Thanks for trying, I appreciate it.
ECDSASigner is a bouncycastle class that accepts an optional provider for the nonce
https://github.com/bcgit/bc-java/blob/master/core/src/main/java/org/bouncycastle/crypto/signers/DSAKCalculator.java.
The implementation of ECDSASigner will pass the secret to the k calculator.
It's done in
val kGen = new RFC6979KCalculator
val signer = new ECDSASigner(kGen)
val params = new ECPrivateKeyParameters(secret.bigInteger, Bitcoin.ecDomain)
Then it comes to DSAKCalculator through
override def init(q: BigInteger, x: BigInteger, m: Array[Byte]): Unit
which is Scala for
/**
* Deterministic initialiser.
*
* @param n the order of the DSA group.
* @param d the DSA private value.
* @param message the message being signed.
*/
void init(BigInteger n, BigInteger d, byte[] message);
The rest is RFC6979.
I think he meant code revision in general, not just for this single potential bug. You can't just review a Bitcoin wallet by reading it once or twice, it's way too complicated. So better stick with known code that has some user base actually testing it.
I wrote this wallet because there is no implementation that fits my need and that I feel confident enough with. Basically for the same reasons that you mention. The most popular wallets don't have the features I want and the others are not reviewed enough to qualify either. I tried to reduce risk as much as I could by using standard libraries where possible. It leaves BIP32, RFC6979 and tx serialization to write. It's hard but I wouldn't call this impossible to do. I welcome as much review as possible. Maybe you could take a look?
Thanks,
--h
