Bitcoin Forum
December 04, 2016, 12:33:43 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Ukbx -- deterministic private key generator  (Read 1801 times)
Ukigo
Hero Member
*****
Offline Offline

Activity: 924


View Profile
July 13, 2011, 02:09:19 PM
 #1

Hi all !
Ukbx version 0.1 just realesed )

It's there :
http://kona.cinfubox.com/ukbx.htm
and there :
http://pastebin.com/pxuKUB1w
How to install :

1) save ukbx.htm on local disk
2) base64 -d ukbx.htm > ukbx-01.tar.gz
3) tar xvzf ukbx-01.tar.gz
4) read Readme.txt for further instructions

This small package can generate a bunch of unique private keys
from given passphrase and number.
Import those keys into fresh empty wallet with help of
bitcoind with "sipa" patch applied AKA "showwallet" branch.

Keys produced have mostly vanilla random addresses, just like from
original bitcoin client.

From saved passphrase AND number the SAME set of keys
will be easily to repair in the future.

Feel free to tweak ukbx script in order to construct you own unique
deterministic scheme.
Keys created with customized by YOU script with HIGH probability
can not be reproduced by someone else.

Any feedback appreciated, especially about how to add more
entropy to resulting keys.

"...Enemies are everywhere ! Angka is all rage ! Be a good soldiers, blow everything... " <-- Pol Pot (C)
1480854823
Hero Member
*
Offline Offline

Posts: 1480854823

View Profile Personal Message (Offline)

Ignore
1480854823
Reply with quote  #2

1480854823
Report to moderator
1480854823
Hero Member
*
Offline Offline

Posts: 1480854823

View Profile Personal Message (Offline)

Ignore
1480854823
Reply with quote  #2

1480854823
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480854823
Hero Member
*
Offline Offline

Posts: 1480854823

View Profile Personal Message (Offline)

Ignore
1480854823
Reply with quote  #2

1480854823
Report to moderator
1480854823
Hero Member
*
Offline Offline

Posts: 1480854823

View Profile Personal Message (Offline)

Ignore
1480854823
Reply with quote  #2

1480854823
Report to moderator
samr7
Full Member
***
Offline Offline

Activity: 140

Firstbits: 1samr7


View Profile
July 13, 2011, 02:40:50 PM
 #2

Clever idea!

The shell script doesn't work because I seem to be missing a tool called xxd.

The wrtpm program doesn't seem to do anything that absolutely requires ec_lcl.h.  For example, it will directly access eckey->group, but this can be done with the public API EC_KEY_get0_group().  Likewise, pub_key can be accessed using EC_KEY_get0_public_key().

Have you considered using PBKDF2 to produce the private keys?
Ukigo
Hero Member
*****
Offline Offline

Activity: 924


View Profile
July 13, 2011, 03:11:12 PM
 #3

xxd can be obtained from here :
http://ftp://ftp.uni-erlangen.de:21/pub/utilities/etc/xxd-1.10.tar.gz

I am not a C programmer. Forgive me my bad code )
wrtpm was born from some snippet from the Web.
I just change that stuff and add some more.Sure it can be rewritten into perfect utility,
but for me it only working tool.If works - it's Ok for me.
without e-lcl.h it could not be compiled. Maybe you are right - and i will rewrite it later.
e-lcl.h is from openssl source package, not shure why it missing in /usr/include/openssl

My goal was to construct deterministic scheme constructor ,
preferably written in Python or Ruby.
But some important parts of the whole in those languages are missing right now.
and i made decision build ukbx on top of modified Botg.sh
At least first part of the ukbx in my view must be in Python for easy modification.



"...Enemies are everywhere ! Angka is all rage ! Be a good soldiers, blow everything... " <-- Pol Pot (C)
Ukigo
Hero Member
*****
Offline Offline

Activity: 924


View Profile
July 13, 2011, 03:46:31 PM
 #4

It's interesting idea about using PBKDF2 .
I miss this variant.
But given BlackBerry vulnerability and others similar issues how to do it right ?!
Which implementation of PBKDF2 is the best in your opinion ?
Is encfs doing it right way ?

