sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
alpalp has quit [Ping timeout: 268 seconds]
igno_peverell_ has joined #bitcoin-wizards
igno_peverell has quit [Remote host closed the connection]
trippysalmon has quit [Ping timeout: 252 seconds]
trippysalmon has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
alpalp has quit [Client Quit]
alpalp has joined #bitcoin-wizards
PRab has quit [Read error: Connection reset by peer]
Chris_Stewart_5 has quit [Ping timeout: 248 seconds]
chjj has joined #bitcoin-wizards
alpalp has quit [Ping timeout: 246 seconds]
PRab has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
alpalp has quit [Changing host]
AaronvanW has quit [Read error: Connection reset by peer]
alpalp has quit [Client Quit]
alpalp has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
alpalp has quit [Changing host]
chjj has quit [Ping timeout: 250 seconds]
chjj has joined #bitcoin-wizards
alpalp has quit [Ping timeout: 252 seconds]
rusty21 is now known as rusty
alpalp has joined #bitcoin-wizards
rusty has quit [Quit: Leaving.]
rusty2 has joined #bitcoin-wizards
rusty2 is now known as rusty
Chris_Stewart_5 has joined #bitcoin-wizards
meZee has quit [Ping timeout: 245 seconds]
aalex has quit [Read error: Connection reset by peer]
aalex has joined #bitcoin-wizards
aalex has quit [Read error: Connection reset by peer]
aalex has joined #bitcoin-wizards
alpalp has quit [Quit: Konversation terminated!]
Alopex has quit [Remote host closed the connection]
alpalp has joined #bitcoin-wizards
alpalp has quit [Client Quit]
Alopex has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
alpalp has quit [Changing host]
meZee has joined #bitcoin-wizards
aalex has quit [Ping timeout: 264 seconds]
aalex has joined #bitcoin-wizards
abpa has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
thelast9 has joined #bitcoin-wizards
chjj has quit [Quit: WeeChat 1.6]
Ylbam has quit [Quit: Connection closed for inactivity]
chjj has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 248 seconds]
alpalp has quit [Remote host closed the connection]
alpalp has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
fletom has quit [Read error: Connection reset by peer]
fletom has joined #bitcoin-wizards
d9b4bef9 has quit [Remote host closed the connection]
d9b4bef9 has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 268 seconds]
alpalp has quit [Ping timeout: 264 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 245 seconds]
igno_peverell_ has quit [Ping timeout: 245 seconds]
Giszmo has quit [Quit: Leaving.]
shesek has joined #bitcoin-wizards
abpa has joined #bitcoin-wizards
abpa has quit [Client Quit]
NewLiberty has joined #bitcoin-wizards
uiuc-slack has quit [Remote host closed the connection]
uiuc-slack has joined #bitcoin-wizards
wasi has quit [Ping timeout: 245 seconds]
wasi has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
PaulCapestany has quit [Quit: .]
PaulCapestany has joined #bitcoin-wizards
alpalp has quit [Ping timeout: 264 seconds]
PaulCapestany has quit [Quit: .]
_Iriez is now known as Iriez
PaulCapestany has joined #bitcoin-wizards
pro has quit [Quit: Leaving]
Alopex has quit [Remote host closed the connection]
rusty has quit [Ping timeout: 248 seconds]
Alopex has joined #bitcoin-wizards
legogris has quit [Remote host closed the connection]
legogris has joined #bitcoin-wizards
TheSeven has quit [Ping timeout: 258 seconds]
TheSeven has joined #bitcoin-wizards
rusty2 has joined #bitcoin-wizards
chjj has quit [Ping timeout: 248 seconds]
NewLiberty has quit [Ping timeout: 258 seconds]
cyphase has quit [Ping timeout: 250 seconds]
cyphase has joined #bitcoin-wizards
edvorg has joined #bitcoin-wizards
cyphase has quit [Ping timeout: 245 seconds]
cyphase has joined #bitcoin-wizards
chjj has joined #bitcoin-wizards
Ylbam has joined #bitcoin-wizards
arubi has quit [Remote host closed the connection]
arubi has joined #bitcoin-wizards
rusty2 has quit [Ping timeout: 265 seconds]
MoALTz has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
BashCo has quit [Remote host closed the connection]
BashCo has joined #bitcoin-wizards
arubi has quit [Remote host closed the connection]
<jonasschnelli>
Has anyone a feeling about the security of the following scheme? Goal: simple pgp-ish message encryption with secp256k1:
<jonasschnelli>
Encryption: Alice sends bob an encrypted message [e(m) = c]. Alice knows Bobs EC pubkey (k). Alice generate a new private key (P). Alice calculates a shared secret (s) with ECDH(k, P). Alice encrypted the message (m) with a sym-cipher with the key HKDF(s). Alice create a recoverable signature of the encrypted message ecdsa(c). Alice sends sig+c to Bob.
<jonasschnelli>
Decryptiom: Bob extracts Alices pub-key out of the signature (ak). Bob verifies the signatures ecverify(sig, ak). Bob calculates the sym.key HKDF(ECDH(ak, K). Bob decrypts the message.
BashCo has quit [Ping timeout: 260 seconds]
arubi has joined #bitcoin-wizards
wasi has quit [Ping timeout: 245 seconds]
paveljanik has quit [Quit: Leaving]
JackH has joined #bitcoin-wizards
BashCo has joined #bitcoin-wizards
wasi has joined #bitcoin-wizards
BashCo_ has joined #bitcoin-wizards
BashCo has quit [Ping timeout: 246 seconds]
ManfredMacx has joined #bitcoin-wizards
kallle has quit [Remote host closed the connection]
e4xit has quit [Read error: Connection reset by peer]
AaronvanW has joined #bitcoin-wizards
e4xit has joined #bitcoin-wizards
kallle has joined #bitcoin-wizards
Badger-Actual has joined #bitcoin-wizards
Uglux has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 265 seconds]
pro has joined #bitcoin-wizards
NewLiberty_ has joined #bitcoin-wizards
NewLiberty has quit [Ping timeout: 258 seconds]
cjamthagen has joined #bitcoin-wizards
kallle has quit [Remote host closed the connection]
thelast9 has quit [Read error: Connection reset by peer]
BonyM1 has quit [Ping timeout: 260 seconds]
Sosumi has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
ManfredMacx has joined #bitcoin-wizards
BonyM1 has joined #bitcoin-wizards
kallle has joined #bitcoin-wizards
<danrobinson>
jonasschnelli: Why bother verifying the signature after recovering the public key from it? And why bother using a recoverable signature to transmit the public key, rather than just sending the public key itself?
kallle has quit [Ping timeout: 250 seconds]
<danrobinson>
other than that, I think this is similar to ElGamal encryption
<waxwing>
jonasschnelli: is it much different to ECIES? ecies uses encrypt-then-mac (and ofc derives the mac from the same HKDF) but otherwise seems a similar setup?
alpalp has quit [Ping timeout: 258 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
edvorg has quit [Remote host closed the connection]
edvorg has joined #bitcoin-wizards
ManfredMacx has quit [Quit: Bye]
<jonasschnelli>
danrobinson: Why bother verifying the signature after recovering the public key from it? <-- for a MAC, sending the pubkey would consume more bytes.
<jonasschnelli>
waxwing: I'm not familiar with ECIES. I was just looking after a solution that works with the current libsecp256k1 API (ECDSA & ECDH).
<jonasschnelli>
waxwing: thanks for pointing out... will read more about ECIES.
<bsm117532>
jonasschnelli: FWIW we are building an "identity" layer on Bitcoin which relies on keys revealed in a (spent) transaction, and the ability to use a txid to indicate which keys I am using, and allow for replacement/revocation of those keys. The hard part is figuring out what key someone is using. waxwing is right, once you've figured out a key, ECIES is the "right" way to encrypt content thereafter.
BashCo_ has quit [Remote host closed the connection]
BashCo has joined #bitcoin-wizards
kallle has joined #bitcoin-wizards
BashCo has quit [Ping timeout: 246 seconds]
kallle has quit [Ping timeout: 245 seconds]
<danrobinson>
jonasschnelli: Since the pubkey was extracted from the signature and the message, won't verification always succeed?
<bsm117532>
danrobinson: yes. Well, it's still possible to create an invalid signature. But generally you need to acquire the pubkey and signature separately for "verification" to be meaningful.
Uglux has quit [Quit: Leaving]
<danrobinson>
And at any rate how would sending a pubkey consume more bytes? You could send a pubkey (33 bytes) and a MAC (32 bytes) in 65 bytes, same as a recoverable ECDSA sig, yeah?
<Taek>
maybe it would work better if it were HN-style (iirc HN is open source)
<Taek>
or rather, reddit-style I guess
<bsm117532>
Taek: I agree with some of your criticism. With a block rate that is much faster than the "size" of the network, you can have a permanent lack of consensus.
<Taek>
because, the vast majority of papers I'm guessing that most people don't care to comment on most of them
<bsm117532>
e.g. it is trivial for an attacker to ensure there is no total ordering to blocks.
<Taek>
but, with an upvote system, you can at least highlight popular papers and get good criticism on those
<bsm117532>
Taek: generally the problem is getting someone to sit down and read a paper carefully. Drive-by comments based on a shallow reading are of little value.
<bsm117532>
This is why journals choose referees and give them time to craft a thoughtful response.
anon616 has left #bitcoin-wizards [#bitcoin-wizards]
anon616 has joined #bitcoin-wizards
Aranjedeath has joined #bitcoin-wizards
thekalamar has quit [Remote host closed the connection]
se3000 has joined #bitcoin-wizards
kallle has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
kallle has quit [Ping timeout: 256 seconds]
<Taek>
What I did in that reddit comment was more or less a drive-by response
<Taek>
Maybe that is a bad thing
<stevenroose>
Are secp256k1 public key sizes fixed? It seems to be 32 or 33 bytes, is this correct?
<stevenroose>
(seems to be compressed too to be this size)
<stevenroose>
Also, I assume signature size is not fixed, correct me please if that's wrong.
<stevenroose>
Seems to be non-trivial to construct ASN.1 primitives for ECDSA with secp256k1 :p But yeah, we Bitcoin wizards don't need no ASN.1! :)
<jonasschnelli>
But you should probably use secp256k1_ecdsa_signature_serialize_der from libsecp256k1 if you can.
edvorg has quit [Ping timeout: 258 seconds]
Badger-Actual has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<stevenroose>
jonasschnelli, yeah I know how DER works, but the signature (in general ECDSA, cfr spec) is just a sequence of two integers, so not a fixed length
<stevenroose>
jonasschnelli, are the compact ones also DER-compliant, or is the compaction algorithm something secp256k1 specific?
<stevenroose>
about the pubkey, is it 33 because of DER octet string (1 length + 32 data)? or 33 excl all DER prefixes?
arubi has quit [Remote host closed the connection]
arubi has joined #bitcoin-wizards
paveljanik has joined #bitcoin-wizards
paveljanik has joined #bitcoin-wizards
paveljanik has quit [Changing host]
<jonasschnelli>
stevenroose: AFAIK compact pubkeys have nothing to do with DER...
danrobinson has quit [Ping timeout: 240 seconds]
<stevenroose>
jonasschnelli, might be true. ASN.1 specifies an ECDSA pubkey as combination of ECParameters and an ECPoint, which is encoded as an OCTET STRING, so it's just some bytes, considering the curve is implied in our case
Burrito has joined #bitcoin-wizards
<waxwing>
stevenroose: the 33rd byte (well, 1st) is not about DER, it's a parity byte for the curve point (+/- y coord) for point compression.
<stevenroose>
waxwing, aaah, ok perfect, thanks
<waxwing>
jonasschnelli: did you mean compressed pubkeys, not 'compact' pubkeys?
<waxwing>
compact sig: i don't know about it, but 64 bytes would be 32 bytes for the two r,s ; not der.
<stevenroose>
waxwing, so for uncompressed, its also 64+1
<stevenroose>
makes a lot of sense :)
<waxwing>
uncompressed pubkeys? would usually be just 64 (x, y)