Implement RFC 6967 - Githubissues

novitski / bitcoinj

Automatically exported from code.google.com/p/bitcoinj

Apache License 2.0

0 stars 0 forks source link

Implement RFC 6967 #437

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

http://tools.ietf.org/html/rfc6979

This RFC describes how to retrofit ECDSA such that randomness is not needed 
during signing. Of course it would not have avoided the need for the global key 
rotation, as crypto cannot survive broken RNGs. But it is probably good 
practice to use this technique anyway.

Original issue reported on code.google.com by hearn@google.com on 11 Aug 2013 at 7:16

GoogleCodeExporter commented 9 years ago

It might be OK to just use SHA256(privkey+sighash) as the k value, instead of 
the more complicated RFC. I should ask Adam or someone else what the 
differences are.

This would also have the advantage that given a tx that has the same inputs and 
outputs, the signed version will always be the same. Combined with 
deterministic key hierarchies, two different instances of the same wallet would 
create identical transactions when asked to perform identical spends. This may 
prove useful for keeping cloned wallets synchronised in future.

Original comment by hearn@google.com on 15 Aug 2013 at 1:33

GoogleCodeExporter commented 9 years ago

FYI, deterministic ECDSA per RFC 6979 was added to BC in our latest release 
(1.50).

Original comment by peter.de...@gmail.com on 14 Dec 2013 at 1:09

GoogleCodeExporter commented 9 years ago

Excellent. Another reason to upgrade. Are you in contact with the Spongy Castle 
folks at all?

Original comment by hearn@google.com on 14 Dec 2013 at 7:29

GoogleCodeExporter commented 9 years ago

A new spongy castle is now out. Peter, do we need to do anything to get 
deterministic ECDSA or will it just happen automagically?

Original comment by mh.in.en...@gmail.com on 6 Feb 2014 at 7:04

GoogleCodeExporter commented 9 years ago

It is not automatic; you need to use an alternative constructor for ECDSASigner 
(at least when used for signing):

new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest()))

or with whichever digest was used to process the input message.

Original comment by peter.de...@gmail.com on 7 Feb 2014 at 6:40

GoogleCodeExporter commented 9 years ago

Can this be closed since the patch applied for 
http://code.google.com/p/bitcoinj/issues/detail?id=497 included the DetECDSA 
change?

Original comment by peter.de...@gmail.com on 10 Apr 2014 at 3:02

GoogleCodeExporter commented 9 years ago

Yes, indeed. Thanks for the reminder. I'll add it to the release notes as well.

Thanks for implementing this feature! Bouncy Castle makes writing bitcoinj so 
much easier. Bitcoin users everywhere appreciate your tireless efforts.

Original comment by mh.in.en...@gmail.com on 10 Apr 2014 at 9:02

Changed state: Fixed

GoogleCodeExporter commented 9 years ago

You are welcome, of course, and I will pass on your thanks to David Hook, who 
did the hard yards on RFC 6979.

Original comment by peter.de...@gmail.com on 11 Apr 2014 at 5:13