IOTA

[Come-from-Beyond]

Come on CfB you know what we mean:
"bupqcn01srbheze1o999" is randomized and fulfills your password suggestion before, but not after, disclosing the "trailing 9"-thing.
 

The security of this password is more than 80 bits, it's more than security of the password used by me LOL.

[LiQio]

Come on CfB you know what we mean:
"bupqcn01srbheze1o999" is randomized and fulfills your password suggestion before, but not after, disclosing the "trailing 9"-thing.
 

The security of this password is more than 80 bits, it's more than security of the password used by me LOL.

bupqcn01srbheze1o999 -> 81 bits
bupqcn01srbheze1o -> 71 bits

=> mention it.

[Come-from-Beyond]

bupqcn01srbheze1o999 -> 81 bits
bupqcn01srbheze1o -> 71 bits

=> mention it.

David will decide, my opinion is that too many details is rather bad than good. If someone managed to send bitcoins then their IQ is high enough to generate a good password.

[rlh]

Sorry for my ignorance but is "SaM" hashing the full process of taking a clear text string (the users passphrase) and converting it to an address hash?

Because in your code, you have operations such as 9 hashing rounds x (729 iterations for some left/right calculations + another 729 iterations for left/right index assignments and look ups.)  So, that operation alone is 13,122 operations within your transform method... which gets called multiple times per address.

Again, I need to dig into this and figure out the point of each step in your code, but with the exception of initializing the INDICES table just once, I have to execute all of your code for each address.

I hate to ask for a cheat, but are there other ways that some of this could be cached or simplified for barebones address creation?

SaM is just a hash function - https://github.com/JinnLabs/SaM/blob/master/src/SaM.java. A single hash requires 19683 lookups to F.

FYI, I did a bit of counting.  Your address generator calls your transform() function 101(!) times on the state[] array.  This means that the seed is hashed 101 times.  When I count all of the lookups to F within the transform method, I see 19,683 lookups (which is your number.)  This means that F is accessed 1,987,983.

Also, I forgot to stop looking at benchmarks in the debugger (derp!).  My i5 is generating about 21 addresses/sec in Visual Studio while outside of VS I'm getting 108 addresses/sec.

[Come-from-Beyond]

FYI, I did a bit of counting.  Your address generator calls your transform() function 101(!) times on the state[] array.  This means that the seed is hashed 101 times.  When I count all of the lookups to F within the transform method, I see 19,683 lookups (which is your number.)  This means that F is accessed 1,987,983.

Also, I forgot to stop looking at benchmarks in the debugger (derp!).  My i5 is generating about 21 addresses/sec in Visual Studio while outside of VS I'm getting 108 addresses/sec.

Some hashings are not necessary to get an address, the logic (not reflected in the code) is:

1. Take random string of trits
2. Hash it to get a 243-trit account seed
3. By adding 0, 1, 2, ... to the seed and hashing it we get different key seeds
4. By hashing each key seed 9 times we get 27 key fragments (a hash contains 3 keys at once because a key fragment is 81 trits while a hash is 243 trits)
5. Each key fragment must be hashed 27 times, after each hashing only first 81 trits are taken
6. Once we get 27 key fragments hashed 27 times each we concatenate them into a 2187-trit string
7. Hashing of this string (requires 9 invocations of SaM transform function) gives 243 trits of the address

This method allows to deterministically generate infinite number of addresses not linked together (for an outside observer) by having a single account seed.

[rlh]

I had asked a couple questions regarding your comments... I'll dig into this deeper, later.  I'm starting to understand.

Unrelated question, regarding your tryte array (tryteTrits)  maybe I'm missing the pattern, but what determined the order of these sub-arrays (Each containing 3 trits)  If I were to create such an array, it would have looked like:

Code:

int[][] tryteTrits = 
    {
        {0,0,0}, {0,0,-1}, {0,0,1}
        {0,-1,0}, {0,-1,-1}, {0,-1,1}
        {0,1,0}, {0,1,-1}, {0,1,1}
         ...
    }

This seems to be a semi-natural progression of values.  Was there a good, logical reason for the much different ordering of trytes?

[Come-from-Beyond]

I've sent alpha version code to those who offered their help. The review shouldn't take much time, it was only back-end code. While we are waiting I'll start writing real (non-reference) version. The difference between these versions is that the latter will be more complex, but optimized.

