Bitcoin Forum
July 16, 2024, 02:37:11 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
  Home Help Search Login Register More  
  Show Posts
Pages: [1]
1  Bitcoin / Development & Technical Discussion / RFC: proposition to extend BIP44 - extended HD Wallet on: April 20, 2016, 03:07:09 PM
I would like to here your comments about this proposition:

from BIP44: Multi-Account Hierarchy for Deterministic Wallets

We define the following 5 levels in BIP32 path:
m / purpose' / coin_type' / account' / change / address_index

With this definition, a (single) wallet can have multiple accounts:
account' = 0', 1', 2', ...

I'm working on a new wallet and I would like to have a full hierarchy a wallets
will be replaced by a multiple level of wallets (all with hardened derivation)
/master wallet n'/sub wallet m'/.../sub wallet p'/
Something like this:
-- personnal wallet                      /0'/
    -- current account                   /0'/0'/
        -- restaurants                   /0'/0'/0'/
        -- beers                         /0'/0'/1'/
        -- food                          /0'/0'/2'/
    -- saving account                    /0'/1'/
        -- retirement                    /0'/1'/0'/
        -- next summer vacation          /0'/1'/1'/
        -- income taxes                  /0'/1'/2'/
    -- house expenditure                 /0'/2'/
    -- donations                         /0'/3'/
    -- kid's school                      /0'/4'/
-- personnal business                    /1'/
    -- North America                     /1'/0'/
        -- USA                           /1'/0'/0'/
            -- ...                       ...
        -- Canada                        /1'/1'/
            -- Quebec                    /1'/1'/0'/
                -- Montreal              /1'/1'/0'/0'/
                    -- 00 Ste-Catherine  /1'/1'/0'/0'/0'/
                    -- 99 St-Denis       /1'/1'/0'/0'/1'/
            -- British Colombia          /1'/1'/1'/
-- Joint account (with wife)             /2'/
    -- lawyers                           /2'/0'/
This proposition can be seen as an extension of a Multi-Account Hierarchy for Deterministic Wallets (BIP44).
An HD Wallet implementing BIP44 will be considered as containing only one master wallet /0'/
and will be compatible with this proposition. That's why I call it "Multi-Account Hierarchy for extended Deterministic Wallets"
or simply "extended HD Wallet" or "xHD Wallet".

2  Bitcoin / Development & Technical Discussion / BIP47 - Reusable Payment Codes - compute Shared Secret for Notification Tx on: April 13, 2016, 09:12:46 PM
From BIP47        :
and  test vectors :

I would like to compute the shared secret from the test vectors:

If I follow the BIP47 protocol:

0) It is assumed that Alice can easily obtain Bob's payment code via a suitable method outside the scope of the payment code protocol.

