1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
|
Return-Path: <me@arik.io>
Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])
by lists.linuxfoundation.org (Postfix) with ESMTP id D62D7C0001
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 20 Mar 2021 02:15:57 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp4.osuosl.org (Postfix) with ESMTP id AB53140349
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 20 Mar 2021 02:15:57 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.802
X-Spam-Level:
X-Spam-Status: No, score=-2.802 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: smtp4.osuosl.org (amavisd-new);
dkim=pass (2048-bit key) header.d=arik.io header.b="P5VSsixX";
dkim=pass (2048-bit key) header.d=messagingengine.com
header.b="VhnDfqvo"
Received: from smtp4.osuosl.org ([127.0.0.1])
by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id nv2vpKd0gWGf
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 20 Mar 2021 02:15:56 +0000 (UTC)
X-Greylist: delayed 00:07:08 by SQLgrey-1.8.0
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com
[66.111.4.29])
by smtp4.osuosl.org (Postfix) with ESMTPS id 386BD4022D
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 20 Mar 2021 02:15:56 +0000 (UTC)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
by mailout.nyi.internal (Postfix) with ESMTP id 18FA55C010D;
Fri, 19 Mar 2021 22:08:44 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
by compute3.internal (MEProxy); Fri, 19 Mar 2021 22:08:44 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arik.io; h=
content-type:mime-version:subject:from:in-reply-to:date:cc
:reply-to:message-id:references:to; s=fm1; bh=qbNQL5ib0Pw7+B8MQi
ZWy/rDLA8nVWV3Er2cN1AWjCc=; b=P5VSsixXNaQw0vn7Hc2nrCz42JFMFqG7WQ
OabJj+KUA2adwyC1D+YrxLaG71JHIpj5Jv12pGc84LVXr7+xew5Cp1uWpHvl8qjS
H3VyQStKThp25HYQK3rMA+9unuyrdNsCPOQPFVqP8IOYELfQ9vZE9VZAE0VX9Cfk
mz5HRDrYaEytprXsJPLh13aTxHj1NKNR7pG/RSSkP+8UNPgUQL5r6EcAjZQocFA0
ppAlxZNtaBgPNRveBDrzADXeMLECGjNMahgOb9vEVpCIw05RW3Rk3FWAxYDoEG3x
ZGg0lBUHMmXsuE4yyEFq8YXzk6VKDNah3l7kBNmOGNqX5yRTz3Cw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=cc:content-type:date:from:in-reply-to
:message-id:mime-version:references:reply-to:subject:to
:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
fm2; bh=qbNQL5ib0Pw7+B8MQiZWy/rDLA8nVWV3Er2cN1AWjCc=; b=VhnDfqvo
O8RlJDvH3pbHUX21iXWDRsiBPcY6voiKkFvXHOh8UAsn6PiDGj6L8ngi25ENzapk
PmHvT+wfbyeTMAdDgzh0/636LJ7F1mUYX/zEofUyioDrHCEF93UgqWRxIuYhPQYJ
0rkxkoSD6WmSdacdskNh7nqv2OccvZCrgbaHFrIwdi2N/J2cPzQ+T0Tz1zV1e+fc
+4GqVfMn6hK8zyyj5pfQpFfsrJfN50o3HtmgziI3FIrqHyExRBP8cOMSdlIb7wX4
QqJRxBGYFM1RsxjZDtNLASMYK+JJNeBT/XeinF79bKsVDqRS22ETVhNgrWAnku84
+ve4IHRGdDH3gQ==
X-ME-Sender: <xms:K1lVYO9sMMCJ3c1DV4sHUGvjDS7RcxMgFuIPlJm-_M5MwOuZqoCbVQ>
<xme:K1lVYOs3x0xmNfpcsHtEWM93XZHXKeWkMpsbLgDZO4yurwxLwuENjf4kHFUHsGxns
K_XvKktP3mEnH_vKGw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudefledgjedvucetufdoteggodetrfdotf
fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
cujfgurheptggguffhjgffrhfkfhfvofesghdtmherhhdtvdenucfhrhhomheptehrihhk
ucfuohhsmhgrnhcuoehmvgesrghrihhkrdhioheqnecuggftrfgrthhtvghrnhepffetge
euueegveejudegieefiedtfeevheevtefgffefieelffffvdehueeuvdffnecuffhomhgr
ihhnpegsihhttghoihhnthgrlhhkrdhorhhgpdhlihhnuhigfhhouhhnuggrthhiohhnrd
horhhgnecukfhppeejfedrudekledrvdduledrjedtnecuvehluhhsthgvrhfuihiivgep
tdenucfrrghrrghmpehmrghilhhfrhhomhepmhgvsegrrhhikhdrihho
X-ME-Proxy: <xmx:K1lVYEBJFPsWiB8L7ByaHuvOB8HBNnQ24vgQzE4RpzXK6SRXNgh-6g>
<xmx:K1lVYGccVm0uP5SjPaSlPfKPjlCYwD0zJbjqNsSGDyHnfTcGAmx-0A>
<xmx:K1lVYDNmZqi5h83hj9g6h2mqwpHBBseaB7emBxbNoaHoiVjbhzcfDQ>
<xmx:LFlVYFVOqXWXS172X3D4Gv-BDK83KzT_5RBRnt8BAuYxd5TlEEkyiA>
Received: from [192.168.1.28] (c-73-189-219-70.hsd1.ca.comcast.net
[73.189.219.70])
by mail.messagingengine.com (Postfix) with ESMTPA id D2A1D240057;
Fri, 19 Mar 2021 22:08:42 -0400 (EDT)
Content-Type: multipart/signed;
boundary="Apple-Mail=_A1FCC9B2-F3DE-4289-8425-B5C2999682F6";
protocol="application/pgp-signature"; micalg=pgp-sha256
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
From: Arik Sosman <me@arik.io>
In-Reply-To: <CAJowKg+DHsJR4eeHbYgwe79C-U9WZ1-iUyxNLxw9EfD6mQQLBw@mail.gmail.com>
Date: Fri, 19 Mar 2021 19:08:39 -0700
Reply-To: linuxfoundation@arik.io
Message-Id: <23C3AD3A-DB4B-4E0B-9280-2F102CA43703@arik.io>
References: <125859088-3f93e6aca40d5c3244243540270cdb84@pmq7v.m5r2.onet>
<CAJowKg+DHsJR4eeHbYgwe79C-U9WZ1-iUyxNLxw9EfD6mQQLBw@mail.gmail.com>
To: Erik Aronesty <erik@q32.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
X-Mailman-Approved-At: Sat, 20 Mar 2021 16:52:14 +0000
Subject: Re: [bitcoin-dev] An alternative to BIP 32?
