Private Key – Does Ethereum Have the Private Key Exposed on Spend Problem?

addressesprivate-key

Is it the case that Ethereum requires the spender to provide the private key for an address so that it can prove ownership when spending ETH?
If so, is there some mechanism where each spend actually creates a new address with a new private key, and invalidates the old address, to avoid someone else knowing the private key and taking the Ether?

I've googled for a while to look this up, but the search terms I'm using are probably not right, as I don't find any good hits. ("does spending ether expose the private key" and many variants.)
Also, if this is already answered in this very SO, I'd love a link!

Best Answer

The private key isn't ever revealed, ownership is proven through a digital signature that proves that the owner knows the private key without actually revealing it.

Here is an overview:

Bob asks his wallet software to create a transaction from his address to Alice's
Bob's wallet software digitally signs his transaction with Bob's private key
Bob's wallet software publishes the signed transaction to another Ethereum node, which passes it on to another node, and so on until a mining node hears about it and includes it into a block.

The digital signature on Bob's transaction, crucially, allows everyone to verify that Bob's private key has "endorsed" the transaction, without him ever needing to reveal the private key itself.

Related Solutions

Ethereum Address – How to Convert a Bitcoin Private Key into an Ethereum Address

A private key in both bitcoin and ethereum is simply a random 256 bit number (actually a number between 0 and the order of the secp256k1 curve, but that's not really important).

If you can get your raw bitcoin public key, i.e.something like a random hex string of length 64, then it can be used directly as a raw ETH private key in any library or client.

For example, to import it into geth just use

geth account import <(my_privkey)

for parity see How to import a plain private key into Parity?

To simply derive an address from the key in JS, you can use the keythereum library or ethereumjs-util

You can even use openssl, see https://kobl.one/blog/create-full-ethereum-keypair-and-address/

addresses – How to Determine If Two Addresses Were Created From the Same Private Key

First. No you will not be able to tell if addresses are from the same key.

Trully unrelated, in your context, I would say that they are related if they are derived from the same seed. If I understand correctly.

Addresses are generated from a public key that is generated from a Hierarchical Deterministic key pair.

From one seed you can generate multiple account, addresses, for any currency.

The seed is created with BIP39. From that seed you can derive path and create other key pair.

Any keys derived from that seed would be related to that root seed.

If you generate another seed, then your accounts could be considered unrelated.

Best Answer

Related Solutions

Ethereum Address – How to Convert a Bitcoin Private Key into an Ethereum Address

addresses – How to Determine If Two Addresses Were Created From the Same Private Key

Related Topic