Pieter Wuille [ARCHIVE] on Nostr: 📅 Original date posted:2021-01-18 📝 Original message:Hi all, A few updates, in ...
📅 Original date posted:2021-01-18
📝 Original message:Hi all,
A few updates, in response to comments here and in a few other places:
- Updated several reference implementations (C, C++, Python, Javascript) to support Bech32m: https://github.com/sipa/bech32/tree/bech32m (but contributions to update other languages are welcome!)
- Updated website, including error-locating JS decoder, and demo: http://bitcoin.sipa.be/bech32/demo/demo.html
- Opened a Bitcoin Core PR: https://github.com/bitcoin/bitcoin/pull/20861
- Updates to the BIP draft (https://github.com/sipa/bips/blob/bip-bech32m/bip-bech32m.mediawiki):
* Made the title clearer (so it doesn't imply Bech32m is used for v0)
* Added rationale for not permitting both Bech32 and Bech32m for v0
* Added a section on error location
* Added links for more reference implementations
On Friday, January 15, 2021 12:01 AM, nakagat <nakagat at gmail.com> wrote:
> I read the BIP draft of Bech32m and implemented it in Go.
Cool! Do feel like contributing it to https://github.com/sipa/bech32/tree/bech32m?
> Let me ask you one question.
> Does Checksum have to be fixed?
> The 'bech32_verify_checksum' function has hrp and data as parameters,
> so how about committing Checksum with these two values?
>
> For example, calculate Checksum from hrp and data using hash, chacha20, etc.
I'm not entirely sure what you mean. Do you mean:
1) Can we use a hash function to compute the checksum instead of Bech32's algorithm?
If you compute the checksum using the HRP and the data using a hash function, you just 2^-30 failure probability for any error. The idea behind Bech32 was doing better than that for common errors: any error that consists of up to 4 substitutions are a failure probability of 0 - far better than a hash can do.
2) Can we keep using Bech32's algorithm, but compute the final xorred-in constant from the HRP and the data using a hash function?
That would be functionally equivalent to (1).
3) Can we keep using Bech32's algorithm, but compute the final xorred-in constant from the HRP (but not the data) using a hash function?
It would mean that some (very) small set of potential HRPs would exhibit much worse behavior than others - including the 'q'-before-'p' that the original Bech32 has.
Does that clarify things?
Cheers,
--
Pieter
📝 Original message:Hi all,
A few updates, in response to comments here and in a few other places:
- Updated several reference implementations (C, C++, Python, Javascript) to support Bech32m: https://github.com/sipa/bech32/tree/bech32m (but contributions to update other languages are welcome!)
- Updated website, including error-locating JS decoder, and demo: http://bitcoin.sipa.be/bech32/demo/demo.html
- Opened a Bitcoin Core PR: https://github.com/bitcoin/bitcoin/pull/20861
- Updates to the BIP draft (https://github.com/sipa/bips/blob/bip-bech32m/bip-bech32m.mediawiki):
* Made the title clearer (so it doesn't imply Bech32m is used for v0)
* Added rationale for not permitting both Bech32 and Bech32m for v0
* Added a section on error location
* Added links for more reference implementations
On Friday, January 15, 2021 12:01 AM, nakagat <nakagat at gmail.com> wrote:
> I read the BIP draft of Bech32m and implemented it in Go.
Cool! Do feel like contributing it to https://github.com/sipa/bech32/tree/bech32m?
> Let me ask you one question.
> Does Checksum have to be fixed?
> The 'bech32_verify_checksum' function has hrp and data as parameters,
> so how about committing Checksum with these two values?
>
> For example, calculate Checksum from hrp and data using hash, chacha20, etc.
I'm not entirely sure what you mean. Do you mean:
1) Can we use a hash function to compute the checksum instead of Bech32's algorithm?
If you compute the checksum using the HRP and the data using a hash function, you just 2^-30 failure probability for any error. The idea behind Bech32 was doing better than that for common errors: any error that consists of up to 4 substitutions are a failure probability of 0 - far better than a hash can do.
2) Can we keep using Bech32's algorithm, but compute the final xorred-in constant from the HRP and the data using a hash function?
That would be functionally equivalent to (1).
3) Can we keep using Bech32's algorithm, but compute the final xorred-in constant from the HRP (but not the data) using a hash function?
It would mean that some (very) small set of potential HRPs would exhibit much worse behavior than others - including the 'q'-before-'p' that the original Bech32 has.
Does that clarify things?
Cheers,
--
Pieter