Title: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 19, 2014, 08:57:15 AM I finished implementing StealthAddress in NBitcoin.
Quote Key scan = new Key(); Key spend = new Key(); BitcoinStealthAddress address = spend.PukKey.CreateStealthAddress(scan.PubKey,Network.Main); //The receiver publish the address on a forum or whatever.... //Sender then create payment Key ephem = new Key(); //Optional, CreatePayment create one if not specified StealthPayment payment = address.CreatePayment(ephem); //In you want to include the payment to a transaction Transaction tx = new Transaction(); payment.AddToTransaction(tx); //Receiver receive the payment via the block chain with (address.Bitfield.GetPayments(tx)) Key key = spend.Uncover(scan,payment.Metadata.EphemKey); //Or, if you just want the public key (equals to key.PubKey) PubKey pubkey = spend.PubKey.UncoverReceiver(scan, payment.Metadata.EphemKey); You can replay these steps in parallel with sx to verify the implementation. There is a deterministic unit test for that : https://github.com/NicolasDorier/NBitcoin/blob/master/NBitcoin.Tests/StealthAddressTests.cs#L179 (https://github.com/NicolasDorier/NBitcoin/blob/master/NBitcoin.Tests/StealthAddressTests.cs#L179) Enjoy, Github : https://github.com/NicolasDorier/NBitcoin (https://github.com/NicolasDorier/NBitcoin) Nuget : Install-Package NBitcoin Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 19, 2014, 04:31:36 PM Just wrote an article on it : http://www.codeproject.com/Articles/775226/NBitcoin-Cryptography-Part (http://www.codeproject.com/Articles/775226/NBitcoin-Cryptography-Part)
Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 19, 2014, 08:18:16 PM cool. let's test it. can you send me some test coins and give the address where to send them back?
Code: waPV5rHToBq3NoR7y5J9UdE7aUbuqJybNpE88Dve7WgWhEfvMrcuaSvF6tSQ3Fbe8dErL6ks8byJPcp3QCK2HHviGCSjg42VgMAPJb btw, do you support prefix length other than 0? Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 19, 2014, 11:45:29 PM yes it supports prefix.
TestNet is unavailable at my place, the dns seed nodes seems down ?! Try to send this transaction to the TestNet, it should works if I did not made a mistake on the sig part. Quote 0100000001695f9c647d044563d2fff95fba1bd5cf1d35d75611ddbd8b1da80a4dff7aa8a000000 0006a47304402200e583af51ef57334f0c830e85bb809c7a23f4fbdd6d5557dbec1a2216c578bee 02203c54f1c2205ab0c21a511cbd1a2006bc339693d329cee7fb881aae44c6323dee012102ccea4 5d5eb89ea63dee2dd567beef6dd38b2edb3ebf3d85ef45c537ff1af1bbcffffffff020000000000 000000286a26060000000002704f9c99117ba90b162859e1f5f21c7e1805bc6c0594cc4e5a3dadf adf2c17bbc056fe03000000001976a9148f1516c7c20207a22940133f878351ac3681b56b88ac00 000000 All of these are down for me Quote vFixedSeeds.Add(new NetworkAddress() { Endpoint = new IPEndPoint(IPAddress.Parse("109.123.116.245").MapToIPv6(), 18333) }); vSeeds.Clear(); vSeeds.Add(new DNSSeedData("bitcoin.petertodd.org", "testnet-seed.bitcoin.petertodd.org")); vSeeds.Add(new DNSSeedData("bluematt.me", "testnet-seed.bluematt.me")); vSeeds.Add(new DNSSeedData("Blockexplorer.com", "blockexplorer.com")); Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 20, 2014, 08:13:33 AM Try to send this transaction to the TestNet, it should works if I did not made a mistake on the sig part. It says the signature of your tx is invalid. Here is the list of 90 testnet peers from my db: Code: 95.85.39.28 18333 Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 20, 2014, 10:23:30 AM Thanks for the seed, I will send the transaction.
I signed before adding the TxOut -_- Quote 0100000001695f9c647d044563d2fff95fba1bd5cf1d35d75611ddbd8b1da80a4dff7aa8a000000 0006b483045022100ee96d1dbe442c1b0997526e3e66d188a9014bd0b9f39262498b2c8484520d3 49022070c0fb15145a453cf2151f7ee60d675fbf047afba1d0058ac704589fe07fdcc6012102cce a45d5eb89ea63dee2dd567beef6dd38b2edb3ebf3d85ef45c537ff1af1bbcffffffff0200000000 00000000286a26060000000003de307f3903d0cf32509c2964ea8fca2be9640dd14bc1233856aa8 0967e4e0debc056fe03000000001976a9140d31b807b4ce74cd9e1f7d0c888abbed8e30584788ac 00000000 Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 20, 2014, 10:52:51 AM sent, send back to msj42CCGruhRsFrGATiUuh25dtxYtnpbTx (tpfaucet)
Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 20, 2014, 10:59:39 AM ok - as soon as it arrives.
but it hasn't yet. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 20, 2014, 11:15:27 AM Normally it has
http://blockexplorer.com/testnet/tx/1e0bb55e0c460e403a41e3f9d578209e0c518bd2ea97121cde5db0d6443e9219#i36098884 Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 20, 2014, 11:41:09 AM Normally it has http://blockexplorer.com/testnet/tx/1e0bb55e0c460e403a41e3f9d578209e0c518bd2ea97121cde5db0d6443e9219#i36098884 I don't think its correct. With the ephemkey key of: Code: 024272e119d08015609528fb6e9841d9a432fe0d013d60d4f332104808088e7084 And my stealth address: Code: waPV5rHToBq3NoR7y5J9UdE7aUbuqJybNpE88Dve7WgWhEfvMrcuaSvF6tSQ3Fbe8dErL6ks8byJPcp3QCK2HHviGCSjg42VgMAPJb ... I would be expecting the next output going to mr7F6ALhcQhZay1ufXipnESkLEB5xXuV9S Your output goes to mk2BkyJyE8Fgzs9zpCodpG14TJQHpvUJ9s Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 20, 2014, 11:56:21 AM Can I get your scan private key ? So I can verity with sx and also my framework what address it gives.
Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 20, 2014, 12:12:50 PM Can I get your scan private key ? So I can verity with sx and also my framework what address it gives. Not that one, but I can generate a new address for you.Code: waPYjXyrTrvXjZHmMGdqs9YTegpRDpx97H5G3xqLehkgyrrZKsxGCmnwKexpZjXTCskUWwYywdUvrZK7L2vejeVZSYHVns61gm8VfU its private scankey is: Code: 0361e5c0bff39f18621693da42cd343d60e3e14b4e9eb46b220eb310a484fcebab Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 20, 2014, 12:20:18 PM its private scankey is: Code: 0361e5c0bff39f18621693da42cd343d60e3e14b4e9eb46b220eb310a484fcebab It is not a private key, you copied the pubkey. I made a new transfer on your old stealth: Stealth Addr : waPV5rHToBq3NoR7y5J9UdE7aUbuqJybNpE88Dve7WgWhEfvMrcuaSvF6tSQ3Fbe8dErL6ks8byJPcp 3QCK2HHviGCSjg42VgMAPJb Ephem : 9daed68ad37754305e82740a6252cf80765c36d29a55158b1a19ed29914f0cb1 Scan : 026aa1512f0aa20a28ac2ed3fb660aea5cbee45ea6994e4ec790cad001cd5f2643 Spend : 02a60d70cfba37177d8239d018185d864b2bdd0caf5e175fd4454cc006fd2d75ac PubKey Generated : 03b4e5d3cf889840c75f0dd02ebda946151bf37e56cb888c6002c2ae5288e56de7 ID Generated : 119787de5355172ff7934303c06967697699adb2 Addr : mh7yJrZN6LwCfHymnkxUYJfJxMBQN2HX7R TxId : 266703ce4092b03c4e2585af877eeab6ac6b77d0bf40bf05879e53bedc6e1fbe I cross checked with tx, my PubKey Generated seems fine. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 20, 2014, 12:21:05 PM sorry :)
Code: cc411aab02edcd3bccf484a9ba5280d4a774e6f81eac8ebec9cb1c2e8f73020a Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 20, 2014, 12:24:20 PM its private scankey is: Code: 0361e5c0bff39f18621693da42cd343d60e3e14b4e9eb46b220eb310a484fcebab It is not a private key, you copied the pubkey. I made a new transfer on your old stealth: Stealth Addr : waPV5rHToBq3NoR7y5J9UdE7aUbuqJybNpE88Dve7WgWhEfvMrcuaSvF6tSQ3Fbe8dErL6ks8byJPcp 3QCK2HHviGCSjg42VgMAPJb Ephem : 9daed68ad37754305e82740a6252cf80765c36d29a55158b1a19ed29914f0cb1 Scan : 026aa1512f0aa20a28ac2ed3fb660aea5cbee45ea6994e4ec790cad001cd5f2643 Spend : 02a60d70cfba37177d8239d018185d864b2bdd0caf5e175fd4454cc006fd2d75ac PubKey Generated : 03b4e5d3cf889840c75f0dd02ebda946151bf37e56cb888c6002c2ae5288e56de7 ID Generated : 119787de5355172ff7934303c06967697699adb2 Addr : mh7yJrZN6LwCfHymnkxUYJfJxMBQN2HX7R With 03b4e5d3cf889840c75f0dd02ebda946151bf37e56cb888c6002c2ae5288e56de7 I'd expect address mvXf4sF4C1w5KgQyasbEWxqVyqbLNtVdnY Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 20, 2014, 12:34:08 PM With 03b4e5d3cf889840c75f0dd02ebda946151bf37e56cb888c6002c2ae5288e56de7 I'd expect address mvXf4sF4C1w5KgQyasbEWxqVyqbLNtVdnY So you agree on the generated pubkey ? You algorithm to transform a pubkey in address does not seems right. (Hash160) I cross checked mine with brainwallet. Mine give 119787de5355172ff7934303c06967697699adb2 Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 20, 2014, 12:38:29 PM The transaction I sent is
http://blockexplorer.com/testnet/tx/e83fcbedca05f5b792cb554f7d58d77c40f0a90e91d0d63f7ddfd0fa12790136 (http://blockexplorer.com/testnet/tx/e83fcbedca05f5b792cb554f7d58d77c40f0a90e91d0d63f7ddfd0fa12790136) Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 20, 2014, 01:00:19 PM The transaction I sent is Yeah, this one is correct!http://blockexplorer.com/testnet/tx/e83fcbedca05f5b792cb554f7d58d77c40f0a90e91d0d63f7ddfd0fa12790136 (http://blockexplorer.com/testnet/tx/e83fcbedca05f5b792cb554f7d58d77c40f0a90e91d0d63f7ddfd0fa12790136) I'm sending it back in tx c85b654a97f0ed150ff76b6c2ef50b9aa4a1911d7186d815be1c8c02dfcb3a81 Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 20, 2014, 01:04:44 PM With 03b4e5d3cf889840c75f0dd02ebda946151bf37e56cb888c6002c2ae5288e56de7 I'd expect address mvXf4sF4C1w5KgQyasbEWxqVyqbLNtVdnY So you agree on the generated pubkey ? You algorithm to transform a pubkey in address does not seems right. (Hash160) I cross checked mine with brainwallet. Mine give 119787de5355172ff7934303c06967697699adb2 Oh, I had though the "public key" was the one you put after OP_RETURN. Never mind, though. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 20, 2014, 01:07:59 PM With 03b4e5d3cf889840c75f0dd02ebda946151bf37e56cb888c6002c2ae5288e56de7 I'd expect address mvXf4sF4C1w5KgQyasbEWxqVyqbLNtVdnY So you agree on the generated pubkey ? You algorithm to transform a pubkey in address does not seems right. (Hash160) I cross checked mine with brainwallet. Mine give 119787de5355172ff7934303c06967697699adb2 Oh, I had though the "public key" was the one you put after OP_RETURN. Never mind, though. Have you done the same error on the previous transaction we made ? Maybe something does not work right and I need further testing. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 20, 2014, 01:31:05 PM Have you done the same error on the previous transaction we made ? Maybe something does not work right and I need further testing. No, the previous two transaction were just broken, as far as I can check it. The third one is fine, though - I received it with no problems and no modifications in my software. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 20, 2014, 01:48:56 PM Have you done the same error on the previous transaction we made ? Maybe something does not work right and I need further testing. No, the previous two transaction were just broken, as far as I can check it. The third one is fine, though - I received it with no problems and no modifications in my software. The first one broken. The second one, I juste did double spent because I sent the third one just after on the same out. The third one worked. I will make more unit tests. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 20, 2014, 02:30:02 PM piotr, I improved my tests and don't find any bug on it.
I don't find the reason why the first transaction would fail. I will generate a bunch of transaction to your stealth address later today, and we'll see if they all get through. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: dabura667 on May 25, 2014, 03:52:45 PM piotr, I improved my tests and don't find any bug on it. I don't find the reason why the first transaction would fail. I will generate a bunch of transaction to your stealth address later today, and we'll see if they all get through. maybe piotr you are missing a modulo somewhere in your recovery code. Usually when something in bitcoin works some of the time, I find it's because you didn't mod p somewhere. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 25, 2014, 04:28:24 PM No I don't think there is anything wrong in my implementation.
Besides non-zero length prefixes, I have tested it quite much. I can exchange coins via stealth addresses between DarkWallet and my s/w, including several sends in a single tx, and they never got missed. So I guess it means that my implementation works? I think it is more likely that Nicolas did something wrong during the first send. We can try few more times though, if he wants, just to be sure. I'm always open for more testing. BTW, @dabura667, are you working on supporting non-zero length prefixes? I'd like to test it against a different wallet as well. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: dabura667 on May 26, 2014, 12:04:17 PM No I don't think there is anything wrong in my implementation. Besides non-zero length prefixes, I have tested it quite much. I can exchange coins via stealth addresses between DarkWallet and my s/w, including several sends in a single tx, and they never got missed. So I guess it means that my implementation works? I think it is more likely that Nicolas did something wrong during the first send. We can try few more times though, if he wants, just to be sure. I'm always open for more testing. BTW, @dabura667, are you working on supporting non-zero length prefixes? I'd like to test it against a different wallet as well. I've only got sending working for Electrum. But yes, I have non-zero prefixes working for sending bitcoins. Unfortunately, Electrum does not have testnet functionality, so I had to sacrifice 40 cents while experimenting. Edit: Here's how I got it done in Python. Code: def check_prefix(pre_num, prefix, p_hash): # Check the first 'pre_num' bits of both 'prefix' and 'p_hash' and see if they match Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 26, 2014, 12:08:17 PM Unfortunately, Electrum does not have testnet functionality, so I had to sacrifice 40 cents while experimenting. That should motivate you to add testnet support there, at some point ;)Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: dabura667 on May 26, 2014, 12:33:43 PM Unfortunately, Electrum does not have testnet functionality, so I had to sacrifice 40 cents while experimenting. That should motivate you to add testnet support there, at some point ;)heck, I'm not even good enough to do anything... but I do the best I can. :-) Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 26, 2014, 12:42:34 PM Unfortunately, Electrum does not have testnet functionality, so I had to sacrifice 40 cents while experimenting. That should motivate you to add testnet support there, at some point ;)heck, I'm not even good enough to do anything... but I do the best I can. :-) oh, don't be so modest. you are certainly good enough to be a pioneer of implementing the stealth payments :) Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 26, 2014, 03:06:15 PM piotr_n,
I am going to send 13 transactions to waPYjXyrTrvXjZHmMGdqs9YTegpRDpx97H5G3xqLehkgyrrZKsxGCmnwKexpZjXTCskUWwYywdUvrZK 7L2vejeVZSYHVns61gm8VfU Do you confirm you have the spend priv key and scan priv key ? (Scan = cc411aab02edcd3bccf484a9ba5280d4a774e6f81eac8ebec9cb1c2e8f73020a) Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 26, 2014, 03:09:11 PM piotr_n, yes - go ahead, send.I am going to send 13 transactions to waPYjXyrTrvXjZHmMGdqs9YTegpRDpx97H5G3xqLehkgyrrZKsxGCmnwKexpZjXTCskUWwYywdUvrZK 7L2vejeVZSYHVns61gm8VfU Do you confirm you have the spend priv key and scan priv key ? (Scan = cc411aab02edcd3bccf484a9ba5280d4a774e6f81eac8ebec9cb1c2e8f73020a) Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 26, 2014, 03:21:16 PM ok all sent, you should get in a block in one hour or more. I did not included fees.
