Tuesday, May 28, 2024

What am I doing improper in calculating youngster personal key in HD wallets and reversing again mother or father personal key?


I am attempting to know the method of making the kids’s personal key and, within the case of realizing the kids’s personal key and the left 256-bit hash consequence, the method of returning the mother or father’s personal key.

There is a little more textual content as I’ve tried to elucidate intimately precisely what I’m doing in addition to to mark all of the articles I confer with.

I will clarify what I am doing by means of an instance and hyperlink the article I am referring to.

Instance and numbers are taken from right here (code solely)

So let’s begin with that now we have the left 256-bit hash consequence (L256B) and the mother or father’s personal key (PPK):

L256B (hex): 6539ae80b3618c22f5f8cc4171d04835570bda8db11b5bf1779afae7ec7c79c3
L256B (decimal): 45785512363230816970838539051071102444734444055822171970071151407697781094851

PPK (hex): e8f32e723decf4051aefac8e2c93c9c5b214313817cdb01a1494b917c8436b35
PPK (decimal): 105366245268346348601399826821003822098691517983742654654633135381666943167285

The method of acquiring the kids’s personal secret’s based mostly on the next system in keeping with this:

children_private_key == (parent_private_key + lefthand_hash_output) % G

That’s, on the next system in keeping with this (the place parse256(IL) is the left 256-bit of the hash consequence, kpar is the mother or father’s personal key, and ki denotes the kid’s personal key):

Baby personal key system -> parse256(IL) + kpar (mod n) = ki

Additionally, in keeping with this once more an identical system:

The returned youngster key ki is parse256(IL) + kpar (mod n)

1. So my first query: is the plus (+) in all these formulation associated to a traditional plus operation like 2+2 = 4, 6+3 = 9, and so on. or is it some form of concatenation like 2+2 = 22, 6+3 =63 and so on.? I ask as a result of in this reply Michael Folkson stated it’s a concatenation…

There may be concatenation the place 256 bits positioned subsequent to a different 256 bits
makes 512 bits.

This completely confuses me.

However let’s proceed with the idea that standard addition is what now we have to do right here.

EDIT: I misinterpreted his reply. He wrote that scalar addition is used right here (as I assumed), not concatenation. My mistake.

So the very first thing we have to do is add L256B and PPK:

L256B (decimal): 45785512363230816970838539051071102444734444055822171970071151407697781094851

PPK (decimal): 105366245268346348601399826821003822098691517983742654654633135381666943167285

L256B + PPK (decimal): 151151757631577165572238365872074924543425962039564826624704286789364724262136

The subsequent factor we have to do is the modulo operation with n or G (no matter is the proper label). n is (in keeping with this):

n = 115792089237316195423570985008687907852837564279074904382605163141518161494337

So the kids’s personal key (CPK) is:

CPK = (L256B + PPK) mod n 
CPK = 151151757631577165572238365872074924543425962039564826624704286789364724262136 mod 115792089237316195423570985008687907852837564279074904382605163141518161494337

CPK (decimal): 35359668394260970148667380863387016690588397760489922242099123647846562767799
CPK (hex): 4e2cdcf2f14e802810e878cf9e6411fc4e712edf19a06bcfcc5d5572e489a3b7

That is precisely what they received in instance I’m utilizing.

All the pieces appears tremendous and proper (assuming the traditional + operation is used right here and never concatenation).

Now comes the larger drawback. Within the instance I am utilizing, they are saying you may get the mother or father’s personal key again from the kids’s personal key. Formulation taken from right here says:

Remedy for kpar -> kpar = ki - parse256(IL) (mod n)

This minus confuses me.

2. So my second query can be what does the minus imply within the system above? Regular subtraction operation or one thing else?

I ask as a result of when I attempt to return the mother or father’s personal key from the kids’s personal key, I get the improper consequence in comparison with what they get. The method I exploit is as follows:

PPK = (CPK - L256) mod n

CPK (decimal): 35359668394260970148667380863387016690588397760489922242099123647846562767799

L256B (decimal): 45785512363230816970838539051071102444734444055822171970071151407697781094851

CPK - L256B (decimal): -10425843968969846822171158187684085754146046295332249727972027759851218327052

PPK = -10425843968969846822171158187684085754146046295332249727972027759851218327052 mod 115792089237316195423570985008687907852837564279074904382605163141518161494337

PPK (decimal): -10425843968969846822171158187684085754146046295332249727972027759851218327052
PPK (hex): -170CD18DC2130BFAE5105371D36C3639089AABAE977AF021AB3DA57507F2D60C

In order you’ll be able to see, I am not getting the proper mother or father personal key:

-170CD18DC2130BFAE5105371D36C3639089AABAE977AF021AB3DA57507F2D60C != e8f32e723decf4051aefac8e2c93c9c5b214313817cdb01a1494b917c8436b35

… in contrast to those that get the proper key in their resolution.

What am I doing improper? Any assist can be appreciated.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles