Re: [Bitcoin-development] Proposal to replace BIP0039

2013-11-03 Thread Thomas Voegtlin
Le 03/11/2013 07:41, Timo Hanke a écrit : No. You mean the computer would use B for this check? (k,K) could be rigged by Trezor, who computes b as k-a. Timo I was just asking a question, in order to understand how this device works, and what are its requirements. if you think you can help,

Re: [Bitcoin-development] Proposal to replace BIP0039

2013-11-03 Thread Timo Hanke
I think the communication would have to go the other way around. Trezor has to commit to a value First. Like this: Trezor picks random s and sends S=s*G to computer, keeping s secret. Computer picks random t and sends t to Trezor. Trezor makes r := s+t its internal master private key with

Re: [Bitcoin-development] Proposal to replace BIP0039

2013-11-03 Thread Thomas Voegtlin
Le 03/11/2013 08:40, Timo Hanke a écrit : I think the communication would have to go the other way around. Trezor has to commit to a value First. Like this: Trezor picks random s and sends S=s*G to computer, keeping s secret. Computer picks random t and sends t to Trezor. Trezor makes r :=