"...Enemies are everywhere ! Angka is all rage ! Be a good soldiers, blow everything... " <-- Pol Pot (C)
samr7
Full Member
***
Offline Offline

Activity: 140

Firstbits: 1samr7


View Profile
July 14, 2011, 12:07:08 AM
 #5

It's interesting idea about using PBKDF2 .
I miss this variant.
But given BlackBerry vulnerability and others similar issues how to do it right ?!
Which implementation of PBKDF2 is the best in your opinion ?
Is encfs doing it right way ?

Implementing PBKDF2 isn't hard, you just have to pick good parameters.  There are three:

  • Hash function
  • Salt
  • Iteration count

Example -- WiFi WPA/WPA2 PSK uses SHA1, 4096 iterations, salted with the SSID.
Example -- TrueCrypt uses RIPEMD160 (or others), 1000 or 2000 iterations, and a large random salt.
Example -- Linux LUKS uses SHA1 (or others), a varying number of iterations based on CPU power (>100000), and a large random salt.

BlackBerry screwed up by choosing only a single iteration, making their keys vulnerable to brute forcing.

For this application, since you want the password to convert directly to the private key without any other stored parameters, your options are more limited.  Salting will offer little added security because you'll have to choose an empty salt or a constant salt.  However, you can opt for a huge number of iterations, and it would be quite secure.
Ukigo
Hero Member
*****
Offline Offline

Activity: 924


View Profile
July 14, 2011, 03:02:21 AM
 #6

Thanks a lot .
yesterday a have dig out Python stuff for PBKDF2.

Below scheme i consider to implement :
 
1) User input 4 params : passphrase, hash function (maybe complex one) ,
  some input for salt, number of iterations.

2) application generate key from that user input, using hash of 3rd parameter
 as long enough pseudorandom  salt. (whirlpool or sha512)

3) number of iterations  will be between 30000 and 100000.

Probably enough secure.
But this system will create only 1 key, right ?

What if we will pick 1 key say every 1777 iterations , starting from 30000th iteration.
With such approach we can have a lot of keys quite securely created from ONLY
3 parameters.

Any thoughts ?


"...Enemies are everywhere ! Angka is all rage ! Be a good soldiers, blow everything... " <-- Pol Pot (C)
Enochian
Full Member
***
Offline Offline

Activity: 126


View Profile
July 14, 2011, 03:14:01 AM
 #7

Since your private key can't be recovered from your public key or address, it's safe to generate one private key, which is a 256 bit integer, and just use consecutive integers starting from there as additional private keys.

The starting private key can just be the hash of your passphrase.  Anything more complicated than this is overkill, unless you plan to give one of the private keys to someone else.

Ukigo
Hero Member
*****
Offline Offline

Activity: 924


View Profile
July 14, 2011, 03:32:11 AM
 #8

Good point

"...Enemies are everywhere ! Angka is all rage ! Be a good soldiers, blow everything... " <-- Pol Pot (C)
TierNolan
Legendary
*
Offline Offline

Activity: 1036


View Profile
July 14, 2011, 10:56:55 AM
 #9

There are two threads on "deterministic wallet" and one has a way to allow generation of the public and private part separately.

If you have master public key, you can generate the public key that matches a particular number.  However, to spend the money, you need the master private key.

This would allow a wallet that can generate lots of addresses to accept money but not spend it (you would need the private key for that).

1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
Ukigo
Hero Member
*****
Offline Offline

Activity: 924


View Profile
July 14, 2011, 02:11:40 PM
 #10

I have read 3 threads about deterministic wallet - mostly theory was there.

My goal is to build tool for predefined keys, not wallet as a whole.
Those keys after creation will be possible to import in different wallets,
in diff. combinations, even with alternative Bitcoin client.
This will be not so easy with proposed deterministic wallet.

Currently i am working on another PBKDF2 based solution.
Coming soon.

"...Enemies are everywhere ! Angka is all rage ! Be a good soldiers, blow everything... " <-- Pol Pot (C)
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!