of wallet (a known/given variable), “seed” is a large random seed (a known/given variable), and “x” - the input variable - is what you want to hash (so usually an address).

h(x) is known as a pseudorandom function family. User “hashcoin” explains a critical detail of the OP’s proposal on page 2.

EDIT: “n” is the number of steps taken in the ECDSA algorithm

So you know more than I do Maxwell is pretty much a superstar when it comes to heavy cryptography stuff.
I think n is mentioned in the article as a number of steps in a Type 1 wallet.

1. It is a wallet that can be backed up once and stays backed up as all future addresses are determined in advance.

2. You can separately secure the Master Key while generating new addresses.

3. The ability to change addresses after every transaction to further secure your public key.

1. What’s the advantage of using a Deterministic Wallet, as opposed to generating many different keypairs?
   Once the wallet has been backed up, you have access to the information “forever” because all future addresses are determined in advanced. With generating different keypairs over time, you would need to back up your wallet each time and this process greatly increases risk of error.

2. What advantage does a Type-2 wallet have over Type-1?
   Generates many different public keys based on one master private key, ultimately - more privacy. It is more streamlined and efficient for the wallet user.

3. What is the anonymity set for a receiver using a Deterministic Wallet? (hint: to someone who knows another of Bob’s addresses, how many other unknown addresses on the blockchain might be Bob’s?)
   For theoretical purpose, lets say infinity.

Wow! Yes! Your answer helps me understand the material so well! I feel like I had the basic understand but your response has helped solidify it for me in more technical terms - much much appreciated!

1. it is a wallet thet you would back up once and it stays backed up , being able to strip it to very small size (QR code), all future addresses would be determinated in advace.

2. its advantage is that you can seperatly secure Master_private_key but still generate new address.

3. public key/address changed after each tx

1. Only needs to be backed up once.
2. you can separately secure the master key
3. one

What do you mean one? The annonimity set is basically all unknown addresses on the blockchain.

1. The advantage of using a Deterministic Wallet is that you only need to backup once and it stays backed up forever because all future addresses are determined in advance. The wallet can also be stripped down to a small size such that it can be backed up on paper.

2. The advantage of a Type-2 wallet over Type-1 is that you can secure the master private key and still generate new addresses.

3. The anonymity set for a receiver using a Deterministic Wallet is the set of Bitcoin users whose address is unknown.