Skip to content
Permalink
Branch: master
Commits on Dec 12, 2019
  1. Fix readme, network.keys.private() renamed to .wif

    makevoid authored and richardkiss committed Dec 12, 2019
Commits on Nov 11, 2019
  1. Fix crasher on Mac OS X 10.15.1.

    richardkiss committed Nov 11, 2019
Commits on Oct 12, 2019
  1. Fixup test broken in previous commit

    keepkeyjon authored and richardkiss committed Oct 11, 2019
  2. LTC: use `M` addresses for p2sh

    keepkeyjon authored and richardkiss committed Oct 10, 2019
    Closes #352
Commits on Oct 10, 2019
  1. Add https://github.com/keepkeyjon to CREDITS.

    richardkiss committed Oct 10, 2019
  2. Merge pull request #347 from keepkeyjon/dgb

    richardkiss committed Oct 10, 2019
    Add DGB
Commits on Jul 29, 2019
  1. fixup previous commit

    keepkeyjon committed Jul 29, 2019
  2. Add DGB

    keepkeyjon committed Jul 29, 2019
  3. Prep for new release.

    richardkiss committed Jul 29, 2019
  4. Add Contract docs and fix typo.

    richardkiss committed Jul 29, 2019
Commits on Jul 10, 2019
  1. Add Linfeng Liang to CREDITS.

    richardkiss committed Jul 10, 2019
  2. Merge pull request #315 from dinstein/signature

    richardkiss committed Jul 10, 2019
    correct generation of r and recid
Commits on Jul 8, 2019
  1. Fix #332 dogecoin bip32.

    richardkiss committed Jul 8, 2019
  2. Deal with TypeError on Windows. #337

    richardkiss committed Jul 8, 2019
  3. Add Jorge Duarte to CREDITS.

    richardkiss committed Jul 8, 2019
  4. Merge pull request #340 from jduarter/feature/add-strat-symbol

    richardkiss committed Jul 8, 2019
    Add STRAT support
Commits on Jul 1, 2019
  1. Add https://github.com/cvasqxz to CREDITS.

    richardkiss committed Jul 1, 2019
  2. Merge pull request #341 from cvasqxz/master

    richardkiss committed Jul 1, 2019
    Add Chaucha (CHA) support
  3. Get version number correct this time.

    richardkiss committed Jul 1, 2019
  4. Prep for 0.90.20190630 release.

    richardkiss committed Jul 1, 2019
  5. Add zulipchat link.

    richardkiss committed Jul 1, 2019
Commits on Jun 13, 2019
  1. CHA test fixed

    cvasqxz
    cvasqxz committed Jun 13, 2019
  2. Add Chaucha (CHA) support

    cvasqxz
    cvasqxz committed Jun 13, 2019
Commits on Jun 10, 2019
  1. Add STRAT support

    jduarter committed Jun 10, 2019
Commits on May 30, 2019
  1. Skip another test.

    richardkiss committed May 30, 2019
  2. Add Jeremy Andrews to CREDITS.

    richardkiss committed May 30, 2019
  3. Merge pull request #325 from jeremyandrews/ltc-segwit

    richardkiss committed May 30, 2019
    fix ltc hrp
  4. Add Nick https://github.com/kousu to CREDITS.

    richardkiss committed May 30, 2019
  5. Merge pull request #338 from kousu/deterministic-k-edge-case

    richardkiss committed May 30, 2019
    Round down deterministic-K input at the edge of the group size
  6. Merge pull request #339 from kousu/null-ecdsa-val

    richardkiss committed May 30, 2019
    Disallow the zero ECDSA message.
Commits on May 29, 2019
  1. Update tests

    kousu committed May 29, 2019
    Test something different than the 0 sighash, since that is now banned.
Commits on May 28, 2019
  1. Disallow the zero ECDSA message.

    kousu committed May 28, 2019
    ECDSA has a subtle edge case. If the value to sign is 0, then anyone can forge a signature
    by picking (r,s) = (public_key.x, public_key.x).
    ref: https://crypto.stackexchange.com/questions/50279/how-should-ecdsa-handle-the-null-hash
    
    Signing is --- working mod n --- supposed to be this:
    
    (x,y) := k*G
    r := x
    s := inverse(k) * (val + (secret_exponent * r))
    
    and verifying is
    
    u1 := val * inverse(s)
    u2 := r * inverse(s)
    (x',y') := u1 * G + u2 * public_key
             = (val*inverse(s)) * G + (r * inverse(s)) * public_key
    
    But if val = 0 this collapses to
             = (0*inverse(s)) * G + (r * inverse(s)) * public_key
             = (r * inverse(s)) * public_key
    
    And then as a forger I can lie and pick s := r so that this becomes
             = (r * inverse(r)) * public_key
             = public_key
    
    So I know what value I need r to be to pass verification: r := public_key.x.
    
    So the zero hash is not safe to sign with ECDSA.
    
    The [ecdsa spec](http://www.secg.org/sec1-v2.pdf#subsubsection.4.1.3)
    covers a bunch of special cases that don't work (r = 0, s = 0, (x',y') = (0,0))
    but it doesn't mention this one.
  2. Round down deterministic-K input at the edge of the group size, not a…

    kousu committed May 13, 2019
    …bove it.
    
    I believe the implementation has a tiny mistake that occurs when the input happens
    to equal the group order (eg z = p256k1_N = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141).
    
    https://tools.ietf.org/html/rfc6979#section-2.3.4 says:
    >    2.  z1 is reduced modulo q, yielding z2 (an integer between 0 and
    >       q-1, inclusive):
    >
    >          z2 = z1 mod q
    >
    >       Note that since z1 is less than 2^qlen, that modular reduction
    >       can be implemented with a simple conditional subtraction:
    >       z2 = z1-q if that value is non-negative; otherwise, z2 = z1.
    
    Here val = z1, and n = q. It's saying:
    ```
    z2 = z1 - q if (z1 - q >= 0) else z1
    ```
    which is the same as
    val = z1; n = q;
    if val - n >= 0:
      val = val - n
    
    which is the same as
    if val >= n:
      val -= n
    
    Not doing this makes this case come out to the wrong hash, even though all other inputs are correct.
Commits on May 27, 2019
  1. Improve docs.

    richardkiss committed May 27, 2019
Commits on May 13, 2019
  1. Improve docs.

    richardkiss committed May 13, 2019
Older
You can’t perform that action at this time.