Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
S
slips
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
DeStream-public
slips
Commits
dfaeb35b
Commit
dfaeb35b
authored
Jun 09, 2016
by
Pavol Rusnak
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #19 from romanz/master
Create slip-0017.md
parents
bff6ca0c
6055bbdf
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
73 additions
and
0 deletions
+73
-0
README.md
README.md
+1
-0
slip-0017.md
slip-0017.md
+72
-0
No files found.
README.md
View file @
dfaeb35b
...
...
@@ -19,6 +19,7 @@ Each SLIP should provide a concise technical specification of the feature and a
|
[
SLIP-0014
](
slip-0014.md
)
| Stress Test Deterministic Wallet | Informational | Draft |
|
[
SLIP-0015
](
slip-0015.md
)
| Format for Bitcoin metadata and its encryption in HD wallets | Standard | Draft |
|
[
SLIP-0016
](
slip-0016.md
)
| Format for password storage and its encryption | Standard | Draft |
|
[
SLIP-0017
](
slip-0017.md
)
| Elliptic Curve Diffie-Hellman using deterministic hierarchy | Standard | Draft |
|
[
SLIP-0044
](
slip-0044.md
)
| Registered coin types for BIP-0044 | Standard | Draft |
---
...
...
slip-0017.md
0 → 100644
View file @
dfaeb35b
#SLIP-0017 : ECDH using deterministic hierarchy
```
Number: SLIP-0017
Title: ECDH using deterministic hierarchy
Type: Standard
Status: Draft
Authors: Roman Zeyde <roman.zeyde@gmail.com>
Created: 2016-05-29
```
##Abstract
This document describes a method for implementing Elliptic Curve
Diffie-Hellman algorithm, using a determinstic hierarchy.
##Motivation
Using Deterministic Hierarchy for encryption and decryption is ideal,
because the same concepts of easy backup that relate to backing up
deterministic wallets can be applied to backing up private keys.
##Service Identity
Let's introduce the service identity. It consists of two elements:
a) RFC 3986 URI
`proto://[user@]host[:port][/path]`
Examples:
-
https://example.com
-
ftp://public@example.com/pub
-
ssh://root@example.com:2222
b) index (32-bit unsigned integer)
The index is used so one can generate more keys corresponding to the same URI.
## HD Structure
1.
First concatenate
`index`
with the URI (
`uri`
). Use little endian for
`index`
.
2.
Compute the SHA256 hash of the result (
`hash`
).
3.
Truncate
`hash`
to 128 bits (
`hash128`
)
4.
Split
`hash128`
into four 32-bit integers
`A`
,
`B`
,
`C`
,
`D`
. Use little endian for each.
5.
Set highest bits of numbers
`A`
,
`B`
,
`C`
,
`D`
to 1 (e.g. logical OR with 0x80000000) to harden
6.
Derive the HD node
`m/17'/A'/B'/C'/D'`
according to BIP32.
##Shared secret generation
Suppose that Alice and Bob need to agree on a shared secret.
First, they agree on a specific elliptic curve and generate
two public keys:
`P1 = k1*G`
for Alice and
`P2 = k2*G`
for Bob.
In order to derive a shared secret, Alice retrieves Bob's public key (P2).
Then, she calls
`Q = GetECDHSessionKey(P2)`
API on her TREZOR, to compute
`Q = k1*P2`
, by multiplying Bob's public key
`P2`
(as an elliptic curve point)
by her private key
`k1`
(as a 256-bit scalar).
The result is the elliptic curve point
`Q = k1*k2*P`
, which can be computed in a
similar way by Bob (since
`Q = k2*P1`
), is used to derive a shared secret.
## References
-
[
BIP-0032: Hierarchical Deterministic Wallets
](
https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
)
-
[
BIP-0043: Purpose Field for Deterministic Wallets
](
https://github.com/bitcoin/bips/blob/master/bip-0043.mediawiki
)
-
[
RFC 3986: Uniform Resource Identifier (URI): Generic Syntax
](
https://tools.ietf.org/html/rfc3986
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment