zlacker

Well, the police had a search warrant, so the police could have found them if they had had them in their possession anyway.

Sure, they could have destroyed them, losing the money but maybe not getting arrested?

>>tsimio+(OP)
vitalik (ethereum founder) used an interesting system. He split the key in 2. Wrote both on paper. Gave 1 paper to family and kept the other. Even if the police raid him (hypothetically), they cannot raid the houses of his family and friends at the same time

This way the police or anybody else cannot get your private key.

>>tsimio+(OP)
When a few billion is at stake, you think they'd make the effort to memorize the keys. Or at least encrypt them.

>>tsimio+(OP)
Keys are conspicuously easy to hide. My PGP master key that I've been using for some time is hidden on two devices which would be difficult to identify much less locate and are encrypted as well.

>>Alexan+L
No, but if you don't have your half memorized and they take it from you, the other half is useless. This is more useful if you want to leave your crypto to your family if you die, provided that you make it easy for them to find your half if you're not around.

>>Alexan+L
> Even if the police raid him (hypothetically), they cannot raid the houses of his family and friends at the same time

...why not? Police coordinate raids all the time.

>>kodah+a1
They're easy to hide as long as the federal government isn't trying to tie you to 4.5 billion worth of something.

>>BobbyJ+Y
The file the feds found had 2,000 addresses - so there's a non-trivial amount of 12 word phrases to remember.

>>pavel_+K2
Even with the fervor of the federal government they'd be easy to hide.

A USB is tiny, and you can shrink it's footprint with USB-C. You can also buy USB keys with tamper-proof housings that will blow a fuse if opened to be physically compromised. Coupled with strong post-quantum crypto, that key is relatively secure, even if physically discovered.

That's just the technical bit. You can also split the key in half and transfer the other half somewhere, which creates legal protection. You could also create a housing for the key so it's not easily discoverable.

If all that sounds a bit extra, circle back to that the perpetrator has 4.5 Billion worth of something.

>>Alexan+L
or you end up with a useless half key or your trusted accomplice helps in the investigation

>>nerdwa+e3
you would only need to memorize one seed to spawn infinite key pairs

>>kodah+a1
strong passwords. aes256 with even just 7 word password chosen from a 1000-word dictionary cannot be cracked with existing tech

>>chrisf+D2
How many raids? 1 on him, 5 on family, 20 on friends?

Isn't that impractical? Also how were the police supposed to know that he used this system?

>>diego+t2
Excellent point! I never considered this.

>>paulpa+Y3
The police don't know that you split the key. But I get what you mean. I am sure there are better ways to hide private keys.

Encrypting it with a good password that you remember and then printing the encrypted keys comes to mind.

>>paulpa+b4
can you elaborate? I find this very interesting. We can't choose which private key we get.

So is it possible for 1 seed to generate all of them? Doesn't that break information theory (Shannon's compression limit)?

>>Alexan+L
The police wouldn't have to raid the family members, they'd likely give up what they know immediately, to avoid become accessories to whatever crime the police were alleging.

>>BobbyJ+Y
When a few billion is at stake, I would definitely not trust my memory for a chance to lose access.

>>Alexan+t8
First you create the seed, then you create the keys. Not the other way around.

>>Alexan+t8
Have a google for BIP-32, about Hierchical Deterministic Wallets. A secret key is nothing but a number, so it's not too hard to generate more numbers from that seed. If you have the seed and the parameters for the child numbers, you have all the private keys you want.

>>nerdwa+e3
You only need to remember a big random number (can be a long phrase from a book you like), and a rule that generates keys, e.g. (keyid, seed) -> hash(keyid + seed). Needless to say, you never write the seed phrase down. At most you keep a vague pointer to the author of that book.

>>paulpa+p4
TBH, with 4B at stake, I wouldnt blindly rely on AES. I'd use it as the 1st step, and then additionally encrypt its output with a custom AES-like algorithm (change tge s-box, change the number of rounds, maybe upgrade it to 512 bits). Even if my homebrew algo is weak, there's still standard AES behind it.

>>Alexan+95
I mean, he announced it publicly. The police would know from his popular blog.

>>Alexan+t8
You use a 2048 word dictionary (a random choice in that wordlist represents [log 2048 =] 11 bits of entropy) then you generate a random string of 132 bits to be your cryptographic seed which is a sequence of 12 words from the wordlist which you memorize.

From that seed you can generate for all practical purposes an infinite number of private keys for any and all purposes in existence. Using cryptographic one way functions such as a hash or PRNG.

Example: truncate_as_needed ( sha512 (seed | 2022 | wallet_title | priv #123) ) = private key #123

>>paulpa+p4
You are pushing it. 1000 words is 10 bits of entropy per randomly chosen word. 70 bits of entropy is probably crackable by a government agency.

Edit: I checked and unless I mixed some zeroes somewhere it looks like the current bitcoin hash rate of 200 million TH/s can crack 92 bits within a year. log (200,000,000,000,000,000,000*3600*24*365) / log 2 = 92.35

>>Alexan+95
You really think the government would have trouble doing a handful of raids at once? They have enough officers to do a thousand raids at once. The FBI and Interpol did just that recently, coordinated across more than a dozen countries:

https://www.europol.europa.eu/media-press/newsroom/news/800-...

>>Alexan+D6
Wait but didn't Vitalik announce he split it on his blog or Twitter?

>>akomtu+ce
Why mess with AES when you can just use another strong algorithm or two? e.g. AES+SERPENT+Twofish, with three separate unrelated keys of course.

>>kodah+X3
> If all that sounds a bit extra, circle back to that the perpetrator has 4.5 Billion worth of something.

It does sound like a lot of work. I think I'd go with the $5 wrench option.

>>chrisf+D2
The probability of Russian police coordinating a raid with the NYC police is 0.00%

>>Alexan+t8
Just to clarify: the statement is not that you could encode those existing 2000 private keys with one short seed (you cannot, indeed), but rather that you could easily and safely generate 2000 distinct private keys from one relatively short seed.

>>BobbyJ+Y
What makes you think it was not encrypted? Of course it was.