|
pw_decode method and "password = None" aren't needed. However, you could use raw input to allow the user to input their own seed (string of words) or the encrypted seed from their wallet file. (Heck you could even have them type in the filepath of their wallet file and then pw_decode the seed from that (note: encrypted seed from wallet >> pw_decode is equal to the output of mn_decode, so you won't need to run it through)
Right now, this is only really useful for people who know python enough to run this source. I would maybe stick a little gui on it (maybe use QT4) and have the option for the user to retrieve all their private keys or just give them the master public key only, etc.
It's pretty nice to have all the methods in a neat package and might be a great tool to stick a gui on and compile into an exe for newbies, but I think anyone who knows python enough to run this would have been able to retrieve their private keys anyways.
Just remember, the licensing agreement would require you to make all files open source including posting the compile method for the exe if you make one.
|
|
|
|
I am trying the following:
password = None;
seed="constant forest adore false green weave stop guy fur freeze giggle clock";
seed = pw_decode(seed, password).encode('utf8');
print seed;
oldseed = seed
for i in range(100000):
seed = hashlib.sha256(seed + oldseed).digest()
newseed=string_to_number( seed );
print newseed;
print "----";
curve = SECP256k1
master_private_key = ecdsa.SigningKey.from_secret_exponent( newseed, curve = SECP256k1 );
master_public_key = master_private_key.get_verifying_key().to_string().encode('hex');
print master_public_key;
However it doesn't give me the correct master public key. What am I doing wrong? The 12 words are not your encoded seed, they are your decoded seed. You must convert mnemonic to hex, no password needed. from electrum import mnemonic
seed = mnemonic.mn_decode(["constant", "forest", "adore", "false", "green", "weave", "stop", "guy", "fur", "freeze", "giggle", "clock"]) will make seed your unencrypted seed. The rest should be fine. Edit: Actually the input to the mn_decode should be a dict of strings and not a single string |
|
|
|
|
I just got sending to stealth addresses working on 1.9.8... but to be honest, DW is talking about changing format, and I don't have the time to put in all the checks necessary to make it solid.
Not to mention the current master head on github did a complete overhaul of the Transactions class, which is what I did heavy work on...
My opinion is: wait for it. It'll come eventually once stealth addresses are set in stone (in a BIP)
|
|
|
|
|
VirtualBox is your friend ;-)
|
|
|
|
You have to go to the console tab and enter:
wallet.storage.put('gap_limit',100)
Then restart Electrum, you should now have 100 addresses in the receiving address list.
It will take longer to sync them when you start Electrum.
Awesome, thanks. I Did that and like 45 came up, but that is more than enough. It takes a while, it'll eventually make 100, and it will automatically make a new one every time you receive bitcoins to one so that there will always be 100 unused addresses at any given time. Just remember, if you ever have to restore from seed you might have to change the gap limit to 100 every time. As the gap limit just basically says "I'm gonna create addresses in order until i find 100 unused addresses then stop." If you only have bitcoins on your 101st address, restoring seed will not generate that address witgout you putting in a gap limit of 101 etc. |
|
|
|
@dabura667
cheers.
so the prefix length cannot be bigger than 32 bits?
and if it was all 32 bits, but I could not find a matching nonce - what then? pick up a different "ephemkey"?
Yes, this is how the current implementation of Dark Wallet does it. If you run through all the nonces and no match is made, it breaks one do loop and returns to the ephemkey generation in the outer do loop. |
|
|
|
|
Dark Wallet is NOWHERE NEAR complete... (so don't send your real bitcoins to it)
BUT they have an alpha version out now that allows you to create a TESTNET wallet (with free coins to play around with) so you can see all the features.
I think they will be a good alternative to Electrum.
If Electrum's Kivy Android wallet comes out, though... Electrum's going to be #1 for a while imo.
If Dark Wallet came out with a feature final version including Android client tomorrow, I might switch over... but they have a ways to go.
|
|
|
|
I think it works.  Just one more question. When you say "brute force a nonce such that SHA256(nonce.concate(ephemkey)) first 4 bytes are equal to the prefix" - what if the prefix is not 4 bytes long? If it is not than 4. The only difference is the first x bytes must match the prefix of a length x / 8 rounded up. Also remember that prefix_length is in bits, so to get the number of bytes to compare you must take x / 8 rounded up. Edit: sorry for all the edits, i just woke up... Sorry last edit I swear. Here's the function for comparing the hash with the prefix. https://github.com/darkwallet/darkwallet/blob/42bb91761555c078f386be2ff6f61f7c033c60f0/js/util/stealth.jsStealth.checkPrefix is the function. The function at the very bottom is the loop to brute force the prefix. |
|
|
|
I'm still a bit confused, to be honest. I wanted to use DW to send some money to my own stealth addresses, just to see how it works. But my transactions have been pending for days already, so I am now trying to send it myself, using my own s/w. Anyway, please explain me one thing. I have a stealth address with two public keys: scanKey and spendKey - I want to send some coins there. So what I would do is: 1. I pick up a secret C - some random 32 bytes 2. Do I have to do anything with C here???3. I calculate C*scanKey - and put it inside the first null-ouptut, like this: 6a2606 <4_random_bytes> <compressed(C*scanKey)> 4. I calculate C*spenKey - and use it in the next output (one that actually spends the coins): 76a914 <hash160(C*spenKey)> 88ac 5. I sign and broadcast the transaction. In general it seems pretty clear, but the devil is in the details. Obviously I want my txs to be compatible with the existing solution (not just with my own), so I have these questions: 1. Do I need to do anything with my random C, between point 1 and 3? 2. You have this StealthDH() function that takes X from a result of EC multiplication, prefixes it with 03 and then does sha256 on it - at which point is it actually used? 3. The 4 random bytes in point 3 - are they just random, or what? You are getting mixed up. First let's see what you have to do first to send to a stealth address: 1. check the checksum! (convert from base58 to hex, strip last 4 bytes, SHA256 twice, compare first 4 bytes with checksum, if match then continue) 2. check if mainnet 3. check version byte (not used) 4. check N (number of keys for multisig) 5. check required number of sigs (for multisig) 6. create a new pub/priv keypair (lets call its pubkey "ephemkey" and privkey "e") 7. IF there is a prefix in the stealth address, brute force a nonce such that SHA256(nonce.concate(ephemkey)) first 4 bytes are equal to the prefix. IF NOT, then just run through the loop once and pickup a random nonce. (probably make the while condition include "or prefix = null" or something to that nature. 8. Once you have the nonce and the ephemkey, you can create the first output, which is OP_RETURN <nonce:4bytes> <ephemkey:33bytes> 9. Now use ECC multiplication to calculate e*Q where Q = scan_pubkey and e = privkey to ephemkey and then hash it. 10. That hash is now "c". use ECC multiplication and addition to calculate D + (c*G) where D = spend_pubkey, and G is the reference point for secp256k1. This will give you a new pubkey. (we'll call it D') 11. Create a normal P2KH output spending to D' as public key. 12. make the tx with the two outputs from #8 and #11 and broadcast it. (Don't forget to create any change outputs you need!) Edit: I forgot to say, if it is multisig, then repeat #10 for every spend_pubkey, A becomes A' B becomes B' etc... then take all the pubkeys from A' B' C' D' etc etc. and make a p2sh multisig address. Then in step 11 create normal P2SH output to multisig. so with multisig only #10 and #11 will change. everything else is same. |
|
|
|
|
If you think a quality Alt-coin will come out of Japan in the foreseeable future, you're wrong.
The open source community is non-existent in Japan, and Mona/Kuma are just out to pump and dump.
Play around with it, but don't go spending all your money on it.
Their github will end up like Mona, a barren wasteland where no one makes any commits ever.
|
|
|
|
That's fine as the server indexes all stealth data.
My question is, what happens if that data on the server disappears or is maliciously altered? ie If all of Electrum's servers suddenly stopped existing, I can export all my privkeys and import to any other client. But without the information on your servers, I can not restore my stealth generated addresses from seed. My question: Do you plan on remedying this? Or is this feature? Also if you could touch on how to prevent malicious servers from editing the ephemkeys (or deleting entries altogether) so you can't lookup your stealth transactions? Maybe I'm just not understanding the wiki right. Thanks! |
|
|
|
|
Hey guys!
Great job on the wallet. I am looking forward to more updates in the future.
I have a question about the stealth addresses:
Are you planning to apply for a BIP to standardize your Dual-key P2SH enabled Stealth Address setup?
Also, I was wondering if this implementation can exist without the lookup table and just searching the blockchain directly?
If OP_RETURN only holds the sender's pubkey and the nonce... I am wondering what would happen if the lookup tables went down or out of use in many years and I had to restore wallet from seed. How would it calculate the addresses created from my stealth address?
|
|
|
|
|
It looks like Electrum server is having issues.
Start up electrum.
