From: Tier Nolan <tier.nolan@gmail.com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] BIP Number Request: Addresses over Audio
Date: Thu, 11 Aug 2016 16:13:19 +0100 [thread overview]
Message-ID: <CAE-z3OU7XgqivsGLXMyd2_cVRE3Kw2FNLGBU261q39=hq9TnEw@mail.gmail.com> (raw)
In-Reply-To: <CAJowKg+0Oz7+Gdfm=NSO9MqOqSYV8Uo=nOMtkx3CBrsemK+BtQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1664 bytes --]
On Thu, Aug 11, 2016 at 2:55 PM, Erik Aronesty via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> Sorr, I thought there was some BIP for a public seed such that someone can
> generate new random addresses, but cannot trivially verify whether an
> address was derived from the seed.
>
If you take a public key and multiply it by k, then the recipient can work
out the private key by multiplying their master private key by k.
If k is random, then the recipient wouldn't be able to work it out, but if
it is non-random, then everyone else can work it out. You need some way to
get k to the recipient without others figuring it out.
This means either the system is interactive or you use a shared secret.
The info about the shared secret is included in the scriptPubKey (or the
more socially conscientious option, an OP_RETURN).
The address would indicate the master public key.
master_public = master_private * G
The transaction contains k*G.
Both sides can compute the shared secret.
secret = k*master_private*G = master_private*k*G
<encode(k*G)> DROP DUP HASH160 <hash160(encode(secret + pub key))>
EQUALVERIFY CHECKSIG
This adds 34 bytes to the scriptPubKey.
This is pretty heavy for scanning for transactions sent to you. You have
to check every transaction output to see if it is the given template. Then
you have to do an ECC multiply to compute the shared secret. Once you have
the shared secret, you need to do an ECC addition and a hash to figure out
if it matches the public key hash in the output.
This is approx one ECC multiply per output and is similar CPU load to what
you would need to do to actually verify a block.
[-- Attachment #2: Type: text/html, Size: 2251 bytes --]
next prev parent reply other threads:[~2016-08-11 15:13 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-08 21:22 [bitcoin-dev] BIP Number Request: Addresses over Audio Daniel Hoffman
2016-08-08 22:06 ` Justin Newton
2016-08-08 22:35 ` Daniel Hoffman
2016-08-08 22:59 ` Trevin Hofmann
2016-08-09 1:50 ` Daniel Hoffman
2016-08-09 23:06 ` Daniel Hoffman
2016-08-10 0:17 ` Jannes Faber
2016-08-10 0:27 ` Chris Riley
2016-08-10 0:36 ` Luke Dashjr
2016-08-10 1:09 ` Thomas Daede
2016-08-10 1:53 ` Daniel Hoffman
2016-08-10 2:14 ` Gregory Maxwell
2016-08-10 10:41 ` Tier Nolan
2016-08-10 11:42 ` Erik Aronesty
2016-08-10 11:49 ` Theo Chino
2016-08-10 16:01 ` Daniel Hoffman
2016-08-10 17:28 ` Erik Aronesty
2016-08-10 17:38 ` Pieter Wuille
2016-08-10 17:55 ` Daniel Hoffman
2016-08-10 22:31 ` James MacWhyte
2016-08-11 13:55 ` Erik Aronesty
2016-08-11 15:13 ` Tier Nolan [this message]
2016-08-11 20:37 ` Erik Aronesty
2016-08-12 0:36 ` Gregory Maxwell
2016-08-12 12:36 ` Erik Aronesty
2016-08-12 15:49 ` Jorge Timón
2016-08-12 18:39 ` James MacWhyte
2016-08-13 4:41 ` Daniel Hoffman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAE-z3OU7XgqivsGLXMyd2_cVRE3Kw2FNLGBU261q39=hq9TnEw@mail.gmail.com' \
--to=tier.nolan@gmail.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox