Re: [bitcoin-dev] An alternative to BIP 32?

2021-03-19 Thread Erik Aronesty via bitcoin-dev
use sha3-256. sha256 suffers from certain attacks (length extension, for example) that could make your scheme vulnerable to leaking info, depending on how you concatenate things, etc. better to choose something where padding doesn't matter. On Fri, Mar 19, 2021 at 7:28 PM vjudeu via bitcoin-dev

[bitcoin-dev] An alternative to BIP 32?

2021-03-19 Thread vjudeu via bitcoin-dev
I recently found some interesting and simple HD wallet design here: https://bitcointalk.org/index.php?topic=5321992.0 Could anyone see any flaws in such design or is it safe enough to implement it and use in practice? If I understand it correctly, it is just pure ECDSA and SHA-256, nothing else:

[bitcoin-dev] (Recurring) Taproot activation meeting on IRC - Tuesday 23rd March 19:00 UTC + every fortnight

2021-03-19 Thread Jeremy via bitcoin-dev
BEGIN:VCALENDAR PRODID:-//Google Inc//Google Calendar 70.9054//EN VERSION:2.0 CALSCALE:GREGORIAN METHOD:PUBLISH X-WR-CALNAME:Bitcoin X-WR-TIMEZONE:America/Los_Angeles BEGIN:VTIMEZONE TZID:America/Los_Angeles X-LIC-LOCATION:America/Los_Angeles BEGIN:DAYLIGHT TZOFFSETFROM:-0800 TZOFFSETTO:-0700 TZNAM

Re: [bitcoin-dev] Taproot activation meeting on IRC - Tuesday 16th March 19:00 UTC

2021-03-19 Thread Prayank via bitcoin-dev
> back in the day we also had people that thought 10 min avg block time is too > much. Not sure what some people thought about block time interval has to do with me. Also these are the things written by Greg Maxwell and Chris Belcher about it that I agree with and been sharing from sometime now

Re: [bitcoin-dev] Taproot activation meeting on IRC - Tuesday 16th March 19:00 UTC

2021-03-19 Thread Emil Pfeffer via bitcoin-dev
On Wed, Mar 17, 2021 at 09:21:39AM +0100, Prayank wrote: > >??the last thing we need is > a rushed upgrade > > Why do you think this is rushed? Speedy Trial will have few months and if > UASF is required it won't involve activation immediately after ST fails. > Taproot by 2022 doesn't look rushe

Re: [bitcoin-dev] Signature and Script Independent Hierarchy for Deterministic Wallets.

2021-03-19 Thread Robert Spigler via bitcoin-dev
Hi Craig, For multisignature wallets, you need to back up the descriptor anyway, especially for secure multisignature schemes (https://github.com/nunchuk-io/bips/pull/1). To restore, the user needs M private key data, and all public keys. The descriptor provides the required public key data, w

Re: [bitcoin-dev] Signature and Script Independent Hierarchy for Deterministic Wallets.

2021-03-19 Thread Craig Raw via bitcoin-dev
Hi Robert, I believe many of the same concerns apply in multisig. If one has the threshold and all the cosigner seeds, the funds in a multisig wallet can very likely be discovered by checking one of a handful of standard derivation paths/script types. Is the motivation of this BIP proposal strong

Re: [bitcoin-dev] Signature and Script Independent Hierarchy for Deterministic Wallets.

2021-03-19 Thread Robert Spigler via bitcoin-dev
(IMO), where this proposal really excels, is mutlisig. And if you check my commits, it actually originally was for multisig only, and I extended it for multisig and single sig wallets. ghost43 and Jochen Hoenicke brought up important issues with this proposed BIP re: single sig wallets, so I wi