About FIMK public keys

This is an older article. It is currently no longer required to publish your public key before you can use your account.

At the time I write this new FIMK accounts still need to know their PUBLIC KEY in order to receive FIMK, messages, assets or any other incoming transaction to their account. After you receive your first transaction the public key for your account is stored on the blockchain and you no longer need to provide it.

The reason this requirement was introduced is because of the limited amount of information that fits in your account ID. This is easily explained if we look at an account ID and it’s public key.

# Account ID
FIM-SJZ7-5S5Q-EGGZ-D6YXW

# Public key
0c497aebcd1b4052772f611874301db6701695430bfd3b54fcd22c8a067f0c59

See the difference? The public key is much longer and can hold a much higher amount of information. Now if we look at the algorithm to extract the account ID from the public key we’ll see that only a small portion of the public key is used to create the account ID.

In theory this means that for every account ID you could have multiple public keys that match. This matters in case an attacker wants to guess your passphrase so he can steal your funds. Since your public key is derived from your passphrase and your account id from your public key for accounts that have not “published” their public key on the blockchain it is possible that multiple passphrases can access your account. Only after publishing your public key only the passphrase you selected will match, and thus makes it harder to guess that single passphrase instead of the many possible passphrases.

Less secure but acceptable

Theory and practice do not always match and in practice having the public key requirement makes using FIMK a lot more difficult. Accounts without a published public key are still incredibly safe to use and you can always later publish your public key, any transaction you perform will count and will publish your public key. You could send a message or register a name for your account, anything that leaves something on the blockchain will be sufficient.

What to do until then?

Until we have switched on the functionality of not requiring a public key for new accounts users still need access to their public key.

To easily obtain your public key from your passphrase simply follow the steps below. Note that these steps also work for obtaining the public key from a NXT passphrase.

Step 1. Go to the Dashboard on hosted mofowallet

Or use the downloadable version once we release that.

Screenshot from 2015-03-14 12:48:53

Step 2. Click Add Account

Screenshot from 2015-03-14 12:49:06

Step 3. Click Add existing account, enter your passphrase in the dialog

Note that the calculations are performed client side (meaning in your browser) your passphrase is not sent over the network.

Screenshot from 2015-03-14 12:49:15

Step 4. Your public key is calculated from your passphrase

As soon as you start typing in the passphrase text box you’ll notice that on each keystroke the public key is calculated from the (part of the) passphrase you have thus far entered. When the public key is known from it we also calculate and display the account ID.

Screenshot from 2015-03-14 12:49:41

To conclude

Until we have enabled accounts without public key users are forced to provide their public key for their first ever transaction to their account. When we think enough nodes on the network are running the new FIMK server version (soon to be released) we’ll flip a switch and public keys are no longer required to receive your first transaction.

One Comment

Share Your Thoughts

Leave a Reply