We had 1 chance on 2 to find the bug, if the first transaction I sent to piotr worked, we would have continued our lives with the bug lurking in the dark.
Topic: NBitcoin : Stealth Address, DarkWallet compliant (Read 3383 times)
cool, glad we could help.
We had 1 chance on 2 to find the bug, if the first transaction I sent to piotr worked, we would have continued our lives with the bug lurking in the dark.
We had 1 chance on 2 to find the bug, if the first transaction I sent to piotr worked, we would have continued our lives with the bug lurking in the dark.
Ok we have fixed the issue in darkwallet git.
The fix also is using a different api than proposed that also makes sure the point is encoded as 32 bytes, not totally sure it's required but probably is what we want, will double check that soon with genjix.
https://github.com/darkwallet/darkwallet/commit/da6a084c3102bbaf50aabd1ba524f5365f27d7ed
We also added some backwards compatibility code so funds in bad addresses won't be just stuck. Tried to make it in the most simple way and so the workaround can easily be removed later.
Thx again for finding the issue and providing a fix.
The fix also is using a different api than proposed that also makes sure the point is encoded as 32 bytes, not totally sure it's required but probably is what we want, will double check that soon with genjix.
https://github.com/darkwallet/darkwallet/commit/da6a084c3102bbaf50aabd1ba524f5365f27d7ed
We also added some backwards compatibility code so funds in bad addresses won't be just stuck. Tried to make it in the most simple way and so the workaround can easily be removed later.
Thx again for finding the issue and providing a fix.
I manage the js implementation and genjix the sx one.
SX is correct, the DW implementation in javascript is not. I'm a little confused about who develops what.
Do you manage the JS implementation ?
Do you manage the JS implementation ?
sorry Nicolas, was outside.
I'm lurking and responding when back.
btw is SX doing it correctly or not?
I'm lurking and responding when back.
btw is SX doing it correctly or not?
good. thx.
hey,
We agree the dw implementation is at fault, I'm going to apply the fix and think about some way so we can redeem old dw stealth funds too so I can take a bit to apply the pull request but will do it asap.
cheers and congrats on finding out the error!.
We agree the dw implementation is at fault, I'm going to apply the fix and think about some way so we can redeem old dw stealth funds too so I can take a bit to apply the pull request but will do it asap.
cheers and congrats on finding out the error!.
habitually genjix respond, tried to spam him again today, but he 404 me.
yeah I know.
do you have some better comm channel with DW guys?
I've been trying to let them know and ask whether they were going to fix it as well, but they don't seem to be reachable.
do you have some better comm channel with DW guys?
I've been trying to let them know and ask whether they were going to fix it as well, but they don't seem to be reachable.
so DW was first, and you just copied it.
then I copied it...
the question is: what now?
are you going to change it?
I think we should.
then I copied it...
the question is: what now?
are you going to change it?
I think we should.
Fixed.
But now I won't be able to recover funds with DW half of the time :-(
so DW was first, and you just copied it.
then I copied it...
the question is: what now?
are you going to change it?
I think we should.
then I copied it...
the question is: what now?
are you going to change it?
I think we should.
it seems that this weirdness comes from electrum implementation.
see here, line 619: https://github.com/dabura667/electrum/blob/StealthAddressSend/lib/bitcoin.py
@dabura667, any comments?
see here, line 619: https://github.com/dabura667/electrum/blob/StealthAddressSend/lib/bitcoin.py
@dabura667, any comments?
I was aware that sticking an 0x03 on it no matter what was incorrect, but that was the only way for me to get it to work with DW.
I was meaning to do a PR for a while on DW for it, but by the time I got around to it, I couldn't find it for the life of me.
Then I forgot about it.
I should have added a comment there including my big "
" that I had when I saw this in DW. I'm just lazy to setup a page that include these scripts, and creating a piece of code that will pass where the bug is.
I hate javascript so much.
You don't need to setup any page - its a fully functional extension for chrome.I hate javascript so much.
Just checkout the repo from github, go to Chrome's "Extensions" page, enable "Developer mode" and "Load unpacked extension..." pointing it to the darkwallet folder (the one with manifest.json)
It will load the extension and then you can already use DW.
For a start better stick to testnet - it will ask you when creating a new wallet.
I hate javascript, I'll let the creator of the lib take the relay for the pull
I sent an issue for the electrum python version of the bug.
and why you cannot run it? don't you have chrome?
I'm just lazy to setup a page that include these scripts, and creating a piece of code that will pass where the bug is.
I hate javascript so much.
I sent an issue for the electrum python version of the bug.
sent pull request to https://github.com/darkwallet/darkwallet/pull/131, I can't run it so I hope I got it from the first time.
and why you cannot run it? don't you have chrome?
I'm just lazy to setup a page that include these scripts, and creating a piece of code that will pass where the bug is.
I hate javascript so much.
sent pull request to https://github.com/darkwallet/darkwallet/pull/131, I can't run it so I hope I got it from the first time.
and why you cannot run it? don't you have chrome?
it is not my code, but I believe Y has a method isEven() that works faster than mod(2)
EDIT:
actually, I believe the proper way is to just use the function that is already there for it:
Code:
var S1 = [ point.getY().isEven() ? 2 : 3 ].concat(point.getX().toBigInteger().toByteArrayUnsigned());
EDIT:
actually, I believe the proper way is to just use the function that is already there for it:
Code:
var S1 = point.getEncoded(true)
sent pull request to https://github.com/darkwallet/darkwallet/pull/131, I can't run it so I hope I got it from the first time.
agreed
but I think this implementation is based on the one from electrum, where it seems even more clear that someone just forgot to check the Y's parity, before prefixing X with the proper byte:
https://github.com/dabura667/electrum/blob/StealthAddressSend/lib/bitcoin.py#L619
but I think this implementation is based on the one from electrum, where it seems even more clear that someone just forgot to check the Y's parity, before prefixing X with the proper byte:
https://github.com/dabura667/electrum/blob/StealthAddressSend/lib/bitcoin.py#L619
From : https://github.com/darkwallet/darkwallet/blob/develop/js/util/stealth.js#L42
Is seems the JS implementation is not quite right.
A compressed pub key in the X coordinate of ECPoint, with 02 or 03 indicating if Y the odd or even.
From this two information, you can recalculate the Y which is lost during compression.
The JS implementation assume that Y is always odd... a simple modulo test on Y just before the concat would solve the problem.
Is seems the JS implementation is not quite right.
A compressed pub key in the X coordinate of ECPoint, with 02 or 03 indicating if Y the odd or even.
From this two information, you can recalculate the Y which is lost during compression.
The JS implementation assume that Y is always odd... a simple modulo test on Y just before the concat would solve the problem.
it seems that this weirdness comes from electrum implementation.
see here, line 619: https://github.com/dabura667/electrum/blob/StealthAddressSend/lib/bitcoin.py
@dabura667, any comments?
see here, line 619: https://github.com/dabura667/electrum/blob/StealthAddressSend/lib/bitcoin.py
@dabura667, any comments?
Jump to: