Bitcoin Forum

Does anyone know where I could find a sample of C code that can perform an EC multiply, or in other words, convert a bitcoin private key to public key?  The code needs to be in straight C with no library dependencies of any kind.

If I had such a thing, I could probably come up with an application for a VeriFone POS terminal (a reprogrammed bankcard machine) that could be seeded once with a deterministic wallet, and then could spit out "bitcoin tickets" with QR codes on its built in receipt printer.  Thus, all a merchant would have to do to safely accept Bitcoin is buy this POS terminal.  Anytime someone wanted to send them bitcoins they would just print off a unique address/QR code, the terminal itself would merely query BlockExplorer or equivalent to confirm that funds were received.

The terminal itself would play no part in receiving or storing the bitcoins, nor would it act as a peer-to-peer node or download the block chain.  It would merely dispense bitcoin addresses on paper, as well as query balances at addresses via an external web service.

Ideally I would want the terminal to accept a passphrase one time, internally generate tens of thousands of bitcoin addresses using the passphrase as seed, and save them to flash memory, and then discard all the private keys.  The business owner would access the bitcoins by generating a wallet.dat with the same passphrase as seed, so they would not need MyBitcoin or any similar service.  The terminal would serve merely as an address/QRcode dispenser and as a way to display or print the amount of funds received once the funds were noticed on the block chain.

This device runs a proprietary OS but can handle straight C code.

How are they going to ultimately receive funds without a private key? or am I just confused?

Bitcoins on thermal paper is not a good idea.



bitcoins applied to a credit card, great idea.

I would suggest downloading the source code for OpenSSL, and simply purloining the small set of C routines involved in EC point arithmetic.

http://www.openssl.org/source/

I have my own EC routines in my J client, if you just want to know what the math looks like.

NB. Modular reciprocal

   mrcp =: 4 : 0
x =. x: x
y =. x | x: y
qq =: x: 0 0
rr =: x,y
tt =: x: 0 1

while.  0 ~: _1 { rr
do.
   qq =: qq,(<.@%)/_2 _1{rr
   rr =: rr,|/_1 _2{rr
   tt =: x|tt,(_2{tt)-(_1{qq)*(_1{tt)
end.
_2{tt
)

prcp =: Ep & mrcp

NB. Doubling a point

   pdub =: 3 : 0
'xj yj' =: x: y
if. yj = 0
do. _
else.
   s =: Ep | 3 * xj * xj * prcp 2 * yj
   xl =: Ep| (s * s) - 2 * xj
   yl =: Ep | (-yj) + s * (xj - xl)
   xl,yl
end.
)

NB. EC add

   padd =: 4 : 0
'xj yj' =: x: x
'xk yk' =: x: y
if. xj ~: xk
do.
   s =: Ep | (yj - yk) * prcp xj - xk
   xl =: Ep | (s*s) - (xj + xk)
   yl =: Ep | (-yj) + s *(xj - xl)
   xl,yl
else.
   if. yj = yk
   do. pdub x
   else. _
   end.
end.
)

NB. EC Multiply

   pmul =: 4 : 0
y =. x: y
x =. x: x
if. x = 0
do. _
else.
   z =: 0 2$0x
   while. x ~: 0
   do.
      if. 1 = 2 | x
      do. z =: z,y
      end.
      x =. <. x % 2
      y =. pdub y   
   end.
   padd/z
end.
)

NB.  Making a public key from a private key

pubkey =: 3 : 'y pmul EG'


Happy Programming.

I'm interested in finding such code too but so far I haven't had any luck. The most popular simple pure-C crypto library is libtomcrypt, but it apparently uses optimisations that are incompatible with the elliptic curve used by Bitcoin.

I believe there is some python EC code somewhere on the forum that has no dependencies. You should be able to take that and port it to C. I'll try and find it tonight, for now subscribing.

Will

OpenSSL is straight C code and should work in an embedded environment.  Just take the parts you need.

I agree. It's also the least risky approach. You know what they say, never write your own crypto code. And when you take the code out of OpenSSL you can at least be sure it is compatible.

A C implementation of EC functions will tend to depend on a bignum arithmetic library.  OpenSSL has its own. Tomcrypt provides a choice.  Getting one of these bignum libraries to run on your device will probably guide your choice of EC implementation.

They will regenerate the same series of keys on their computer into a wallet.dat with a deterministic wallet generator. The generator uses a passphrase to generate a whole wallet, and always generates the same wallet given the same passphrase.



The thermal paper can be thrown away once the transfer is made. The paper is merely to give the customer an address and a way to scan it in. The bitcoins themselves are persisted with the passphrase and the duplicate wallet generated therefrom.

The code I was looking for is here:

http://bitcointalk.org/index.php?topic=23241.0

Not sure if that helps, but it has no visible dependencies and can probably be C-ificiated pretty easily if it fits your needs

Will

This C lib has addition of points on elliptic curves:
http://www.ceid.upatras.gr/faculty/zaro/software/ecc-lib/

Here's something I literally just bodged together quickly using TomFastMath (http://www.makomk.com/gitweb/?p=libbtcsig.git;a=summary) for a project I'll get around to any year now. Should hopefully be reasonably portable, if not the smallest or most efficient code in the world. Be sure to read the disclaimer!