Commit Graph

31 Commits

Author SHA1 Message Date
Marcia Waite
e6dca0ce6e multi: Fix typos and grammar in multiple docs 2024-07-22 20:08:12 -07:00
fuyangpengqi
5f22d97b51 chore: fix function names in comment
Signed-off-by: fuyangpengqi <995764973@qq.com>
2024-04-27 00:04:09 +08:00
yyforyongyu
50f2c277d7
aezeed: fix flake in TestDecipherIncorrectMnemonic 2023-09-05 07:44:02 +08:00
yyforyongyu
edba938996
multi: add new build tag integration
This commit adds a new build tag `integration` and removes the old tag
`rpctest` for clarity. Multiple unnecessary usages of `build !rpctest`
is also removed.
2023-02-23 21:56:09 +08:00
habibitcoin
0b1e881d18
scripted-diff: replace ⛰ emoji with $ [skip ci]
-BEGIN VERIFY SCRIPT-
sed -i 's/⛰/$/g' $(git grep -l '⛰')
-END VERIFY SCRIPT-
2022-10-28 12:06:49 -04:00
Oliver Gugger
daa5966119
aezeed: make seed generation fully deterministic
This commit fixes a TODO to make the seed generation fully deterministic
by providing the option to pass in a custom randomness source.
2022-05-12 12:49:14 +02:00
Oliver Gugger
63e28a27b8
aezeed: re-encode salt correctly 2022-05-12 12:49:14 +02:00
Oliver Gugger
f67776375f
aezeed: re-format test cases, use require 2022-05-12 12:49:13 +02:00
Oliver Gugger
a02112464a
aezeed: remove unnecessary casts 2022-05-12 12:47:07 +02:00
Oliver Gugger
83f1c2c9b6
aezeed: fix typos and formatting 2022-05-12 12:47:06 +02:00
Oliver Gugger
dfdc2bff8b
multi: run gosimports 2022-02-10 11:02:01 +01:00
Dimitris Apostolou
530a2059e5
multi: Fix typos [skip ci] 2022-01-24 12:19:02 +02:00
Oliver Gugger
0b4e03f5fc
multi: add golang 1.17 compatible build tags
With go 1.17 a change to the build flags was implemented:
https://go.googlesource.com/proposal/+/master/design/draft-gobuild.md

The formatter now automatically adds the forward-compatible build tag
format and the linter checks for them, so we need to include them in our
code.
2021-09-29 17:31:37 -07:00
Oliver Gugger
5904efe9ed
aezeed: export wordlist and properties
To make it possible to use the wordlist used for aezeed outside of the
aezeed package we export certain properties of the word list and the
word list itself.
2021-06-30 14:20:32 +02:00
Oliver Gugger
02267565fe
multi: unify code blocks in READMEs 2021-01-22 09:14:11 +01:00
yyforyongyu
5c5fc732e5
aezeed: fix typo 2020-12-04 23:07:53 +08:00
positiveblue
5089cfc1be aezeed: fix mnemonic word validation
A user complained about getting a misleading error after a typo in the
mnemonic. The word was `hear` and it passed the check even when it is
not in the list of valid words.

The reason is that we where checking if the word is in the variable
`englishWordList` (which includes all the words) instead of checking if the
variable is in the `defaultWordList` (which is basically `englishWoldList`
split by spaces). That means that `hear` passed the check because `heart`
appears in the list.

Related issue [4733](https://github.com/lightningnetwork/lnd/issues/4733)
2020-11-02 23:25:50 +01:00
Oliver Gugger
466294ed4c
aezeed: use fast scrypt options in itest 2020-03-24 09:52:39 +01:00
Joost Jager
1e0ed1e52f
multi: fix dropped errors 2019-09-13 09:50:38 +02:00
Joost Jager
3d7de2ad39
multi: remove dead code 2019-09-10 17:21:59 +02:00
Olaoluwa Osuntokun
d5122b7f04
aezeed: publicly export the word field in ErrUnknownMnenomicWord
In this commit, we publicly export the `word` field as it makes it
easier to programmatically interact with the package when attempting to
re-derive proper `cipherseed` instances. We also add a new `Index` field
as well to provide additional context for programmatic manipulating of
seeds.
2019-07-16 19:31:35 -07:00
solid-pay
16cceb8932
Add a links to KDF and BIP39
Just text changes
2019-02-02 17:45:13 +01:00
Jonathan Cross
072de26354
Fixup aezeed 2019-01-14 20:51:07 +01:00
parth
8c5543d701 aezeed/errors: add missing space in error message 2018-06-26 19:20:39 -07:00
Ron Gross
941e0fb9bb aezeed: fix README links 2018-05-09 16:36:40 -07:00
Conner Fromknecht
c824af11a1
aezeed: expose BirthdayTime conversion from offset 2018-04-26 16:03:05 -07:00
Oliver Gugger
16ad6aed09 aezeed: add README with the text of the PR 2018-04-04 15:39:47 +02:00
Oliver Gugger
0c7451c97c aezeed: add test vectors and test birthday calculation 2018-04-04 15:38:37 +02:00
Olaoluwa Osuntokun
120cebef77
aezeed: add a set of benchmarks
In this commit we add a set of benchmarks to be able to measure the
enciphering and deciphering speed of the current scheme with the
current scrypt parameters.

On my laptop I get about 100ms per attempt:
⛰ go test -run=XXX -bench=.

goos: darwin
goarch: amd64
pkg: github.com/lightningnetwork/lnd/aezeed
BenchmarkToMnenonic-4     	      10	 102287840 ns/op
BenchmarkFromMnenonic-4   	      10	 105874973 ns/op
PASS
ok  	github.com/lightningnetwork/lnd/aezeed	3.036s
2018-03-01 17:10:54 -08:00
Olaoluwa Osuntokun
eb3b5196e1
aezeed: add comprehensive, mostly property-based tests 2018-03-01 17:10:53 -08:00
Olaoluwa Osuntokun
ffac0336e6
aezeed: add new package implementing the aezeed cipher seed scheme
In this commit, we add a new package implementing the aezeed cipher
seed scheme. This is a new scheme developed that aims to overcome the
two major short comings of BIP39: a lack of a version, and a lack of a
wallet birthday. A lack a version means that wallets may not
necessarily know *how* to re-derive addresses during the recovery
process. A lack of a birthday means that wallets don’t know how far
back to look in the chain to ensure that they derive *all* the proper
user addresses.

The aezeed scheme addresses these two drawbacks and adds a number of
desirable features. First, we start with the following plaintext seed:
{1 byte internal version || 2 byte timestamp || 16 bytes of entropy}.

The version field is for wallets to be able to know *how* to re-derive
the keys of the wallet.

The 2 byte timestamp is expressed in Bitcoin Days Genesis, meaning that
the number of days since the timestamp in Bitcoin’s genesis block. This
allow us to save space, and also avoid using a wasteful level of
granularity. With the currently, this can express time up until 2188.

Finally, the entropy is raw entropy that should be used to derive
wallet’s HD root.

Next, we’ll take the plaintext seed described above and encipher it to
procure a final cipher text. We’ll then take this cipher text (the
CipherSeed) and encode that using a 24-word mnemonic. The enciphering
process takes a user defined passphrase. If no passphrase is provided,
then the string “aezeed” will be used.

To encipher a plaintext seed (19 bytes) to arrive at an enciphered
cipher seed (33 bytes), we apply the following operations:
   * First we take the external version an append it to our buffer. The
external version describes *how* we encipher. For the first version
(version 0), we’ll use scrypt(n=32768, r=8, p=1) and aezeed.
  * Next, we’ll use scrypt (with the version 9 params) to generate a
strong key for encryption. We’ll generate a 32-byte key using 5 bytes
as a salt. The usage of the salt is meant to make the creation of
rainbow tables infeasible.
  * Next, the enciphering process. We use aezeed, modern AEAD with
nonce-misuse resistance properties. The important trait we exploit is
that it’s an *arbitrary input length block cipher*. Additionally, it
has what’s essentially a configurable MAC size. In our scheme we’ll use
a value of 4, which acts as a 32-bit checksum. We’ll encrypt with our
generated seed, and use an AD of (version || salt). We'll them compute a
checksum over all the data, using crc-32, appending the result to the
end.
  * Finally, we’ll encode this 33-byte cipher text using the default
world list of BIP 39 to produce 24 english words.

The `aezeed` cipher seed scheme has a few cool properties, notably:
   * The mnemonic itself is a cipher text, meaning leaving it in
plaintext is advisable if the user also set a passphrase. This is in
contrast to BIP 39 where the mnemonic alone (without a passphrase) may
be sufficient to steal funds.
   * A cipherseed can be modified to *change* the passphrase. This
means that if the users wants a stronger passphrase, they can decipher
(with the old passphrase), then encipher (with a new passphrase).
Compared to BIP 39, where if the users used a passphrase, since the
mapping is one way, they can’t change the passphrase of their existing
HD key chain.
  * A cipher seed can be *upgraded*. Since we have an external version,
offline tools can be provided to decipher using the old params, and
encipher using the new params. In the future if we change ciphers,
change scrypt, or just the parameters of scrypt, then users can easily
upgrade their seed with an offline tool.
  * We're able to verify that a user has input the incorrect passphrase,
and that the user has input the incorrect mnemonic independently.
2018-03-01 17:10:50 -08:00