mirrors/bitcoin-bips
1
0
Fork 0
mirror of https://github.com/bitcoin/bips.git synced 2025-01-19 05:45:07 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #604 from commerceblock/master

Browse Source 
Adding payment_base to the derivation path as an extra step of security
This commit is contained in:
Luke Dashjr 2017-10-31 04:13:49 +00:00 committed by GitHub
commit 3f6f1f830b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 22 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
bip-0175.mediawiki
View File

@ -74,7 +74,7 @@ Hardened derivation is used at this level.
===Payment address generation===
For a given contract documents denoted by c<sub>1</sub> ,...,c<sub>n</sub>, payment base extended public key denoted by <code>payment_base</code>, and cryptographic hash function denoted by <code>h</code>.
For a given contract documents denoted by c<sub>1</sub>,...,c<sub>n</sub>, payment base extended public key denoted by <code>payment_base</code>, and cryptographic hash function denoted by <code>h</code>.
1. Compute cryptographic hashes for all contract documents, by applying the hash function.
@ -84,9 +84,9 @@ For a given contract documents denoted by c<sub>1</sub> ,...,c<sub>n</sub>, paym
hash_1,...,hash_n
3. Concatenate the sorted hashes and apply the hash function.
3. Prepend payment_base and concatenate the sorted hashes and apply the hash function.
h(hash_1+...+hash_n)
h(payment_base+hash_1+...+hash_n)
4. Compute a partial BIP32 derivation path from the combined hash as defined in Hash to Partial Derivation Path Mapping procedure below.
@ -171,28 +171,28 @@ document 2:
3. Concatenate hashes and apply the hash function.
concatenated hash:
2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7aefcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9
concatenated hash: payment_base
xpub6B3JSEWjqm5GgfzcjPwBixxLPzi15pFM3jq4E4yCzXXUFS5MFdXiSdw7b5dbdPGHuc7c1V4zXbbFRtc9G1njMUt9ZvMdGVGYQSQsurD6HAW2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7aefcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9
combined hash:
ec321de56af3b66fb49e89cfe346562388af387db689165d6f662a3950286a57
310057788c6073640dc222466d003411cd5c1cc0bf2803fc6ebbfae03ceb4451
4. Compute the partial BIP32 derivation path of the combined hash.
60466/7653/27379/46703/46238/35279/58182/22051/34991/14461/46729/5725/28518/10809/20520/27223
12544/22392/35936/29540/3522/8774/27904/13329/52572/7360/48936/1020/28347/64224/15595/17489
5. Prepend <code>payment_base</code> to <code>contract_hash</code> derivation path.
contract_base_pub/60466/7653/27379/46703/46238/35279/58182/22051/34991/14461/46729/5725/28518/10809/20520/27223
contract_base_pub/12544/22392/35936/29540/3522/8774/27904/13329/52572/7360/48936/1020/28347/64224/15595/17489
or
m/175'/0'/60466/7653/27379/46703/46238/35279/58182/22051/34991/14461/46729/5725/28518/10809/20520/27223
m/175'/0'/12544/22392/35936/29540/3522/8774/27904/13329/52572/7360/48936/1020/28347/64224/15595/17489
6. Compute public extended key.
xpub6hML7vSU2Hwww9ctwrwt4ijnhJr4n6XaMRox1nnF3PvZKuF1SZoTymnKQHrF9fp2nWJSqv5ZjJSxJJQ8A3PKcBUWhGvTFmuRKpycSCr5coz
xpub6hefaATTG5LbcwyPDvmNfnkyzefoM2TJDoo5astH7Gvs1g8vZURviBWvAvBnWc2CNb8ybJ6mDpnQYVsvNSZ3oUmbssX3rUVG97TFYa6AXVk
7. Compute address of the public extended key (P2PKH).
1HYjhPTtMmpBJBd5tVepZDAVdvPA7o8KHJ
1C7f322izqMqLzZzfzkPAjxBzprxDi47Yf
====Verification example (negative test)====
@ -207,29 +207,33 @@ document 1:
baa5a0964d3320fbc0c6a922140453c8513ea24ab8fd0577034804a967248096
2. Apply the hash function a second time (list of one item).
2. Prepend payment_base
xpub6B3JSEWjqm5GgfzcjPwBixxLPzi15pFM3jq4E4yCzXXUFS5MFdXiSdw7b5dbdPGHuc7c1V4zXbbFRtc9G1njMUt9ZvMdGVGYQSQsurD6HAWbaa5a0964d3320fbc0c6a922140453c8513ea24ab8fd0577034804a967248096
2. Apply hash function
3a08605829413ce0bf551b08d21e4a28dbda6e407f90eff1c448e839050c73a1
3. Compute the partial derivation path.
14856/24664/10561/15584/48981/6920/53790/18984/56282/28224/32656/61425/50248/59449/1292/29601
5338/54412/19213/962/30664/62597/11873/59874/56779/24089/54550/19585/28087/36422/18666/17562
4. Prepend contract_base<sub>pub</sub> to contract_hash derivation path.
contract_base_pub/14856/24664/10561/15584/48981/6920/53790/18984/56282/28224/32656/61425/50248/59449/1292/29601
contract_base_pub/5338/54412/19213/962/30664/62597/11873/59874/56779/24089/54550/19585/28087/36422/18666/17562
or
m/175'/0'/14856/24664/10561/15584/48981/6920/53790/18984/56282/28224/32656/61425/50248/59449/1292/29601
m/175'/0'/5338/54412/19213/962/30664/62597/11873/59874/56779/24089/54550/19585/28087/36422/18666/17562
5. Compute public extended key.
xpub6gujKWRhegHXKZBkrprW55oSL6UxYhStxF5FtoUNa4KShLxLPDLQTS39XAwRhdCSvuAv2wogwukmfk3fS7CM6pT6QWwJHiCTw7RkwXMgThy
xpub6h9k2KqsMpwghxt7naj1puhGV1ZDC88sxvpYN1HibCf8yQZdPsuhYmmvdK32Kf2Lb3rS1sV8UcZ1f84DJEiXuVfLCAj4bC85aEUCxh38m8i
7. Compute address of the public extended key (P2PKH).
162KDdRXa3KPgYkH3d1DDKfddacH1gn1n8
1QGe5LaDMAmHeibJbZBmZqhQDZSp7QCqSs
8. As expected the address doesn't match the Bitcoin address from the last example <code>1LeYXs63uVSDu2XSb82xdEc7RumohCpB7Q</code>.
8. As expected the address doesn't match the Bitcoin address from the last example <code>1C7f322izqMqLzZzfzkPAjxBzprxDi47Yf</code>.
Verification operation will succeed only if we use identical documents to ones that have been used in the contract address generation.