Author

Topic: BIP47 - Reusable Payment Codes - compute Shared Secret for Notification Tx (Read 615 times)

member
Activity: 65
Merit: 16
From BIP47        : https://github.com/bitcoin/bips/blob/master/bip-0047.mediawiki
and  test vectors : https://gist.github.com/SamouraiDev/6aad669604c5930864bd

I would like to compute the shared secret from the test vectors:

If I follow the BIP47 protocol:

0) It is assumed that Alice can easily obtain Bob's payment code via a suitable method outside the scope of the payment code protocol.

So Alice knows Bob's Payment Code:
Code:
PC_BOB = PM8TJS2JxQ5ztXUpBBRnpTbcUXbUHy2T1abfrb3KkAAtMEGNbey4oumH7Hc578WgQJhPjBxteQ5GHHToTYHE3A1w6p7tU6KSoFmWBVbFGjKPisZDbP97
Then Alice unserialize PC_BOB and can find Bob's pubkey and chain code  (path : m/47'/0'/0')
Code:
pubkey     : (02) 9d125e1cb89e5a1a108192643ee25370c2e75c192b10aac18de8d5a09b5f48d5
Chain Code :      1db1243aaa57c7fbea3072249c1bd4dab9482b4fee4d25e1c69707e8144dc137
1) Alice select an input...
2.i) Alice selects the private key corresponding to the first exposed public key, of the first pubkey-exposing input, of the transaction:
I tried with
Code:
a0 = 8d6a8ecd8ee5e0042ad0cb56e3a971c760b5145c3917a8e7beaf0ed92d7a520c  path  m/47'/0'/0'/0
ao is given in the paper. It gave me the wrong shared secret, I also tried with
Code:
a  = 0a5c1795378b3ba756efcb5ca47e605c3f4f8bcff99eced897b45a4b051e980d  path m/47'/0'/0'
with a wrong result again ("a" can be computed form the raw entropy)
Which value should I use for Alice private key ?
2.ii)
Alice selects the public key associated with Bob's notification address:
This address is given in the paper:
Code:
B = 024ce8e3b04ea205ff49f529950616c3db615b1e37753858cc60c1ce64d17e2ad8 (= B0) path: m/47'/0'/0'/0
2.iii) Alice calculates a secret point:
Code:
S = a B = 736a25d9250238ad64ed5da03450c6a3f4f8f4dcdf0b58d1ed69029d76ead48d
I think the value of B is correct but what should I take for a ?
Jump to: