Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Finalize BIP-47 #8

Closed
wants to merge 1,268 commits into from
Closed

Finalize BIP-47 #8

wants to merge 1,268 commits into from

Conversation

justusranvier
Copy link

Version 3 payment codes avoid address reuse when the same payment code is
used to receive payments on different blockchains.

kristovatlas
kristovatlas reviewed Sep 28, 2017
View reviewed changes
bip-0047.mediawiki Outdated

====Binary Serialization====

* Byte 0: version. required value: 0x03
Copy link
Member

@kristovatlas kristovatlas Sep 28, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

consistent with previous versioning 👍

bip-0047.mediawiki Outdated
### The "next unused" public key is based on an index specific to the Alice-Bob context, not global to either Alice or Bob
## Alice selects the 4 byte registered coin type for the transaction based on SLIP-0044: <pre>t</pre>
## Alice calculates a secret point: <pre>S = aB</pre>
## Alice calculates a scalar shared secret using the x value of S: <pre>s = SHA256(HMAC-SHA512(Sx, t))</pre>
Copy link
Member

@kristovatlas kristovatlas Sep 28, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the goal of using HMAC-SHA512 here? Why was SHA512 chosen as a hash function? ❓

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: Adding HMAC-SHA512 doesn't require the addition of any new functions to BIP47 implementations, as it is used for calculating the blinding factor of the notification transaction. 👍

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HMAC-SHA512 is also part of BIP-32, so it's a hash function you can guarantee is available in any HD wallet.

bip-0047.mediawiki Outdated
## Alice selects the 0th private key derived from her payment code: <pre>a</pre>
## Alice selects the next unused public key derived from Bob's payment code, starting from zero: <pre>B, where B = bG</pre>
### The "next unused" public key is based on an index specific to the Alice-Bob context, not global to either Alice or Bob
## Alice selects the 4 byte registered coin type for the transaction based on SLIP-0044: <pre>t</pre>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

N.B.: The coin types accepted by Bob for payment will be need to negotiated at another protocol layer since SLIP-0044 has many coins and is subject to updates.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed now with a comment at the beginning of the sending procedure.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK

bip-0047.mediawiki Outdated
### If the value of s is not in the secp256k1 group, Alice MUST increment the index used to derive Bob's public key and try again.
## Alice uses the scalar shared secret to calculate the ephemeral public key used to generate the P2PKH address for this transaction: <pre>B' = B + sG</pre>
# Bob is watching for incoming payments on B' ever since he received the notification transaction from Alice.
## Bob calculates n shared secrets with Alice, using the 0<sup>th</sup> public key derived Alice's payment code, and private keys 0 - n derived from Bob's payment code, where n is his desired lookahead window.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

grammatical issue present also in v1 description?

0th public key derived +from+ Alice's payment code

kristovatlas
kristovatlas reviewed Oct 1, 2017
View reviewed changes
bip-0047.mediawiki Outdated
## Bob calculates n shared secrets with Alice, using the 0<sup>th</sup> public key derived Alice's payment code, and private keys 0 - n derived from Bob's payment code, where n is his desired lookahead window.
## Bob calculates the ephemeral deposit addresses using the same procedure as Alice: <pre>B' = B + sG</pre>
## Bob calculate the private key for each ephemeral address as: <pre>b' = b + s</pre>

==Test Vectors==

* [[https://gist.github.com/SamouraiDev/6aad669604c5930864bd|BIP47 Reusable Payment Codes Test Vectors]]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need v3 test vectors for the sake of completeness?

azuchi and others added 26 commits June 15, 2020 16:47
@azuchi
BIP85: Fix wrong test vector
6130f17
@NicolasDorier
Rename to BIP78
73a4d7c
@NicolasDorier
Remove parts refering to RBF, add recommendations for maxadditionalfe…
d13c784 
…econtribution
@NicolasDorier
Simplifies sender recommendation
631d8e6
@NicolasDorier
Fix README
287e3c2
@NicolasDorier
Update PSBT invariants
801cc71
@NicolasDorier
[MoveOnly] Move optional parameters at the beginning
d72e275
@NicolasDorier
Add fee output section
a07fef5
@NicolasDorier
Update recommendation for receiver and sender
f36ca8f
@NicolasDorier
Fix some formatting
3fc7032
@NicolasDorier
Fix old error code
ea7562f
@NicolasDorier
Add reference implementation
3485af7
@NicolasDorier
Update from RHavar remarks
63aa576
@NicolasDorier
Add disableoutputsubstitution= optional parameter
a2a085c
@NicolasDorier
Do not crash reference implementation if there is no address in the b…
a3fbc6c 
…ip21
@NicolasDorier
Reformat the check list for sender
7803bf8
@NicolasDorier
Additional note for HW
3a16c24
@NicolasDorier
Fix typo
93c655a
@NicolasDorier
Simplify sender's implementation, fix typos
6d4b491
@NicolasDorier
additional comments
e2778ba
@NicolasDorier
Introduce pjos=0
bd97400
@NicolasDorier
Allow outputs to be increased
5491079
@NicolasDorier
Do not allow decrease in absolute fee
c449c01
@NicolasDorier
Update special thanks
feac3d0
@NicolasDorier
Fix grammar, additional note on ability to increase output of the rec…
5e4cc6d 
…eiver
@NicolasDorier
Fix missing word
e6418e5
luke-jr and others added 27 commits February 3, 2021 22:27
@luke-jr
Merge pull request bitcoin#1054 from darosior/bip141_multisig_sigops
bc50a29 
bip-0141: clarify the sigop count calculation for CHECKMULTISIG
@luke-jr
BIP 174: Revert title change to fit length limit
f70132e 
This partially reverts c099104.
@luke-jr
Merge pull request bitcoin#988 from dr-orlovsky/patch-1
cf13cfa 
BIP 174: require creator to initialize empty output fields
@luke-jr
Merge remote-tracking branch 'origin-pull/1058/head'
942ef07
@luke-jr
Merge branch 'master' of github.com:bitcoin/bips
9288ad7
@luke-jr
Merge pull request bitcoin#1056 from sipa/bip-bech32m
ab14d17 
Add BIP 350 (bech32m)
@luke-jr
Merge remote-tracking branch 'origin-pull/1048/head'
53b79a6
@sipa
Add back a few lost improvements
c5b392c
@luke-jr
Merge pull request bitcoin#1039 from Greg-Griffith/bip34-encoding-cla…
30900e6 
…rification

BIP34 encoding clarification
@luke-jr
Merge remote-tracking branch 'origin-pull/1036/head'
518fd3f
@ajtowns
bip 8: simplify MUST_SIGNAL check
63d2800
@SomberNight
bip-0350: fix links for reference implementations
b58dd7b
@luke-jr
Merge pull request bitcoin#1063 from ajtowns/202102-bip8-simplify-mus…
ec213e1 
…tsignal-check

bip 8: simplify MUST_SIGNAL check
@luke-jr
Merge pull request bitcoin#1062 from sipa/202102_bip350_lost_improvem…
1174b26 
…ents

A few lost improvements to BIP350
@luke-jr
Merge pull request bitcoin#1066 from SomberNight/202002_bip350_fix_links
faeb2cc 
bip-0350: fix links for reference implementations
@kiminuo
BIP 155: Remove bitcoin.org link.
cd1f225
@laanwj
Merge bitcoin#1044: BIP155: Remove external link
4504be9 
cd1f225 BIP 155: Remove bitcoin.org link. (kiminuo)

Pull request description:

  Fix link.

ACKs for top commit:
  laanwj:
    Thanks you, ACK cd1f225

Tree-SHA512: f798246ddffc2564385a2e071da02e47457ced15e502a8b500a10c2a4f5134cea750042e916bbfac39966e85efd554ad333a908be602a4cfcf09fa058840a527
@sdaftuar
Add more language in hope of BIP number assignment
55a31eb
@sdaftuar
Note that tx messages are never allowed on disabletx links
332b9a4
@sdaftuar
Mention compatibility with bip 37
31f61e7
@luke-jr
Assign BIP 338 for Disable transaction relay message
d2853bc
@luke-jr
README: Fix colour for BIP 79
bb9af2a
@luke-jr
Merge BIP 338
19c429e
@luke-jr
Merge pull request bitcoin#1029 from meherett/patch-1
fbef072 
BIP-0039: Add Python-HDWallet package
@luke-jr
Merge pull request bitcoin#1045 from koushiro/koushiro/add-bip0039-rs
3a75853 
Add another Rust implmentation of BIP-0039
@justusranvier
BIP-0047: Adjust text to match test vectors
5ec9df0 
The original implementation of BIP-47 in Samourai Wallet reversed
the parameters in the calculation of the HMAC-SHA512 step of
notification transaction blinding.

This change adjusts the text to match the as-implementend behavior
in deployed BIP-47 wallets and the test vectors.
@justusranvier
Finalize BIP-47
bc069fa
@justusranvier justusranvier changed the title Bip47: define version 3 payment codes Finalize BIP-47 Feb 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kristovatlas kristovatlas kristovatlas left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.