Bitcoin Forum
May 06, 2024, 06:09:54 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Wallet software > Armory > Armory Homomorphic encryption explanation
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Armory Homomorphic encryption explanation  (Read 2454 times)
wingsuit (OP)
Member
**
Offline Offline

Activity: 64
Merit: 10


2100 trillion sats baby


View Profile
May 15, 2013, 10:04:13 AM
Last edit: May 15, 2013, 10:26:07 AM by wingsuit
 #1
Can you give a very brief explanation of the deterministic wallet in Armory, specifically how it achieves public key generation without needing the private keys.

Also your thoughts on how this quote relates to Armory -- 'Visions of a fully homomorphic cryptosystem have been dancing in cryptographers' heads for thirty years. I never expected to see one. It will be years before a sufficient number of cryptographers examine the algorithm that we can have any confidence that the scheme is secure.' Bruce Schneier

EDIT: Okay I see that this is discussed here https://en.bitcoin.it/wiki/BIP_0032.
FLY
1715018994
Hero Member
*
Offline Offline

Posts: 1715018994

View Profile Personal Message (Offline)

Ignore
1715018994
1715018994
Reply with quote  #2
1715018994
Report to moderator
No Gods or Kings. Only Bitcoin
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1715018994
Hero Member
*
Offline Offline

Posts: 1715018994

View Profile Personal Message (Offline)

Ignore
1715018994
1715018994
Reply with quote  #2
1715018994
Report to moderator
1715018994
Hero Member
*
Offline Offline

Posts: 1715018994

View Profile Personal Message (Offline)

Ignore
1715018994
1715018994
Reply with quote  #2
1715018994
Report to moderator
1715018994
Hero Member
*
Offline Offline

Posts: 1715018994

View Profile Personal Message (Offline)

Ignore
1715018994
1715018994
Reply with quote  #2
1715018994
Report to moderator
etotheipi
Legendary
*
Offline Offline

Activity: 1428
Merit: 1093


Core Armory Developer


View Profile WWW
May 15, 2013, 01:41:40 PM
 #2
Armory will be upgrading to BIP32, but at the moment it uses it's own homegrown version of "Type 2" deterministic wallets.  After all, it was the first application to implement them, so I couldn't really have followed any standard Smiley  But it's not homomorphic encryption.  Homomorphic encryption is pretty neat and enables some pretty cool capabilities, in general, but I haven't thought about whether it could be useful for Bitcoin.   I bet, if we upgraded the scripting environment, we could find something interesting, but I'm not sure how useful it would be.  It would certainly be a fun discussion to have...

For reference, Armory's wallet chain together like this:

Code:
PrivKey[0] = Random(32)
Chaincode  = Random(32)
PubKey[0]  = Priv2Pub(PrivKey[0])

Then

Code:
PrivKey[i+1] = (hash256(PubKey[i]) XOR chaincode) * PrivKey[i]
 PubKey[i+1] = (hash256(PubKey[i]) XOR chaincode) *  PubKey[i]

Where the multiplication (*) is scalar-multiplication-mod-N in the first line, and it's elliptic-curve-point-mult-by-scalar on the second line.  The magic of elliptic curve math is that if N is equal to the number of points on the elliptic curve, then you end up with matching private and public keychains on both sides.

I had actually been meaning to document this precisely somewhere.  I guess this was my excuse.
Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
oakpacific
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


View Profile
May 15, 2013, 03:16:01 PM
 #3
Quote from: etotheipi on May 15, 2013, 01:41:40 PM
Armory will be upgrading to BIP32, but at the moment it uses it's own homegrown version of "Type 2" deterministic wallets.  After all, it was the first application to implement them, so I couldn't really have followed any standard Smiley  But it's not homomorphic encryption.  Homomorphic encryption is pretty neat and enables some pretty cool capabilities, in general, but I haven't thought about whether it could be useful for Bitcoin.   I bet, if we upgraded the scripting environment, we could find something interesting, but I'm not sure how useful it would be.  It would certainly be a fun discussion to have...

For reference, Armory's wallet chain together like this:

Code:
PrivKey[0] = Random(32)
Chaincode  = Random(32)
PubKey[0]  = Priv2Pub(PrivKey[0])

Then

Code:
PrivKey[i+1] = (hash256(PubKey[i]) XOR chaincode) * PrivKey[i]
 PubKey[i+1] = (hash256(PubKey[i]) XOR chaincode) *  PubKey[i]

Where the multiplication (*) is scalar-multiplication-mod-N in the first line, and it's elliptic-curve-point-mult-by-scalar on the second line.  The magic of elliptic curve math is that if N is equal to the number of points on the elliptic curve, then you end up with matching private and public keychains on both sides.

I had actually been meaning to document this precisely somewhere.  I guess this was my excuse.

As long as the chaincode remains secret, the unreused deterministic addresses will have the same kind of quantum computer resistance as the non-deterministic ones, right?
https://tlsnotary.org/ Fraud proofing decentralized fiat-Bitcoin trading.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
May 15, 2013, 03:25:06 PM
 #4
OP should retitle the topic as it is misleading, I thought Armory was doing some experimentation in HE.  As pointed out neither Armory nor any Bitcoin related software uses homomorphic encryption. 

etotheipi
Legendary
*
Offline Offline

Activity: 1428
Merit: 1093


Core Armory Developer


View Profile WWW
May 15, 2013, 03:29:03 PM
 #5
Quote from: oakpacific on May 15, 2013, 03:16:01 PM
As long as the chaincode remains secret, the quantum computer resistance of unreused addresses will not be weakened, right?

That's correct.  The terminology I use is that the chaincode is "sensitive" but not "private".  Meaning, that you shouldn't make your chaincode public, but in the absence of QCs, it's just a breach of privacy, not security (people can now see all your wallet transactions, but cannot spend your coins).   If QCs are around, that's a whole different story -- in that case the chaincode would need to be kept securely, though the Bitcoin protocol would be changing to QC-resistant algos, and all this discussion about it is probably moot.
Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Wallet software > Armory > Armory Homomorphic encryption explanation
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!