Jump to content

Beginners Guide: What is a wallet? How do my coins get stored? How does cryptocurrency work anyway?


gray

Recommended Posts

Great post. So, one more question. Assume I do in fact use ripplepaperwallets to generate my wallets, there is a "Generate New" button that of course does just that. So how does the Ripple linked software know and trust these keys/numbers, and how does the paperwallet software generate these numbers, is it purely random? If so, is it safe to do this because, as was stated above, the numbers are actually so massive, the chances of accidentally repeating them is almost nill?

My guess is that the Public Key actually becomes "real" when i send XRP to it, and that the private key is somehow encrypted in the public key so that when i do "cash out" so to speak, the Ripple linked software is able to see that the numbers are linked and are correct?

Thanks again for taking the time to answer these questions. I a bit more of a knuckle dragger than a tech guy (ok, a LOT more of a knuckle dragger), but I do like to understand as much as possible with the amounts of money bouncing around in the crypto world, specially with my new found interest in the tech.

Link to comment
Share on other sites

54 minutes ago, Darksouldesign said:

Great post. So, one more question. Assume I do in fact use ripplepaperwallets to generate my wallets, there is a "Generate New" button that of course does just that. So how does the Ripple linked software know and trust these keys/numbers, and how does the paperwallet software generate these numbers, is it purely random? If so, is it safe to do this because, as was stated above, the numbers are actually so massive, the chances of accidentally repeating them is almost nill?

My guess is that the Public Key actually becomes "real" when i send XRP to it, and that the private key is somehow encrypted in the public key so that when i do "cash out" so to speak, the Ripple linked software is able to see that the numbers are linked and are correct?

Thanks again for taking the time to answer these questions. I a bit more of a knuckle dragger than a tech guy (ok, a LOT more of a knuckle dragger), but I do like to understand as much as possible with the amounts of money bouncing around in the crypto world, specially with my new found interest in the tech.

You pretty much hit the nail on the head. Basically, there is a specific form that a ripple address has to follow. It has to do with the beginning and ending bits (you'll notice that all ripple addresses start with an r and all ripple secret addresses start with an s). There are also a few other qualifications. A private key is a random number (other than the beginning and ending bits as described above) that is a randomly (or deterministically "random" -- I'll talk about what I mean below) number. In order to derive the public key (which is then turned into the actual ripple public address), Elliptic Curve Cryptography is used. Basically what happens is that you a specific, agreed upon graph of an ellyptic curve with pre-determined and agreed upon parameters (everyone in the ripple network uses the same ones). Somewhere on that curve is a point called G, which is the "generator point." This is one of the agreed upon parameters. You then take the random "private key" and "multiply" it by the Generator Point. This isn't exactly what you would think of as multiplication, but basically you define an operation that is "adding" two points on an elliptic curve which will give you a third point on the curve. You then repeat this process over and over to add G to itself many times, aka multiplication. You end up with another point on the graph of the curve. This is the public key. It is easy to perform the "add" operation many times, but it is very hard to do the reverse. Given the end point and the starting point, it's very hard to figure out how what number you multiplied the Generator Point by (the private key) to get to the ending point (the public key). This is a simplified explanation of what's actually happening, but that's the basic idea. 

In addition, there is another interesting characteristic of this process, that allows what is called an ECDSA or an Elliptic Curve Digital Signing Algorithm. This is how the ripple network knows and can verify that a certain message was created by the person who owns the private key of a specific public key. Basically like we said before, each person has a public key and a private key. Using the ECDSA, you can easily verify that someone with the private key that was used to derive a specific public key (the multiplier used to get to a specific point on the curve) was used in a transformation algorithm that is applied to a message (another number). So you know that the private key that was used to generate a public key was used to sign the message.

If you want a more detailed explanation of all of this, check out this series of blog posts: http://andrea.corbellini.name/2015/05/17/elliptic-curve-cryptography-a-gentle-introduction/

With the paper wallet generator, it's using a cryptographically-secure pseudo-random number generator (CSPRNG) that has been standardized by modern browsers and audited by many people to ensure it's actually cryptographically-secure entropy in order to generate the private key. This CSPRNG provides the entropy (randomness) to derive the secret key from, and therefore the public key from there.

