Transcript for #bitcoin-dev 2017/05/31

01:02 Chris_Stewart_5 Does Bitcoin Core support importing a BIP32 xpub key and deriving addresses from it?
01:08 achow101 Chris_Stewart_5, no
01:14 Chris_Stewart_5 Thanks achow101
16:23 zeusalmighty quick question. If segregated witness uses any can spend script, couldn't someone "spend" from that and generate an invalid transaction that legacy nodes would validate but segwit nodes would not?
16:24 abpa that's why it's a soft fork
17:02 arubi zeusalmighty, p2sh uses the same "anyone can spend" mechanism, but "anyone can spend" in itself is not a real technical term. of course any script without a checksig is "anyone can spend" eventually when it's relayed. the soft forked rules add the option of nesting a checksig in both p2sh and segwit scripts
17:04 arubi older nodes consider these scripts as non standard, so they won't hear about them being spent, but when they're in a block these old clients are able to check the coin supply and that no new coins were generated
18:55 SopaXorzTaker hm
18:55 SopaXorzTaker oh, not quiet there anymore?
18:56 SopaXorzTaker arubi, continue
18:56 arubi so, is that the public key that you use?
18:56 SopaXorzTaker I'd like you to help testing the u1*G + u2*Q part
18:56 arubi okay, I can do that
18:56 SopaXorzTaker I mean, give me an u1, u2, G, Q
18:56 arubi give me the private key and message that you used, I'll sign it
18:56 SopaXorzTaker and the expected value
18:57 SopaXorzTaker arubi, well
18:57 SopaXorzTaker the code signs a message successfully
18:57 SopaXorzTaker here it is:
18:57 SopaXorzTaker r, s = (0x241097efbf8b63bf145c8961dbdf10c310efbb3b2676bbc0f8b08505c9e2f795, 0x021006b7838609339e8b415a7f9acb1b661828131aef1ecbc7955dfb01f3ca0e)
18:57 arubi so lets see the signature, pubkey and message
18:57 SopaXorzTaker z = 0x4b688df40bcedbe641ddb16ff0a1842d9c67ea1c3bf63f3e0471baa664531d1a
18:58 SopaXorzTaker Q = (0x779dd197a5df977ed2cf6cb31d82d43328b790dc6b3b7d4437a427bd5847dfcd, 0xe94b724a555b6d017bb7607c3e3281daf5b1699d6ef4124975c9237b917d426f)
18:58 SopaXorzTaker k = 0x49a0d7b786ec9cde0d0721d72804befd06571c974b191efb42ecf322ba9ddd9a // not needed, just FIY
18:58 arubi I know..
18:58 arubi Q isn't needed either, FYI :)
18:59 arubi is this z the actual message, or before the hash?
19:00 arubi the signature is invalid. it would've been valid signed by :
19:00 SopaXorzTaker r, s ---> Q
19:00 arubi 03779DD197A5DF977ED2CF6CB31D82D43328B790DC6B3B7D4437A427BD5847DFCD or 033C8B232DDCED8C7D7A1EDF9DD81B68683B3ADA2B25ED18C8423D6C632AF30E38
19:00 SopaXorzTaker z is the hash
19:00 SopaXorzTaker this signature is valid
19:00 arubi what does this mean: 'r, s ---> Q' ?
19:00 SopaXorzTaker because it was in a test case and my code successfuly calculates it
19:01 SopaXorzTaker https://crypto.stackexchange.com/questions/41316/complete-set-of-test-vectors-for-ecdsa-secp256k1
19:01 SopaXorzTaker (see first answer for the test case)
19:01 arubi again I ask, what does 'r, s ---> Q' mean?
19:02 arubi is Q the public key you for verifying?
19:02 arubi oh wait, I did get the same key as you did
19:02 arubi 03779DD197A5DF977ED2CF6CB31D82D43328B790DC6B3B7D4437A427BD5847DFCD is you Q, I somehow misread it
19:02 arubi okay, yes. what's the next issue? :)
19:07 SopaXorzTaker arubi, I just noted that Q can be derived from r, s as you said that it's not necessary
19:07 arubi ah alright, I'll link you to u1, u2, u1*G, u2*P in a bit
19:08 SopaXorzTaker \k
19:08 SopaXorzTaker k
19:09 arubi SopaXorzTaker, https://gist.github.com/fivepiece/2acfcf197ce28535c2e814502ca94cdf
19:16 Chris_Stewart_5 Has anyone tried to hash and verify the signature on 0.14.1 from here: https://github.com/bitcoin/bitcoin/releases
19:17 SopaXorzTaker thansk
19:17 SopaXorzTaker thanks*
19:17 Chris_Stewart_5 The hash I'm getting for v0.14.1.tar.gz is 4391db...9834
19:19 arubi trying..
19:22 arubi well I'm getting the same hash. is this supposed to be the same one as in bitcoin.org/bin/ ?
19:22 Chris_Stewart_5 the same hash as I got?
19:23 Chris_Stewart_5 I'm looking at sigs from here: bitcoin.rg/en/download
19:23 Chris_Stewart_5 and there is a link to verify release signatures
19:23 arubi right, same hash, but that one isn't in the signature file
19:24 Chris_Stewart_5 Yeah... the hash in the sig file is f21203..f9a3
19:24 Chris_Stewart_5 wumpus: ?
19:24 arubi I'm seeing 0c6920a9f3181a95ca029fdac5342b5702569ee441ec2128d19051f281683058 bitcoin-0.14.1-x86_64-linux-gnu.tar.gz
19:25 SopaXorzTaker wow, fixed
19:25 SopaXorzTaker apparently in point_multiply you don't set R to G and then multiply by scalar - 1
19:25 SopaXorzTaker instead you set R to 0
19:25 Chris_Stewart_5 Yeah, I was looking at bitcoin-0.14.1.tar.gz
19:25 arubi oh right
19:26 SopaXorzTaker and then when adding, just return the other number
19:26 Chris_Stewart_5 The hash is wrong for that tar ball as well?
19:26 arubi no it's good
19:27 arubi wait I have to re-check the first one
19:29 arubi so v0.14.1.tar.gz and bitcoin-0.14.1.tar.gz are different
19:32 arubi well yes, one from bitcoin.org is just source code and the one from github has some github specific stuff in it
19:33 arubi and bitcoin-0.14.1.tar.gz is the one signed
19:36 Chris_Stewart_5 ah, I think i was getting confused by the fact if you download from github.com the file is renamed from v0.14.1.tar.gz -> bitcoin-0.14.1.tar.gz
19:38 arubi yea actually I always assumed these were the same. I only ever check the signature for the binaries when I run them
19:39 Chris_Stewart_5 Yeah, I am setting up a new machine that is why I am going through it
19:40 arubi nice. it's worth taking the time