On 3 June 2013 19:20, Daniel Kahn Gillmor <d...@fifthhorseman.net> wrote:
> On 06/03/2013 08:04 AM, Melvin Carvalho wrote: > > > Bitcoin is essentially a ledger where you have an array of fingerprints > > (160 bit hashes of a public key) and a value (number of coins in wallet). > > i thought that bitcoin didn't hash the public keys at all, but rather > used the full elliptic curve public key, since it is smaller than > comparably-strong RSA or DSA keys. I don't know much about bitcoin > though so i could be mistaken here. > Here's a good page that shows how it's hashed: http://gobittest.appspot.com/Address essentially its prefix . ripemd-160(sha256(pubKey)) . checksum base58 encoded with a custom alphabet > > > Unfortunately bitcoin only supports ECDSA and not RSA. But I wonder if a > > fingerprint of your GPG key could be used as the basis of a payment > ledger? > > The OpenPGP standard supports elliptic curve keys directly: > > https://tools.ietf.org/html/rfc6637 > > GnuPG will add support for these keys in version 2.1 (now in beta). If > you wanted to make an assertion about your ownership of a given bitcoin > purse it seems like you might be able to do that. > > however, the specific curves used seem to differ: > > According to https://en.bitcoin.it/wiki/Protocol_specification, > > For ECDSA the secp256k1 curve from > http://www.secg.org/collateral/sec2_final.pdf is used. > > https://tools.ietf.org/html/rfc6637#section-11 refers to NIST curve > P-256, which i think is different :/ > That's great. Satoshi used the Koblitz curve for performance. I noticed this one is also not in the upcoming Web Crypto API, I believe it's related to that curve not being in browser NSS (network security services). > > Still, it seems like it wouldn't be difficult to use your OpenPGP > identity make assertions about your possession of any given bitcoin > wallet, they just wouldn't be digested into the global bitcoin > transaction log. > That's OK, I'm curious about making a system that doesnt necessarily go onto the bitcoin block chain, but could be used with GPG keys, making each keypair a theoretical wallet. > > Does this address what you were asking about? if not, what problem are > you trying to solve specifically? > Yes very helpful. The question is whether the fingerprint contains enough entropy such that it would be impractical for an attacker to find a key that hashes to it either with preimage or birthday attack... > > --dkg > > PS your MUA seems to think that this list is named "Jay Litwyn on > GnuPG-Users <gnupg-users@gnupg.org>" -- you probably want to update your > addressbook :) > >
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users