[deprecated] Private Key Reuse Detected — What it means and how to unblock your funds

HBMY 289
HBMY 289
Jun 19, 2018 · 6 min read

Under certain circumstances the Iota GUI wallet displays this warning:

It has detected that you are about to issue a new transaction that would potentially put your funds at risk and prevents you from doing so. Effectively the funds are blocked now.

Edit: This article focuses on the deprecated Iota GUI wallet. For tips on how to solve the same problem in the Trinity wallet switch to this article:
Warning: Funds on spent addresses! How to unblock your funds

This a two-part story. Read about the what this error means and how you ended up in this situation in the first part of this article. The second part will cover everything you need to get access to your funds again: Key Reuse detected! How to unblock your funds.

Contents:

1. What does the key reuse warning mean?
2. How did you end up in this mess?
2.1 Sending while another transaction is still pending
2.2 Having received funds on a used address
2.3 Previous transaction(s) on an improperly synced node

1. What does the key reuse warning mean?

When you send a transaction using iota you proof that you are the true owner of the funds by adding a signature to the transaction. The signature is generated using the quantum proof Winternitz one-time signature algorithm. One side effect of this algorithm is that it exposes 50% of the private key of an address. But this no reason to worry, even with 50% of the key exposed it is still virtually impossible to get access to the funds for everyone other than the true owner. However, every time another transaction from the same address is signed, another 50% of the key is made public again. Depending on the random overlap of published parts it will become easier to brute force the key with every additional signing.

Due to this behavior addresses in iota are used only once for sending. Any remaining funds on an address are automatically moved by the wallet to a new and fresh address of your seed.

The picture shows the process of a simple iota transaction. Bob has 100 iotas on the first address of his seed. When he sends 10 i to Alice the wallet automatically sends the remaining 90 iotas to a new address of his own seed in the same transaction bundle. The first address of his seed is cleared from any funds this way and is viewed as used as soon as the transaction hits the tangle.

So, if the used addresses are always cleared of any residual funds, how is it possible you are seeing this warning in your wallet?

2. How did you end up in this mess?

If you see the key reuse warning it means that you have funds on an address that already has an outgoing transaction. It does not matter if this transaction is confirmed or still pending. Sending another time from the same address would put your funds at risk and the wallet is not letting you do this.

Using only official wallets and following some simple ground rules you should never end up in this situation, but there are some edge cases where it is still possible to effectively block your funds.

The following three actions are the most probable causes for being in this situation.

  1. sending while another transaction is still pending
  2. having received funds on a used address
  3. previous transaction(s) on an improperly synced node

2.1 Sending while another transaction is still pending

Once a transaction is sent to the tangle it is pending until it is confirmed. During this time the funds remain on the sending address and an outgoing transaction can be seen in the wallet. However, the signature containing the 50% of the private key of the address is already published.

If you still have a pending transaction and try to send another one, your wallet might have to use the same address again for sending. But as stated earlier, sending twice from a single address means reusing the private key of this address and the key reuse warning will be displayed.
So, before sending out another transaction, always make sure that all transactions (outgoing and incoming) are confirmed.

2.2 Having received funds on a used address

Another common way to block your funds is to receive iotas on a used address. As you probably already know, you should never send funds to or receive funds on an address that was already used for sending. By using the official wallet this is not even possible as you will see a warning and the transaction will not be sent.

However, if the sender uses different ways of transferring iotas it is still possible and allowed by the underlying iota protocol. If you, for example, withdraw funds from an exchange and use an address of your seed that already has an outgoing transaction, they might still send the iotas. We have also seen multiple occasions where some guy who thinks himself to be funny did send 1 iota to used addresses of other users to effectively block them from accessing their funds.

Unfortunately, the current GUI wallet does not really help you a lot in finding the affected address and the error message/warning is the same as for a pending transaction (as it is technically the same reason).

Getting funds off of such an address is only possible using two ways. One is transferring them with a wallet that does not prevent you from reusing a key multiple times. This poses some risk and will be described in detail in the second part. If you already know that this is your issue you can jump to Move your funds to a new seed.

The second way to move the funds regardless is replaying an old outgoing transaction, which is especially helpful if larger sums have to be moved as it does not require signing a second time. However, this is only possible and recommended under certain conditions and will be covered in a separate article (How to move iotas from a used address by reattaching old bundles). If you have substantial amounts of funds blocked on a used address and do not want to add any risk you should consider the reattachment scenario although it is a rather complex process. If you have questions head over to iota’s Discord and seek assistance in the #help channel.

2.3 Previous transaction(s) on an improperly synced node

A third way to end up in this situation could be an unhealthy node. When sending a transaction to the tangle you should always make sure your node is completely synced. In the official GUI wallet, this is visible by the two milestone numbers in the lower left corner. If they match and also change from time to time (about once every 1–2 minutes) your selected node is synced.

If however a node is not fully synced it means that the node is not aware of all recent transactions on the tangle, i.e. it is not up to date. When you send a transaction now the wallet might try to send from an address that has already been used in the meantime, or from an address the has received further funds. The first scenario might result in a transaction that will never confirm, the second in residual funds in the sending address. In both cases, you can end up with blocked funds. This is a more complex and less common reason for blocked funds. You will also need to use the cli wallet to move your iotas.

The next part of the document will help you find out what really went wrong and will finally help you solve your problem.

Private Key Reuse Detected! How to unblock your funds.

Questions or comments? Find me on the Iota Discord (HBMY289). Special thanks go to Discord users olaz preton and berdiin who helped with proof-reading this article.

Coinmonks

Coinmonks is a non-profit Crypto educational publication. Follow us on Twitter @coinmonks Our other project — https://coincodecap.com

HBMY 289

Written by

HBMY 289

Coinmonks

Coinmonks

Coinmonks is a non-profit Crypto educational publication. Follow us on Twitter @coinmonks Our other project — https://coincodecap.com

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade