search

EOSIO / eosjs-ecc

Elliptic curve cryptography functions: Private Key, Public Key, Signature, AES, Encryption, Decryption
287 stars 119 forks source link

same public key for different private keys #46

Open HimanshuSingh2308 opened 5 years ago

HimanshuSingh2308 commented 5 years ago

try to generate the public key for these two private keys you will get an exact same public key

  1. 5KhV5DqYYLYuxKkFjNZj7vGTYFUP8wux1ND4xArGYeLb1rKbNjR
  2. 5KhV5DqYYLYuxKkFjNZj7vGTYFUP8wux1ND4xArGYeLb1rKbNjS

is it the limitation of the ECC ????

ajose01 commented 5 years ago

Moving over from telegram and raising the same issue here:

Hey folks - anyone familiar with the way the PKs are formatted and what "matters". We were doing some random QA and realized that we can modify a PK slightly and generate the same EOS pub key via eosjs-ecc. Sample:  
5JnRmBMYoBP7z2zKufcgEsj3cfWsjFtd74ghj7oYaLe3f8NSruV
EOS7XVnBmY2XNHnVQHRF17Wv2xyoy1i73MFYcugukshkG3HkXxvwL

5JnRmBMYoBP7z2zKufcgEsj3cfWsjFtd74ghj7oYaLe3f8NSruA
EOS7XVnBmY2XNHnVQHRF17Wv2xyoy1i73MFYcugukshkG3HkXxvwL

I was trying to read through the WIF format, and I'm guessing it has to do w/ using the compressed version of the key. Just trying to see if there's any reference out there that would explain this.
ajose01 commented 5 years ago

Doing some additional tests... it seems that ecc.checkDecode should have thrown a checksum error. Manually following the steps I see the following when using the 2nd key aka bad key 5JnRmBMYoBP7z2zKufcgEsj3cfWsjFtd74ghj7oYaLe3f8NSruA

Bad key:

> badkey = '5JnRmBMYoBP7z2zKufcgEsj3cfWsjFtd74ghj7oYaLe3f8NSruA'
'5JnRmBMYoBP7z2zKufcgEsj3cfWsjFtd74ghj7oYaLe3f8NSruA'
'5JnRmBMYoBP7z2zKufcgEsj3cfWsjFtd74ghj7oYaLe3f8NSruV'
> buffer1 = new Buffer(base58.decode(badkey))
<Buffer 80 7f 79 a1 dc ee b8 f4 bf cf 1d 51 e9 64 47 31 f3 a1 7f b0 ce 3c e9 58 6b 6f e4 61 a1 87 90 ca 2e 92 ab 18 cd>
> checksum = buffer1.slice(-4)
<Buffer 92 ab 18 cd>
> chesumhex = checksum.toString('hex')
'92ab18cd'
> key = buffer1.slice(0, -4)
<Buffer 80 7f 79 a1 dc ee b8 f4 bf cf 1d 51 e9 64 47 31 f3 a1 7f b0 ce 3c e9 58 6b 6f e4 61 a1 87 90 ca 2e>
> newCheck = hash.sha256(hash.sha256(key)).slice(0,4)
<Buffer 92 ab 18 e0>
> checksum.toString('hex')
'92ab18cd'
> newCheck.toString('hex')
'92ab18e0'
>

Good Key:

> goodkey = '5JnRmBMYoBP7z2zKufcgEsj3cfWsjFtd74ghj7oYaLe3f8NSruV'
> buffer = new Buffer(base58.decode(goodkey))
<Buffer 80 7f 79 a1 dc ee b8 f4 bf cf 1d 51 e9 64 47 31 f3 a1 7f b0 ce 3c e9 58 6b 6f e4 61 a1 87 90 ca 2e 92 ab 18 e0>
> checksum = buffer.slice(-4)
<Buffer 92 ab 18 e0>
> key = buffer.slice(0, -4)
<Buffer 80 7f 79 a1 dc ee b8 f4 bf cf 1d 51 e9 64 47 31 f3 a1 7f b0 ce 3c e9 58 6b 6f e4 61 a1 87 90 ca 2e>
> newCheck = hash.sha256(hash.sha256(key)).slice(0,4)
<Buffer 92 ab 18 e0>
> checksum.toString('hex')
'92ab18e0'
> newCheck.toString('hex')
'92ab18e0'
>