Bitcoin Class with Satoshi: How to share unknown secrets

We’re getting cryptographical again on the latest episode of “Bitcoin Class with Satoshi.” Bitcoin creator Dr. Craig Wright and sCrypt’s Xiaohui Liu talk about using shared secrets to generate multiple keys, whether it’s possible to have multiple parties involved, and how to keep all this information safe from attackers.

In particular, the hosts refer to nChain White Paper #42: Secret Value Distribution v2, which details:

“Two parties exchange public keys, then each time they need to share a new secret they first agree to add a shared non-secret number to their original private keys (thus changing their public keys) before performing Elliptic Curve Diffie-Hellman. So instead of exchanging new public keys each time, a single number is shared.”

(Side note: Dr. Wright often refers to “Diffie Hellman” in this series. It refers to the Diffie-Hellman Algorithm, a protocol published in 1976 by Whitfield Diffie and Martin Hellman that allows two parties on a channel to establish a mutual secret without ever transmitting it over the network. It must be implemented properly to be reliably secure.)

The white paper #42 description has it in a nutshell, but what would you use it for, in the real world? Dr. Wright gives a number of potential applications in this class, from invoice payments to video rentals.

The idea is to avoid re-using the same Bitcoin addresses, something the original Bitcoin white paper advises against doing. In the past, people treated their Bitcoin wallet address like a PGP key or email address, printing it on business cards, including it in social media profiles, and more. However, this greatly diminishes the privacy and security of Bitcoin, since it presents information for third parties to monitor (everyone will be able to see your entire transaction history), or even use in an attack.

Now, you can use seeds to generate hierarchically a series of different addresses for each transaction (most wallets nowadays do this). Some people use personal mnemonics to generate new passwords for themselves, using a variety of systems (which you could actually publish if you wanted) but relies on information known only to the person generating the passwords.

But in a business scenario, you might need to share information about private addresses between multiple parties, so parties could transact and check records or know that a certain address is valid (and belongs to the right party). You might even need to make this information secure at times when one of the parties isn’t connected to the internet.

And most importantly, you need to keep the information about how you generated these secret addresses/keys hidden from public view. How to do this? Dr. Wright gives an example:

“Here’s the magic of ECDSA: It is additive. If I have my shared secret, plus a secret I keep myself, you don’t know what it is. I can put my public key out there, send you money even if you’re offline, give you something that’s the number saying you’ve been paid. And you can use your key to calculate the new key, grab the Bitcoin.”

It’s possible to automate a system that takes information like invoice numbers, known address keys, or something else, concatenate a Diffie-Hellman secret shared by the transacting parties, and generate new (private) addresses known only to parties involved.

As Xiaohui puts it, it would be like a hacker “scanning all the ports but you don’t know where the ports are.”

They also discuss issues such as including alert data in the system “like an old-school pager,” to avoid the need to scan the blockchain for records containing the relevant addresses (the script would do it for you), information and devices that might be able to generate the information, and how to handle key revocation if a piece of data is compromised.

There’s too much information on this topic for just one episode, so more specifics about including multiple parties in a transaction is coming up in next week’s edition. Although Dr. Wright has discussed similar examples to these in previous “Satoshi” videos, it’s a great refresher to remind everyone of Bitcoin’s near-infinite range of potential applications.

To watch previous episodes of the Theory of Bitcoin and Bitcoin Class, check out the Theory of Bitcoin YouTube channel here and the Bitcoin Class with Satoshi YouTube channel here.

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.

[10]
[10]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
['on' + event]
['on' + event]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[i]
[i]
[results[1]]
[results[1]]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]
[10]
[10]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
['on' + event]
['on' + event]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[i]
[i]
[results[1]]
[results[1]]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]