bip32_ed25519 0.2.1
bip32_ed25519: ^0.2.1 copied to clipboard

The Dart implementation of the BIP32-Ed25519 the deterministic key generation solution for the Ed25519 curve.

bip32-ed25519-dart #

The Dart implementation of the BIP32-Ed25519 the deterministic key generation scheme for Edward25519 curve

API Interfaces #

TBD

Key Types #

  • ED25519 (RFC 8032) Keys
    • the generated ed25519 signing key is 64-byte long and is created by the concatenation of the ED25519 seed (private key) and the generated public key.
    • the private key a.k.a seed is a 32-byte long cryptographically secure random data.
  • ED25519 Extended Keys
    • the private key is a 64-byte long cryptographically secure random data, and it can be interpreted as the SHA512 hashed and clear/set bit of an ED25519 seed or the first 32-byte (the seed part) of the ED25519 secret/private key.
    • they also can be interpreted as standalone keys, though brute-force is required for retrieving the ED25519 seed from an extended key.
    • The clears are set based on the RFC8032 specification.
    • an Extended key's left 32-byte is equivalent /w a X25519 (for EcDH) private key.
  • BIP32-ED25519 Keys
    • BIP32-ED25519 derivation requires that the 3rd bit of the 31th bytes of an ED25519 Extended key must be cleared.
    • This means that every BIP32-ED2559 signing key is valid Extended ED25519 key,
    • but half of the ED25519 Extended and therefore half of the ED25519 keys are not compatible /w BIP32-ED25519 keys.
Key IDConstructorsCommentConstraints
ed25519e_skExtendedPrivateKey.generate()All keys are valid, and will set the bits based on RFC8032N/A
ExtendedPrivateKey.fromSeed(32)All keys are valid, and will set the bits based on RFC8032check length
ExtendedPrivateKey.decode('ed25519e_sk')Will throw excpetions if the bits are not set.check length and bits
ExtendedPrivateKey(64)Will throw excpetions if the bits are not set.check length and bits
public => _public()returns /w an ed25519_pk verifying keyIt's an expensive operation and should be created when it's first referenced
sign(message)returns /w a signatureN/A
verify(sm, sig)Simply verify by it's public key.check sm messages and signature length
ed25519_pkVerifyKey(32)All keys are valid.check length
verify(sm, sig)check length(s)
verify(sm || sig)check length(s)
ed25519bip32_skExtendedBip32PrivateKey.generate()All keys are valid, and will set the bits based on Bip32-Ed25519N/A
ExtendedBip32Private.normalizeBytes(96)All keys are valid, and will set the bits based on Bip32-Ed25519check length
ExtendedBip32Private.fromVerifiedBytes(96)All keys should be valid but we cannot validate it.It's expensive to check the public key
ExtendedBip32PrivateKey.decode('ed25519bip32_sk')Will throw excpetions if the bits are not set.check length and bits
ExtendedBip32PrivateKey(96)Will throw excpetions if the bits are not set.check length and bits
ExtendedBip32Private.fromExtended(sk64, cc32)Will throw excpetions if the bits are not set.check length and bits
public => _public()Inherited from ExtendedPrivateKeyIt's an expensive operation and should be created when it's first referenced
sign(message)Inherited from ExtendedPrivateKeycheck length(s)
verify(sm, sig)Inherited from ExtendedPrivateKeycheck sm messages and signature length
verify(sm || sig)Inherited from ExtendedPrivateKeycheck length(s)
derive(index)Inherited from ExtendedPrivateKeycheck index
chainCode => ChainCode(suffix)Returns /w a chain code value objectcheck length(s)
getExtended => ExtendedPrivateKey.fromValidBytes(64)Returns and extended key as every Bip32-Ed25519 is a valid Extended Ed25519 key
ed25519bip32_pkExtendedBip32PublicKey(64)All keys are validcheck length(s)
ExtendedBip32PublicKey.fromKey(pk32, cc32)All keys are validcheck length(s)
verify(sm, sig)Inherited from VerifyKeycheck length(s)
verify(sm || sig)Inherited from VerifyKeycheck length(s)
derive(index)Inherited from VerifyKeycheck index range
chainCode => ChainCode(suffix)Returns /w a chain code value objectcheck length
getExtended => ExtendedPublicKey.fromValidBytes(prefix)Returns and extended key as every Bip32-Ed25519 is a valid Extended Ed25519 keyIt's cheap operation

Key Standardization #

KeyPairkeyverifyKeyencryptionKeypublicKeyrawKeyComment
ed25519ed25519_sked25519_pkN/AverifyKeyed25519_skThis is the 32-byte long seed
ed25519_skpked25519_pkN/AverifyKeyed25519_skrawKey is the 32-byte long seed
ed25519_pked25519_pkN/AverifyKeyed25519_pkrawKey is the key itself
Extended Ed25519ed25519_esked25519_pkx25519_skverifyKeyed25519_eskrawKey is the key itself
ed25519_pked25519_pkx25519_pkverifyKeyed25519_pkrawKey is the key itself
Bip32-Ed25519ed25519_eskcced25519_pkccx25519_skverifyKeyed25519_eskrawKey a valid extended key
ed25519_pkcced25519_pkccx25519_pkverifyKeyed25519_pkrawKeys is a valid Ed25519 signing key
X25519x25519_skN/Ax25519_pkencryptionKeyx25519_skrawKey is the key itself
x25519_pkN/Ax25519_pkencryptionKeyx25519_pkrawKey is the key itself

ED25519 Keys #

The ed25519 is an Elliptic Curve Digital Signature Algortithm using curve25519 by Dan Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang.

The key is 64-byte long and contains the the 32-byte long seed a.k.a private key that is used for generate the secret key and public key.

ED25519 Extended keys #

The 64-byte long extended keys contains either - only the 64-byte long secret key. - or the 64-byte long extended private key and the 32-byte public key similar to the normal ED25519 key whihc contains the 32-byte private key (seed) and the 32-byte long private key.

Though, pinenacl-dart's extended interface expecting a concatenated secret and public key. It's due to the assumption that the public key is already known (no scalar_base multiplication is needed for retrieveing the key)

The message signing and signature verifying is compatible /w ED25519.

BIP32-ED25519 Keys #

The 96-byte long BIP32-ED25519 keys contains a ed25519e_sk and the chain code. The message signing and signature verifying is compatible /w ED25519.

References #

Restrictions #

In Cardano blockchain, the keys are derived by the BIP32-ED25519 specification.

The BIP32-ED25519, in addition to the ED25519 (RFC 8032), needs the 3rd bit cleared of the 31th byte.

Therefore, the half of the ED25519 Extended secret keys and therefore the half of the ED25519 private keys are not compatible /w BIP32-ED25519.

To overcome of this restriction, different wallet implementation decided to generate their master node/root key differently (as BIP32-ED25519 specification only requires that bit cleared on the master node/root key as the derived keys would have that bit cleared in the derivation functions anyway).

Some of them (such as Yoroi), just clear that additional 3rd bit, while others (such as the old Daedalus) are hashing the corresponding master key until they find a compatible key, and when it's found, they set and clear the bits as specified in the RFC 8032.

Resolution #

There can be different type of resolutions. The most proper way would be: generate only a BIP32-ED25519 compatible 24-word mnemonics and therefore a 256-bit long master secret for new wallets and discard others (as it's is specified in the Bip32-Ed25519 paper). Then use that 256-bit master secret as k specified in BIP32-ED25519.

Drawback of this is that half of the already existing user's mnemonics are not compatible, therefore they need either to move to a new wallet or using some out-dated master-key generation algorithm. The other disadvantege of this is that it would impact the plausible-deniability feature, meaning by when a BIP32-ED25519 compatible 256-bit long seed is generated from a 24-word mnemonic with using an additional password/passphrase by BIP-0039, it could happen that the other seed generated from the same mnemonic, but with no or some different passhprase, would not be BIP-ED25519 compatible.

0
likes
95
pub points
45%
popularity

Publisher

Unknown

The Dart implementation of the BIP32-Ed25519 the deterministic key generation solution for the Ed25519 curve.

Repository (GitHub)
View/report issues

Documentation

API reference

License

MIT (LICENSE)

Dependencies

pinenacl

More

Packages that depend on bip32_ed25519