def generate_key_derivation(public, private):
point = ed25519.scalarmult(ed25519.decodepoint(unhexlify(public)),
hex2int(private))
##multiply by 8 for security
res = ed25519.scalarmult(point, 8)
## return hex encoding of the resulting point
return hexlify(ed25519.encodepoint(res))
def private_child_key(node, i):
if not node:
return None
# unpack argument
((kLP, kRP), AP, cP) = node
assert 0 <= i < 2**32
i_bytes = i.to_bytes(4, 'little')
if i < 2**31:
# regular child
Z = Fk(b'\x02' + AP + i_bytes, cP)
c = Fk(b'\x03' + AP + i_bytes, cP)[32:]
else:
# harderned child
Z = Fk(b'\x00' + (kLP + kRP) + i_bytes, cP)
c = Fk(b'\x01' + (kLP + kRP) + i_bytes, cP)[32:]
ZL, ZR = Z[:28], Z[32:]
kLn = int.from_bytes(ZL, 'little') * 8 + int.from_bytes(kLP, 'little')
if kLn % ed25519.l == 0:
return None
kRn = (int.from_bytes(ZR, 'little') +
int.from_bytes(kRP, 'little')) % 2**256
kL = kLn.to_bytes(32, 'little')
kR = kRn.to_bytes(32, 'little')
A = ed25519.encodepoint(
ed25519.scalarmult(ed25519.B,
int.from_bytes(kL, 'little'))).encode('iso-8859-1')
return ((kL, kR), A, c)
def test_checkparams():
# Taken from checkparams.py from DJB
assert ed25519.b >= 10
assert 8 * len(ed25519.H(b"hash input")) == 2 * ed25519.b
assert pow(2, ed25519.q - 1, ed25519.q) == 1
assert ed25519.q % 4 == 1
assert pow(2, ed25519.l - 1, ed25519.l) == 1
assert ed25519.l >= 2 ** (ed25519.b - 4)
assert ed25519.l <= 2 ** (ed25519.b - 3)
assert pow(ed25519.d, (ed25519.q - 1) // 2, ed25519.q) == ed25519.q - 1
assert pow(ed25519.I, 2, ed25519.q) == ed25519.q - 1
assert ed25519.isoncurve(ed25519.B)
assert ed25519.scalarmult(ed25519.B, ed25519.l) == (0, 1)
def test_checkparams():
# Taken from checkparams.py from DJB
assert ed25519.b >= 10
assert 8 * len(ed25519.H(b"hash input")) == 2 * ed25519.b
assert pow(2, ed25519.q - 1, ed25519.q) == 1
assert ed25519.q % 4 == 1
assert pow(2, ed25519.l - 1, ed25519.l) == 1
assert ed25519.l >= 2**(ed25519.b - 4)
assert ed25519.l <= 2**(ed25519.b - 3)
assert pow(ed25519.d, (ed25519.q - 1) // 2, ed25519.q) == ed25519.q - 1
assert pow(ed25519.I, 2, ed25519.q) == ed25519.q - 1
assert ed25519.isoncurve(ed25519.B)
x, y, z, t = P = ed25519.scalarmult(ed25519.B, ed25519.l)
assert ed25519.isoncurve(P)
assert (x, y) == (0, z)
def root_key(master_secret):
k = bytearray(h512(master_secret))
kL, kR = k[:32], k[32:]
if kL[31] & 0b00100000:
return None
# clear lowest three bits of the first byte
kL[0] = clear_bit(kL[0], 0b00000111)
# clear highest bit of the last byte
kL[31] = clear_bit(kL[31], 0b10000000)
# set second highest bit of the last byte
kL[31] = set_bit(kL[31], 0b01000000)
# root public key
A = ed25519.encodepoint(
ed25519.scalarmult(ed25519.B,
int.from_bytes(kL, 'little'))).encode('iso-8859-1')
# root chain code
c = h256(b'\x01' + master_secret)
return ((kL, kR), A, c)
def scalarmult_simple(pk, num):
#returns point encoded to hex.. num is an int, not a hex
return ed25519.encodepoint(ed25519.scalarmult(
toPoint(pk), num)) #pub key is not just x coord..
def scalarmult_simple(pk, num):
#returns point encoded to hex.. num is an int, not a hex
return ed25519.encodepoint(ed25519.scalarmult(toPoint(pk), num)) #pub key is not just x coord..
def hash_to_ec(key):
scalar = hash_to_scalar(key)
## convert to point on curve by multiplying the base point by the resulting scalar
point = ed25519.scalarmultbase(scalar)
## multiply by 8 for security
return ed25519.scalarmult(point, 8)
