Transcript for #bitcoin-dev 2017/11/20

18:05 Chris_Stewart_5 Is there any parent pub key -> child pub key test case vectors anywhere?
18:05 Chris_Stewart_5 for BIP32
18:06 arubi Chris_Stewart_5, I made my own, it's using the vectors from the bip
18:07 Chris_Stewart_5 arubi: The bip doesn't have any test vectors for parent pub -> child pub does it? Or am I missing them?
18:07 arubi it doesn't, I just produced the public path
18:07 arubi so I'm just checking the public path derivation vs the neutering of the xprv
18:10 Chris_Stewart_5 So Neuter essentially derives CExtKey -> CExtPubKey
18:10 Chris_Stewart_5 no child derivation
18:10 Chris_Stewart_5 arubi:
18:10 arubi right it's just to turn an xprv to xpub
18:10 arubi really just replace the magic and key
18:11 Chris_Stewart_5 Hmm yes, I have something wrong in my implementation. I've been trying to write a property for the relationship we talked about last week
18:11 Chris_Stewart_5 parent priv -> child priv @ i -> ext pub @ i
18:11 Chris_Stewart_5 and parent priv -> ext pub -> child pub @ i
18:12 arubi right, so the neuter function N() can be applied at any point in the path if from that point on all derivation is public
18:13 Chris_Stewart_5 what do you mean by 'all derivation is public'?
18:13 Chris_Stewart_5 you mean we haven't generated any child priv keys?
18:13 arubi what I mean, you can only go from parent xpub to child xpub if the child has a non-hardened index
18:14 Chris_Stewart_5 ah ok
18:14 arubi so in your example, both are possible if the last child has index at [0,2^32-1]
18:15 Chris_Stewart_5 isn't it 2^31?
18:15 arubi no that's the first hardened index
18:16 Chris_Stewart_5 hmm so the last child can be hardened, but no intermediate child?
18:16 arubi for a path of only public derivation, yes
19:54 asdasd_ hello
19:56 asdasd_ i need an app legit for mining bitcoin on android is it possible ?
19:57 arubi Chris_Stewart_5, "hmm so the last child can be hardened, but no intermediate child?" , I read that wrong, the last child can be hardened or not, and also any intermediate child. for public derivation of a path, all children have to be non hardened
19:59 arubi Chris_Stewart_5,
19:59 arubi xprv xpub
19:59 arubi [0, 2^31-1] yes yes
19:59 arubi [2^31, 2^32-1] yes no
19:59 arubi if you're using xprvs, you can derive whichever path. if you're using xpubs, you can only derive a path of non hardened indexes
20:44 Chris_Stewart_5 arubi: So here is the specific test case
20:44 Chris_Stewart_5
20:45 Chris_Stewart_5 Look at the 'path1' and 'path2' values
20:45 Chris_Stewart_5 That passes, but it should *not* be possible to do 'path2' derivation with a hardened index right?
20:47 arubi Chris_Stewart_5, correct
20:51 Chris_Stewart_5 arubi: Also, on the BIP32 definition there is this sentence: "In case parse256(IL) ≥ n or Ki is the point at infinity, the resulting key is invalid, and one should proceed with the next value for i."
20:52 Chris_Stewart_5 That only should happen iff i < (1 << 31) right?
20:52 Chris_Stewart_5 because once we increment i above (1<<31) it will trivially fail
20:53 arubi yes that's true, but very unlikely to be an issue right :)
20:53 Chris_Stewart_5 sure. Just making sure I am understanding the definition
20:53 arubi that's how I read it too
20:53 Chris_Stewart_5 do you know of any key/index pairs that would trigger this?
20:54 Chris_Stewart_5 so i can write a test case
20:54 Chris_Stewart_5 having the point at infinity
20:54 Chris_Stewart_5 or parse256(IL) >= n
20:55 arubi hmm
20:57 arubi no I don't think you can set something like that up
20:58 Chris_Stewart_5 well there has to be *theoretical examples* otherwise they wouldn't have put the clause there i guess
20:59 arubi you'll have to set it up so the returned value from the hmac function is either very specific in its 32 left bytes or to cancel the parent key
21:01 Chris_Stewart_5 hmm i might try asking in wizards if anyone there has a concrete example
21:02 arubi I'll be lurking :)
21:07 asdasd_ is it possible to hack bitcoin? :D
21:10 asdasd_ I mean the wallet
21:12 sturles There are lots of different bitcoin wallets. Some have been hackable, e.g. through bad RNG and address reuse.
21:13 asdasd_ and the bitcoin network?
21:13 asdasd_ is hackable?
21:14 asdasd_
21:18 Chris_Stewart_5 asdasd_: #bitcoin is probably best for answers to those
21:19 asdasd_ no man the topic says this channel.
21:19 asdasd_ "discussion about the Bitcoin network"
21:29 Chris_Stewart_5 arubi: Looks like you were right :-)
21:29 arubi :)