def generate_key_derivation(public, private): point = ed25519.scalarmult(ed25519.decodepoint(unhexlify(public)), hex2int(private)) ##multiply by 8 for security res = ed25519.scalarmult(point, 8) ## return hex encoding of the resulting point return hexlify(ed25519.encodepoint(res))
def private_child_key(node, i): if not node: return None # unpack argument ((kLP, kRP), AP, cP) = node assert 0 <= i < 2**32 i_bytes = i.to_bytes(4, 'little') if i < 2**31: # regular child Z = Fk(b'\x02' + AP + i_bytes, cP) c = Fk(b'\x03' + AP + i_bytes, cP)[32:] else: # harderned child Z = Fk(b'\x00' + (kLP + kRP) + i_bytes, cP) c = Fk(b'\x01' + (kLP + kRP) + i_bytes, cP)[32:] ZL, ZR = Z[:28], Z[32:] kLn = int.from_bytes(ZL, 'little') * 8 + int.from_bytes(kLP, 'little') if kLn % ed25519.l == 0: return None kRn = (int.from_bytes(ZR, 'little') + int.from_bytes(kRP, 'little')) % 2**256 kL = kLn.to_bytes(32, 'little') kR = kRn.to_bytes(32, 'little') A = ed25519.encodepoint( ed25519.scalarmult(ed25519.B, int.from_bytes(kL, 'little'))).encode('iso-8859-1') return ((kL, kR), A, c)
def test_checkparams(): # Taken from checkparams.py from DJB assert ed25519.b >= 10 assert 8 * len(ed25519.H(b"hash input")) == 2 * ed25519.b assert pow(2, ed25519.q - 1, ed25519.q) == 1 assert ed25519.q % 4 == 1 assert pow(2, ed25519.l - 1, ed25519.l) == 1 assert ed25519.l >= 2 ** (ed25519.b - 4) assert ed25519.l <= 2 ** (ed25519.b - 3) assert pow(ed25519.d, (ed25519.q - 1) // 2, ed25519.q) == ed25519.q - 1 assert pow(ed25519.I, 2, ed25519.q) == ed25519.q - 1 assert ed25519.isoncurve(ed25519.B) assert ed25519.scalarmult(ed25519.B, ed25519.l) == (0, 1)
def test_checkparams(): # Taken from checkparams.py from DJB assert ed25519.b >= 10 assert 8 * len(ed25519.H(b"hash input")) == 2 * ed25519.b assert pow(2, ed25519.q - 1, ed25519.q) == 1 assert ed25519.q % 4 == 1 assert pow(2, ed25519.l - 1, ed25519.l) == 1 assert ed25519.l >= 2**(ed25519.b - 4) assert ed25519.l <= 2**(ed25519.b - 3) assert pow(ed25519.d, (ed25519.q - 1) // 2, ed25519.q) == ed25519.q - 1 assert pow(ed25519.I, 2, ed25519.q) == ed25519.q - 1 assert ed25519.isoncurve(ed25519.B) x, y, z, t = P = ed25519.scalarmult(ed25519.B, ed25519.l) assert ed25519.isoncurve(P) assert (x, y) == (0, z)
def root_key(master_secret): k = bytearray(h512(master_secret)) kL, kR = k[:32], k[32:] if kL[31] & 0b00100000: return None # clear lowest three bits of the first byte kL[0] = clear_bit(kL[0], 0b00000111) # clear highest bit of the last byte kL[31] = clear_bit(kL[31], 0b10000000) # set second highest bit of the last byte kL[31] = set_bit(kL[31], 0b01000000) # root public key A = ed25519.encodepoint( ed25519.scalarmult(ed25519.B, int.from_bytes(kL, 'little'))).encode('iso-8859-1') # root chain code c = h256(b'\x01' + master_secret) return ((kL, kR), A, c)
def scalarmult_simple(pk, num): #returns point encoded to hex.. num is an int, not a hex return ed25519.encodepoint(ed25519.scalarmult( toPoint(pk), num)) #pub key is not just x coord..
def scalarmult_simple(pk, num): #returns point encoded to hex.. num is an int, not a hex return ed25519.encodepoint(ed25519.scalarmult(toPoint(pk), num)) #pub key is not just x coord..
def hash_to_ec(key): scalar = hash_to_scalar(key) ## convert to point on curve by multiplying the base point by the resulting scalar point = ed25519.scalarmultbase(scalar) ## multiply by 8 for security return ed25519.scalarmult(point, 8)