You have 2 computers. One is 100% offline and, thus, trusted. Other is online. Private keys are stored on the offline computer and the online computer has no access to it. Is there any way to sign a transaction using the offline computer, then manually (i.e., typing in a keyboard) transfer it to the online computer, so that it transmits it to the blockchain?
[Ethereum] ny safe way to send money from a cold wallet, using an untrusted computer
cold-storageofflineraw-transactionSecuritytransactions
Related Solutions
Your calculations are right, except there aren't exactly 2^256 private keys -- there are "FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141" (this number is named N
in the ETH source code, and is the order of the generator of the elliptic curve secp256k1, from which Ethereum key pairs are generated).
In answer to your question, yes, private keys mapping to the same address will both be able to spend the money in that address on a first come first served basis. They will create the same public key, which the ECDSA verification algorithm is performed against, and so signatures generated by either private key will verify against the same address!
In go-ethereum/accounts/key.go, we have a private key generated from S256 which is secp256k1's curve, meaning they will be less than N
be default.
func newKeyFromECDSA(privateKeyECDSA *ecdsa.PrivateKey) *Key {
id := uuid.NewRandom()
key := &Key{
Id: id,
Address: crypto.PubkeyToAddress(privateKeyECDSA.PublicKey),
PrivateKey: privateKeyECDSA,
}
return key
}
func newKey(rand io.Reader) (*Key, error) {
privateKeyECDSA, err := ecdsa.GenerateKey(secp256k1.S256(), rand)
if err != nil {
return nil, err
}
return newKeyFromECDSA(privateKeyECDSA), nil
}
go-ethereum/crypto/secp256k1/secp256 also generates the key pairs in accordance with secp2656k1 albeit in a slightly different way :)
Cool illustrative explanation for what N
really is and why 2 keys will be able to spend money from the same account
Imagine private keys are miles driven in your car, and public keys are number of miles on your car's odometer. If the odometer rolls over from 999,999 to 000,000, a person with miles driven = 1,000,001 will have the same 'public key', and hence the same address, as a person with miles driven = 1.
EC group arithmetic is surprisingly similar to this, but rather than 999,999, we have the seemingly arbitrary number given above! Due to this property, even with your different 'private keys', you will be able to create signatures that verify against the same public key, and hence spend ETH from the same address!!
Boring math explanation
Private keys are 256 bit numbers, and to calculate the public key from a private key you multiply by the generator, g
, of the elliptic curve group. The generator in use is defined in the parameters of the secp256k1 libraries being used in ETH. It itself is also an elliptic curve point, and as elliptic curves are cyclic, there exists an n
such that n.g = 1
(this is called the generator order).
With this equation we can see that if we had a private key k
with k>n
, we would have k.g = (k-n).g = k'.g
, for a k'
that is possibly someone else's private key! So we have keys generated at random modulo n
, rather than 2^256.
All existing addresses already exist you're right. And in fact when you're "generating" an address you might get one which is already used. But the odds of is happening make it impossible in reality. ( If i'm not wrong there is 10^28 possible addresses )
See here for more information about wallet creation
Best Answer
We at MyEtherWallet.com implemented an offline transaction tool to do exactly this. While most people who are cold-storage fanatics know command line and the inner-workings of gas price and nonce, this allows you to do it via GUI.
Navigate to the "Offline Transaction" tab via your online computer. Here you will generate the current gas price and nonce.
Enter the FROM address in the field. Please note, this is the address you are sending FROM, not TO. This generates the nonce and gas price.
Move to your offline computer. Enter the TO ADDRESS and the AMOUNT you wish to send.
Enter the GAS PRICE as it was displayed to you on your online computer in step #1.
The GAS LIMIT has a default value of 21000. This will cover a standard transaction. If you are sending to a contract or are including additional data with your transaction, you will need to increase the gas limit. Any excess gas will be returned to you.
Enter the NONCE as it was displayed to you on your online computer in step #1. If you wish, enter some data. Data is optional. If you enter data, you will need to include more than the 21000 default gas limit. All data is in HEX format. Select your wallet file -or- enter/paste your private key and unlock your wallet.
Press the "GENERATE SIGNED TRANSACTION" button.
The field below this button will populate with your singed transaction. Copy this and move it back to your online computer, or you can use the QR code provided.
On your online computer, paste the signed transaction into the text field in Step 3 and click "SEND TRANSACTION". This will broadcast your transaction.
Alternatively, you could use other services in order to broadcast the signed transaction. Etherscan has a field you can use to broadcast transactions.
drcode on reddit made a tool to decode a signed transaction so you can verify it's doing what it says it is doing.
FYI, everything on MyEtherWallet is almost 100% offline. The only thing that leaves your computer while sending is the signed transaction, which is generated by your browser. We also receive the nonce and gas price, which is why you must generate those bits of information online.