Connect manually to a different server.
If it still doesn't fix itself, try clicking "Open Wallet" and opening the wallet you have open. (open the one that is already open... it's silly I know)
If it still doesn't sync correctly... I don't know what is wrong...
BUT your bitcoins are still on your address, Electrum just isn't showing the transaction correctly. If the problem persists for a long time. Then you can always export that one address's private key and import it into another client.
I think that reconnecting or reopening the wallet will force a sync.
|
|
|
|
multisign and stealh addr, are IMHO two of the most important security features since BIP38 and HD wallets.
Stealth Addresses would be difficult at this stage to implement, as the implementation of DW is not finalized and has yet to be accepted as a standard format. Until Stealth Addresses as they exist in Dark Wallet, are accepted as a BIP, I wouldn't think taking the time to include them would be worth it. (someone correct me if I'm wrong) However, I think one problem of the current implementation of stealth addresses in DW is the way they handle multisig P2SH. The stealth address would have to include the spend_pubkey of each of N addresses in it, so as you extrapolate it to 5 of 9, 17 of 33 etc etc... the stealth address will be unwieldy large. I think if they would just keep the format as strictly P2KH... Not to mention that implementing Stealth Addresses as they exist in DW would require storing a separate table on the Electrum servers to look up for the OP_RETURNS in order to create the addresses. (otherwise they would not be able to be restored by seed) tl;dr: It's not finalized on their end, and until a BIP is approved for the "Dual-key Stealth Address which includes P2SH ability" it should not be included anywhere else but Dark Wallet. Edit: Links for further study. (#1 and #2 are revolutionary and make stealth usable to normal people. #3 is a little ambitious but I would like to see it happen) 1. Database format for OP_RETURN storage and easy lookup. https://wiki.unsystem.net/index.php/DarkWallet/Stealth#Database_file_format2. Dual-key Stealth, and how it works. https://wiki.unsystem.net/index.php/DarkWallet/Stealth#Dual-key_stealth3. How the Stealth Address can be used to create shared secret multisigs. https://wiki.unsystem.net/index.php/DarkWallet/Stealth#Multisig_stealth |
|
|
|
|
It hasn't even been decided yet.
Adding the unit would be a trivial thing... but to avoid confusion, it will probably not be added until a consensus is reached.
|
|
|
|
I think bits is great... but we need to get rid of the name "bitcoin" and change it to bits. Having the network with the name Bitcoin, this could keep everyone in the same boat still, negating the benefits of switching to bits. How much is a bitcoin I've been hearing of on the news.
Oh, we don't use bitcoins, we use bits.
Oh, so you don't use bitcoins anymore? They die or something?
Oh no no no, 1 bitcoin is 1 million bits!
So how much is a bitcoin?
it's 2200 bits for a dollar.
Which is how many dollars for a bitcoin?
We don't use bitcoins as a unit anymore.
ad nauseum The only way bits will be a viable solution to the "omg this bitcoin thing is too expensive" is if we change the name of the network too to eliminate the bitcoin "brand" and completely "re-brand" it. Otherwise, people will get even more confused imo |
|
|
|
I'm having some pretty major usability issues, due to having a wallet with many transactions. It takes at least 30 minutes to sync now, even if I just disconnected. I use a "warm" portable electrum on a fresh OS for security reasons, but this solution is beginning to fail. I need my wallet to be accessible quickly.
Perhaps some sort of pruning would help?
If by portable you mean the "portable version," packaged executable then I would recommend going for the install version instead. The install version actually downloads the blockchain headers file on your HDD. I have over 4000 addresses used with a similar number of transactions and my electrum loads in about 10 seconds tops. The sync process doesn't take much longer. I've opened up electrum from scratch, then sent someone bitcoins within 30 seconds before and it showed up on blockchain.info like 5 seconds later. |
|
|
|
ok mine says Synchronizing now too. I'm glad it looks like it's doing something but I don't like the idea of a wallet that isn't working full time. Could this be a problem with the servers?
The servers are all run by volunteers using open source code that was made non-profit out of the good will of people's hearts. You probably connected to a server that was having difficulties, maybe their cat slept on the escape key or something. If you have connection issues, try reconnecting, try connecting to a different server, etc. Maybe in the future, there will be some sort of business running official professionally maintained servers for Electrum. Until then, you're basically relying on a group of volunteers. (then of course... the same can be said for the Bitcoin Core, multibit, or ANY bitcoin wallet...) |
|
|
|
|
Show Posts
