Return-Path: <me@arik.io> Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id D62D7C0001 for <bitcoin-dev@lists.linuxfoundation.org>; Sat, 20 Mar 2021 02:15:57 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id AB53140349 for <bitcoin-dev@lists.linuxfoundation.org>; Sat, 20 Mar 2021 02:15:57 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.802 X-Spam-Level: X-Spam-Status: No, score=-2.802 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp4.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=arik.io header.b="P5VSsixX"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="VhnDfqvo" Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nv2vpKd0gWGf for <bitcoin-dev@lists.linuxfoundation.org>; Sat, 20 Mar 2021 02:15:56 +0000 (UTC) X-Greylist: delayed 00:07:08 by SQLgrey-1.8.0 Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) by smtp4.osuosl.org (Postfix) with ESMTPS id 386BD4022D for <bitcoin-dev@lists.linuxfoundation.org>; Sat, 20 Mar 2021 02:15:56 +0000 (UTC) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 18FA55C010D; Fri, 19 Mar 2021 22:08:44 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Fri, 19 Mar 2021 22:08:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arik.io; h= content-type:mime-version:subject:from:in-reply-to:date:cc :reply-to:message-id:references:to; s=fm1; bh=qbNQL5ib0Pw7+B8MQi ZWy/rDLA8nVWV3Er2cN1AWjCc=; b=P5VSsixXNaQw0vn7Hc2nrCz42JFMFqG7WQ OabJj+KUA2adwyC1D+YrxLaG71JHIpj5Jv12pGc84LVXr7+xew5Cp1uWpHvl8qjS H3VyQStKThp25HYQK3rMA+9unuyrdNsCPOQPFVqP8IOYELfQ9vZE9VZAE0VX9Cfk mz5HRDrYaEytprXsJPLh13aTxHj1NKNR7pG/RSSkP+8UNPgUQL5r6EcAjZQocFA0 ppAlxZNtaBgPNRveBDrzADXeMLECGjNMahgOb9vEVpCIw05RW3Rk3FWAxYDoEG3x ZGg0lBUHMmXsuE4yyEFq8YXzk6VKDNah3l7kBNmOGNqX5yRTz3Cw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:reply-to:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; bh=qbNQL5ib0Pw7+B8MQiZWy/rDLA8nVWV3Er2cN1AWjCc=; b=VhnDfqvo O8RlJDvH3pbHUX21iXWDRsiBPcY6voiKkFvXHOh8UAsn6PiDGj6L8ngi25ENzapk PmHvT+wfbyeTMAdDgzh0/636LJ7F1mUYX/zEofUyioDrHCEF93UgqWRxIuYhPQYJ 0rkxkoSD6WmSdacdskNh7nqv2OccvZCrgbaHFrIwdi2N/J2cPzQ+T0Tz1zV1e+fc +4GqVfMn6hK8zyyj5pfQpFfsrJfN50o3HtmgziI3FIrqHyExRBP8cOMSdlIb7wX4 QqJRxBGYFM1RsxjZDtNLASMYK+JJNeBT/XeinF79bKsVDqRS22ETVhNgrWAnku84 +ve4IHRGdDH3gQ== X-ME-Sender: <xms:K1lVYO9sMMCJ3c1DV4sHUGvjDS7RcxMgFuIPlJm-_M5MwOuZqoCbVQ> <xme:K1lVYOs3x0xmNfpcsHtEWM93XZHXKeWkMpsbLgDZO4yurwxLwuENjf4kHFUHsGxns K_XvKktP3mEnH_vKGw> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudefledgjedvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheptggguffhjgffrhfkfhfvofesghdtmherhhdtvdenucfhrhhomheptehrihhk ucfuohhsmhgrnhcuoehmvgesrghrihhkrdhioheqnecuggftrfgrthhtvghrnhepffetge euueegveejudegieefiedtfeevheevtefgffefieelffffvdehueeuvdffnecuffhomhgr ihhnpegsihhttghoihhnthgrlhhkrdhorhhgpdhlihhnuhigfhhouhhnuggrthhiohhnrd horhhgnecukfhppeejfedrudekledrvdduledrjedtnecuvehluhhsthgvrhfuihiivgep tdenucfrrghrrghmpehmrghilhhfrhhomhepmhgvsegrrhhikhdrihho X-ME-Proxy: <xmx:K1lVYEBJFPsWiB8L7ByaHuvOB8HBNnQ24vgQzE4RpzXK6SRXNgh-6g> <xmx:K1lVYGccVm0uP5SjPaSlPfKPjlCYwD0zJbjqNsSGDyHnfTcGAmx-0A> <xmx:K1lVYDNmZqi5h83hj9g6h2mqwpHBBseaB7emBxbNoaHoiVjbhzcfDQ> <xmx:LFlVYFVOqXWXS172X3D4Gv-BDK83KzT_5RBRnt8BAuYxd5TlEEkyiA> Received: from [192.168.1.28] (c-73-189-219-70.hsd1.ca.comcast.net [73.189.219.70]) by mail.messagingengine.com (Postfix) with ESMTPA id D2A1D240057; Fri, 19 Mar 2021 22:08:42 -0400 (EDT) Content-Type: multipart/signed; boundary="Apple-Mail=_A1FCC9B2-F3DE-4289-8425-B5C2999682F6"; protocol="application/pgp-signature"; micalg=pgp-sha256 Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\)) From: Arik Sosman <me@arik.io> In-Reply-To: <CAJowKg+DHsJR4eeHbYgwe79C-U9WZ1-iUyxNLxw9EfD6mQQLBw@mail.gmail.com> Date: Fri, 19 Mar 2021 19:08:39 -0700 Reply-To: linuxfoundation@arik.io Message-Id: <23C3AD3A-DB4B-4E0B-9280-2F102CA43703@arik.io> References: <125859088-3f93e6aca40d5c3244243540270cdb84@pmq7v.m5r2.onet> <CAJowKg+DHsJR4eeHbYgwe79C-U9WZ1-iUyxNLxw9EfD6mQQLBw@mail.gmail.com> To: Erik Aronesty <erik@q32.com>, Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org> X-Mailer: Apple Mail (2.3608.120.23.2.1) X-Mailman-Approved-At: Sat, 20 Mar 2021 16:52:14 +0000 Subject: Re: [bitcoin-dev] An alternative to BIP 32? X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> X-List-Received-Date: Sat, 20 Mar 2021 02:15:58 -0000 --Apple-Mail=_A1FCC9B2-F3DE-4289-8425-B5C2999682F6 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi Erik, Would sha256-hmac(nonce, publicKeyPoint) still be a suitable/safe = alternative without relying on sha3? That should at the very least = eliminate length extension attacks. Best, Arik > On Mar 19, 2021, at 6:32 PM, Erik Aronesty via bitcoin-dev = <bitcoin-dev@lists.linuxfoundation.org> wrote: >=20 > use sha3-256. sha256 suffers from certain attacks (length extension, > for example) that could make your scheme vulnerable to leaking info, > depending on how you concatenate things, etc. better to choose > something where padding doesn't matter. >=20 > On Fri, Mar 19, 2021 at 7:28 PM vjudeu via bitcoin-dev > <bitcoin-dev@lists.linuxfoundation.org> wrote: >>=20 >> I recently found some interesting and simple HD wallet design here: = https://bitcointalk.org/index.php?topic=3D5321992.0 >> Could anyone see any flaws in such design or is it safe enough to = implement it and use in practice? >> If I understand it correctly, it is just pure ECDSA and SHA-256, = nothing else: >>=20 >> masterPublicKey =3D masterPrivateKey * G >> masterChildPublicKey =3D masterPublicKey + ( SHA-256( masterPublicKey = || nonce ) mod n ) * G >> masterChildPrivateKey =3D masterPrivateKey + ( SHA-256( = masterPublicKey || nonce ) mod n ) >>=20 >> Also, it has some nice properties, like all keys starting with 02 = prefix and allows potentially unlimited custom derivation path by using = 256-bit nonce. >> _______________________________________________ >> bitcoin-dev mailing list >> bitcoin-dev@lists.linuxfoundation.org >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev --Apple-Mail=_A1FCC9B2-F3DE-4289-8425-B5C2999682F6 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEl0pgArqLUGVhmdSl61v69oK2N9wFAmBVWScACgkQ61v69oK2 N9w99w//VhWduS9CJ6w/3ajYAmfeJ4LOeNnEq7vGgal3o9f78JhHuB707TRung4m Ou90QTAGFXjdtLuh+YTpO3++h7sQJDVfqz/1Fr3yj31vK6ImYunH6uGFmKBBW1is 81ynj2j6dTWQ5crt5tvhz2k2fRR3rmlP6NE+SRyhN858T/lMypSmCelOD7xKIPfu kJfqqu2gicSeJfgmB5jsrGt6HCDzdaG6vgBDUHcWTCP+NgL0TWAuFdZ+3KNkUm7u K4POubvfqxcjbdRnvXG/1wp8v4HhdnWyNQX4TLjCVeYsA1Ss6Yu2Dak5EyGPvNtL 4GCSIFUpzcMXcdrtyXMjm3E/QigOsZ4v3YGzI4MtffC4mq0jY1rfWtaVJfP6fmuM Trb5gGpILtiPzjjy1hbKosHimQS7UmjeZTKNUcrran5hbz4ctPtNWtcHbw7AzzAt bv+ecX9GsvfxkFplURIrmMpBWGVPU7c/ZmeQHE47+U3ZZ8OfsMfDJl/Hw0YI9itM rKlpcdRpBVGvAJWWIMAXH6X/o9qW7+l8qeskQz31aEY2uiG25xdnJ9h9d9UzVOxW s4GZtMzMIfuwHJ57yxt30etdq2Nvn5rOAY1/Buv1GJd5In1C0oh5vwtB1kuH2s4q RIyhv5SwKr+FHKN43ziolHXTYblhd3Wwu2EN8WogFACAsiXRTgg= =qpG3 -----END PGP SIGNATURE----- --Apple-Mail=_A1FCC9B2-F3DE-4289-8425-B5C2999682F6--