Re: [Bitcoin-development] Request for a new BIP number (and discussion): Improved HD wallet generation.
On 21/02/15 14:49, 木ノ下じょな wrote: Thank you for your feedback. I have written the Abstract and Motivation. Much better. Thanks! -- Best Regards / S pozdravom, Pavol Rusnak st...@gk2.sk -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Request for a new BIP number (and discussion): Improved HD wallet generation.
Hello Bob, And compromise of that longer key still compromises the entire wallet. No, in fact I could give you any node (derived extended private key) or key (derived normal bitcoin address private key) AND any node's extended public key above them, and as long as the keys are generated within my specifications, you can not derive the associated extended private key to the ancestor extended public key. If you think it still compromises the entire wallet, please show me in pseudo code / explanation. Under what circumstances would anyone ever be passing around private keys without your a,b? I just added a Motivation section showing one example called Reality Keys. They send bitcoins to Yes/No bet addresses and the result of the bet's private key is revealed to award the winners via special P2SH scripts. So they would need to give out smaller keys (aka normal private keys) and it would be better to manage them hierarchically instead of just generating millions of keys ahead of time and storing them on USBs or something. Thanks, Jona 2015-02-21 22:57 GMT+09:00 Bob Mcelrath b...@mcelrath.org: But this just makes the private HD key longer, effectively. And compromise of that longer key still compromises the entire wallet. Under what circumstances would anyone ever be passing around private keys without your a,b? The longer privkey is a wallet backup and has a reason to be copied. I can't think of a scenario where anyone would use or compromise the shorter privkey. On February 21, 2015 8:32:30 AM EST, 木ノ下じょな kinoshitaj...@gmail.com wrote: Yes. That is similar to an idea at FC15 ( http://fc15.ifca.ai/preproceedings/paper_15.pdf) but instead of increasing the number of keys needed up to m, and protecting against m-1 leaks. (so if you have to give keys out to 10 departments you must store 11 keys, or 363 bytes, I have decided to leave it at 2 keys protecting 1 leak, and then using convention to prevent calculating the master private key by requiring all private keys AND all extended private keys (aka nodes in my proposal) to be derived alone under their respective parents. In theory this will prevent leakage of private keys from destroying the entire HD wallet entirely. Services like Reality Keys could be a perfect use case (he must release private keys relating to the outcome, so he has decided against using BIP32 to generate addresses for! the bets. Any Cryptographers that would like to take a look at the math and see if it's sound, I think I am properly breaking any linear relationships between keys... but I would like a second opinion. Thank you for your reply, Jona 2015-02-21 22:23 GMT+09:00 Adam Back a...