I have all my ephem keys Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 26, 2014, 03:23:31 PM ok.
in case if they got mined, let me know. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 26, 2014, 03:23:59 PM already mined oO
And already 3 confirmation... wow what's going on on testnet. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 26, 2014, 03:24:10 PM I received 7 of them
Code: 21 245388 2014/05/26 17:28 21af862200c988833069cd2f03c2d71204b17ac927a134b918289ad91d6f0702 1 0.04615384 @mmFbAfaoku8yiFm29FMzaWs1KjWmR97Gp1 Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 26, 2014, 03:29:35 PM There is something waky here... (7 of 13 worked)
Can you check what is going on with txid 7efb90526034f0eac6b4f897ea0dcf617b03b29e8b0b4f1660b1fb76740b45f1 http://blockexplorer.com/testnet/tx/7efb90526034f0eac6b4f897ea0dcf617b03b29e8b0b4f1660b1fb76740b45f1 (http://blockexplorer.com/testnet/tx/7efb90526034f0eac6b4f897ea0dcf617b03b29e8b0b4f1660b1fb76740b45f1) Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 26, 2014, 03:36:25 PM Can you check what is going on with txid 7efb90526034f0eac6b4f897ea0dcf617b03b29e8b0b4f1660b1fb76740b45f1 the metadata: Code: 0600000000:02d3a7c713f0fb9eadaf23d121f5f66a11f4ca780a353ecb1c88ae48646529e1d6 ...multiplied with the secret scan key: Code: cc411aab02edcd3bccf484a9ba5280d4a774e6f81eac8ebec9cb1c2e8f73020a ... comes down to the secret C of: Code: ba05b377c50e08b4ad293d58f6e1c494c2e55c829a12c7a289ae015d307193f7 .. and this tells me to expect the coins at address mhBmC8iBR422X5mUYZ2NqT4qin8rGrmMgj (key: 03f6ceafe6669e8c8d0439bbbd4c644779b6ab98b077d61e9d26492ee4d026e217) your coins went to: mh1A4K7kK5wr7WxCNaHuzhC4LDU8TseBnU would you like me to expand all the steps, how it goes to it? Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 26, 2014, 03:39:14 PM Them EphemKey was 23eef32c39ccfd1267f0cd45841dc5bf8deae0184dad16993949d1707c4fb9b6
I'm checking the result against sx, one moment. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 26, 2014, 03:41:28 PM I think I know what is your problem.
The sha256 hashing that you do at the EphemKey Before hashing it always has 03 byte in front, despite whether the calculated key had 02 or 03. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 26, 2014, 03:45:03 PM dont ask me why it is always 03 - it is also strange for me.
but now at least I know how to recover the coins we lost before. where do you want them? Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 26, 2014, 03:50:02 PM Just checked
Code: Usage: sx stealth-uncover EPHEM_PUBKEY SCAN_SECRET SPEND_PUBKEY Which is the address where I sent. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 26, 2014, 03:53:42 PM dont ask me why it is always 03 - it is also strange for me. but now at least I know how to recover the coins we lost before. where do you want them? You can send back to me. However your result is not consistent with SX why is it the case ? Which one to trust ? Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 26, 2014, 03:55:22 PM What is your address?
It seems like the implantation in sx is different from the one in DW. DW always overwrites 02 with 03 before hashing it. sx - doesnt seem so; takes either 02 or 03, depending how it came out. Now we need to figure how it should be. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 26, 2014, 03:59:01 PM I think your/sx implementation makes more sense, but if I make it like this I won't be DW compatible anymore.
Look at line 42: https://github.com/darkwallet/darkwallet/blob/develop/js/util/stealth.js ... and here, line 99: https://github.com/libbitcoin/libwallet/blob/master/src/stealth.cpp These two functions are compatible only in 50% of the cases. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 26, 2014, 03:59:32 PM need to ask to genjix on irc, i'll contact him.
mwdJkHRNJi1fEwHBx6ikWFFuo2rLBdri2h Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 26, 2014, 04:01:19 PM ok. let me know what you found.
sent you back the coins. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 26, 2014, 04:16:08 PM he is afk for now.
So if I understand, the difference lies when I calculate the shared secret after the EC multiply. My code and SX : Code: var pBytes = new PubKey(p.GetEncoded()).Compress().ToBytes(); DW : Code: var pBytes = new PubKey(p.GetEncoded()).Compress().ToBytes(); It about : c = H(eQ) = H(dP) at https://wiki.unsystem.net/index.php/DarkWallet/Stealth#Dual-key_stealth (https://wiki.unsystem.net/index.php/DarkWallet/Stealth#Dual-key_stealth) Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 26, 2014, 04:18:35 PM yeah I also asked it at #darkwallet, but ATM there isn't anyone around to answer
yes - except that the value is 0x03, not 0x02: Code: var pBytes = new PubKey(p.GetEncoded()).Compress().ToBytes(); I'm happy to change it in my code, but first let's figure out which approach is the desired one Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 26, 2014, 04:21:58 PM I fixed my response, yes this is problematic since I don't think it is good to break existing clients and scanners.
Maybe the scanner will need to handle both case :( Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 26, 2014, 04:25:26 PM I fixed my response, yes this is problematic since I don't think it is good to break existing clients and scanners. nobody really uses stealth addresses yet - I don't mind changing my scanner.Maybe the scanner will need to handle both case :( it's better to do it now than to wait longer or (even worse) to check for both the values. there are obviously two different approaches which are compatible only in 50% of cases. I wonder which of the two is in Electrum. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 26, 2014, 05:11:36 PM it seems that this weirdness comes from electrum implementation.
see here, line 619: https://github.com/dabura667/electrum/blob/StealthAddressSend/lib/bitcoin.py @dabura667, any comments? Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 26, 2014, 05:25:17 PM From : https://github.com/darkwallet/darkwallet/blob/develop/js/util/stealth.js#L42 (https://github.com/darkwallet/darkwallet/blob/develop/js/util/stealth.js#L42)
Is seems the JS implementation is not quite right. A compressed pub key in the X coordinate of ECPoint, with 02 or 03 indicating if Y the odd or even. From this two information, you can recalculate the Y which is lost during compression. The JS implementation assume that Y is always odd... a simple modulo test on Y just before the concat would solve the problem. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 26, 2014, 05:28:59 PM agreed
but I think this implementation is based on the one from electrum, where it seems even more clear that someone just forgot to check the Y's parity, before prefixing X with the proper byte: https://github.com/dabura667/electrum/blob/StealthAddressSend/lib/bitcoin.py#L619 Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 26, 2014, 05:38:31 PM sent pull request to https://github.com/darkwallet/darkwallet/pull/131 (https://github.com/darkwallet/darkwallet/pull/131), I can't run it so I hope I got it from the first time. ;)
Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 26, 2014, 05:43:45 PM it is not my code, but I believe Y has a method isEven() that works faster than mod(2)
Code: var S1 = [ point.getY().isEven() ? 2 : 3 ].concat(point.getX().toBigInteger().toByteArrayUnsigned()); EDIT: actually, I believe the proper way is to just use the function that is already there for it: Code: var S1 = point.getEncoded(true) Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 26, 2014, 05:51:58 PM sent pull request to https://github.com/darkwallet/darkwallet/pull/131 (https://github.com/darkwallet/darkwallet/pull/131), I can't run it so I hope I got it from the first time. ;) and why you cannot run it? don't you have chrome? Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 26, 2014, 06:01:11 PM I hate javascript, I'll let the creator of the lib take the relay for the pull ;)
I sent an issue for the electrum python version of the bug. sent pull request to https://github.com/darkwallet/darkwallet/pull/131 (https://github.com/darkwallet/darkwallet/pull/131), I can't run it so I hope I got it from the first time. ;) and why you cannot run it? don't you have chrome? I'm just lazy to setup a page that include these scripts, and creating a piece of code that will pass where the bug is. I hate javascript so much. :( Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 26, 2014, 06:04:51 PM I'm just lazy to setup a page that include these scripts, and creating a piece of code that will pass where the bug is. You don't need to setup any page - its a fully functional extension for chrome.I hate javascript so much. :( Just checkout the repo from github, go to Chrome's "Extensions" page, enable "Developer mode" and "Load unpacked extension..." pointing it to the darkwallet folder (the one with manifest.json) It will load the extension and then you can already use DW. For a start better stick to testnet - it will ask you when creating a new wallet. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: dabura667 on May 27, 2014, 03:22:59 PM it seems that this weirdness comes from electrum implementation. see here, line 619: https://github.com/dabura667/electrum/blob/StealthAddressSend/lib/bitcoin.py @dabura667, any comments? I was aware that sticking an 0x03 on it no matter what was incorrect, but that was the only way for me to get it to work with DW. I was meaning to do a PR for a while on DW for it, but by the time I got around to it, I couldn't find it for the life of me. Then I forgot about it. I should have added a comment there including my big "???" that I had when I saw this in DW. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 27, 2014, 03:26:56 PM so DW was first, and you just copied it.
then I copied it... :) the question is: what now? are you going to change it? I think we should. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: dabura667 on May 27, 2014, 03:40:08 PM so DW was first, and you just copied it. then I copied it... :) the question is: what now? are you going to change it? I think we should. Fixed. But now I won't be able to recover funds with DW half of the time :-( Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 27, 2014, 03:42:29 PM yeah I know.
do you have some better comm channel with DW guys? I've been trying to let them know and ask whether they were going to fix it as well, but they don't seem to be reachable. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 27, 2014, 03:51:19 PM habitually genjix respond, tried to spam him again today, but he 404 me.
Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: caedes on May 27, 2014, 06:57:24 PM hey,
We agree the dw implementation is at fault, I'm going to apply the fix and think about some way so we can redeem old dw stealth funds too so I can take a bit to apply the pull request but will do it asap. cheers and congrats on finding out the error!. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: piotr_n on May 27, 2014, 07:31:43 PM good. thx.
Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: genjix on May 27, 2014, 08:03:16 PM sorry Nicolas, was outside.
I'm lurking and responding when back. btw is SX doing it correctly or not? Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 27, 2014, 08:46:04 PM SX is correct, the DW implementation in javascript is not. I'm a little confused about who develops what.
Do you manage the JS implementation ? Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: caedes on May 28, 2014, 03:53:00 AM I manage the js implementation and genjix the sx one.
Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: caedes on May 28, 2014, 04:57:29 AM Ok we have fixed the issue in darkwallet git.
The fix also is using a different api than proposed that also makes sure the point is encoded as 32 bytes, not totally sure it's required but probably is what we want, will double check that soon with genjix. https://github.com/darkwallet/darkwallet/commit/da6a084c3102bbaf50aabd1ba524f5365f27d7ed We also added some backwards compatibility code so funds in bad addresses won't be just stuck. Tried to make it in the most simple way and so the workaround can easily be removed later. Thx again for finding the issue and providing a fix. Title: Re: NBitcoin : Stealth Address, DarkWallet compliant Post by: Nicolas Dorier on May 28, 2014, 09:10:37 AM cool, glad we could help.
We had 1 chance on 2 to find the bug, if the first transaction I sent to piotr worked, we would have continued our lives with the bug lurking in the dark. ;) |