Return-Path: Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 1F160C013A for ; Tue, 19 Jan 2021 17:57:16 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 0D8F685475 for ; Tue, 19 Jan 2021 17:57:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FpdMwEtryAWR for ; Tue, 19 Jan 2021 17:57:14 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail-40131.protonmail.ch (mail-40131.protonmail.ch [185.70.40.131]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 5742D85462 for ; Tue, 19 Jan 2021 17:57:14 +0000 (UTC) Date: Tue, 19 Jan 2021 17:57:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wuille.net; s=protonmail2; t=1611079031; bh=RlI3VcwlX0oMkXdkF2NOhnFH6oI20yVt9hvp4qAxRj4=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=n5Rav/lHkBpXw6gKwmHIsJ5QMXniPDnbQJ9FW33pp73A8NEa8G5eOuJ05OnN3ax+K 8x7IJkV9LwPBWni8TnLxwTKOL60pMcpQBpmGzlwixnGDs0Jrj/dI7ov7qHivE6eLKf BHqV+HTL7lrXxTFDCjUWEjVPECoq1p3+CC7A1dUtemHyHFyVQqgiO4XdHETbsZhyEA ydVGgM2m7AFX40nuKwngM5FiMwQb2VWoxjmZkGSZbAAlsr9XgcNcMWqs9qMEupkMD7 q5MLl+m9qsZwXj5okd+vVRLIf+eqAgjvdKZcTmYIsQOdcVep5b4PmQ48sN1kkhBOwK FHLc4dUJ1DPBw== To: nakagat From: Pieter Wuille Reply-To: Pieter Wuille Message-ID: In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Bech32m BIP: new checksum, and usage for segwit address X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jan 2021 17:57:16 -0000 On Sunday, January 17, 2021 9:59 PM, nakagat wrote: > I thought that BECH32M_CONST could be created from hrp and data > instead of constants. > > I thought that the error position would be the same as bech32 by > recalculating the value created from hrp and data. So, bech32 can be written as: * checksum =3D polymod(expand(hrp) + data) xor 1 Bech32m changes that to: * checksum =3D polymod(expand(hrp) + data) xor 0x2bc830a3 I believe that your idea is: * checksum =3D polymod(expand(hrp) + data) xor hash(hrp, data) That has exactly the same error detecting capabilities as: * checksum =3D hash(hrp, data) The hashing makes all types of errors uniform, and it doesn't matter what o= ther things are added to the checksum. Once you hash the data, the checksum= is uniformly random, and you can't make it "less random" anymore. In this case, we *want* non-uniformity. The polymod function as a checksum = detects some kinds of errors much better than others, and this is what we w= ant. Does that clarify things? Cheers, -- Pieter