So Alice knows Bob's Payment Code:
PC_BOB = PM8TJS2JxQ5ztXUpBBRnpTbcUXbUHy2T1abfrb3KkAAtMEGNbey4oumH7Hc578WgQJhPjBxteQ5GHHToTYHE3A1w6p7tU6KSoFmWBVbFGjKPisZDbP97
Then Alice unserialize PC_BOB and can find Bob's pubkey and chain code  (path : m/47'/0'/0')
pubkey     : (02) 9d125e1cb89e5a1a108192643ee25370c2e75c192b10aac18de8d5a09b5f48d5
Chain Code :      1db1243aaa57c7fbea3072249c1bd4dab9482b4fee4d25e1c69707e8144dc137
1) Alice select an input...
2.i) Alice selects the private key corresponding to the first exposed public key, of the first pubkey-exposing input, of the transaction:
I tried with
a0 = 8d6a8ecd8ee5e0042ad0cb56e3a971c760b5145c3917a8e7beaf0ed92d7a520c  path  m/47'/0'/0'/0
ao is given in the paper. It gave me the wrong shared secret, I also tried with
a  = 0a5c1795378b3ba756efcb5ca47e605c3f4f8bcff99eced897b45a4b051e980d  path m/47'/0'/0'
with a wrong result again ("a" can be computed form the raw entropy)
Which value should I use for Alice private key ?
Alice selects the public key associated with Bob's notification address:
This address is given in the paper:
B = 024ce8e3b04ea205ff49f529950616c3db615b1e37753858cc60c1ce64d17e2ad8 (= B0) path: m/47'/0'/0'/0
2.iii) Alice calculates a secret point:
S = a B = 736a25d9250238ad64ed5da03450c6a3f4f8f4dcdf0b58d1ed69029d76ead48d
I think the value of B is correct but what should I take for a ?
3  Bitcoin / Development & Technical Discussion / BIP 32 - Find xprv from seed and passphrase (bitcore-mnemonic) on: April 11, 2016, 07:19:05 PM
from BIP 47:
passphrase = "TREZOR";
entropy = "00000000000000000000000000000000";
code    = "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about";
seed    = "c55257c360c07c72029aebc1b53c05ed0362ada38ead3e3e9efa3708e53495531f09a6987599d18264c1e1c92f2cf141630c7a3c4ab7c81b2f001698e7463b04";
xprv    = "xprv9s21ZrQH143K3h3fDYiay8mocZ3afhfULfb5GX8kCBdno77K4HiA15Tg23wpbeF1pLfs1c5SPmYHrEpTuuRhxMwvKDwqdKiGJS9XFKzUsAF";
from entropy and passphrase, I can find code, seed and xprv with bitcore-mnemonic (node.js):
var Mnemonic = require('bitcore-mnemonic');
mnemonic   = Mnemonic._entropy2mnemonic(new Buffer(entropy, 'hex'), Mnemonic.Words.ENGLISH);
customCode = new Mnemonic(mnemonic);
theSeed    = customCode.toSeed(passphrase);
xprv       = customCode.toHDPrivateKey(passphrase);

Now I would like to use "seed" in BIP 32 with passphrase and find xprv (and mnemonic?) with bitcore-mnemonic.
Is there a way to do that ?
4  Bitcoin / Development & Technical Discussion / BIP47 - Reusable Payment Codes - Notification Tx on: February 24, 2016, 03:04:47 PM
From BIP47 on mediawiki:
step 3 of the notification tx:
3. Alice serializes her payment code in binary form.
According the Binary Serialization on the same page,
the Payment Code is essentially Alice's pubkey (A = a * G) and Alice's Chain Code(c)
in the next step:
4. Alice renders her payment code (P) unreadable to anyone except Bob:
  i. Replace the x value with x':
The problem is x is the x coordinate of the secret point S = a * B = (x, y)
where a is Alice's privatekey and B is Bob's publickey point (B = b * G)
Question: even if I replace x by x', it won't change the value of the Payment Code
since x is not involved in this value !
What I'm missing ?
5  Bitcoin / Development & Technical Discussion / Reusable Payment Codes: How to compute Payment Code from HD Wallet private key on: February 22, 2016, 06:27:03 PM
I would like to extract the chain code from an extended private key (BIP32)
and compute the Payment code to implement Reusable Payment Codes (BIP47)

I will use the 2 test vectors from BIP32 mediawiki (HD Wallet):

Test Vector 1:

prvkey = xprv9s21ZrQH143K3QTDL4LXw2F7HEK3wJUD2nW2nRk4stbPy6cq3jPPqjiChkVvvNKmPGJxWUtg6LnF5kejMRNNU3TGtRBeJgk33yuGBxrMPHi

base58Check to string hex:

prvkey = 0488ade4000000000000000000873dff81c02f525623fd1fe5167eac3a55a049de3d314bb42ee227ffed37d50800e8f32e723decf4051aefac8e2c93c9c5b214313817cdb01a1494b917c8436b35e77e9d71

from the serialization format info on the same page, I can extract:

chain code  : 873dff81c02f525623fd1fe5167eac3a55a049de3d314bb42ee227ffed37d508
private key : e8f32e723decf4051aefac8e2c93c9c5b214313817cdb01a1494b917c8436b35

And I can calculate the public key:
public key  : 0339a36013301597daef41fbe593a02cc513d0b55527ec2df1050e2e8ff49c85c2
If I do the same with the pubkey (xpub...), I get the same chain code which is what I should obtain.

Test Vector 2:

prvkey = xprv9s21ZrQH143K31xYSDQpPDxsXRTUcvj2iNHm5NUtrGiGG5e2DtALGdso3pGz6ssrdK4PFmM8NSpSBHNqPqm55Qn3LqFtT2emdEXVYsCzC2U

chain code : 60499f801b896d83179a4374aeb7822aaeaceaa0db1f85ee3e904c4defbd9689
private key: 4b03d6fc340455b363f51020ad3ecca4f0850280cf436c70c727923f6db46c3e
public key : 03cbcaa9c98c877a26977d00825c956a238e8dddfbd322cce4f74b0b5bd6ace4a7

The next step is to create the Payment Code:

I will follow BIP47 mediawiki (binary serialization):

1)    Byte 0: version. required value: 0x01
2)    Byte 1: features bit field. All bits must be zero except where specified elsewhere in this specification
          Bit 0: Bitmessage notification
          Bits 1-7: reserved
3)    Byte 2: sign. required value: 0x02 or 0x03
4)    Bytes 3 - 34: x value, must be a member of the secp256k1 group
5)    Bytes 35 - 66: chain code
6)    Bytes 67 - 79: reserved for future expansion, zero-filled unless otherwise noted

Test vector 1:

1) 01
2) 00
3) 03
4) 39a36013301597daef41fbe593a02cc513d0b55527ec2df1050e2e8ff49c85c2
5) 873dff81c02f525623fd1fe5167eac3a55a049de3d314bb42ee227ffed37d508
6) 00000000000000000000000000

string1 : 01000339a36013301597daef41fbe593a02cc513d0b55527ec2df1050e2e8ff49c85c2873dff81c02f525623fd1fe5167eac3a55a049de3d314bb42ee227ffed37d50800000000000000000000000000

Base58 Serialization

checksum = SHA256(SHA256(string1))
checkSum = 20A4FA8F1BDFA6D0AC185F5F5F5DF9A50F5183C3492D2102038FCF7F5A83878F
checkSum = 20a4fa8f

version byte = 47

string1: 4701000339a36013301597daef41fbe593a02cc513d0b55527ec2df1050e2e8ff49c85c2873dff81c02f525623fd1fe5167eac3a55a049de3d314bb42ee227ffed37d5080000000000000000000000000020a4fa8f

string hex to base58Check :
PaymentCode: PM8TJZZ58ujgBFcwn2ii56ZDPVBmRTXqNBgqaRPhrqEaooQYKgsAUMkjmaXybz4zpMNVwgXSndvNNz7WTxFayVfbQQBCRroXqiN8tGMvJt9PaTwADf5Y

for test vector 2:

PaymentCode: PM8TJganX13rAQB9ZwomHFc8y8k8SoKJrgywreocjKE27Zjg3W72QVnyryaZzjknJXB7czkEufZC8QdRirThhETbQ4yCRb5QfGx1xYnn8ULN6URxrxox

I would like to know if those Payment Codes are correct.
6  Bitcoin / Bitcoin Technical Support / watch new Tx in mempool (testnet) on: December 17, 2015, 02:00:21 PM
I'm developping a wallet and I want to listen to the mempool (testnet) for incoming transactions.
I run a node on the same computer so I ping bitcoind every 1 sec with getmempoolinfo.

If getmempoolinfo.size is greater that 1 sec ago, it means there is at least one new transaction
in the mempool, then I get the array of all Tx in the mempool with getrawmempool.

My question : It seems that the new Tx hash is inserted anywhere in the array.
Is there a way to avoid comparing the old rawmempool (~ 1000 Tx) with the new rawmempool
to figure which Tx are new ? Or: why the new Tx are not append at the end
or at the beginning of the array ?
7  Bitcoin / Bitcoin Technical Support / createrawtransaction: Invalid private key on: November 19, 2015, 05:43:57 PM
I want to spend 0.01 tBTC from vout 0 of txid 5fbce786b0bd9f46e0511a5e8091d57900e2eb5d4132375aada3e964a75e6ca5
on testnet

from: n2eTmd37KTGhRZNJsf9tfVdCG1YejciETu (0.01 tBTC)

to:     0.005 tBTC -> 2NCo1Y7JJgLabJ5AQjBpgavyX1JLWJxGPYK
change: 0.004 tBTC -> n2eTmd37KTGhRZNJsf9tfVdCG1YejciETu
fees:   0.001 tBTC

createrawtransaction '[{"txid":"5fbce786b0bd9f46e0511a5e8091d57900e2eb5d4132375aada3e964a75e6ca5","vout":0}]'
 '{"2NCo1Y7JJgLabJ5AQjBpgavyX1JLWJxGPYK":0.005, "n2eTmd37KTGhRZNJsf9tfVdCG1YejciETu":0.004}'


the problem is when I try to sign that tx:

signrawtransaction "0100000001a56c5e...211964f5046e0a0e3568bf788ac00000000"
'[]' '["75e8fd535e581ba...12e23500a96ee675"]'

output:  Invalid private key (code -5)

I also tried with WIF format: 14xCi3eQ3AJvk...xyEQRooQNv1GGQSb
with the same output...

what's wrong ?
If I don't use the wallet of bitcoind, should I provide the "scriptPubKey"
and the redeemScript ? If yes, it's easy to find the scriptPubKey in the previous
tx but how do I create the redeemScript ?

to verify that my private Key is valid, I tested it with bitcore (node.js):

bitcore = require('bitcore');
bitcore.Networks.defaultNetwork = 'testnet';

var privateKey = new bitcore.PrivateKey('75e8fd535e581ba...12e23500a96ee675');
console.log('privateKey: ' + privateKey);          // 75e8fd535e581ba...12e23500a96ee675
var exported = privateKey.toWIF();         
console.log('exported privateKey: ' + exported);   // 14xCi3eQ3AJvk...xyEQRooQNv1GGQSb
var publicKey = privateKey.toPublicKey();
console.log('publicKey: ' + publicKey);            // 03f0435d4a6284...c14d33566929584990
var addressTest = publicKey.toAddress(bitcore.Networks.testnet);
console.log('address testnet: ' + addressTest);     // n2eTmd37KTGhRZNJsf9tfVdCG1YejciETu  <-- OK
8  Bitcoin / Bitcoin Technical Support / pubkeyhash vs scripthash with createrawtransaction on: November 18, 2015, 04:50:16 PM
I want to create a new wallet without using the bitcoind wallet.
I have created a testnet wallet on so I use
pubkeys from blocktrail and from bitcore package (node.js).

pubkey generated by bitcore:    n2eTmd37KTGhRZNJsf9tfVdCG1YejciETu
pubkey generated by blocktrail: 2NCo1Y7JJgLabJ5AQjBpgavyX1JLWJxGPYK

my transaction: from n2e... to 2NC... change back to n2e...

When I do a createrawtransaction I have two different types of scriptPubKey:

n2eTmd37KTGhRZNJsf9tfVdCG1YejciETu:     pubkeyhash  (bitcore)
2NCo1Y7JJgLabJ5AQjBpgavyX1JLWJxGPYK:  scripthash     (blocktrail)

My question: why I have a scripthash from blocktrail ?

What I think the answer is:
quote from blocktrail: "The BlockTrail Payment API is built using Multi-Signature HD Wallets, this means that there are 3 keys in total, 2 of which are necessary to get access to your Bitcoin!" (primary key, backup key and blocktrail key)
so instead of paying to a single pubkey, I must pay to a scripthash representing 2 out of 3 signatures.

