1 2017-11-20 18:05:21 <Chris_Stewart_5> Is there any parent pub key -> child pub key test case vectors anywhere?
2 2017-11-20 18:05:24 <Chris_Stewart_5> for BIP32
3 2017-11-20 18:06:33 <arubi> Chris_Stewart_5, I made my own, it's using the vectors from the bip https://github.com/fivepiece/btc-bash-ng/blob/master/bitcoin/bips/.tests/test_bip32.sh
4 2017-11-20 18:07:06 <Chris_Stewart_5> arubi: The bip doesn't have any test vectors for parent pub -> child pub does it? Or am I missing them?
5 2017-11-20 18:07:23 <arubi> it doesn't, I just produced the public path
6 2017-11-20 18:07:57 <arubi> so I'm just checking the public path derivation vs the neutering of the xprv
7 2017-11-20 18:10:08 <Chris_Stewart_5> So Neuter essentially derives CExtKey -> CExtPubKey
8 2017-11-20 18:10:11 <Chris_Stewart_5> no child derivation
9 2017-11-20 18:10:22 <Chris_Stewart_5> arubi:
10 2017-11-20 18:10:36 <arubi> right it's just to turn an xprv to xpub
11 2017-11-20 18:10:50 <arubi> really just replace the magic and key
12 2017-11-20 18:11:08 <Chris_Stewart_5> Hmm yes, I have something wrong in my implementation. I've been trying to write a property for the relationship we talked about last week
13 2017-11-20 18:11:47 <Chris_Stewart_5> parent priv -> child priv @ i -> ext pub @ i
14 2017-11-20 18:11:58 <Chris_Stewart_5> and parent priv -> ext pub -> child pub @ i
15 2017-11-20 18:12:32 <arubi> right, so the neuter function N() can be applied at any point in the path if from that point on all derivation is public
16 2017-11-20 18:13:06 <Chris_Stewart_5> what do you mean by 'all derivation is public'?
17 2017-11-20 18:13:29 <Chris_Stewart_5> you mean we haven't generated any child priv keys?
18 2017-11-20 18:13:58 <arubi> what I mean, you can only go from parent xpub to child xpub if the child has a non-hardened index
19 2017-11-20 18:14:09 <Chris_Stewart_5> ah ok
20 2017-11-20 18:14:57 <arubi> so in your example, both are possible if the last child has index at [0,2^32-1]
21 2017-11-20 18:15:33 <Chris_Stewart_5> isn't it 2^31?
22 2017-11-20 18:15:56 <arubi> no that's the first hardened index
23 2017-11-20 18:16:25 <Chris_Stewart_5> hmm so the last child can be hardened, but no intermediate child?
24 2017-11-20 18:16:45 <arubi> for a path of only public derivation, yes
25 2017-11-20 19:54:49 <asdasd_> hello
26 2017-11-20 19:56:49 <asdasd_> i need an app legit for mining bitcoin on android is it possible ?
27 2017-11-20 19:57:09 <arubi> Chris_Stewart_5, "hmm so the last child can be hardened, but no intermediate child?" , I read that wrong, the last child can be hardened or not, and also any intermediate child. for public derivation of a path, all children have to be non hardened
28 2017-11-20 19:59:08 <arubi> Chris_Stewart_5,
29 2017-11-20 19:59:08 <arubi> xprv xpub
30 2017-11-20 19:59:09 <arubi> [0, 2^31-1] yes yes
31 2017-11-20 19:59:09 <arubi> [2^31, 2^32-1] yes no
32 2017-11-20 19:59:09 <arubi> if you're using xprvs, you can derive whichever path. if you're using xpubs, you can only derive a path of non hardened indexes
33 2017-11-20 20:44:56 <Chris_Stewart_5> arubi: So here is the specific test case
34 2017-11-20 20:44:59 <Chris_Stewart_5> https://github.com/Christewart/bitcoin-s-core/blob/208481def7ade3080c7e319002075b0750d848ec/src/test/scala/org/bitcoins/core/crypto/ExtKeySpec.scala#L18
35 2017-11-20 20:45:20 <Chris_Stewart_5> Look at the 'path1' and 'path2' values
36 2017-11-20 20:45:42 <Chris_Stewart_5> That passes, but it should *not* be possible to do 'path2' derivation with a hardened index right?
37 2017-11-20 20:47:46 <arubi> Chris_Stewart_5, correct
38 2017-11-20 20:51:42 <Chris_Stewart_5> arubi: Also, on the BIP32 definition there is this sentence: "In case parse256(IL) ââ°Â¥ n or Ki is the point at infinity, the resulting key is invalid, and one should proceed with the next value for i."
39 2017-11-20 20:52:06 <Chris_Stewart_5> That only should happen iff i < (1 << 31) right?
40 2017-11-20 20:52:28 <Chris_Stewart_5> because once we increment i above (1<<31) it will trivially fail
41 2017-11-20 20:53:01 <arubi> yes that's true, but very unlikely to be an issue right :)
42 2017-11-20 20:53:18 <Chris_Stewart_5> sure. Just making sure I am understanding the definition
43 2017-11-20 20:53:30 <arubi> that's how I read it too
44 2017-11-20 20:53:59 <Chris_Stewart_5> do you know of any key/index pairs that would trigger this?
45 2017-11-20 20:54:03 <Chris_Stewart_5> so i can write a test case
46 2017-11-20 20:54:13 <Chris_Stewart_5> having the point at infinity
47 2017-11-20 20:54:40 <Chris_Stewart_5> or parse256(IL) >= n
48 2017-11-20 20:55:50 <arubi> hmm
49 2017-11-20 20:57:35 <arubi> no I don't think you can set something like that up
50 2017-11-20 20:58:39 <Chris_Stewart_5> well there has to be *theoretical examples* otherwise they wouldn't have put the clause there i guess
51 2017-11-20 20:59:57 <arubi> you'll have to set it up so the returned value from the hmac function is either very specific in its 32 left bytes or to cancel the parent key
52 2017-11-20 21:01:58 <Chris_Stewart_5> hmm i might try asking in wizards if anyone there has a concrete example
53 2017-11-20 21:02:16 <arubi> I'll be lurking :)
54 2017-11-20 21:07:28 <asdasd_> is it possible to hack bitcoin? :D
55 2017-11-20 21:10:55 <asdasd_> I mean the wallet
56 2017-11-20 21:12:30 <sturles> There are lots of different bitcoin wallets. Some have been hackable, e.g. through bad RNG and address reuse.
57 2017-11-20 21:13:17 <asdasd_> and the bitcoin network?
58 2017-11-20 21:13:26 <asdasd_> is hackable?
59 2017-11-20 21:14:06 <asdasd_> https://bitcoin.org/en/alerts
60 2017-11-20 21:18:47 <Chris_Stewart_5> asdasd_: #bitcoin is probably best for answers to those
61 2017-11-20 21:19:09 <asdasd_> no man the topic says this channel.
62 2017-11-20 21:19:40 <asdasd_> "discussion about the Bitcoin network"
63 2017-11-20 21:29:46 <Chris_Stewart_5> arubi: Looks like you were right :-)
64 2017-11-20 21:29:59 <arubi> :)