Nicolas Dorier (OP)
|
|
May 26, 2014, 03:50:02 PM |
|
Just checked Usage: sx stealth-uncover EPHEM_PUBKEY SCAN_SECRET SPEND_PUBKEY NICO@aois-linux2:~$ sx stealth-uncover 02d3a7c713f0fb9eadaf23d121f5f66a11f4ca780a353ecb1c88ae48646529e1d6 cc411aab02edcd3bccf484a9ba5280d4a774e6f81eac8ebec9cb1c2e8f73020a 02a60d70cfba37177d8239d018185d864b2bdd0caf5e175fd4454cc006fd2d75ac 02bbc9fccbe03de928fc66fcd176fbe69d3641677970c6f8d558aa72f72e35e0cb
Which is the address where I sent.
|
Bitcoin address 15sYbVpRh6dyWycZMwPdxJWD4xbfxReeHe
|
|
|
Nicolas Dorier (OP)
|
|
May 26, 2014, 03:53:42 PM |
|
dont ask me why it is always 03 - it is also strange for me.
but now at least I know how to recover the coins we lost before. where do you want them?
You can send back to me. However your result is not consistent with SX why is it the case ? Which one to trust ?
|
Bitcoin address 15sYbVpRh6dyWycZMwPdxJWD4xbfxReeHe
|
|
|
piotr_n
Legendary
Offline
Activity: 2055
Merit: 1359
aka tonikt
|
|
May 26, 2014, 03:55:22 PM |
|
What is your address?
It seems like the implantation in sx is different from the one in DW. DW always overwrites 02 with 03 before hashing it. sx - doesnt seem so; takes either 02 or 03, depending how it came out. Now we need to figure how it should be.
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
|
Nicolas Dorier (OP)
|
|
May 26, 2014, 03:59:32 PM |
|
need to ask to genjix on irc, i'll contact him.
mwdJkHRNJi1fEwHBx6ikWFFuo2rLBdri2h
|
Bitcoin address 15sYbVpRh6dyWycZMwPdxJWD4xbfxReeHe
|
|
|
piotr_n
Legendary
Offline
Activity: 2055
Merit: 1359
aka tonikt
|
|
May 26, 2014, 04:01:19 PM |
|
ok. let me know what you found.
sent you back the coins.
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
Nicolas Dorier (OP)
|
|
May 26, 2014, 04:16:08 PM |
|
he is afk for now. So if I understand, the difference lies when I calculate the shared secret after the EC multiply. My code and SX : var pBytes = new PubKey(p.GetEncoded()).Compress().ToBytes(); var hash = Hashes.SHA256(pBytes);
DW : var pBytes = new PubKey(p.GetEncoded()).Compress().ToBytes(); pBytes[0] = 0x03; var hash = Hashes.SHA256(pBytes);
It about : c = H(eQ) = H(dP) at https://wiki.unsystem.net/index.php/DarkWallet/Stealth#Dual-key_stealth
|
Bitcoin address 15sYbVpRh6dyWycZMwPdxJWD4xbfxReeHe
|
|
|
piotr_n
Legendary
Offline
Activity: 2055
Merit: 1359
aka tonikt
|
|
May 26, 2014, 04:18:35 PM |
|
yeah I also asked it at #darkwallet, but ATM there isn't anyone around to answer yes - except that the value is 0x03, not 0x02: var pBytes = new PubKey(p.GetEncoded()).Compress().ToBytes(); pBytes[0] = 0x03; var hash = Hashes.SHA256(pBytes); I'm happy to change it in my code, but first let's figure out which approach is the desired one
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
Nicolas Dorier (OP)
|
|
May 26, 2014, 04:21:58 PM |
|
I fixed my response, yes this is problematic since I don't think it is good to break existing clients and scanners. Maybe the scanner will need to handle both case
|
Bitcoin address 15sYbVpRh6dyWycZMwPdxJWD4xbfxReeHe
|
|
|
piotr_n
Legendary
Offline
Activity: 2055
Merit: 1359
aka tonikt
|
|
May 26, 2014, 04:25:26 PM |
|
I fixed my response, yes this is problematic since I don't think it is good to break existing clients and scanners. Maybe the scanner will need to handle both case nobody really uses stealth addresses yet - I don't mind changing my scanner. it's better to do it now than to wait longer or (even worse) to check for both the values. there are obviously two different approaches which are compatible only in 50% of cases. I wonder which of the two is in Electrum.
