Skip to content

BOLT #3: Indentation consistency in key derivation algorithms #665

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
t-bast merged 1 commit into from
Sep 5, 2019
Merged

BOLT #3: Indentation consistency in key derivation algorithms #665

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 18 additions & 18 deletions 03-transactions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -552,40 +552,40 @@ secret is stored:

# a.k.a. count trailing 0s
where_to_put_secret(I):
for B in 0 to 47:
if testbit(I) in B == 1:
return B
for B in 0 to 47:
if testbit(I) in B == 1:
return B
# I = 0, this is the seed.
return 48
return 48

A double-check, that all previous secrets derive correctly, is needed;
if this check fails, the secrets were not generated from the same seed:

insert_secret(secret, I):
B = where_to_put_secret(secret, I)
B = where_to_put_secret(secret, I)

# This tracks the index of the secret in each bucket across the traversal.
for b in 0 to B:
if derive_secret(secret, B, known[b].index) != known[b].secret:
error The secret for I is incorrect
return
for b in 0 to B:
if derive_secret(secret, B, known[b].index) != known[b].secret:
error The secret for I is incorrect
return

# Assuming this automatically extends known[] as required.
known[B].index = I
known[B].secret = secret
known[B].index = I
known[B].secret = secret

Finally, if an unknown secret at index `I` needs be derived, it must be
discovered which known secret can be used to derive it. The simplest
method is iterating over all the known secrets, and testing if each
can be used to derive the unknown secret:

derive_old_secret(I):
for b in 0 to len(secrets):
# Mask off the non-zero prefix of the index.
MASK = ~((1 << b) - 1)
if (I & MASK) == secrets[b].index:
return derive_secret(known, i, I)
error Index 'I' hasn't been received yet.
derive_old_secret(I):
for b in 0 to len(secrets):
# Mask off the non-zero prefix of the index.
MASK = ~((1 << b) - 1)
if (I & MASK) == secrets[b].index:
return derive_secret(known, i, I)
error Index 'I' hasn't been received yet.

This looks complicated, but remember that the index in entry `b` has
`b` trailing 0s; the mask and compare simply checks if the index
Expand Down