Author

Topic: Stealth addresses in darkwallet (Read 1742 times)

legendary
Activity: 1232
Merit: 1076
legendary
Activity: 1652
Merit: 1029
May 04, 2014, 03:46:29 AM
#3
Yes thanks a lot

Is there a thread on here discussing the code/UI?
legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
May 02, 2014, 02:01:00 AM
#2
Thank you for working on this.
Darkwallet is going to be one of the biggest projects released this year.
newbie
Activity: 44
Merit: 0
May 01, 2014, 08:43:53 PM
#1
Hi!

This is a topic to increase awareness of how we are doing stealth in darkwallet, which is an evolution of the previous iteration implemented by sx.

The implementation of the idea is developed by Peter Todd, Amir Taaki and others. Invented by ByteCoin and with input also by Gmaxwell, Adam Back and others. see http://sourceforge.net/p/bitcoin/mailman/message/31813471/

After discussing over different media, we have arrived to the current "spec": https://wiki.unsystem.net/index.php/DarkWallet/Stealth#Dual-key_stealth

The address results in something like:
vJmskssYSW6wrxsiSWfcCzrUp2GrhHA3hNHtrPDS4ZwCWbHcZCm7L4UwSGQ9fe7sehxpZjGJeNU478J AUitGnQrDssycWemxg5vHfB

(there is no speced version, but we're using 42 for mainnet and 43 for testnet)

But can be later for multisig since it's like an "extended" multisig script.

That includes the following information:
[version:1] [options:1] [scan_pubkey:33] [N:1] [spend_pubkey_1:33] ... [spend_pubkey_N:33] [number_sigs:1] [prefix_length:1] [prefix:prefix_length/8, round up]

You can see the wiki above about how each key is used, but the key factor is we will keep our scan private key generally unlocked (in the client9 while the spend one will be locked, this way the wallet can scan for their tx while not compromising funds security (compromises privacy).

Our implementation is javascript:
https://github.com/darkwallet/darkwallet/blob/develop/js/util/stealth.js
https://github.com/darkwallet/darkwallet/blob/develop/test/unit/util/stealthSpec.js

For now we're not using the prefix, that is aimed at splitting stealth information in namespaces. Also we haven't implemented parts for multisig stealth, that would use several spend keys and result in a stealh multisig where the address is a (long) stealth address, and payments would contain the nonce and a p2sh address. We will be looking to implement this part in the near future.

We welcome any feedback about the idea, and would like to standarize it soon into a bip. This totally works today: Also can be tried on testnet by using darkwallet. https://blockchain.info/tx/6ea5c6f1a97f382f87523d13ef9f2ef17b828607107efdbba42a80b8a6555356.

Cheers!

Edit: Changed a bit the attributions to better reflect the reality as seems Peter and Amir did more developing the implementation details while ByteCoin actually invented the idea of ecdh keys and others added up.
Jump to: