Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Change Max PrivKey From n To n-1 #526

Merged
merged 1 commit into from Aug 19, 2014

Conversation

Projects
None yet
2 participants
Contributor

harding commented Aug 19, 2014

I could use a quick confirmation on this issue/pull from someone knowledgeable about ECDSA.

I've been reading about ECDSA, and I'm pretty sure the value we have for the maximum private key (k(max)) is incorrect. The value we have for k(max) is n (the multiplicative order of G), but I think k(max) is supposed to be n-1.

Although there's no guarantee its implementation is correct, pybitcointools seems to bear this out:

>>> kmax=0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
>>> privtopub(kmax)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/site-packages/bitcoin/main.py", line 346, in privkey_to_pubkey
    raise Exception("Invalid privkey")
Exception: Invalid privkey
>>> privtopub(kmax-1)
(55066263022277343669578718895168534326250603453777594175500187360389116729240L, 83121579216557378445487899878180864668798711284981320763518679672151497189239L)

In the context of child keys, this also makes sense, as n (mod n) would be 0, which is not a valid private key.

I'm guessing @instagibbs used this value because it's what https://en.bitcoin.it/wiki/Private_key says. If I can get someone knowledgeable in secp256k1 to confirm k(max) = n-1, I'll update that wiki page also.

Contributor

instagibbs commented Aug 19, 2014

You're probably right, from my skimming of wikipedia. k is randomly drawn from 1~(n-1). I don't know the maths behind it though.

http://en.wikipedia.org/wiki/Elliptic_Curve_DSA

Contributor

harding commented Aug 19, 2014

@instagibbs oh, indeed. I should've stopped reading the lengthy and detailed PDF I had and just checked Wikipedia. :-)

I think that's enough evidence to merge this now to fix the typo. I'll also update the wiki. Thanks!

@harding harding merged commit 55de692 into bitcoin-dot-org:master Aug 19, 2014

@harding harding deleted the harding:max-privkey branch Feb 25, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment