Pages:
Author

Topic: NBitcoin : Stealth Address, DarkWallet compliant (Read 3542 times)

hero member
Activity: 714
Merit: 662
cool, glad we could help.
We had 1 chance on 2 to find the bug, if the first transaction I sent to piotr worked, we would have continued our lives with the bug lurking in the dark. Wink
newbie
Activity: 44
Merit: 0
Ok we have fixed the issue in darkwallet git.

The fix also is using a different api than proposed that also makes sure the point is encoded as 32 bytes, not totally sure it's required but probably is what we want, will double check that soon with genjix.

https://github.com/darkwallet/darkwallet/commit/da6a084c3102bbaf50aabd1ba524f5365f27d7ed

We also added some backwards compatibility code so funds in bad addresses won't be just stuck. Tried to make it in the most simple way and so the workaround can easily be removed later.

Thx again for finding the issue and providing a fix.
newbie
Activity: 44
Merit: 0
I manage the js implementation and genjix the sx one.
hero member
Activity: 714
Merit: 662
SX is correct, the DW implementation in javascript is not. I'm a little confused about who develops what.
Do you manage the JS implementation ?
legendary
Activity: 1232
Merit: 1076
sorry Nicolas, was outside.
I'm lurking and responding when back.

btw is SX doing it correctly or not?
legendary
Activity: 2053
Merit: 1356
aka tonikt
good. thx.
newbie
Activity: 44
Merit: 0
hey,

We agree the dw implementation is at fault, I'm going to apply the fix and think about some way so we can redeem old dw stealth funds too so I can take a bit to apply the pull request but will do it asap.

cheers and congrats on finding out the error!.
hero member
Activity: 714
Merit: 662
habitually genjix respond, tried to spam him again today, but he 404 me.
legendary
Activity: 2053
Merit: 1356
aka tonikt
yeah I know.
do you have some better comm channel with DW guys?

I've been trying to let them know and ask whether they were going to fix it as well, but they don't seem to be reachable.
sr. member
Activity: 475
Merit: 252
so DW was first, and you just copied it.
then I copied it... Smiley

the question is: what now?
are you going to change it?
I think we should.

Fixed.

But now I won't be able to recover funds with DW half of the time :-(
legendary
Activity: 2053
Merit: 1356
aka tonikt
so DW was first, and you just copied it.
then I copied it... Smiley

the question is: what now?
are you going to change it?
I think we should.
sr. member
Activity: 475
Merit: 252
it seems that this weirdness comes from electrum implementation.
see here, line 619: https://github.com/dabura667/electrum/blob/StealthAddressSend/lib/bitcoin.py

@dabura667, any comments?

I was aware that sticking an 0x03 on it no matter what was incorrect, but that was the only way for me to get it to work with DW.
I was meaning to do a PR for a while on DW for it, but by the time I got around to it, I couldn't find it for the life of me.
Then I forgot about it.

I should have added a comment there including my big "Huh" that I had when I saw this in DW.
legendary
Activity: 2053
Merit: 1356
aka tonikt
I'm just lazy to setup a page that include these scripts, and creating a piece of code that will pass where the bug is.
I hate javascript so much. Sad
You don't need to setup any page - its a fully functional extension for chrome.

Just checkout the repo from github, go to Chrome's "Extensions" page, enable "Developer mode" and "Load unpacked extension..." pointing it to the darkwallet folder (the one with manifest.json)

It will load the extension and then you can already use DW.
For a start better stick to testnet - it will ask you when creating a new wallet.
hero member
Activity: 714
Merit: 662
I hate javascript, I'll let the creator of the lib take the relay for the pull Wink
I sent an issue for the electrum python version of the bug.

sent pull request to https://github.com/darkwallet/darkwallet/pull/131, I can't run it so I hope I got it from the first time. Wink

and why you cannot run it? don't you have chrome?

I'm just lazy to setup a page that include these scripts, and creating a piece of code that will pass where the bug is.
I hate javascript so much. Sad
legendary
Activity: 2053
Merit: 1356
aka tonikt
sent pull request to https://github.com/darkwallet/darkwallet/pull/131, I can't run it so I hope I got it from the first time. Wink

and why you cannot run it? don't you have chrome?
legendary
Activity: 2053
Merit: 1356
aka tonikt
it is not my code, but I believe Y has a method isEven() that works faster than mod(2)

Code:
var S1 = [ point.getY().isEven() ? 2 : 3 ].concat(point.getX().toBigInteger().toByteArrayUnsigned());


EDIT:
actually, I believe the proper way is to just use the function that is already there for it:

Code:
var S1 = point.getEncoded(true)
hero member
Activity: 714
Merit: 662
sent pull request to https://github.com/darkwallet/darkwallet/pull/131, I can't run it so I hope I got it from the first time. Wink
legendary
Activity: 2053
Merit: 1356
aka tonikt
agreed

but I think this implementation is based on the one from electrum, where it seems even more clear that someone just forgot to check the Y's parity, before prefixing X with the proper byte:
https://github.com/dabura667/electrum/blob/StealthAddressSend/lib/bitcoin.py#L619
hero member
Activity: 714
Merit: 662
From : https://github.com/darkwallet/darkwallet/blob/develop/js/util/stealth.js#L42
Is seems the JS implementation is not quite right.

A compressed pub key in the X coordinate of ECPoint, with 02 or 03 indicating if Y the odd or even.
From this two information, you can recalculate the Y which is lost during compression.

The JS implementation assume that Y is always odd... a simple modulo test on Y just before the concat would solve the problem.
legendary
Activity: 2053
Merit: 1356
aka tonikt
it seems that this weirdness comes from electrum implementation.
see here, line 619: https://github.com/dabura667/electrum/blob/StealthAddressSend/lib/bitcoin.py

@dabura667, any comments?
Pages:
Jump to: