📅 Original date posted:2021-03-19 📝 Original message:use sha3-256. sha256 ...

Erik Aronesty [ARCHIVE] /

npub1y22…taj0

2023-06-07 18:30:59

in reply to nevent1q…2uzc

📅 Original date posted:2021-03-19
📝 Original message:use sha3-256. sha256 suffers from certain attacks (length extension,
for example) that could make your scheme vulnerable to leaking info,
depending on how you concatenate things, etc. better to choose
something where padding doesn't matter.

On Fri, Mar 19, 2021 at 7:28 PM vjudeu via bitcoin-dev
<bitcoin-dev at lists.linuxfoundation.org> wrote:
>
> I recently found some interesting and simple HD wallet design here: https://bitcointalk.org/index.php?topic=5321992.0
> Could anyone see any flaws in such design or is it safe enough to implement it and use in practice?
> If I understand it correctly, it is just pure ECDSA and SHA-256, nothing else:
>
> masterPublicKey = masterPrivateKey * G
> masterChildPublicKey = masterPublicKey + ( SHA-256( masterPublicKey || nonce ) mod n ) * G
> masterChildPrivateKey = masterPrivateKey + ( SHA-256( masterPublicKey || nonce ) mod n )
>
> Also, it has some nice properties, like all keys starting with 02 prefix and allows potentially unlimited custom derivation path by using 256-bit nonce.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Author Public Key

npub1y22yec0znyzw8qndy5qn5c2wgejkj0k9zsqra7kvrd6cd6896z4qm5taj0

Show more details

Published at

2023-06-07 18:30:59

Kind type

1 Short Text Note

Event JSON

{ "id": "1dfaa49052bab6b3fe8ce84370583a1991ce662c05c91b749a82a4cca296183d", "pubkey": "22944ce1e29904e3826d25013a614e4665693ec514003efacc1b7586e8e5d0aa", "created_at": 1686162659, "kind": 1, "tags": [ [ "e", "69708790841c33eb579cf900d3977a71d1f4f272db7c13d1670b70f61a12c1cb", "", "root" ], [ "e", "f5cb399da17b6aef27fb8b7ab11a8cd59afa750b4ca34b708182299ecb3fea06", "", "reply" ], [ "p", "d984ab5821a89fe36a833387a442d06971374de052be63faabd45b7d739f813c" ] ], "content": "📅 Original date posted:2021-03-19\n📝 Original message:use sha3-256. sha256 suffers from certain attacks (length extension,\nfor example) that could make your scheme vulnerable to leaking info,\ndepending on how you concatenate things, etc. better to choose\nsomething where padding doesn't matter.\n\nOn Fri, Mar 19, 2021 at 7:28 PM vjudeu via bitcoin-dev\n\u003cbitcoin-dev at lists.linuxfoundation.org\u003e wrote:\n\u003e\n\u003e I recently found some interesting and simple HD wallet design here: https://bitcointalk.org/index.php?topic=5321992.0\n\u003e Could anyone see any flaws in such design or is it safe enough to implement it and use in practice?\n\u003e If I understand it correctly, it is just pure ECDSA and SHA-256, nothing else:\n\u003e\n\u003e masterPublicKey = masterPrivateKey * G\n\u003e masterChildPublicKey = masterPublicKey + ( SHA-256( masterPublicKey || nonce ) mod n ) * G\n\u003e masterChildPrivateKey = masterPrivateKey + ( SHA-256( masterPublicKey || nonce ) mod n )\n\u003e\n\u003e Also, it has some nice properties, like all keys starting with 02 prefix and allows potentially unlimited custom derivation path by using 256-bit nonce.\n\u003e _______________________________________________\n\u003e bitcoin-dev mailing list\n\u003e bitcoin-dev at lists.linuxfoundation.org\n\u003e https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev", "sig": "80a7c56b851457160a7f21cba95fa7a7082cd1f6ac7f836cddafa4bb209c2d4fa71002aaa18067e033cf930da607a7529323692e12e8b9f0ce3115303c4d3bfe" }