Bitcoin Forum
December 08, 2016, 04:32:08 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: C code for elliptic curve multiply / POS application  (Read 3057 times)
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
August 08, 2011, 06:55:35 AM
 #1

Does anyone know where I could find a sample of C code that can perform an EC multiply, or in other words, convert a bitcoin private key to public key?  The code needs to be in straight C with no library dependencies of any kind.

If I had such a thing, I could probably come up with an application for a VeriFone POS terminal (a reprogrammed bankcard machine) that could be seeded once with a deterministic wallet, and then could spit out "bitcoin tickets" with QR codes on its built in receipt printer.  Thus, all a merchant would have to do to safely accept Bitcoin is buy this POS terminal.  Anytime someone wanted to send them bitcoins they would just print off a unique address/QR code, the terminal itself would merely query BlockExplorer or equivalent to confirm that funds were received.

The terminal itself would play no part in receiving or storing the bitcoins, nor would it act as a peer-to-peer node or download the block chain.  It would merely dispense bitcoin addresses on paper, as well as query balances at addresses via an external web service.

Ideally I would want the terminal to accept a passphrase one time, internally generate tens of thousands of bitcoin addresses using the passphrase as seed, and save them to flash memory, and then discard all the private keys.  The business owner would access the bitcoins by generating a wallet.dat with the same passphrase as seed, so they would not need MyBitcoin or any similar service.  The terminal would serve merely as an address/QRcode dispenser and as a way to display or print the amount of funds received once the funds were noticed on the block chain.

This device runs a proprietary OS but can handle straight C code.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
indio007
Full Member
***
Offline Offline

Activity: 210


View Profile
August 08, 2011, 07:03:49 AM
 #2

How are they going to ultimately receive funds without a private key? or am I just confused?
GeniuSxBoY
Hero Member
*****
Offline Offline

Activity: 546



View Profile
August 08, 2011, 07:14:32 AM
 #3

Bitcoins on thermal paper is not a good idea.



bitcoins applied to a credit card, great idea.
Enochian
Full Member
***
Offline Offline

Activity: 126


View Profile
August 08, 2011, 07:49:58 AM
 #4

Does anyone know where I could find a sample of C code that can perform an EC multiply, or in other words, convert a bitcoin private key to public key?  The code needs to be in straight C with no library dependencies of any kind.

I would suggest downloading the source code for OpenSSL, and simply purloining the small set of C routines involved in EC point arithmetic.

http://www.openssl.org/source/

I have my own EC routines in my J client, if you just want to know what the math looks like.

NB. Modular reciprocal

   mrcp =: 4 : 0
x =. x: x
y =. x | x: y
qq =: x: 0 0
rr =: x,y
tt =: x: 0 1

while.  0 ~: _1 { rr
do.
   qq =: qq,(<.@%)/_2 _1{rr
   rr =: rr,|/_1 _2{rr
   tt =: x|tt,(_2{tt)-(_1{qq)*(_1{tt)
end.
_2{tt
)

prcp =: Ep & mrcp

NB. Doubling a point

   pdub =: 3 : 0
'xj yj' =: x: y
if. yj = 0
do. _
else.
   s =: Ep | 3 * xj * xj * prcp 2 * yj
   xl =: Ep| (s * s) - 2 * xj
   yl =: Ep | (-yj) + s * (xj - xl)
   xl,yl
end.
)

NB. EC add

   padd =: 4 : 0
'xj yj' =: x: x
'xk yk' =: x: y
if. xj ~: xk
do.
   s =: Ep | (yj - yk) * prcp xj - xk
   xl =: Ep | (s*s) - (xj + xk)
   yl =: Ep | (-yj) + s *(xj - xl)
   xl,yl
else.
   if. yj = yk
   do. pdub x
   else. _
   end.
end.
)

NB. EC Multiply

   pmul =: 4 : 0
y =. x: y
x =. x: x
if. x = 0
do. _
else.
   z =: 0 2$0x
   while. x ~: 0
   do.
      if. 1 = 2 | x
      do. z =: z,y
      end.
      x =. <. x % 2
      y =. pdub y   
   end.
   padd/z
end.
)

NB.  Making a public key from a private key

pubkey =: 3 : 'y pmul EG'


Happy Programming.





makomk
Hero Member
*****
Offline Offline

Activity: 686


View Profile
August 08, 2011, 09:07:04 AM
 #5

I'm interested in finding such code too but so far I haven't had any luck. The most popular simple pure-C crypto library is libtomcrypt, but it apparently uses optimisations that are incompatible with the elliptic curve used by Bitcoin.

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
willphase
Hero Member
*****
Offline Offline

Activity: 770


View Profile
August 08, 2011, 09:14:29 AM
 #6

I believe there is some python EC code somewhere on the forum that has no dependencies. You should be able to take that and port it to C. I'll try and find it tonight, for now subscribing.

Will

vector76
Member
**
Offline Offline

Activity: 70


View Profile
August 08, 2011, 09:42:44 AM
 #7

OpenSSL is straight C code and should work in an embedded environment.  Just take the parts you need.
wumpus
Hero Member
*****
qt
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
August 08, 2011, 09:48:41 AM
 #8

OpenSSL is straight C code and should work in an embedded environment.  Just take the parts you need.
I agree. It's also the least risky approach. You know what they say, never write your own crypto code. And when you take the code out of OpenSSL you can at least be sure it is compatible.


Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
samr7
Full Member
***
Offline Offline

Activity: 140

Firstbits: 1samr7


View Profile
August 08, 2011, 10:00:16 AM
 #9

A C implementation of EC functions will tend to depend on a bignum arithmetic library.  OpenSSL has its own. Tomcrypt provides a choice.  Getting one of these bignum libraries to run on your device will probably guide your choice of EC implementation.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
August 08, 2011, 03:00:03 PM
 #10

How are they going to ultimately receive funds without a private key? or am I just confused?

They will regenerate the same series of keys on their computer into a wallet.dat with a deterministic wallet generator. The generator uses a passphrase to generate a whole wallet, and always generates the same wallet given the same passphrase.


Bitcoins on thermal paper is not a good idea.


The thermal paper can be thrown away once the transfer is made. The paper is merely to give the customer an address and a way to scan it in. The bitcoins themselves are persisted with the passphrase and the duplicate wallet generated therefrom.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
willphase
Hero Member
*****
Offline Offline

Activity: 770


View Profile
August 08, 2011, 08:23:14 PM
 #11

I believe there is some python EC code somewhere on the forum that has no dependencies. You should be able to take that and port it to C. I'll try and find it tonight, for now subscribing.

Will

The code I was looking for is here:

http://bitcointalk.org/index.php?topic=23241.0

Not sure if that helps, but it has no visible dependencies and can probably be C-ificiated pretty easily if it fits your needs

Will

rabit
Member
**
Offline Offline

Activity: 62


View Profile
August 08, 2011, 09:58:29 PM
 #12

This C lib has addition of points on elliptic curves:
http://www.ceid.upatras.gr/faculty/zaro/software/ecc-lib/
makomk
Hero Member
*****
Offline Offline

Activity: 686


View Profile
August 13, 2011, 10:23:34 PM
 #13

Here's something I literally just bodged together quickly using TomFastMath for a project I'll get around to any year now. Should hopefully be reasonably portable, if not the smallest or most efficient code in the world. Be sure to read the disclaimer!

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!