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
|
Nicolas Dorier (OP)
|
|
May 26, 2014, 05:25:17 PM |
|
From : https://github.com/darkwallet/darkwallet/blob/develop/js/util/stealth.js#L42Is seems the JS implementation is not quite right. A compressed pub key in the X coordinate of ECPoint, with 02 or 03 indicating if Y the odd or even. From this two information, you can recalculate the Y which is lost during compression. The JS implementation assume that Y is always odd... a simple modulo test on Y just before the concat would solve the problem.
|
Bitcoin address 15sYbVpRh6dyWycZMwPdxJWD4xbfxReeHe
|
|
|
piotr_n
Legendary
Offline
Activity: 2055
Merit: 1359
aka tonikt
|
|
May 26, 2014, 05:28:59 PM |
|
agreed but I think this implementation is based on the one from electrum, where it seems even more clear that someone just forgot to check the Y's parity, before prefixing X with the proper byte: https://github.com/dabura667/electrum/blob/StealthAddressSend/lib/bitcoin.py#L619
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
|
piotr_n
Legendary
Offline
Activity: 2055
Merit: 1359
aka tonikt
|
|
May 26, 2014, 05:43:45 PM Last edit: May 26, 2014, 06:00:53 PM by piotr_n |
|
it is not my code, but I believe Y has a method isEven() that works faster than mod(2) var S1 = [ point.getY().isEven() ? 2 : 3 ].concat(point.getX().toBigInteger().toByteArrayUnsigned()); EDIT: actually, I believe the proper way is to just use the function that is already there for it: var S1 = point.getEncoded(true)
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
piotr_n
Legendary
Offline
Activity: 2055
Merit: 1359
aka tonikt
|
|
May 26, 2014, 05:51:58 PM |
|
and why you cannot run it? don't you have chrome?
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
Nicolas Dorier (OP)
|
|
May 26, 2014, 06:01:11 PM |
|
I hate javascript, I'll let the creator of the lib take the relay for the pull I sent an issue for the electrum python version of the bug. and why you cannot run it? don't you have chrome? I'm just lazy to setup a page that include these scripts, and creating a piece of code that will pass where the bug is. I hate javascript so much.
|
Bitcoin address 15sYbVpRh6dyWycZMwPdxJWD4xbfxReeHe
|
|
|
piotr_n
Legendary
Offline
Activity: 2055
Merit: 1359
aka tonikt
|
|
May 26, 2014, 06:04:51 PM |
|
I'm just lazy to setup a page that include these scripts, and creating a piece of code that will pass where the bug is. I hate javascript so much. You don't need to setup any page - its a fully functional extension for chrome. Just checkout the repo from github, go to Chrome's "Extensions" page, enable "Developer mode" and "Load unpacked extension..." pointing it to the darkwallet folder (the one with manifest.json) It will load the extension and then you can already use DW. For a start better stick to testnet - it will ask you when creating a new wallet.
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
dabura667
|
|
May 27, 2014, 03:22:59 PM |
|
I was aware that sticking an 0x03 on it no matter what was incorrect, but that was the only way for me to get it to work with DW. I was meaning to do a PR for a while on DW for it, but by the time I got around to it, I couldn't find it for the life of me. Then I forgot about it. I should have added a comment there including my big " " that I had when I saw this in DW.
|
My Tip Address: 1DXcHTJS2DJ3xDoxw22wCt11FeAsgfzdBU
|
|
|
piotr_n
Legendary
Offline
Activity: 2055
Merit: 1359
aka tonikt
|
|
May 27, 2014, 03:26:56 PM |
|
so DW was first, and you just copied it. then I copied it... the question is: what now? are you going to change it? I think we should.
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
|