Hi all! I would like to discuss invalidation of nodes in BIP32. Currently the document says:
a) Public CKD In case I_L >= n or ki = 0, the resulting key is invalid, and one should proceed with the next value for i. b) Private CKD In case I_L >= n or Ki is the point at infinity, the resulting key is invalid, and one should proceed with the next value for i. c) Master Key Generation In case IL is 0 or I_L >= n, the master key is invalid. (All these cases have probability lower than 1 in 2^127.) What do you think about the following change for all 3 cases: In case I_L >= n assign I_L := I_L mod n. Rationale: It's easy to say "mark as invalid and proceed with next", but actually most of the implementations don't do the checking at all, because tjen it's rather hard at application level to implement skipping logic. OTOH it's quite straightforward to perform modulo if needed, so we probably see more implementations doing the checking. We would still need to deal with cases when I_L = 0 or ki = 0 or ki = inf, but these have probability around 1 in 2^255. Does anyone see any concerns when it comes to security of the proposed change? -- Best Regards / S pozdravom, Pavol Rusnak <st...@gk2.sk> ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development