[Wallet] WIF Generation Error - Malformed Secret Keys (Random)

[moeadham]

We are testing out the wallet component of bitcoinjs-lib, and fell upon a rather concerning error.

Sometimes when generating a new public-private key pair, the eckey.toWif function will returned a malformed private key that does not match its public key.

    var wallet = new Wallet();
wallet.newMasterKey();
pub = wallet.generateAddress();
var priv = wallet.getPrivateKeyForAddress(pub);
priv = priv.toWif(); // This is randomly malformed

In pressure testing, we saw this occur approximately twice every 1000 keys generated. You can test this yourself with this GIST:

https://gist.github.com/moeadham/10217078

Unfortunately, we have not done a root cause analysis to see exactly what is causing the error (we will), but if anyone is using this in production to generate public-private key pairs, I would suggest double checking your Secret key matches the public key.

moe@bitaccess

[weilu]

Odd indeed. Our ECDSA is currently undergoing a major rewrite: https://github.com/dcousens/bitcoinjs-lib/compare/ecclean Let's revisit this once it's done.

[dcousens]

Confirmed in HEAD.

[dcousens]

This bug is a result of toBytes() giving a truncated output if there are leading zeros.
Doing a ECKey(BigInteger.valueOf(1)).toWif() will show you an exaggerated example.

var ECKey = require('./').ECKey
var BigInteger = require('./').BigInteger

console.log(ECKey(BigInteger.valueOf(1)).toWif())

26k9aD1PF

Clearly not a valid WIF string.

The reason it was occurring in your example was that randomly you were generating keys with only 31 bytes (instead of 32, courtesy leading 0's), and therefore the WIF string was shorter than expected and was invalid.
Despite being invalid, it was passed to the ECKey constructor, which mistook it for something else and therefore gave you back an invalid public key.

It was already fixed (and tests included) in my stricter constructors branch as part of resolving #106 and removing the loose API's that are currently in place.
I'll submit an intermediate fix for now however.