Bitcoin Forum
November 09, 2024, 02:21:20 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: NBitcoin : Stealth Address, DarkWallet compliant  (Read 3465 times)
Nicolas Dorier (OP)
Hero Member
*****
Offline Offline

Activity: 714
Merit: 662


View Profile
May 26, 2014, 03:50:02 PM
 #41

Just checked

Code:
Usage: sx stealth-uncover EPHEM_PUBKEY SCAN_SECRET SPEND_PUBKEY
NICO@aois-linux2:~$ sx stealth-uncover 02d3a7c713f0fb9eadaf23d121f5f66a11f4ca780a353ecb1c88ae48646529e1d6 cc411aab02edcd3bccf484a9ba5280d4a774e6f81eac8ebec9cb1c2e8f73020a  02a60d70cfba37177d8239d018185d864b2bdd0caf5e175fd4454cc006fd2d75ac
02bbc9fccbe03de928fc66fcd176fbe69d3641677970c6f8d558aa72f72e35e0cb

Which is the address where I sent.

Bitcoin address 15sYbVpRh6dyWycZMwPdxJWD4xbfxReeHe
Nicolas Dorier (OP)
Hero Member
*****
Offline Offline

Activity: 714
Merit: 662


View Profile
May 26, 2014, 03:53:42 PM
 #42

dont ask me why it is always 03 - it is also strange for me.

but now at least I know how to recover the coins we lost before.
where do you want them?

You can send back to me.
However your result is not consistent with SX why is it the case ? Which one to trust ?

Bitcoin address 15sYbVpRh6dyWycZMwPdxJWD4xbfxReeHe
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
May 26, 2014, 03:55:22 PM
 #43

What is your address?

It seems like the implantation in sx is different from the one in DW.
DW always overwrites 02 with 03 before hashing it.
sx - doesnt seem so; takes either 02 or 03, depending how it came out.
Now we need to figure how it should be.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
May 26, 2014, 03:59:01 PM
 #44

I think your/sx implementation makes more sense, but if I make it like this I won't be DW compatible anymore.

Look at line 42: https://github.com/darkwallet/darkwallet/blob/develop/js/util/stealth.js
... and here, line 99: https://github.com/libbitcoin/libwallet/blob/master/src/stealth.cpp

These two functions are compatible only in 50% of the cases.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Nicolas Dorier (OP)
Hero Member
*****
Offline Offline

Activity: 714
Merit: 662


View Profile
May 26, 2014, 03:59:32 PM
 #45

need to ask to genjix on irc, i'll contact him.

mwdJkHRNJi1fEwHBx6ikWFFuo2rLBdri2h

Bitcoin address 15sYbVpRh6dyWycZMwPdxJWD4xbfxReeHe
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
May 26, 2014, 04:01:19 PM
 #46

ok. let me know what you found.

sent you back the coins.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Nicolas Dorier (OP)
Hero Member
*****
Offline Offline

Activity: 714
Merit: 662


View Profile
May 26, 2014, 04:16:08 PM
 #47

he is afk for now.
So if I understand, the difference lies when I calculate the shared secret after the EC multiply.

My code and SX :
Code:
var pBytes = new PubKey(p.GetEncoded()).Compress().ToBytes();
var hash = Hashes.SHA256(pBytes);

DW :

Code:
var pBytes = new PubKey(p.GetEncoded()).Compress().ToBytes();
pBytes[0] = 0x03;
var hash = Hashes.SHA256(pBytes);

It about :
c = H(eQ) = H(dP) at https://wiki.unsystem.net/index.php/DarkWallet/Stealth#Dual-key_stealth

Bitcoin address 15sYbVpRh6dyWycZMwPdxJWD4xbfxReeHe
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
May 26, 2014, 04:18:35 PM
 #48

yeah I also asked it at #darkwallet, but ATM there isn't anyone around to answer

yes - except that the value is 0x03, not 0x02:
Code:
var pBytes = new PubKey(p.GetEncoded()).Compress().ToBytes();
pBytes[0] = 0x03;
var hash = Hashes.SHA256(pBytes);

I'm happy to change it in my code, but first let's figure out which approach is the desired one

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Nicolas Dorier (OP)
Hero Member
*****
Offline Offline

Activity: 714
Merit: 662


View Profile
May 26, 2014, 04:21:58 PM
 #49

I fixed my response, yes this is problematic since I don't think it is good to break existing clients and scanners.
Maybe the scanner will need to handle both case Sad

Bitcoin address 15sYbVpRh6dyWycZMwPdxJWD4xbfxReeHe
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
May 26, 2014, 04:25:26 PM
 #50

I fixed my response, yes this is problematic since I don't think it is good to break existing clients and scanners.
Maybe the scanner will need to handle both case Sad
nobody really uses stealth addresses yet - I don't mind changing my scanner.
it's better to do it now than to wait longer or (even worse) to check for both the values.
there are obviously two different approaches which are compatible only in 50% of cases.

I wonder which of the two is in Electrum.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
May 26, 2014, 05:11:36 PM
 #51

it seems that this weirdness comes from electrum implementation.
see here, line 619: https://github.com/dabura667/electrum/blob/StealthAddressSend/lib/bitcoin.py

@dabura667, any comments?

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Nicolas Dorier (OP)
Hero Member
*****
Offline Offline

Activity: 714
Merit: 662


View Profile
May 26, 2014, 05:25:17 PM
 #52

From : https://github.com/darkwallet/darkwallet/blob/develop/js/util/stealth.js#L42
Is seems the JS implementation is not quite right.

A compressed pub key in the X coordinate of ECPoint, with 02 or 03 indicating if Y the odd or even.
From this two information, you can recalculate the Y which is lost during compression.

The JS implementation assume that Y is always odd... a simple modulo test on Y just before the concat would solve the problem.

Bitcoin address 15sYbVpRh6dyWycZMwPdxJWD4xbfxReeHe
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
May 26, 2014, 05:28:59 PM
 #53

agreed

but I think this implementation is based on the one from electrum, where it seems even more clear that someone just forgot to check the Y's parity, before prefixing X with the proper byte:
https://github.com/dabura667/electrum/blob/StealthAddressSend/lib/bitcoin.py#L619

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Nicolas Dorier (OP)
Hero Member
*****
Offline Offline

Activity: 714
Merit: 662


View Profile
May 26, 2014, 05:38:31 PM
 #54

sent pull request to https://github.com/darkwallet/darkwallet/pull/131, I can't run it so I hope I got it from the first time. Wink

Bitcoin address 15sYbVpRh6dyWycZMwPdxJWD4xbfxReeHe
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
May 26, 2014, 05:43:45 PM
Last edit: May 26, 2014, 06:00:53 PM by piotr_n
 #55

it is not my code, but I believe Y has a method isEven() that works faster than mod(2)

Code:
var S1 = [ point.getY().isEven() ? 2 : 3 ].concat(point.getX().toBigInteger().toByteArrayUnsigned());


EDIT:
actually, I believe the proper way is to just use the function that is already there for it:

Code:
var S1 = point.getEncoded(true)

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
May 26, 2014, 05:51:58 PM
 #56

sent pull request to https://github.com/darkwallet/darkwallet/pull/131, I can't run it so I hope I got it from the first time. Wink

and why you cannot run it? don't you have chrome?

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Nicolas Dorier (OP)
Hero Member
*****
Offline Offline

Activity: 714
Merit: 662


View Profile
May 26, 2014, 06:01:11 PM
 #57

I hate javascript, I'll let the creator of the lib take the relay for the pull Wink
I sent an issue for the electrum python version of the bug.

sent pull request to https://github.com/darkwallet/darkwallet/pull/131, I can't run it so I hope I got it from the first time. Wink

and why you cannot run it? don't you have chrome?

I'm just lazy to setup a page that include these scripts, and creating a piece of code that will pass where the bug is.
I hate javascript so much. Sad

Bitcoin address 15sYbVpRh6dyWycZMwPdxJWD4xbfxReeHe
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
May 26, 2014, 06:04:51 PM
 #58

I'm just lazy to setup a page that include these scripts, and creating a piece of code that will pass where the bug is.
I hate javascript so much. Sad
You don't need to setup any page - its a fully functional extension for chrome.

Just checkout the repo from github, go to Chrome's "Extensions" page, enable "Developer mode" and "Load unpacked extension..." pointing it to the darkwallet folder (the one with manifest.json)

It will load the extension and then you can already use DW.
For a start better stick to testnet - it will ask you when creating a new wallet.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
dabura667
Sr. Member
****
Offline Offline

Activity: 475
Merit: 252


View Profile
May 27, 2014, 03:22:59 PM
 #59

it seems that this weirdness comes from electrum implementation.
see here, line 619: https://github.com/dabura667/electrum/blob/StealthAddressSend/lib/bitcoin.py

@dabura667, any comments?

I was aware that sticking an 0x03 on it no matter what was incorrect, but that was the only way for me to get it to work with DW.
I was meaning to do a PR for a while on DW for it, but by the time I got around to it, I couldn't find it for the life of me.
Then I forgot about it.

I should have added a comment there including my big "Huh" that I had when I saw this in DW.

My Tip Address:
1DXcHTJS2DJ3xDoxw22wCt11FeAsgfzdBU
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
May 27, 2014, 03:26:56 PM
 #60

so DW was first, and you just copied it.
then I copied it... Smiley

the question is: what now?
are you going to change it?
I think we should.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!