When using a deterministic wallet generator, it's not using any actual (or pseudo) randomness. It's using what are called hash functions. The way hash functions work is that you put in an input of any size (in this case your passcode) and it will give an output of a specific size of seeming randomness. This output will always be the same for the same input, and will be unique to that input (again, there are collisions but they are very very rare). However, the point is to make it very hard to reverse this process and take the hash and derive the original input, even if you know the steps the hash function is taking to transform it the first time, much like how it's hard to derive a private key from a public key. You use the output of this hash function as the input of the "entropy" portion of the function that generates a private key. So, it's replacing the random number generator.

So, as long as the public address is valid (is a point along the agreed-upon elliptic curve and has valid forward and end flag bits), the network will allow transfer of currency to the "owner" of that public address, even if nobody actually knows what the private key for that address is. If you typo an address and it's still valid based on the above parameters, even if nobody actually owns that address, the network has no way of knowing that and those coins will be lost forever unless someone happens to generate the private key that owns that public key. 

In the Ripple network specifically, in order for the network to make a reference to a new public key in the blockchain and actually send coins to it, it must already be holding XRP or a minimum of (currently) 20 XRP must be sent to that public address in the first transaction in order to "activate" it. There are various reasons for this, but basically, if you try to send, say, 10XRP to a random valid public address that has never been activated before, that address will not actually be funded with the XRP because it hasn't been activated yet. If you send 100 XRP to a random valid public address, then it would activate that address and fund it with the 100XRP you sent.

Edited by gray
Link to comment
Share on other sites

Awesome, thanks again for taking the time to explain this. I have been investing a fair amount, and there has been this little doubt in the back of my brain wondering how this all works, and how can this all be so secure. Ive gotten a pretty good basic grasp of blockchain tech, and how/why that is so secure, and I understand that the "weaknesses" are really on the user side, and the exchange side; the exchange side has a whole lot of money tied up in security for their servers plus a full time staff watchdogging it, so being better educated on why, and how to stay secure on my end was sort of the final piece.

Thanks again, this knowledge is greatly appreciated.

Link to comment
Share on other sites

6 hours ago, gray said:

Except, in cryptocurrency, your seal (actually, the device you use to imprint your seal) is replaced by your "private" or "secret" key. It's like a seal in real life. If you lose exclusive access to the use of your seal, anyone else can send a message in your name without others being able to know. In cryptocurrency, this means that anyone else can make a transaction using your coins without anyone else being able to know it's not you.

Excellent posts. One small nitpick: Only someone who comes into possession of your secret key (seal) can transact your coins, not literally 'anyone else'.

Link to comment
Share on other sites

31 minutes ago, PunishmentOfLuxury said:

Excellent posts. One small nitpick: Only someone who comes into possession of your secret key (seal) can transact your coins, not literally 'anyone else'.

Good point. That's what I was going for, but it wasn't very clear. Fixed!

Link to comment
Share on other sites

  • 2 weeks later...

"In order to actually use the secret key (wallet) to interact with the network, you use a piece of wallet software, not to be confused with the wallet itself. This wallet software (among other things) automatically performs this "digital signing" operation. This is not the same thing as a wallet. Wallet software does not actually store any value. It only allows you to use the value stored in the actual wallet (the secret key) and do things with it on the ripple network. You can import any valid secret key into any valid piece of wallet software and use it to make transactions from that wallet." 

- And what is this software ? If I store my XRP on paper wallets I need this software to send XRP somwhere to trade it on USD ? Right ?

Edited by Turandot
Link to comment
Share on other sites

5 hours ago, Turandot said:

"In order to actually use the secret key (wallet) to interact with the network, you use a piece of wallet software, not to be confused with the wallet itself. This wallet software (among other things) automatically performs this "digital signing" operation. This is not the same thing as a wallet. Wallet software does not actually store any value. It only allows you to use the value stored in the actual wallet (the secret key) and do things with it on the ripple network. You can import any valid secret key into any valid piece of wallet software and use it to make transactions from that wallet." 

