What am I doing flawed in calculating youngster non-public key in HD wallets and reversing again father or mother non-public key?

0
84
What am I doing flawed in calculating youngster non-public key in HD wallets and reversing again father or mother non-public key?


I am making an attempt to grasp the method of making the youngsters’s non-public key and, within the case of realizing the youngsters’s non-public key and the left 256-bit hash outcome, the method of returning the father or mother’s non-public key.

There is a little more textual content as I’ve tried to clarify intimately precisely what I’m doing in addition to to mark all of the articles I discuss with.

I will clarify what I am doing by means of an instance and hyperlink the article I am referring to.

Instance and numbers are taken from right here (code solely)

So let’s begin with that we have now the left 256-bit hash outcome (L256B) and the father or mother’s non-public key (PPK):

L256B (hex): 6539ae80b3618c22f5f8cc4171d04835570bda8db11b5bf1779afae7ec7c79c3
L256B (decimal): 45785512363230816970838539051071102444734444055822171970071151407697781094851

PPK (hex): e8f32e723decf4051aefac8e2c93c9c5b214313817cdb01a1494b917c8436b35
PPK (decimal): 105366245268346348601399826821003822098691517983742654654633135381666943167285

The method of acquiring the youngsters’s non-public secret’s primarily based on the next formulation in response to this:

children_private_key == (parent_private_key + lefthand_hash_output) % G

That’s, on the next formulation in response to this (the place parse256(IL) is the left 256-bit of the hash outcome, kpar is the father or mother’s non-public key, and ki denotes the kid’s non-public key):

Little one non-public key formulation -> parse256(IL) + kpar (mod n) = ki

Additionally, in response to this once more an identical formulation:

The returned youngster key ki is parse256(IL) + kpar (mod n)

1. So my first query: is the plus (+) in all these formulation associated to a standard plus operation like 2+2 = 4, 6+3 = 9, and so on. or is it some sort of concatenation like 2+2 = 22, 6+3 =63 and so on.? I ask as a result of in this reply Michael Folkson stated it’s a concatenation…

There may be concatenation the place 256 bits positioned subsequent to a different 256 bits
makes 512 bits.

This completely confuses me.

However let’s proceed with the belief that standard addition is what we have now to do right here.

So the very first thing we have to do is add L256B and PPK:

L256B (decimal): 45785512363230816970838539051071102444734444055822171970071151407697781094851

PPK (decimal): 105366245268346348601399826821003822098691517983742654654633135381666943167285

L256B + PPK (decimal): 151151757631577165572238365872074924543425962039564826624704286789364724262136

The subsequent factor we have to do is the modulo operation with n or G (no matter is the right label). n is (in response to this):

n = 115792089237316195423570985008687907852837564279074904382605163141518161494337

So the youngsters’s non-public key (CPK) is:

CPK = (L256B + PPK) mod n 
CPK = 151151757631577165572238365872074924543425962039564826624704286789364724262136 mod 115792089237316195423570985008687907852837564279074904382605163141518161494337

CPK (decimal): 35359668394260970148667380863387016690588397760489922242099123647846562767799
CPK (hex): 4e2cdcf2f14e802810e878cf9e6411fc4e712edf19a06bcfcc5d5572e489a3b7

That is precisely what they bought in instance I’m utilizing.

All the things appears wonderful and proper (assuming the traditional + operation is used right here and never concatenation).

Now comes the larger downside. Within the instance I am utilizing, they are saying you will get the father or mother’s non-public key again from the youngsters’s non-public key. Components taken from right here says:

Resolve for kpar -> kpar = ki - parse256(IL) (mod n)

This minus confuses me.

2. So my second query could be what does the minus imply within the formulation above? Regular subtraction operation or one thing else?

I ask as a result of when I attempt to return the father or mother’s non-public key from the youngsters’s non-public key, I get the flawed outcome in comparison with what they get. The method I exploit is as follows:

PPK = (CPK - L256) mod n

CPK (decimal): 35359668394260970148667380863387016690588397760489922242099123647846562767799

L256B (decimal): 45785512363230816970838539051071102444734444055822171970071151407697781094851

CPK - L256B (decimal): -10425843968969846822171158187684085754146046295332249727972027759851218327052

PPK = -10425843968969846822171158187684085754146046295332249727972027759851218327052 mod 115792089237316195423570985008687907852837564279074904382605163141518161494337

PPK (decimal): -10425843968969846822171158187684085754146046295332249727972027759851218327052
PPK (hex): -170CD18DC2130BFAE5105371D36C3639089AABAE977AF021AB3DA57507F2D60C

In order you’ll be able to see, I am not getting the right father or mother non-public key:

-170CD18DC2130BFAE5105371D36C3639089AABAE977AF021AB3DA57507F2D60C != e8f32e723decf4051aefac8e2c93c9c5b214313817cdb01a1494b917c8436b35

… not like those that get the right key in their resolution.

What am I doing flawed? Any assist could be appreciated.

LEAVE A REPLY

Please enter your comment!
Please enter your name here