Is it correct ? or there is another reason ?
9  Bitcoin / Bitcoin Technical Support / bitcoind: getrawtransaction: No information available on: October 21, 2015, 06:22:29 PM
I'm using bitcoin core tesnet console and I want to get raw transactions from this block:

getblock 0000000000018f31018adfebb342d3904c3f21c241025c4f65ff66263eb86d62

This block has 11 transactions:

then I try to get the raw Tx:

getrawtransaction 23dc9c72d5e04e3d511b384f2a6291008b9386b75aef98f8de271bfb48d9438b


The problem is with the next Tx :

getrawtransaction 61732b7f5e4a9b5d96454abb72c9d809e3dfccaedcc34473460d4e0db0d316e3

No information available about transaction (code -5)

These two Tx exist in the testnet blockchain:

the block

first Tx

second Tx

I have the same problem with 7 Tx, only 4 are listed in bitcoind.
What is the problem ?
10  Bitcoin / Development & Technical Discussion / Scaling Bitcoin - the Reliability Factor proposal on: September 10, 2015, 06:36:10 PM
Here is the proposition

The Block Size limit (Bmax) is ajusted every 2 weeks by an algorithm
based on the block sizes of the last 2 weeks.


1) The bitcoin community must agree on a Reliability Factor (R)

This factor (R) is comprised between 0 and 100% and represents
the probability of having a block exceed Bmax during the next 2 weeks.

Once set, this value does not change.

example: R = 1% means we have a probability of 1% to have a block size over
Bmax during the next 2 weeks. This represents one occurrence every 4 years.

2) All transactions exceeding Bmax are rejected by the minors: no hard fork


1) Every 2 weeks, the algorithm computes the average size (Ba) of the last 2000 blocks
(about 2 weeks) and the root mean square (RMS) for the same period.

2) Given Ba and RMS, the algorithm computes (gaussian curve) the new Bmax such that
the Reliability Factor (R) remains unchanged.


- Easy to implement
- The block size limit can go up or down depending on user traffic
- This presentation is oversimplified, for example what appends if all the blocks
are full: Ba = Bmax and RMS = 0, the new Bmax will always remains the same.
I think we can forecast and solve easily such cases.

See you at
11  Bitcoin / Bitcoin Technical Support / testnet: stuck to "synchronizing with network..." on: May 13, 2015, 02:54:21 PM
I want to make some tests with testnet, so I added
in ~/.bitcoin/bitcoin.conf
then I started bitcoin-qt (0.10.1) and it is stuck to block 26859
with this message:
synchronizing with network...    2 years and 33 weeks behind
since 24 hours.
I tried adding addnode=
or in bitcoin.conf
whitout changes. I use bitcoin on Linux.
Wat can I do now?
12  Bitcoin / Development & Technical Discussion / finding TxHash to verify a Tx on: May 08, 2015, 04:04:36 PM
In order to verify a transaction, I want to make sure that I have the correct value
for the double hash of the TxCopy  (the transaction hash used to sign and verify a transaction).

I used
for the final transaction and"
to find TxCopy from finalTx.

from finalTx:

There is just 1 input:
prevOutputHashReverse = 484d40d45b9ea0d652fca8258ab7caa42541eb52975857f96fb50cd732c8b481
prevOutputHash            = 81b4c832d70cb56ff957589752eb4125a4cab78a25a8fc52d6a09e5bd4404d48
prevOutputIndex           = 00000000

from prevOutputHash and prevOutputIndex, I can get the prevOutput:

prevOutput = 728b0100000000001976a914df3bd30160e6c6145baaf2c88a8844c13a00d1d588ac

from prevOutput, I get

prevOutputScriptPubKey = 76a914df3bd30160e6c6145baaf2c88a8844c13a00d1d588ac

now I can construct the txCopy
this only differences with finalTx are steps e, f and k

