Python reference to auditably generate shares #59
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Pseudo code outline of major early generation stages
Update lib.py
has no function
BenWestgate
changed the title
BenWestgate
changed the title
BenWestgate
changed the title
Generate shares gets entropy from a provided master xprv, or derives that master xprv from a provided codex32 secret in existing string list. Shuffle uses chacha20 and 1 byte samples. Generate shares always produces shares first. Default identifier is bip32 fingerprint in bech32. PEP8 Docstrings added for all my functions
|
@apoelstra @roconnor-blockstream this auditable electronic share generation design is ready for review. |
It did nothing since the line prior checks that all data portion is in CHARSET and immediately returns None if not.
BenWestgate
changed the title
forgot to assign relabeled strings to existing_codex32_strings.
info was being passed as a string but needed to be bytes. tmp_id is a better name than new_id, relabel new shares (there is never relabeling if existing shares were passed)
|
@BenWestgate heads up that I am probably going to be unavailable for the coming week. I had a baby last Sunday and I've been taking some time off :). |
|
I heard on one of your interviews! Enjoy your new family member.
…On Sun, Sep 3, 2023 at 13:46, Andrew Poelstra ***@***.***(mailto:On Sun, Sep 3, 2023 at 13:46, Andrew Poelstra <<a href=)> wrote:
***@***.***(https://github.com/BenWestgate) heads up that I am probably going to be unavailable for the coming week. I had a baby last Sunday and I've been taking some time off :).
—
Reply to this email directly, [view it on GitHub](#59 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/ARQZ6F5LCXRL2WSPU5SIXLTXYTGBHANCNFSM6AAAAAA3QVVCPE).
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
added docstrings for kdf_share() a Bails codex32 enabled feature.
Deleteing these so all new code from the BIP in line reference is in a new diff for review.
Now they should all be reviewable in one diff.
…h, closest of 48 or 74
|
Due to the messy diff and lack of review. I'm going to close this PR and I will make a new one that attempts to close #64 and #57. I'll also write a draft update to docs/wallets.md for codex32 backup generation at the same time. |
|
Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Work-in-Progress attempts to close #57 and its summary #64. I can review the whole thread before finalizing to be sure we didn't miss anything in this reference.
Tasklist:
Implement secure shuffle for index selection.
Add padding bits ECC.
Generate payloads from user and app entropy.
Convert BIP32 fingerprint to bech32 for default identifiers.
Allow identifier customization.
Generate shares for fresh master seeds.
Generate shares for existing master seeds.
Generate shares for sub-threshold codex32 sets.
Derive shares for complete threshold codex32 sets.
Use 8-bit samples for shuffler tags.
Input custom identifier, k and n to key derivation.
Set default identifier at master seed generation.
Create standardized "entropy header" with fixed fields (length, k, id) to avoid ambiguity.
Use entropy header in PBKDF and HMAC inputs.
Encrypt bech32 fingerprints with unique_string for reshare idents.
Use hardware manufacturer + S/N or install date to set initial re-share counter value with hash.
Generate unique_token by monotonic counter incrementing from initial re-share value.
Consider using unique_token LSB as padding over ECC to reduce ident reuse.
Regenerate shares for existing master seeds.
Regenerate shares for partial codex32 sets.
Provide comprehensive documentation.
The following tasks require review first:
Draft Proposal for Electronic Implementations:
The new file begins with a python reference for importing and decoding codex32 backups, followed by functions useful for generating new backups.
Shuffle Functions:
Two shuffle functions are provided as candidates. One utilizes a custom hmac-sha256 construction, while the other employs ChaCha20. Both methods sample their keystream for unique bytes and then perform sorting.
Key Derivation:
Pay special attention to the salts, info, message and whether all of the info in them is public enough, complete, unique as possible, inputs are "parsible" and in a logical arrangement, 64-bits entropy if possible etc.
For HMAC:
Ensure keys are strong and a fixed length <= block size of hash. That message, which may be of any length, is less private than the key.