yes that would be fine. not sure what your objection to sha3 is tho (more provably secure) - i guess sticking with bitcoin-lib stuff tho.
On Fri, Mar 19, 2021 at 10:08 PM Arik Sosman <[email protected]> wrote: > > Hi Erik, > > Would sha256-hmac(nonce, publicKeyPoint) still be a suitable/safe alternative > without relying on sha3? That should at the very least eliminate length > extension attacks. > > Best, > Arik > > > On Mar 19, 2021, at 6:32 PM, Erik Aronesty via bitcoin-dev > > <[email protected]> wrote: > > > > use sha3-256. sha256 suffers from certain attacks (length extension, > > for example) that could make your scheme vulnerable to leaking info, > > depending on how you concatenate things, etc. better to choose > > something where padding doesn't matter. > > > > On Fri, Mar 19, 2021 at 7:28 PM vjudeu via bitcoin-dev > > <[email protected]> wrote: > >> > >> I recently found some interesting and simple HD wallet design here: > >> https://bitcointalk.org/index.php?topic=5321992.0 > >> Could anyone see any flaws in such design or is it safe enough to > >> implement it and use in practice? > >> If I understand it correctly, it is just pure ECDSA and SHA-256, nothing > >> else: > >> > >> masterPublicKey = masterPrivateKey * G > >> masterChildPublicKey = masterPublicKey + ( SHA-256( masterPublicKey || > >> nonce ) mod n ) * G > >> masterChildPrivateKey = masterPrivateKey + ( SHA-256( masterPublicKey || > >> nonce ) mod n ) > >> > >> Also, it has some nice properties, like all keys starting with 02 prefix > >> and allows potentially unlimited custom derivation path by using 256-bit > >> nonce. > >> _______________________________________________ > >> bitcoin-dev mailing list > >> [email protected] > >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > _______________________________________________ > > bitcoin-dev mailing list > > [email protected] > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > _______________________________________________ bitcoin-dev mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