@cypherspace.org: Whats the objective? Is it to require accidental disclosure of two private keys to compute the master private key? Adam On 21 February 2015 at 13:20, 木ノ下じょな kinoshitaj...@gmail.com wrote: Hello All, I have put together a proposal for a new generation methodology of HD wallets. The method is a modification of BIP32, so if something is unclear or not explicit, please assume it follows BIP32. I am looking forward to any and all criticism and help with writing / making the BIP more secure. If some of my pseudo code / English is off I apologize, I am not good with words. If this is deemed worthy enough to be drafted into a BIP, I would appreciate if someone could tell me what the overall step by step flow would be. Thank you, I will paste the link to the proposal below. Jona https://gist.github.com/dabura667/875bb2c159b219c18885 -- -BEGIN PGP PUBLIC KEY BLOCK- Comment: http://openpgpjs.org xsBNBFTmJ8oBB/9rd+7XLxZG/x/KnhkVK2WBG8ySx91fs+qQfHIK1JrakSV3 x6x0cK3XLClASLLDomm7Od3Q/fMFzdwCEqj6z60T8wgKxsjWYSGL3mq8ucdv iBjC3wGauk5dQKtT7tkCFyQQbX/uMsBM4ccGBICoDmIJlwJIj7fAZVqGxGOM bO1RhYb4dbQA2qxYP7wSsHJ6/ZNAXyEphOj6blUzdqO0exAbCOZWWF+E/1SC EuKO4RmL7Imdep7uc2Qze1UpJCZx7ASHl2IZ4UD0G3Qr3pI6/jvNlaqCTa3U 3/YeJwEubFsd0AVy0zs809RcKKgX3W1q+hVDTeWinem9RiOG/vT+Eec/ABEB AAHNI2tpbm9zaGl0YSA8a2lub3NoaXRham9uYUBnbWFpbC5jb20+wsByBBAB CAAmBQJU5ifRBgsJCAcDAgkQRB9iZ30dlisEFQgCCgMWAgECGwMCHgEAAC6Z B/9otobf0ASHYdlUBeIPXdDopyjQhR2RiZGYaS0VZ5zzHYLDDMW6ZIYm5CjO Fc09ETLGKFxH2RcCOK2dzwz+KRU4xqOrt/l5gyd50cFE1nOhUN9+/XaPgrou WhyT9xLeGit7Xqhht93z2+VanTtJAG6lWbAZLIZAMGMuLX6sJDCO0GiO5zxa 02Q2D3kh5GL57A5+oVOna12JBRaIA5eBGKVCp3KToT/z48pxBe3WAmLo0zXr hEgTSzssfb2zTwtB3Ogoedj+cU2bHJvJ8upS/jMr3TcdguySmxJlGpocVC/e qxq12Njv+LiETOrD8atGmXCnA+nFNljBkz+l6ADl93jHzsBNBFTmJ9EBCACu Qq9ZnP+aLU/Rt6clAfiHfTFBsJvLKsdIKeE6qHzsU1E7A7bGQKTtLEnhCCQE W+OQP+sgbOWowIdH9PpwLJ3Op+NhvLlMxRvbT36LwCmBL0yD7bMqxxmmVj8n vlMMRSe4wDSIG19Oy7701imnHZPm/pnPlneg/Meu/UffpcDWYBbAFX8nrXPY vkVULcI/qTcCxW/+S9fwoXjQhWHaiJJ6y3cYOSitN31W9zgcMvLwLX3JgDxE flkwq/M+ZkfCYnS3GAPEt8GkVKy2eHtCJuNkGFlCAmKMX0yWzHRAkqOMN5KP LFbkKY2GQl13ztWp82QYJZpj5af6dmyUosurn6AZABEBAAHCwF8EGAEIABMF
Re: [Bitcoin-development] Request for a new BIP number (and discussion): Improved HD wallet generation.
On 21/02/15 14:20, 木ノ下じょな wrote: I have put together a proposal for a new generation methodology of HD wallets. Your proposal is missing Abstract and Motivation sections. Abstract tells us WHAT are trying to achieve, Motivation tells WHY. It's not worth to dig into technical details of your implementation until these two questions are answered. -- Best Regards / S pozdravom, Pavol Rusnak st...@gk2.sk -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Request for a new BIP number (and discussion): Improved HD wallet generation.
Thank you for your feedback. I have written the Abstract and Motivation. If my English is poor please let me know. Also let me know any other comments or criticism you may have. Thank you, Jona 2015-02-21 22:34 GMT+09:00 Pavol Rusnak st...@gk2.sk: On 21/02/15 14:20, 木ノ下じょな wrote: I have put together a proposal for a new generation methodology of HD wallets. Your proposal is missing Abstract and Motivation sections. Abstract tells us WHAT are trying to achieve, Motivation tells WHY. It's not worth to dig into technical details of your implementation until these two questions are answered. -- Best Regards / S pozdravom, Pavol Rusnak st...@gk2.sk -- -BEGIN PGP PUBLIC KEY BLOCK- Comment: http://openpgpjs.org xsBNBFTmJ8oBB/9rd+7XLxZG/x/KnhkVK2WBG8ySx91fs+qQfHIK1JrakSV3 x6x0cK3XLClASLLDomm7Od3Q/fMFzdwCEqj6z60T8wgKxsjWYSGL3mq8ucdv iBjC3wGauk5dQKtT7tkCFyQQbX/uMsBM4ccGBICoDmIJlwJIj7fAZVqGxGOM bO1RhYb4dbQA2qxYP7wSsHJ6/ZNAXyEphOj6blUzdqO0exAbCOZWWF+E/1SC EuKO4RmL7Imdep7uc2Qze1UpJCZx7ASHl2IZ4UD0G3Qr3pI6/jvNlaqCTa3U 3/YeJwEubFsd0AVy0zs809RcKKgX3W1q+hVDTeWinem9RiOG/vT+Eec/ABEB AAHNI2tpbm9zaGl0YSA8a2lub3NoaXRham9uYUBnbWFpbC5jb20+wsByBBAB CAAmBQJU5ifRBgsJCAcDAgkQRB9iZ30dlisEFQgCCgMWAgECGwMCHgEAAC6Z B/9otobf0ASHYdlUBeIPXdDopyjQhR2RiZGYaS0VZ5zzHYLDDMW6ZIYm5CjO Fc09ETLGKFxH2RcCOK2dzwz+KRU4xqOrt/l5gyd50cFE1nOhUN9+/XaPgrou WhyT9xLeGit7Xqhht93z2+VanTtJAG6lWbAZLIZAMGMuLX6sJDCO0GiO5zxa 02Q2D3kh5GL57A5+oVOna12JBRaIA5eBGKVCp3KToT/z48pxBe3WAmLo0zXr hEgTSzssfb2zTwtB3Ogoedj+cU2bHJvJ8upS/jMr3TcdguySmxJlGpocVC/e qxq12Njv+LiETOrD8atGmXCnA+nFNljBkz+l6ADl93jHzsBNBFTmJ9EBCACu Qq9ZnP+aLU/Rt6clAfiHfTFBsJvLKsdIKeE6qHzsU1E7A7bGQKTtLEnhCCQE W+OQP+sgbOWowIdH9PpwLJ3Op+NhvLlMxRvbT36LwCmBL0yD7bMqxxmmVj8n vlMMRSe4wDSIG19Oy7701imnHZPm/pnPlneg/Meu/UffpcDWYBbAFX8nrXPY vkVULcI/qTcCxW/+S9fwoXjQhWHaiJJ6y3cYOSitN31W9zgcMvLwLX3JgDxE flkwq/M+ZkfCYnS3GAPEt8GkVKy2eHtCJuNkGFlCAmKMX0yWzHRAkqOMN5KP LFbkKY2GQl13ztWp82QYJZpj5af6dmyUosurn6AZABEBAAHCwF8EGAEIABMF AlTmJ9QJEEQfYmd9HZYrAhsMAABKbgf/Ulu5JAk4fXgH0DtkMmdkFiKEFdkW 0Wkw7Vhd5eZ4NzeP9kOkD01OGweT9hqzwhfT2CNXCGxh4UnvEM1ZMFypIKdq 0XpLLJMrDOQO021UjAa56vHZPAVmAM01z5VzHJ7ekjgwrgMLmVkm0jWKEKaO n/MW7CyphG7QcZ6cJX2f6uJcekBlZRw9TNYRnojMjkutlOVhYJ3J78nc/k0p kcgV63GB6D7wHRF4TVe4xIBqKpbBhhN+ISwFN1z+gx3lfyRMSmiTSrGdKEQe XSIQKG8XZQZUDhLNkqPS+7EMV1g7+lOfT4GhLL68dUXDa1e9YxGH6zkpVECw Spe3vsHZr6CqFg== =/vUJ -END PGP PUBLIC KEY BLOCK- -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Request for a new BIP number (and discussion): Improved HD wallet generation.
Yes. That is similar to an idea at FC15 ( http://fc15.ifca.ai/preproceedings/paper_15.pdf) but instead of increasing the number of keys needed up to m, and protecting against m-1 leaks. (so if you have to give keys out to 10 departments you must store 11 keys, or 363 bytes, I have decided to leave it at 2 keys protecting 1 leak, and then using convention to prevent calculating the master private key by requiring all private keys AND all extended private keys (aka nodes in my proposal) to be derived alone under their respective parents. In theory this will prevent leakage of private keys from destroying the entire HD wallet entirely. Services like Reality Keys could be a perfect use case (he must release private keys relating to the outcome, so he has decided against using BIP32 to generate addresses for the bets. Any Cryptographers that would like to take a look at the math and see if it's sound, I think I am properly breaking any linear relationships between keys... but I would like a second opinion. Thank you for your reply, Jona 2015-02-21 22:23 GMT+09:00 Adam Back a...@cypherspace.org: Whats the objective? Is it to require accidental disclosure of two private keys to compute the master private key? Adam On 21 February 2015 at 13:20, 木ノ下じょな kinoshitaj...@gmail.com wrote: Hello All, I have put together a proposal for a new generation methodology of HD wallets. The method is a modification of BIP32, so if something is unclear or not explicit, please assume it follows BIP32. I am looking forward to any and all criticism and help with writing / making the BIP more secure. If some of my pseudo code / English is off I apologize, I am not good with words. If this is deemed worthy enough to be drafted into a BIP, I would appreciate if someone could tell me what the overall step by step flow would be. Thank you, I will paste the link to the proposal below. Jona https://gist.github.com/dabura667/875bb2c159b219c18885 -- -BEGIN PGP PUBLIC KEY BLOCK- Comment: http://openpgpjs.org xsBNBFTmJ8oBB/9rd+7XLxZG/x/KnhkVK2WBG8ySx91fs+qQfHIK1JrakSV3 x6x0cK3XLClASLLDomm7Od3Q/fMFzdwCEqj6z60T8wgKxsjWYSGL3mq8ucdv iBjC3wGauk5dQKtT7tkCFyQQbX/uMsBM4ccGBICoDmIJlwJIj7fAZVqGxGOM bO1RhYb4dbQA2qxYP7wSsHJ6/ZNAXyEphOj6blUzdqO0exAbCOZWWF+E/1SC EuKO4RmL7Imdep7uc2Qze1UpJCZx7ASHl2IZ4UD0G3Qr3pI6/jvNlaqCTa3U 3/YeJwEubFsd0AVy0zs809RcKKgX3W1q+hVDTeWinem9RiOG/vT+Eec/ABEB AAHNI2tpbm9zaGl0YSA8a2lub3NoaXRham9uYUBnbWFpbC5jb20+wsByBBAB CAAmBQJU5ifRBgsJCAcDAgkQRB9iZ30dlisEFQgCCgMWAgECGwMCHgEAAC6Z B/9otobf0ASHYdlUBeIPXdDopyjQhR2RiZGYaS0VZ5zzHYLDDMW6ZIYm5CjO Fc09ETLGKFxH2RcCOK2dzwz+KRU4xqOrt/l5gyd50cFE1nOhUN9+/XaPgrou WhyT9xLeGit7Xqhht93z2+VanTtJAG6lWbAZLIZAMGMuLX6sJDCO0GiO5zxa 02Q2D3kh5GL57A5+oVOna12JBRaIA5eBGKVCp3KToT/z48pxBe3WAmLo0zXr hEgTSzssfb2zTwtB3Ogoedj+cU2bHJvJ8upS/jMr3TcdguySmxJlGpocVC/e qxq12Njv+LiETOrD8atGmXCnA+nFNljBkz+l6ADl93jHzsBNBFTmJ9EBCACu Qq9ZnP+aLU/Rt6clAfiHfTFBsJvLKsdIKeE6qHzsU1E7A7bGQKTtLEnhCCQE W+OQP+sgbOWowIdH9PpwLJ3Op+NhvLlMxRvbT36LwCmBL0yD7bMqxxmmVj8n vlMMRSe4wDSIG19Oy7701imnHZPm/pnPlneg/Meu/UffpcDWYBbAFX8nrXPY vkVULcI/qTcCxW/+S9fwoXjQhWHaiJJ6y3cYOSitN31W9zgcMvLwLX3JgDxE flkwq/M+ZkfCYnS3GAPEt8GkVKy2eHtCJuNkGFlCAmKMX0yWzHRAkqOMN5KP LFbkKY2GQl13ztWp82QYJZpj5af6dmyUosurn6AZABEBAAHCwF8EGAEIABMF AlTmJ9QJEEQfYmd9HZYrAhsMAABKbgf/Ulu5JAk4fXgH0DtkMmdkFiKEFdkW 0Wkw7Vhd5eZ4NzeP9kOkD01OGweT9hqzwhfT2CNXCGxh4UnvEM1ZMFypIKdq 0XpLLJMrDOQO021UjAa56vHZPAVmAM01z5VzHJ7ekjgwrgMLmVkm0jWKEKaO n/MW7CyphG7QcZ6cJX2f6uJcekBlZRw9TNYRnojMjkutlOVhYJ3J78nc/k0p kcgV63GB6D7wHRF4TVe4xIBqKpbBhhN+ISwFN1z+gx3lfyRMSmiTSrGdKEQe XSIQKG8XZQZUDhLNkqPS+7EMV1g7+lOfT4GhLL68dUXDa1e9YxGH6zkpVECw Spe3vsHZr6CqFg== =/vUJ -END PGP PUBLIC KEY BLOCK- -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development -- -BEGIN PGP PUBLIC KEY BLOCK- Comment: http://openpgpjs.org xsBNBFTmJ8oBB/9rd+7XLxZG/x/KnhkVK2WBG8ySx91fs+qQfHIK1JrakSV3 x6x0cK3XLClASLLDomm7Od3Q/fMFzdwCEqj6z60T8wgKxsjWYSGL3mq8ucdv iBjC3wGauk5dQKtT7tkCFyQQbX/uMsBM4ccGBICoDmIJlwJIj7fAZVqGxGOM bO1RhYb4dbQA2qxYP7wSsHJ6/ZNAXyEphOj6blUzdqO0exAbCOZWWF+E/1SC EuKO4RmL7Imdep7uc2Qze1UpJCZx7ASHl2IZ4UD0G3Qr3pI6/jvNlaqCTa3U 3/YeJwEubFsd0AVy0zs809RcKKgX3W1q+hVDTeWinem9RiOG/vT+Eec/ABEB AAHNI2tpbm9zaGl0YSA8a2lub3NoaXRham9uYUBnbWFpbC5jb20+wsByBBAB