NOTE: in
step 2, there is an instruction: "if no OP_CS, simply copy PKScript" (=prevOutputScriptPubKey)
I don't know what to do with those OP_CODE_SEPARATOR !
Should I copy PKScript or not? What SCRIPT_PART4 should be?
If I copy PKScript, does it mean SCRIPT_PART4 = PKScript?
If yes: step e below becomes 32 and step f becomes (PKScript | PKScript) =
76a914df3bd30160e6c6145baaf2c88a8844c13a00d1d588ac76a914df3bd30160e6c6145baaf2c 88a8844c13a00d1d588ac

with SCRIPT_PART4 empty:

a) version                          = 01000000
b) input count                    = 01
c) prevOutputHashReverse  = 484d40d45b9ea0d652fca8258ab7caa42541eb52975857f96fb50cd732c8b481
d) preOutputIndex              = 00000000
e) prevOutputScriptPubKeyLength = 19
f) prevOutputScriptPubKey  = 76a914df3bd30160e6c6145baaf2c88a8844c13a00d1d588ac
g) sequence                       = ffffffff
h) outputCount                   = 01
i) output00                         = 62640100000000001976a914c8e90996c7c6080ee06284600c684ed904d14c5c88ac
j) lockTime                         = 00000000
k) hashTypeCode                = 01000000      (little-endian)

txCopy = 0100000001484d40d45b9ea0d652fca8258ab7caa42541eb52975857f96fb50cd732c8b48100000 0001976a914df3bd30160e6c6145baaf2c88a8844c13a00d1d588ac
ffffffff0162640100000000001976a914c8e90996c7c6080ee06284600c684ed904d14c5c88ac0 000000001000000

SHA256(SHA256(txCopy)) = 5FDA68729A6312E17E641E9A49FAC2A4A6A680126610AF573CAAB270D232F850

Can somebody tells me if it's the correct value ?

if SCRIPT_PART4 = PKScript:
SHA256(SHA256(txCopy)) = 488A0FCF5FCBF4119E9595F029060D31CE97DC0A9C5594B9A3D7E914B5B268BE
13  Bitcoin / Bitcoin Technical Support / Instructions to upgrade to 0.10.1 on: May 07, 2015, 05:35:53 PM
On Ubuntu I have a folder with many files:


I think those files have been used to build the binary:


Question 1: If I upgrade to 0.10.1, can I throw this folder with everything in it ?

In the .tar.gz archive downloaded from the web, I find:

bitcoin-0.10.1/lib/ ->
bitcoin-0.10.1/lib/ ->

I will replace /usr/local/bin/bitcoind by bitcoin-0.10.1/bin/bitcoind

Question 2: what should I do with all the other files?

If I understand well:
    bitcoind is the server
    bitcoin-cli is the client
    bitcoin-qt is a graphical interface built on bitcoin-cli and we can also use the option -server to use it as a server

Question 3: Is it correct ? What is bitcoin-tx ?
14  Bitcoin / Bitcoin Technical Support / Upgrade to 0.10.1: blockchain 0.9.3 compatible with 0.10.1? on: May 07, 2015, 12:52:39 PM
I have version 0.9.3 of bitcoind on my Ubuntu server and I want to upgrade to 0.10.1,
I have nothing in my wallet.
Does the blockchain 0.9.3 compatible with 0.10.1?
Do I have anything to keep from version 0.9.3 ?
15  Bitcoin / Development & Technical Discussion / How to verify the validity of a transaction on: April 28, 2015, 03:56:19 PM
I want to verify the validity of a transaction

Signing a tx

In order to sign a tx, I need:
    - <privKey>, Random Number = RN and the hash of tx = txHash

To sign the tx I must publish the <pubKey> = <privKey> * G = (X, Y)
where G is the Generator point

and I also must publish a signature = <sig> = (r,s)
where s is a random number:
    generate a random number RN, and compute s = RNx like this:
    RN * G = (RNx, RNy)
and r is a signature factor built with txHash, RNx, <privKey> and RN

then the signature script <sigScript> = <sig> + <PubKey> = (r,s) + (X,Y)

Verify a tx

If I have all infos r, s = RNx, RNy, X, Y, I can sign a tx and verify its validity with my script

BUT in a Bitcoin transaction sometimes X and Y are given: 04 X Y
and sometimes only X is given: 02 X or 03 X

also only s = RNx is given and not RNy.

