summaryrefslogtreecommitdiff
path: root/a6/b9ee9637b334d55ba62d1acbd34b82f96b30c4
blob: a09daa6a8e6665effaa89230c125697874e92dea (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
Return-Path: <earonesty@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id CCC433EE
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 11 Aug 2016 20:37:07 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-yw0-f177.google.com (mail-yw0-f177.google.com
	[209.85.161.177])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 1783E115
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 11 Aug 2016 20:37:07 +0000 (UTC)
Received: by mail-yw0-f177.google.com with SMTP id z8so4448582ywa.1
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 11 Aug 2016 13:37:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:sender:in-reply-to:references:from:date:message-id
	:subject:to; bh=8AFHAe/Z/gbMvGaVjxYpR7WcjcYycfduViJ20kKdqek=;
	b=EBPyS7nTxjuWpDTSEGo8lw2/vASGlgCJC6qXmfoSbR1HYgrcvFDy3/yOMGj0OiNkmf
	2iWNqglXsnggg/1HjsjtvulmrnB4knnwAldXUqbaG5+DQOOPNt4kDgDgwJczTwvzQWFs
	1ZeWrJbBItvhHlV+q6q+H02gUn8Y6e+NY6RX4RTIrjZFNR0I8OcDOjVwhdj11y4gPnzJ
	iSmrnKrRU4fCXzxD2yMLBjWgF+eTD5m/bCkr8lWcLAii+1gUmWqNw/EzuKISXHrPWM1q
	JD8rivU1mJifHV4NEWl8JXxao/ZM122hYiOIl1zsfgscKqgdEux3jbRs+GwyON4H3aXS
	wUnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
	:date:message-id:subject:to;
	bh=8AFHAe/Z/gbMvGaVjxYpR7WcjcYycfduViJ20kKdqek=;
	b=g0CJumL9PmbEFMgVro7oK/Gy1M/b+w1SBKcdT+ZF9QzmQGw6GVRkTIZqfoPV3a1gaB
	blwmCv8NWZISnvFHzBsa1nr4ZPZjACFMOBNikX7uN6okgky1x2rwmAfojTyKwFVgVkWS
	05x0M+PMKuMVlU9wtEXI1KivGB83aE6R4ynqK3cpDz77uBFp7BUdKZNmzN6jan1a5Nj1
	fJgyihT9GdSbTNV/n63ALhYOIaa25wY6pr/uJCJTcLQXtppiRRJBrnEEYuIGuGmEI/Cm
	5IUanBK7oZzPn4SKgiGFIEAC6as9++tt6gl8e5wSyWjhA7tY71sjG1gCOwF9F/uNJlSv
	+zKA==
X-Gm-Message-State: AEkooutpiWldgG5x5f5KrL8PPsflceLvrjkCeLXPYTTSiH3xFAk7ZEPIDY8OI7ohx4/aBRGYvPQyD+4OQ8t/Rw==
X-Received: by 10.129.83.193 with SMTP id h184mr8848108ywb.52.1470947826336;
	Thu, 11 Aug 2016 13:37:06 -0700 (PDT)
MIME-Version: 1.0
Sender: earonesty@gmail.com
Received: by 10.37.88.214 with HTTP; Thu, 11 Aug 2016 13:37:04 -0700 (PDT)
In-Reply-To: <CAE-z3OU7XgqivsGLXMyd2_cVRE3Kw2FNLGBU261q39=hq9TnEw@mail.gmail.com>
References: <CAL9WuQUUeR3cuUXHxUfBTNJ-+r0iJ-7Z8KRNub0G3NBujnkqcw@mail.gmail.com>
	<CABqynxJ3uph-4A+Ynq70CLa2kCCspTRsFWpKo_eP1FmVxZqSwQ@mail.gmail.com>
	<CALd2G5dERuX2n33MGZJ+mtM8WnvtzZcWDFFUfNFZEGJFkkHLDg@mail.gmail.com>
	<CAL9WuQUt+CMG2bEX+yv3LrFV7qn-=OSdn02ZxxPQci-3_ykPNQ@mail.gmail.com>
	<CAL9WuQXsbBJ0UwdS+o=UqJCcsebcPa9Ug5A=uNtc6Z+9CNEFPg@mail.gmail.com>
	<CAAS2fgR-weACn_Ezg8-uZuSH0QT5dfLEFE5WO2VDi0nx8H1e9g@mail.gmail.com>
	<CAE-z3OXeJHvjyF_phVh2u9S45_xss=C9ykL=BN=n=BxTx+AbrQ@mail.gmail.com>
	<CAJowKg+yh+PgTE14=+pPUXFdB_AGrsgk3cNSFnTGDYecsxDP5g@mail.gmail.com>
	<CAFh0iXOLN6B27Fkc=GXo-j3VwA0hkNggCiQOhR35R52yQGwSwg@mail.gmail.com>
	<CAL9WuQXH8TAKRabPSrZzMzpFBwmujdv-uSXJLeTt9u3H9WAFGw@mail.gmail.com>
	<CAJowKgK0N9VJZsm4fbZ5VvteUjoQkh9-xhg1yfcD3NRTuFV78Q@mail.gmail.com>
	<CAPg+sBi6mPviRRKysbuuOFKoYoyTufpUO_rJxJdB-8=7KGurYw@mail.gmail.com>
	<CAJowKg+0Oz7+Gdfm=NSO9MqOqSYV8Uo=nOMtkx3CBrsemK+BtQ@mail.gmail.com>
	<CAE-z3OU7XgqivsGLXMyd2_cVRE3Kw2FNLGBU261q39=hq9TnEw@mail.gmail.com>
From: Erik Aronesty <erik@q32.com>
Date: Thu, 11 Aug 2016 16:37:04 -0400
X-Google-Sender-Auth: OS8SHIbBNLruJyog51s8Xwk564U
Message-ID: <CAJowKgL39qFpGAVTkNoUUR7-M2VJxqkQ=X6yK3aTsGLRAo59Jw@mail.gmail.com>
To: Tier Nolan <tier.nolan@gmail.com>, 
	Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary=001a114d6f1cac09190539d1badc
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, FREEMAIL_FROM, HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] BIP Number Request: Addresses over Audio
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2016 20:37:07 -0000

--001a114d6f1cac09190539d1badc
Content-Type: text/plain; charset=UTF-8

Can't have shared secrets or interactivity for a public address to have the
love it needs.

Still not sure how you can take a BIP32 public seed and figure out if an
address was derived from it though.   I mean, wouldn't I have to compute
all 2^31 possible public child addresses?





On Thu, Aug 11, 2016 at 11:13 AM, Tier Nolan via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> On Thu, Aug 11, 2016 at 2:55 PM, Erik Aronesty via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
>
>> Sorr, I thought there was some BIP for a public seed such that someone
>> can generate new random addresses, but cannot trivially verify whether an
>> address was derived from the seed.
>>
>
> If you take a public key and multiply it by k, then the recipient can work
> out the private key by multiplying their master private key by k.
>
> If k is random, then the recipient wouldn't be able to work it out, but if
> it is non-random, then everyone else can work it out.  You need some way to
> get k to the recipient without others figuring it out.
>
> This means either the system is interactive or you use a shared secret.
>
> The info about the shared secret is included in the scriptPubKey (or the
> more socially conscientious option, an OP_RETURN).
>
> The address would indicate the master public key.
>
> master_public = master_private * G
>
> The transaction contains k*G.
>
> Both sides can compute the shared secret.
>
> secret = k*master_private*G = master_private*k*G
>
> <encode(k*G)> DROP DUP HASH160 <hash160(encode(secret + pub key))>
> EQUALVERIFY CHECKSIG
>
> This adds 34 bytes to the scriptPubKey.
>
> This is pretty heavy for scanning for transactions sent to you.  You have
> to check every transaction output to see if it is the given template.  Then
> you have to do an ECC multiply to compute the shared secret.  Once you have
> the shared secret, you need to do an ECC addition and a hash to figure out
> if it matches the public key hash in the output.
>
> This is approx one ECC multiply per output and is similar CPU load to what
> you would need to do to actually verify a block.
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>

--001a114d6f1cac09190539d1badc
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div><div>Can&#39;t have shared secrets or interactiv=
ity for a public address to have the love it needs.=C2=A0 <br><br>Still not=
 sure how you can take a BIP32 public seed and figure out if an address was=
 derived from it though.=C2=A0=C2=A0 I mean, wouldn&#39;t I have to compute=
 all 2^31 possible public child addresses?=C2=A0 <br><br><br><br></div></di=
v></div><br></div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote"=
>On Thu, Aug 11, 2016 at 11:13 AM, Tier Nolan via bitcoin-dev <span dir=3D"=
ltr">&lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D=
"_blank">bitcoin-dev@lists.linuxfoundation.org</a>&gt;</span> wrote:<br><bl=
ockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #=
ccc solid;padding-left:1ex"><div dir=3D"ltr"><span class=3D"">On Thu, Aug 1=
1, 2016 at 2:55 PM, Erik Aronesty via bitcoin-dev <span dir=3D"ltr">&lt;<a =
href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">bit=
coin-dev@lists.<wbr>linuxfoundation.org</a>&gt;</span> wrote:<br></span><di=
v class=3D"gmail_extra"><div class=3D"gmail_quote"><span class=3D""><blockq=
uote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1p=
x solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr">Sorr, I thought=
 there was some BIP for a public seed such that someone can generate new ra=
ndom addresses, but cannot trivially verify whether an address was derived =
from the seed.<br></div></blockquote><br></span>If you take a public key an=
d multiply it by k, then the recipient can work out the private key by mult=
iplying their master private key by k.=C2=A0 <br><br><div>If k is random, t=
hen the recipient wouldn&#39;t be able to work it out, but if it is non-ran=
dom, then everyone else can work it out.=C2=A0 You need some way to get k t=
o the recipient without others figuring it out.<br><div><br></div><div>This=
 means either the system is interactive or you use a shared secret.<br></di=
v><br></div><div>The info about the shared secret is included in the script=
PubKey (or the more socially conscientious option, an OP_RETURN).<br><br></=
div><div>The address would indicate the master public key.<br><br>master_pu=
blic =3D master_private * G<br></div><div><br></div><div>The transaction co=
ntains k*G.<br><br></div><div>Both sides can compute the shared secret.<br>=
<br>secret =3D k*master_private*G =3D master_private*k*G<br></div><div><br>=
</div><div>&lt;encode(k*G)&gt; DROP DUP HASH160 &lt;hash160(encode(secret +=
 pub key))&gt; EQUALVERIFY CHECKSIG<br><br></div><div>This adds 34 bytes to=
 the scriptPubKey.<br><br></div><div>This is pretty heavy for scanning for =
transactions sent to you.=C2=A0 You have to check every transaction output =
to see if it is the given template.=C2=A0 Then you have to do an ECC multip=
ly to compute the shared secret.=C2=A0 Once you have the shared secret, you=
 need to do an ECC addition and a hash to figure out if it matches the publ=
ic key hash in the output.=C2=A0 <br><br>This is approx one ECC multiply pe=
r output and is similar CPU load to what you would need to do to actually v=
erify a block.<br></div><div></div></div></div></div>
<br>______________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
<wbr>linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-<wbr>dev</a><br>
<br></blockquote></div><br></div>

--001a114d6f1cac09190539d1badc--