From: Thomas Voegtlin <thomasv1@gmx•de>
To: bitcoin-development@lists•sourceforge.net
Subject: Re: [Bitcoin-development] Proposal to replace BIP0039
Date: Sat, 02 Nov 2013 10:44:58 +0100 [thread overview]
Message-ID: <5274C99A.8060304@gmx.de> (raw)
In-Reply-To: <CAJna-Hj+q7oyTj8SWiVESPt5Web-mLuDhv7yA8zF5wRD81aBXA@mail.gmail.com>
> To be specific, we (in cooperation with / inspired by Timo Hanke)
> developed method how to prove that the seed generated by Trezor has
> been created using combination of computer-provided entropy and
> device-provided entropy, without leaking full private information to
> other computer, just because we want Trezor to be blackbox-testable
> and fully deterministic (seed generation is currently the only
> operation which uses any source of RNG).
>
Thanks for the explanation. Here is how I understand how it works,
please correct me if I'm wrong:
The user's computer picks a random number a, the Trezor picks a random
number b.
Trezor adds a and b in the secp256k1 group, and this creates a master
private key k.
Trezor sends the corresponding master public key K to the computer.
Thus, the computer can check that K was derived from a, without knowing b.
This also allows the computer to check that any bitcoin address derived
from K is derived from a, without leaking b. (and reciprocally)
However, it seems to me that this property will work only with bip32
public derivations; if a private derivation is used, don't you need to
know k?
next prev parent reply other threads:[~2013-11-02 9:45 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-24 17:29 thomasV1
2013-10-24 18:09 ` slush
2013-10-25 9:27 ` Thomas Voegtlin
2013-10-24 18:54 ` slush
2013-10-26 15:24 ` Thomas Voegtlin
2013-10-26 20:47 ` slush
2013-10-26 21:30 ` Pieter Wuille
2013-10-31 9:13 ` Thomas Voegtlin
2013-10-31 10:41 ` slush
2013-10-31 11:07 ` Peter Todd
2013-11-02 9:44 ` Thomas Voegtlin [this message]
2013-11-03 6:41 ` Timo Hanke
2013-11-03 7:03 ` Thomas Voegtlin
2013-11-03 7:40 ` Timo Hanke
2013-11-03 8:39 ` Thomas Voegtlin
2013-11-04 15:10 ` Timo Hanke
2013-11-16 23:41 ` Pavol Rusnak
2013-11-16 23:49 ` Pavol Rusnak
2013-11-17 0:42 ` Timo Hanke
2013-11-17 0:49 ` Pavol Rusnak
2013-10-31 11:11 ` slush
2013-10-31 11:18 ` slush
2013-11-02 10:10 ` Thomas Voegtlin
2013-10-24 21:55 ` Luke-Jr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5274C99A.8060304@gmx.de \
--to=thomasv1@gmx$(echo .)de \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox