Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BIP-85: Add language code & dice app, TPRV guidance, warn on BIP-32 divergence, grammar & clarity #1679

Merged
merged 16 commits into from
Oct 25, 2024
Merged

BIP-85: Add language code & dice app, TPRV guidance, warn on BIP-32 divergence, grammar & clarity #1679

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
274d9b9
BIP-85: Add language code, add dice app, warn on BIP-32 divergence, g…
akarve Oct 7, 2024
503d936
BIP-85: Add definite article
akarve Oct 15, 2024
c29be89
BIP-85: PR suggestions on grammar, clarity
akarve Oct 15, 2024
c5a74ff
BIP-85: Add change log
akarve Oct 15, 2024
8afbdf5
BIP-85: Proper <references />, semver reference implementations, date…
akarve Oct 20, 2024
17a5279
BIP-85: PR suggestion on range formatting
akarve Oct 21, 2024
f9b3736
BIP-85: wordsmith BIP-32 warning
akarve Oct 21, 2024
5206a35
BIP-85: PR feedback on format, language, order of text
akarve Oct 21, 2024
a645d94
BIP-85: PR grammar improvements
akarve Oct 21, 2024
819f7b7
BIP-85: Add dice app code to changelog
akarve Oct 22, 2024
34b7477
BIP-85: Grammar and clarity from PR review
akarve Oct 22, 2024
3221abe
BIP-85: Improve changelog and bump semvers accordingly; add alphanum …
akarve Oct 22, 2024
f9df9a7
BIP-85: Rectify changelog dates and contents
akarve Oct 22, 2024
f763695
BIP-85: Correct 1.3.0 semver in changelog
akarve Oct 22, 2024
294db30
BIP-85: Remove fancy warning syntax b/c GH doesn't render it, wordsmi…
akarve Oct 22, 2024
0e5f2da
BIP-85: Add and correct semvers in Reference Implementation section
akarve Oct 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.mediawiki
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -452,7 +452,7 @@ Those proposing changes should consider that ultimately consent may rest with th
| [[bip-0085.mediawiki|85]]
| Applications
| Deterministic Entropy From BIP32 Keychains
| Ethan Kosakovsky
| Ethan Kosakovsky, Aneesh Karve
| Informational
| Draft
|- style="background-color: #cfffcf"
Expand Down
67 changes: 62 additions & 5 deletions bip-0085.mediawiki
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
Layer: Applications
Title: Deterministic Entropy From BIP32 Keychains
Author: Ethan Kosakovsky <[email protected]>
Aneesh Karve <[email protected]>
Comments-Summary: No comments yet.
Comments-URI: https://github.com/bitcoin/bips/wiki/Comments:BIP-0085
Status: Draft
Expand Down Expand Up @@ -51,6 +52,9 @@ For each application that requires its own wallet, a unique private key is deriv

The HMAC-SHA512 function is specified in [http://tools.ietf.org/html/rfc4231 RFC 4231].

Application codes may be arbitrary but are preferably semantic in some way, such as a BIP number or
ASCII character code sequence.
akarve marked this conversation as resolved.
Show resolved Hide resolved

===Test vectors===

====Test case 1====
Expand Down Expand Up @@ -78,7 +82,7 @@ BIP85-DRNG-SHAKE256 is a deterministic random number generator for cryptographic
RSA key generation is an example of a function that requires orders of magnitude more than 64 bytes of random input. Further, it is not possible to precalculate the amount of random input required until the function has completed.

drng_reader = BIP85DRNG.new(bip85_entropy)
rsa_key = RSA.generate_key(4096, drng_reader.read())
rsa_key = RSA.generate_key(4096, drng_reader.read)

===Test Vectors===
INPUT:
Expand All @@ -93,7 +97,8 @@ OUTPUT

==Reference Implementation==

* Python library implementation: [https://github.com/ethankosakovsky/bip85]
* Python 3.x library implementation: [https://github.com/akarve/bipsea]
akarve marked this conversation as resolved.
Show resolved Hide resolved
* Python 2.x library implementation: [https://github.com/ethankosakovsky/bip85]
* JavaScript library implementation: [https://github.com/hoganri/bip85-js]

==Applications==
Expand Down Expand Up @@ -143,6 +148,10 @@ Language Table
|-
| Czech
| 8'
|-
| Portuguese
| 9'
|-
|}

Words Table
Expand Down Expand Up @@ -222,7 +231,11 @@ OUTPUT
===XPRV===
Application number: 32'

Taking 64 bytes of the HMAC digest, the first 32 bytes are the chain code, and second 32 bytes[1] are the private key for BIP32 XPRV value. Child number, depth, and parent fingerprint are forced to zero.
Taking 64 bytes of the HMAC digest, the first 32 bytes are the chain code, and the second 32 bytes[1] are the private key for the BIP32 XPRV value. Child number, depth, and parent fingerprint are forced to zero.
akarve marked this conversation as resolved.
Show resolved Hide resolved

{{Warning|The above ordering reverses BIP32, wherein the private key is the first 32 bytes and the chain code is the last 32 bytes.}}
akarve marked this conversation as resolved.
Show resolved Hide resolved

Applications may support Testnet by emitting TPRV keys if and only if the input root key is a Testnet key.

Path format is <code>m/83696968'/32'/{index}'</code>

Expand Down Expand Up @@ -257,7 +270,7 @@ The derivation path format is: <code>m/83696968'/707764'/{pwd_len}'/{index}'</co

`20 <= pwd_len <= 86`

[https://datatracker.ietf.org/doc/html/rfc4648 Base64] encode the all 64 bytes of entropy.
[https://datatracker.ietf.org/doc/html/rfc4648 Base64] encode all 64 bytes of entropy.
akarve marked this conversation as resolved.
Show resolved Hide resolved
Remove any spaces or new lines inserted by Base64 encoding process. Slice base64 result string
on index 0 to `pwd_len`. This slice is the password. As `pwd_len` is limited to 86, passwords will not contain padding.

Expand Down Expand Up @@ -295,7 +308,7 @@ The derivation path format is: <code>m/83696968'/707785'/{pwd_len}'/{index}'</co

`10 <= pwd_len <= 80`

Base85 encode the all 64 bytes of entropy.
Base85 encode all 64 bytes of entropy.
Remove any spaces or new lines inserted by Base64 encoding process. Slice base85 result string
on index 0 to `pwd_len`. This slice is the password. `pwd_len` is limited to 80 characters.

Expand Down Expand Up @@ -356,6 +369,39 @@ GPG capable smart-cards SHOULD be loaded as follows: The encryption slot SHOULD

However, depending on available slots on the smart-card, and preferred policy, the CERTIFY capable key MAY be flagged with CERTIFY and SIGNATURE capabilities and loaded into the SIGNATURE capable slot (for example where the smart-card has only three slots and the CERTIFY capability is required on the same card). In this case, the SIGNATURE capable sub-key would be disregarded because the CERTIFY capable key serves a dual purpose.

===DICE===

Application number: 89101'

The derivation path format is: <code>m/83696968'/89101'/{sides}'/{rolls}'/{index}'</code>

2 <= sides <= 2^32 - 1
1 <= rolls <= 2^32 - 1

Use this application to generate PIN numbers or any other numeric secret.
akarve marked this conversation as resolved.
Show resolved Hide resolved
Roll values are zero-indexed, such that an N-sided die produces values in the range
<code>[0, N-1]</code>, inclusive. Applications should separate printed rolls by a comma or similar.

Create a BIP85 DRNG whose seed is the derived entropy.

Calculate the following integers:

bits_per_roll = ceil(log_2(sides))
bytes_per_roll = ceil(bits_per_roll / 8)

Read <code>bytes_per_roll</code> bytes from the DRNG.
Trim any bits in excess of <code>bits_per_roll</code> (retain the most
significant bits). The resulting integer represents a single roll or trial.
If the trial is greater than or equal to the number of sides, skip it and
move on to the next one. Repeat as needed until all rolls are complete.

INPUT:
* MASTER BIP32 ROOT KEY: xprv9s21ZrQH143K2LBWUUQRFXhucrQqBpKdRRxNVq2zBqsx8HVqFk2uYo8kmbaLLHRdqtQpUm98uKfu3vca1LqdGhUtyoFnCNkfmXRyPXLjbKb
* PATH: m/83696968'/89101'/6'/10'/0'
OUTPUT
* DERIVED ENTROPY=5e41f8f5d5d9ac09a20b8a5797a3172b28c806aead00d27e36609e2dd116a59176a738804236586f668da8a51b90c708a4226d7f92259c69f64c51124b6f6cd2
* DERIVED ROLLS=1,0,0,2,0,1,5,5,2,4

==Backwards Compatibility==

This specification is not backwards compatible with any other existing specification.
Expand All @@ -370,6 +416,17 @@ The reason for running the derived key through HMAC-SHA512 and truncating the re

Many thanks to Peter Gray and Christopher Allen for their input, and to Peter for suggesting extra application use cases.

==Change Log==
Copy link
Contributor Author

@akarve akarve Oct 22, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jonatack i've added a real changelog so that the semvers are more... semantic. i could go deeper in terms of detail (fixes, etc.) but this seems complete enough to be useful and importantly puts this commit at semver 1.3.0.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest "Changelog" (no space), with entries ordered by most recent first (see https://keepachangelog.com/en/1.1.0/).


===1.1.0===
akarve marked this conversation as resolved.
Show resolved Hide resolved

====Added====

* Dice application
akarve marked this conversation as resolved.
Show resolved Hide resolved
* Czech language code to application 39'
* TPRV guidance for application 32'
* Warning on application 32' key and chain code ordering

==References==

BIP32, BIP39
Expand Down