From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0BDA9C0001 for ; Sat, 20 Mar 2021 01:32:59 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 8254760736 for ; Sat, 20 Mar 2021 01:32:58 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: 1.3 X-Spam-Level: * X-Spam-Status: No, score=1.3 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: smtp3.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=q32-com.20150623.gappssmtp.com Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id enMg0Iiz8KYu for ; Sat, 20 Mar 2021 01:32:57 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) by smtp3.osuosl.org (Postfix) with ESMTPS id 620EE6072E for ; Sat, 20 Mar 2021 01:32:57 +0000 (UTC) Received: by mail-pg1-x529.google.com with SMTP id o11so4844462pgs.4 for ; Fri, 19 Mar 2021 18:32:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=q32-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=kQe3GEPlwcvB+HjwR1LuUAc7Z08lN+8Rj1rYRCHxZSI=; b=Eh0qPk2UfSXvopQbY3TPY/jYl+osA6T7e71YS/gVNEMYbVSd3aOMs39muFI06kvUe+ /Ljp3vUcekwb0GyEIjAhQNtm9Th/ArtO+XQrfXATsudbCHxG50w56rZ7mWPtQdwLz7J2 kClHk4BgzGF00E0sz+MvhKRU7B6Tfv8pa7rzWDlyKyqUNV+oz4qIeh1hvlsE5SDq5O/B /C4HUcdSwJPdgpU2epQQS9PtFf6rl1yErd+7DMehRT81AjRFAmoXaprVwd6k7HappeSd J3749YsuJiYUXn+/8lYZRl2FRlQ68Pab1DMKZ7XgovmabH+0StoxXSOUS4nw0uobKCtV oc3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=kQe3GEPlwcvB+HjwR1LuUAc7Z08lN+8Rj1rYRCHxZSI=; b=TeqhOERsI0PHIi9m29FedawmtThkUy6MSx90AOlpvGhDDLSKF6Wc9Rw3HyaH64I1Ko 39MwGtGT4eqqGfgNwCOSbdSQInc3jhn+aeUws976E1kmVkqMH3q7KcbTEZ6daHs24rqm DXk1MHhN4EPG7R1mrOQNMlLGtRQfoNTw4nik9ud/97dW8IJFQRpkNuvQnQ0ek+dSmuqc sTwdA1PeUfnKFAt+5Ynv7mL/iUZJJ7sqiVo/x+kZRPR6AivB85LVhXOXQRiHxaMunBSX nkvNV3gP+T5F+fE3+s6wD4XyVPzV7VCs8eNAqTdw52jWoJZmMphOZEjQJtq5YOIVzQUF Q6nA== X-Gm-Message-State: AOAM533i0WBaS/21T3BR5T2+kNZDG8gxnmrYlJ5qbesvPzDidZKWXgID f8rCfyaZWGq15huRvQfTnYhifK8vLvvqwEyu5flJOVXKCROA X-Google-Smtp-Source: ABdhPJxE1pT8wtsBFNTdXDZqHOI44sG1kDpnqGSGb+XCEGI3t/RoHQ/V5yE4h8CVAqQBd0uYmPnzSNfFmWhS5Ne+aWA= X-Received: by 2002:a65:4542:: with SMTP id x2mr13768155pgr.53.1616203976720; Fri, 19 Mar 2021 18:32:56 -0700 (PDT) MIME-Version: 1.0 References: <125859088-3f93e6aca40d5c3244243540270cdb84@pmq7v.m5r2.onet> In-Reply-To: <125859088-3f93e6aca40d5c3244243540270cdb84@pmq7v.m5r2.onet> From: Erik Aronesty Date: Fri, 19 Mar 2021 21:32:46 -0400 Message-ID: To: vjudeu , Bitcoin Protocol Discussion Content-Type: text/plain; charset="UTF-8" X-Mailman-Approved-At: Sat, 20 Mar 2021 01:37:35 +0000 Subject: Re: [bitcoin-dev] An alternative to BIP 32? X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Mar 2021 01:32:59 -0000 use sha3-256. sha256 suffers from certain attacks (length extension, for example) that could make your scheme vulnerable to leaking info, depending on how you concatenate things, etc. better to choose something where padding doesn't matter. On Fri, Mar 19, 2021 at 7:28 PM vjudeu via bitcoin-dev wrote: > > I recently found some interesting and simple HD wallet design here: https://bitcointalk.org/index.php?topic=5321992.0 > Could anyone see any flaws in such design or is it safe enough to implement it and use in practice? > If I understand it correctly, it is just pure ECDSA and SHA-256, nothing else: > > masterPublicKey = masterPrivateKey * G > masterChildPublicKey = masterPublicKey + ( SHA-256( masterPublicKey || nonce ) mod n ) * G > masterChildPrivateKey = masterPrivateKey + ( SHA-256( masterPublicKey || nonce ) mod n ) > > Also, it has some nice properties, like all keys starting with 02 prefix and allows potentially unlimited custom derivation path by using 256-bit nonce. > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev