1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
Return-Path: <earonesty@gmail.com>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
by lists.linuxfoundation.org (Postfix) with ESMTP id 0BDA9C0001
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 20 Mar 2021 01:32:59 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp3.osuosl.org (Postfix) with ESMTP id 8254760736
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 20 Mar 2021 01:32:58 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: 1.3
X-Spam-Level: *
X-Spam-Status: No, score=1.3 tagged_above=-999 required=5 tests=[BAYES_50=0.8,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
FREEMAIL_FORGED_FROMDOMAIN=0.249,
FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001]
autolearn=no autolearn_force=no
Authentication-Results: smtp3.osuosl.org (amavisd-new);
dkim=pass (2048-bit key) header.d=q32-com.20150623.gappssmtp.com
Received: from smtp3.osuosl.org ([127.0.0.1])
by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id enMg0Iiz8KYu
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 20 Mar 2021 01:32:57 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com
[IPv6:2607:f8b0:4864:20::529])
by smtp3.osuosl.org (Postfix) with ESMTPS id 620EE6072E
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 20 Mar 2021 01:32:57 +0000 (UTC)
Received: by mail-pg1-x529.google.com with SMTP id o11so4844462pgs.4
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 19 Mar 2021 18:32:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=q32-com.20150623.gappssmtp.com; s=20150623;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
bh=kQe3GEPlwcvB+HjwR1LuUAc7Z08lN+8Rj1rYRCHxZSI=;
b=Eh0qPk2UfSXvopQbY3TPY/jYl+osA6T7e71YS/gVNEMYbVSd3aOMs39muFI06kvUe+
/Ljp3vUcekwb0GyEIjAhQNtm9Th/ArtO+XQrfXATsudbCHxG50w56rZ7mWPtQdwLz7J2
kClHk4BgzGF00E0sz+MvhKRU7B6Tfv8pa7rzWDlyKyqUNV+oz4qIeh1hvlsE5SDq5O/B
/C4HUcdSwJPdgpU2epQQS9PtFf6rl1yErd+7DMehRT81AjRFAmoXaprVwd6k7HappeSd
J3749YsuJiYUXn+/8lYZRl2FRlQ68Pab1DMKZ7XgovmabH+0StoxXSOUS4nw0uobKCtV
oc3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to;
bh=kQe3GEPlwcvB+HjwR1LuUAc7Z08lN+8Rj1rYRCHxZSI=;
b=TeqhOERsI0PHIi9m29FedawmtThkUy6MSx90AOlpvGhDDLSKF6Wc9Rw3HyaH64I1Ko
39MwGtGT4eqqGfgNwCOSbdSQInc3jhn+aeUws976E1kmVkqMH3q7KcbTEZ6daHs24rqm
DXk1MHhN4EPG7R1mrOQNMlLGtRQfoNTw4nik9ud/97dW8IJFQRpkNuvQnQ0ek+dSmuqc
sTwdA1PeUfnKFAt+5Ynv7mL/iUZJJ7sqiVo/x+kZRPR6AivB85LVhXOXQRiHxaMunBSX
nkvNV3gP+T5F+fE3+s6wD4XyVPzV7VCs8eNAqTdw52jWoJZmMphOZEjQJtq5YOIVzQUF
Q6nA==
X-Gm-Message-State: AOAM533i0WBaS/21T3BR5T2+kNZDG8gxnmrYlJ5qbesvPzDidZKWXgID
f8rCfyaZWGq15huRvQfTnYhifK8vLvvqwEyu5flJOVXKCROA
X-Google-Smtp-Source: ABdhPJxE1pT8wtsBFNTdXDZqHOI44sG1kDpnqGSGb+XCEGI3t/RoHQ/V5yE4h8CVAqQBd0uYmPnzSNfFmWhS5Ne+aWA=
X-Received: by 2002:a65:4542:: with SMTP id x2mr13768155pgr.53.1616203976720;
Fri, 19 Mar 2021 18:32:56 -0700 (PDT)
MIME-Version: 1.0
References: <125859088-3f93e6aca40d5c3244243540270cdb84@pmq7v.m5r2.onet>
In-Reply-To: <125859088-3f93e6aca40d5c3244243540270cdb84@pmq7v.m5r2.onet>
From: Erik Aronesty <erik@q32.com>
Date: Fri, 19 Mar 2021 21:32:46 -0400
Message-ID: <CAJowKg+DHsJR4eeHbYgwe79C-U9WZ1-iUyxNLxw9EfD6mQQLBw@mail.gmail.com>
To: vjudeu <vjudeu@gazeta.pl>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: text/plain; charset="UTF-8"
X-Mailman-Approved-At: Sat, 20 Mar 2021 01:37:35 +0000
Subject: Re: [bitcoin-dev] An alternative to BIP 32?
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Mar 2021 01:32:59 -0000
use sha3-256. sha256 suffers from certain attacks (length extension,
for example) that could make your scheme vulnerable to leaking info,
depending on how you concatenate things, etc. better to choose
something where padding doesn't matter.
On Fri, Mar 19, 2021 at 7:28 PM vjudeu via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> I recently found some interesting and simple HD wallet design here: https://bitcointalk.org/index.php?topic=5321992.0
> Could anyone see any flaws in such design or is it safe enough to implement it and use in practice?
> If I understand it correctly, it is just pure ECDSA and SHA-256, nothing else:
>
> masterPublicKey = masterPrivateKey * G
> masterChildPublicKey = masterPublicKey + ( SHA-256( masterPublicKey || nonce ) mod n ) * G
> masterChildPrivateKey = masterPrivateKey + ( SHA-256( masterPublicKey || nonce ) mod n )
>
> Also, it has some nice properties, like all keys starting with 02 prefix and allows potentially unlimited custom derivation path by using 256-bit nonce.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
|