casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
August 08, 2011, 06:55:35 AM |
|
Does anyone know where I could find a sample of C code that can perform an EC multiply, or in other words, convert a bitcoin private key to public key? The code needs to be in straight C with no library dependencies of any kind.
If I had such a thing, I could probably come up with an application for a VeriFone POS terminal (a reprogrammed bankcard machine) that could be seeded once with a deterministic wallet, and then could spit out "bitcoin tickets" with QR codes on its built in receipt printer. Thus, all a merchant would have to do to safely accept Bitcoin is buy this POS terminal. Anytime someone wanted to send them bitcoins they would just print off a unique address/QR code, the terminal itself would merely query BlockExplorer or equivalent to confirm that funds were received.
The terminal itself would play no part in receiving or storing the bitcoins, nor would it act as a peer-to-peer node or download the block chain. It would merely dispense bitcoin addresses on paper, as well as query balances at addresses via an external web service.
Ideally I would want the terminal to accept a passphrase one time, internally generate tens of thousands of bitcoin addresses using the passphrase as seed, and save them to flash memory, and then discard all the private keys. The business owner would access the bitcoins by generating a wallet.dat with the same passphrase as seed, so they would not need MyBitcoin or any similar service. The terminal would serve merely as an address/QRcode dispenser and as a way to display or print the amount of funds received once the funds were noticed on the block chain.
This device runs a proprietary OS but can handle straight C code.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|
|
|
|
|
You can see the statistics of your reports to moderators on the "Report to moderator" pages.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
indio007
|
|
August 08, 2011, 07:03:49 AM |
|
How are they going to ultimately receive funds without a private key? or am I just confused?
|
|
|
|
GeniuSxBoY
|
|
August 08, 2011, 07:14:32 AM |
|
Bitcoins on thermal paper is not a good idea.
bitcoins applied to a credit card, great idea.
|
Be humble!
|
|
|
Enochian
|
|
August 08, 2011, 07:49:58 AM |
|
Does anyone know where I could find a sample of C code that can perform an EC multiply, or in other words, convert a bitcoin private key to public key? The code needs to be in straight C with no library dependencies of any kind.
I would suggest downloading the source code for OpenSSL, and simply purloining the small set of C routines involved in EC point arithmetic. http://www.openssl.org/source/I have my own EC routines in my J client, if you just want to know what the math looks like. NB. Modular reciprocal mrcp =: 4 : 0 x =. x: x y =. x | x: y qq =: x: 0 0 rr =: x,y tt =: x: 0 1 while. 0 ~: _1 { rr do. qq =: qq,(<.@%)/_2 _1{rr rr =: rr,|/_1 _2{rr tt =: x|tt,(_2{tt)-(_1{qq)*(_1{tt) end. _2{tt ) prcp =: Ep & mrcp NB. Doubling a point pdub =: 3 : 0 'xj yj' =: x: y if. yj = 0 do. _ else. s =: Ep | 3 * xj * xj * prcp 2 * yj xl =: Ep| (s * s) - 2 * xj yl =: Ep | (-yj) + s * (xj - xl) xl,yl end. ) NB. EC add padd =: 4 : 0 'xj yj' =: x: x 'xk yk' =: x: y if. xj ~: xk do. s =: Ep | (yj - yk) * prcp xj - xk xl =: Ep | (s*s) - (xj + xk) yl =: Ep | (-yj) + s *(xj - xl) xl,yl else. if. yj = yk do. pdub x else. _ end. end. ) NB. EC Multiply pmul =: 4 : 0 y =. x: y x =. x: x if. x = 0 do. _ else. z =: 0 2$0x while. x ~: 0 do. if. 1 = 2 | x do. z =: z,y end. x =. <. x % 2 y =. pdub y end. padd/z end. ) NB. Making a public key from a private key pubkey =: 3 : 'y pmul EG' Happy Programming.
|
|
|
|
makomk
|
|
August 08, 2011, 09:07:04 AM |
|
I'm interested in finding such code too but so far I haven't had any luck. The most popular simple pure-C crypto library is libtomcrypt, but it apparently uses optimisations that are incompatible with the elliptic curve used by Bitcoin.
|
Quad XC6SLX150 Board: 860 MHash/s or so. SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
|
|
|
willphase
|
|
August 08, 2011, 09:14:29 AM |
|
I believe there is some python EC code somewhere on the forum that has no dependencies. You should be able to take that and port it to C. I'll try and find it tonight, for now subscribing.
Will
|
|
|
|
vector76
Member
Offline
Activity: 70
Merit: 18
|
|
August 08, 2011, 09:42:44 AM |
|
OpenSSL is straight C code and should work in an embedded environment. Just take the parts you need.
|
|
|
|
wumpus
|
|
August 08, 2011, 09:48:41 AM |
|
OpenSSL is straight C code and should work in an embedded environment. Just take the parts you need.
I agree. It's also the least risky approach. You know what they say, never write your own crypto code. And when you take the code out of OpenSSL you can at least be sure it is compatible.
|
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
|
|
|
samr7
Full Member
Offline
Activity: 140
Merit: 430
Firstbits: 1samr7
|
|
August 08, 2011, 10:00:16 AM Last edit: August 08, 2011, 10:24:46 AM by samr7 |
|
A C implementation of EC functions will tend to depend on a bignum arithmetic library. OpenSSL has its own. Tomcrypt provides a choice. Getting one of these bignum libraries to run on your device will probably guide your choice of EC implementation.
|
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
August 08, 2011, 03:00:03 PM |
|
How are they going to ultimately receive funds without a private key? or am I just confused?
They will regenerate the same series of keys on their computer into a wallet.dat with a deterministic wallet generator. The generator uses a passphrase to generate a whole wallet, and always generates the same wallet given the same passphrase. Bitcoins on thermal paper is not a good idea.
The thermal paper can be thrown away once the transfer is made. The paper is merely to give the customer an address and a way to scan it in. The bitcoins themselves are persisted with the passphrase and the duplicate wallet generated therefrom.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
willphase
|
|
August 08, 2011, 08:23:14 PM |
|
I believe there is some python EC code somewhere on the forum that has no dependencies. You should be able to take that and port it to C. I'll try and find it tonight, for now subscribing.
Will
The code I was looking for is here: http://bitcointalk.org/index.php?topic=23241.0Not sure if that helps, but it has no visible dependencies and can probably be C-ificiated pretty easily if it fits your needs Will
|
|
|
|
rabit
Member
Offline
Activity: 62
Merit: 10
|
|
August 08, 2011, 09:58:29 PM |
|
|
|
|
|
makomk
|
|
August 13, 2011, 10:23:34 PM |
|
Here's something I literally just bodged together quickly using TomFastMath for a project I'll get around to any year now. Should hopefully be reasonably portable, if not the smallest or most efficient code in the world. Be sure to read the disclaimer!
|
Quad XC6SLX150 Board: 860 MHash/s or so. SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
|
|
|
|