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Mar 2021 02:15:58 -0000
--Apple-Mail=_A1FCC9B2-F3DE-4289-8425-B5C2999682F6
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
Hi Erik,
Would sha256-hmac(nonce, publicKeyPoint) still be a suitable/safe =
alternative without relying on sha3? That should at the very least =
eliminate length extension attacks.
Best,
Arik
> On Mar 19, 2021, at 6:32 PM, Erik Aronesty via bitcoin-dev =
<bitcoin-dev@lists.linuxfoundation.org> wrote:
>=20
> use sha3-256. sha256 suffers from certain attacks (length extension,
> for example) that could make your scheme vulnerable to leaking info,
> depending on how you concatenate things, etc. better to choose
> something where padding doesn't matter.
>=20
> On Fri, Mar 19, 2021 at 7:28 PM vjudeu via bitcoin-dev
> <bitcoin-dev@lists.linuxfoundation.org> wrote:
>>=20
>> I recently found some interesting and simple HD wallet design here: =
https://bitcointalk.org/index.php?topic=3D5321992.0
>> Could anyone see any flaws in such design or is it safe enough to =
implement it and use in practice?
>> If I understand it correctly, it is just pure ECDSA and SHA-256, =
nothing else:
>>=20
>> masterPublicKey =3D masterPrivateKey * G
>> masterChildPublicKey =3D masterPublicKey + ( SHA-256( masterPublicKey =
|| nonce ) mod n ) * G
>> masterChildPrivateKey =3D masterPrivateKey + ( SHA-256( =
masterPublicKey || nonce ) mod n )
>>=20
>> Also, it has some nice properties, like all keys starting with 02 =
prefix and allows potentially unlimited custom derivation path by using =
256-bit nonce.
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
--Apple-Mail=_A1FCC9B2-F3DE-4289-8425-B5C2999682F6
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEl0pgArqLUGVhmdSl61v69oK2N9wFAmBVWScACgkQ61v69oK2
N9w99w//VhWduS9CJ6w/3ajYAmfeJ4LOeNnEq7vGgal3o9f78JhHuB707TRung4m
Ou90QTAGFXjdtLuh+YTpO3++h7sQJDVfqz/1Fr3yj31vK6ImYunH6uGFmKBBW1is
81ynj2j6dTWQ5crt5tvhz2k2fRR3rmlP6NE+SRyhN858T/lMypSmCelOD7xKIPfu
kJfqqu2gicSeJfgmB5jsrGt6HCDzdaG6vgBDUHcWTCP+NgL0TWAuFdZ+3KNkUm7u
K4POubvfqxcjbdRnvXG/1wp8v4HhdnWyNQX4TLjCVeYsA1Ss6Yu2Dak5EyGPvNtL
4GCSIFUpzcMXcdrtyXMjm3E/QigOsZ4v3YGzI4MtffC4mq0jY1rfWtaVJfP6fmuM
Trb5gGpILtiPzjjy1hbKosHimQS7UmjeZTKNUcrran5hbz4ctPtNWtcHbw7AzzAt
bv+ecX9GsvfxkFplURIrmMpBWGVPU7c/ZmeQHE47+U3ZZ8OfsMfDJl/Hw0YI9itM
rKlpcdRpBVGvAJWWIMAXH6X/o9qW7+l8qeskQz31aEY2uiG25xdnJ9h9d9UzVOxW
s4GZtMzMIfuwHJ57yxt30etdq2Nvn5rOAY1/Buv1GJd5In1C0oh5vwtB1kuH2s4q
RIyhv5SwKr+FHKN43ziolHXTYblhd3Wwu2EN8WogFACAsiXRTgg=
=qpG3
-----END PGP SIGNATURE-----
--Apple-Mail=_A1FCC9B2-F3DE-4289-8425-B5C2999682F6--
|