[Come-from-Beyond]

Unrelated question, regarding your tryte array (tryteTrits)  maybe I'm missing the pattern, but what determined the order of these sub-arrays (Each containing 3 trits)  If I were to create such an array, it would have looked like:

Code:

int[][] tryteTrits = 
    {
        {0,0,0}, {0,0,-1}, {0,0,1}
        {0,-1,0}, {0,-1,-1}, {0,-1,1}
        {0,1,0}, {0,1,-1}, {0,1,1}
         ...
    }

This seems to be a semi-natural progression of values.  Was there a good, logical reason for the much different ordering of trytes?

Your order gives the following numerical values:

 0   26    1
24  23  25
 3   2    4

[rlh]

comments and questions redacted... I'll figure this out on my own.

[Come-from-Beyond]

A script kiddy is playing with our server right now. Hold on.

[AltcoinScamfinder]

A script kiddy is playing with our server right now. Hold on.

When you are successful enough that some 4chan child takes notice, you have come a long way.

[Come-from-Beyond]

To those who don't find their address in http://188.138.57.93/old.txt - reenter it again via collect.iotatoken.com, please. No need to resend the payment.

[rlh]

Sorry, I'll try to quite down in a bit but regarding code review, should we post our questions here, or via PM?  I already see something that I'd like to explain, but if you'd prefer for review questions to be asked in a private/semi-private manner, let me know.

[Come-from-Beyond]

Sorry, I'll try to quite down in a bit but regarding code review, should we post our questions here, or via PM?  I already see something that I'd like to explain, but if you'd prefer for review questions to be asked in a private/semi-private manner, let me know.

PM or Ryver if you need realtime.

[Come-from-Beyond]

There has arised a little misunderstanding regarding the reviewed code. To make it clear:

1. It's a back-end, some things like transaction signing will be done in front-end, this is why this code absents
2. It's a reference implementation, some things are not efficient because readability had the highest priority
3. Iota is lightweight literally, it's not a marketing trick. A single transaction format, a single packet format, a single workflow for data sharing - all these things led to little code.

[Come-from-Beyond]

I got some questions about the code, I'll post replies here so other reviewers will see them too.


There are transactions in Iota and their bundles. A bundle = one or several transactions. Every transaction can be a message, an output or an input. A message doesn't change balances and can contain any data. An output is an operation that increases the balance of an address. An input is an operation that decreases the balance of an address.

A typical transaction bundle may look like this:

-500 XXX
+400 YYY
+100 ZZZ
0 For Neuropozyne (50mg)

Here we see that XXX sends 400 iotas to YYY and 100 iotas (change) back to himself. There are 4 transactions, -500 is input and +400 and +100 are outputs. So transactions with negative values are possible. 0-value transactions can be ignored when calculating balances.


SaM hashing function is my invention. I used the same principle as was used in Keccak aka SHA-3 and followed all advices that I found in papers analyzing security of other hash functions. It doesn't guarantee that SaM is cryptographically secure, it's impossible to prove that a particular hashing function is secure (unless it's a balanced bent function which doesn't actually exist), only time can increase assurance that SaM is secure. There is no another trinary function which suits our needs, so not much choice here.

If we assume that SaM is cryptographically secure then the rest is secure (to some degree defined by the signer), because Iota uses Winternitz one-time signature scheme which is well-studied.


We already contacted cryptographers asking them to review SaM but this process is long, also they, of course, are busy with their own stuff.

[WorldCoiner]

Very interesting and new concept Come-from-beyond. Thanks for keeping us in the loop here.

Merry Christmas IOTA-Team!

[superresistant]

 
[solved]
I am not sure I understand this step :

type the address that you just generated into the form below. Hit 'Send' to get the amount of satoshis to transfer in order to verify your ownership.

Can someone rephrase this ?

I never got "the amount of satoshis to transfer in order to verify my ownership", is it a bug ? I only get a blank page.
I guess the server is saturated of request... I'll try later.


EDIT : I forgot to remove the space before the last 2 letters so the site didn't recognize my address. Thanks Come-from-Beyond.

[Come-from-Beyond]

I am not sure I understand this step :

type the address that you just generated into the form below. Hit 'Send' to get the amount of satoshis to transfer in order to verify your ownership.

Can someone rephrase this ?

I never got "the amount of satoshis to transfer in order to verify my ownership", is it a bug ? I only get a blank page.
I guess the server is saturated of request... I'll try later.

Post you address.

[l8orre]

I have just sent my BTC pilot TX- it should be all right, but can I verify its correctness somewhere?