- And what is this software ? If I store my XRP on paper wallets I need this software to send XRP somwhere to trade it on USD ? Right ?

Yes. There are many of these available. You can see a list of some of them on this page:  https://www.xrpchat.com/links/ if you scroll down to "Wallets" (the first one is just a paper wallet generator, but the rest are wallet generators and wallet software). Gatehub is also a piece of wallet software if you import your secret key into your account.

Link to comment
Share on other sites

@gray , all sorry for my negligence, what if I have created a wallet on gatehub - how is it safer to store crypto there compared to an exchange (lets presume i use two-f identification)? One can, theoretically, hack either of gatehub or an exchange. Right??

I understand what a cold wallet is and why it is safer though.

Please respond.

 

Link to comment
Share on other sites

 

 

@WillGetThere The difference is in the wallet type and who owns the XRPs.   On an exchange your XRPs are really promissory notes from the exchange.  On Gatehub you can create a Ripple wallet that is stored on the Ripple Ledger in the cloud.  The XRPs in such a wallet are owned/controlled by the secret key holder....  you.

There are some vagaries in this that I don't fully understand yet...  I'm fairly new to this.  For instance ..  do Gatehub have your key too?  Can a rogue employee empty your wallet and disappear?  I dunno yet

From Gatehub:

"All secret keys and passwords are hashed and encrypted using industry standard algorithms with high cost factors to protect against brute-force attacks.

We would like to emphasize our employees DO NOT have access to your passwords and secret keys. If you forget your GateHub password..... "

https://support.gatehub.net/hc/en-us/articles/115003233225-Encryption

As far as hacking goes....  yeah anything online is at risk.  Cold wallet is not.  Presumably the exchanges have good security but you can't be sure they will not be hacked.

Edited by Guest
Remove the FUD I inadvertently created. :)
Link to comment
Share on other sites

7 minutes ago, Tinyaccount said:

@Ripplezzzz the link is dead form my browser.  Was it to a internal network?   Anyone able to see it?

 

@WillGetThere The difference is in the wallet type and who owns the XRPs.   On an exchange your XRPs are really promissory notes from the exchange.  On Gatehub you can create a Ripple wallet that is stored on the Ripple Ledger in the cloud.  The XRPs in such a wallet are owned/controlled by the secret key holder....  you.

There are some vagaries in this that I don't fully understand yet...  I'm fairly new to this.  For instance ..  do Gatehub have your key too?  Can a rogue employee empty your wallet and disappear?  I dunno yet.

As far as hacking goes....  yeah anything online is at risk.  Cold wallet is not.  Presumably the exchanges have good security but you can't be sure they will not be hacked.

The guides have been hidden until the ripple-lib issue is resolved.

Link to comment
Share on other sites

  • 2 weeks later...
On 06/07/2017 at 7:43 AM, gray said:

If you want to go the deterministic route, you'd be using this tool: https://termhn.github.io/ripplewarpwallet 

Can I use the paper wallet and store the resulting secret key and the QR codes form ripplewarpwallet as a screenshot & text file  and encrypt these on a Usb + backup Usb

Is that enough to get my wallet back up when I decide to sell them?

Link to comment
Share on other sites

26 minutes ago, strikerjax said:

Can I use the paper wallet and store the resulting secret key and the QR codes form ripplewarpwallet as a screenshot & text file  and encrypt these on a Usb + backup Usb

The key to ownership and operation of a Ripple wallet is the secret key.  If you have that you can recreate a wallet anytime or 'import' it into Gatehub or whatever.

So whatever way you store your key is fine so long as it's never stolen, and that when you need it you can read your key.

So yes that works.

Its important to note here that crypto coins are very different than other forms of money.....  never before has a selfie at your desk put you at risk of having all your money stolen.  Think about it...  just a simple photo alone of your secret key is enough for anyone anywhere in the world to be stealing your wealth in moments.   That is a new thing in the world...  it might take a few terrible incidents before people really understand those implications.

Edited by Guest
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...