So in order to verify a tx, I need to compute Y and RNy
Question 1) is there a way to do it without Y and/or RNy ?

question 2) There is a simplify algorithm to find Y when
computing square roots mod p when p = 3 (mod 4).
I checked that this condition is satisfied with the p used in Bitcoin.
Am I correct ? Can I use this algorithm ?

if p = 3 (mod 4) the solution of y^2 = x^3 + 4 = a (mod p)
has the form y = a^(k+1)
proof: if p = 4k+3 then set y=a^(k+1) mod p then
y^2 = a^(2k+2) = a^(2k+1) a = a^((p-1)/2) a = a (mod p)
by Euler's Criterion. So y = a^(k+1) is a solution.

Question 3) Is there a risk of collision when finding Y or RNy?
In a simple example (
p = 29 and privKey = 7 => 7 * G = (17,9)
If I only have X = 17 I have 2 choices for Y: (17,9) or (17,20)

16  Bitcoin / Development & Technical Discussion / lock time: big endian or little endian ? on: April 21, 2015, 05:59:25 PM
I want to create a raw transaction

If the lock time is not 00 00 00 00
should I write it as big endian or little endian ?
17  Bitcoin / Development & Technical Discussion / Adding points on an Elliptic curve on: March 24, 2015, 07:24:42 PM
I want to calculate the public key from the private key.
I can add points on an Elliptic curve with small p, but
I have a problem when I want to use large numbers.
Here is the description of the problem:
18  Bitcoin / Bitcoin Technical Support / different implementations of SHA256 on: March 17, 2015, 07:10:13 PM
Are there different implementations of SHA256 ?

from the bx library:

>bx sha256 800C28FCA386C7A227600B2FE50B7CAE11EC86D3BF1FBE471BE89827E19D72AA1D

sha256 (800C28FCA386C7A227600B2FE50B7CAE11EC86D3BF1FBE471BE89827E19D72AA1D) =


from c++ crypto++:
sha256(800C28FCA386C7A227600B2FE50B7CAE11EC86D3BF1FBE471BE89827E19D72AA1D) =

sha256(800C28FCA386C7A227600B2FE50B7CAE11EC86D3BF1FBE471BE89827E19D72AA1D) =
19  Bitcoin / Bitcoin Technical Support / base58 for private key on: March 17, 2015, 06:23:55 PM
I would like to generate a WIF private key from a random 256 bit private key.
I use the private key given in "mastering Bitcoin" :
Example 4-4.
print "Private Key (hex) is: ", private_key
print "Private Key (decimal) is: ", decoded_private_key
# Convert private key to WIF format
wif_encoded_private_key = bitcoin.encode_privkey(decoded_private_key, 'wif')
print "Private Key (WIF) is: ", wif_encoded_private_key
the output is:
Private Key (hex) is:       3aba4162c7251c891207b747840551a71939b0de081f85c4e44cf7c13e41daa6
Private Key (decimal) is:  26563230048437957592232553826663696440606756685920117476832299673293013768870
Private Key (WIF) is:       5JG9hT3beGTJuUAmCQEmNaxAuMacCTfXuw1R3FCXig23RQHMr4K
Here is my code (with GMP: GNU Multiple Precision Arithmetic Library):
#include <iostream>
#include <string>
#include <algorithm>
#include <gmpxx.h>
using namespace std;

mpz_class base58ToBigNum (const string);
string bigNum2base58 (mpz_class);
int main (void)
    mpz_class bigNumber = 0;

    string privKeyHexa("3aba4162c7251c891207b747840551a71939b0de081f85c4e44cf7c13e41daa6");

    cout << endl << "privKeyHexa:" << privKeyHexa << endl;
    bigNumber = hexaToBigNum(privKeyHexa);
    cout << endl << "bigNumber: " << bigNumber << endl;

    string strBase58WIF = bigNum2base58(bigNumber);
    cout << "strBase58WIF : " << strBase58WIF << endl << endl;
    return 0;

// ex: A259BD07F
// = 10 * 16^8 + 2 * 16^7 + 5 * 16^6 + 9 * 16^5 + 11 * 16^4 + 13 * 16^3 + 0 * 16^2 + 7 * 16^1 + 15 * 16^0
// = 43580641407
mpz_class hexaToBigNum (const string myString)
    string hexa_digits = "0123456789ABCDEF";

    int index;
    mpz_class m = 0;
    for( size_t i = 0; i < myString.size(); i++ ) {
        m *= 16;
        index = hexa_digits.find(toupper(myString[i]));
        m += index;
    return m;

string bigNum2base58 (mpz_class bigNumber)
    string b58_digits = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";

    string base58string;
    string mycharString;

    mpz_class divisor(58), quotient, remainder;
    mpz_class x = bigNumber;
    while (x > 0) {
    mpz_fdiv_qr(quotient.get_mpz_t(), remainder.get_mpz_t(), x.get_mpz_t(), divisor.get_mpz_t());
    mycharString = string(1, b58_digits[mpz_get_ui(remainder.get_mpz_t())]);
    base58string.insert(0, mycharString);
    x = quotient;
    return base58string;
The while loop in pseudocode is simply:
   while(x > 0)
           (x, remainder) = divide(x, 58)
and my output is
privKeyHexa:  3aba4162c7251c891207b747840551a71939b0de081f85c4e44cf7c13e41daa6
bigNumber:    26563230048437957592232553826663696440606756685920117476832299673293013768870
base58 :      4xFNZQXb9uCKNsupB4AsWmiyd1N7Rk1ibQ42GbytvTed
The base58 string (WIF) should start with 5.
according to: mastering Bitcoin Table 4-1.
I have to add a version prefix of 0x80, but where ?
I have the same bigNumber than Example 4-4.
if I add 0x80 to privKeyHexa : 803aba4162c7251c89....
I have a different big number and a wrong result: f6Lnp6NkNmwag....
So where do I add this prefix ?
And do I have to do a checksum somewhere ?

20  Bitcoin / Bitcoin Technical Support / SHA-256 in c++ with crypto++ on: February 25, 2015, 08:29:12 PM

I would like to use the crypto++ librairy to create a transaction from scratch.
My first question is why this code doesn't work:

#include "crypto++/cryptlib.h"
#include "crypto++/sha.h"
#include "crypto++/hex.h"
#include <iostream>
using namespace std;

int main () {
   string myString    = string("abc");
   string myStringSHA = SHA256(myString);
   std::cout << "SHA(abc): " << myStringSHA << std::endl;

the output is:
SHA(abc): #x####AA@###"##a##z###a####

I have the right result with the following:

#include "crypto++/cryptlib.h"
#include "crypto++/sha.h"
#include "crypto++/hex.h"
#include <iostream>
using namespace std;

string SHA256(string);

int main () {
   CryptoPP::SHA256 hash;
    byte digest[ CryptoPP::SHA256::DIGESTSIZE ];
     string message = "abc";

    hash.CalculateDigest( digest, reinterpret_cast<byte*>(&message[0]), message.length() );
    CryptoPP::HexEncoder encoder;
     std::string output;
    encoder.Attach( new CryptoPP::StringSink( output ) );
        encoder.Put( digest, sizeof(digest) );

    std::cout << " " << std::endl << "SHA(abc): " << output << std::endl;

string SHA256(string data)
    byte const* pbData = (byte*);
    unsigned int nDataLen = data.size();
    byte abDigest[CryptoPP::SHA256::DIGESTSIZE];

    CryptoPP::SHA256().CalculateDigest(abDigest, pbData, nDataLen);

    return string((char*)abDigest);

the output is:
SHA(abc): BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD
which is right according to:

Pages: [1]
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!