Closed jaspervdm closed 5 years ago
1st question, will the rewind
get the blinding
iff rewind_nonce
is same as private_nonce
when creating bulletproof?
If knowing both rewind_nonce
and private_nonce
, is there a method to calculate the blinding
?
2nd question about what level we're confident at the safety of private_nonce
regarding the following solution?
rewind_nonce = H(H(root_key|0), commit)
private_nonce = H(H(root_key|1), commit)
i.e. when we open the H(root_key|0)
to a watch-only wallet, how difficult it will be to deduce the H(root_key|1)
?
Thanks for the review @garyyu
1st question, will the
rewind
get theblinding
iffrewind_nonce
is same asprivate_nonce
when creating bulletproof?
with the current rewind function, yes.
If knowing both
rewind_nonce
andprivate_nonce
, is there a method to calculate theblinding
?
yes, but since we don't need it in the wallet for the HF, i propose we add it sometime in the future. it doesnt require us to change the generation code, only the rewind code.
2nd question about what level we're confident at the safety of
private_nonce
regarding the following solution?rewind_nonce = H(H(root_key|0), commit) private_nonce = H(H(root_key|1), commit)
i.e. when we open the
H(root_key|0)
to a watch-only wallet, how difficult it will be to deduce theH(root_key|1)
?
This should be safe to do, however anyway I was thinking of slightly changing the proposal after your earlier suggestion in the grin-wallet issue. Basically, if we use H(H(public_extended_root_key), commit)
for the rewind_nonce
(and keep private_nonce
tied to the root_key
), it means that to be able to have a watch-only wallet you just need the public extended key, instead of some extra information.
👍 this make me feel much better 😄
rewind_nonce = H(H(public_extended_root_key), commit)
private_nonce = H(H(root_key|1), commit) <<<< or `|0` or whatever else
will merge and label it to enable those related PRs in Grin / Grin-wallet repo.
Two relatively small changes that will enable https://github.com/mimblewimble/grin-wallet/issues/105: