[Bitcoin-development] Stealth Addresses

Jeremy Spilman jeremy at taplink.co
Tue Jan 14 22:34:01 UTC 2014


On Tue, 14 Jan 2014 13:51:06 -0800, Adam Back <adam at cypherspace.org> wrote:
> I saw in the math version you had said Q'=Q+H(S) and I presumed it was a
> typo, but your code says the same thing.  I presume you meant Q'=Q+H(S)*G
> and therefore that Util.SingleSHA256() multiplies by G internally?
>
> Adam
>

Thanks for reviewing this. The relevant line:

    byte[] q1New = EC.PointAdd(Q1, Util.SingleSHA256(S1));

SingleSHA256 is a single application of SHA256 -- named so since 'SHA256'  
functions in many Bitcoin libraries too often actually run DoubleSHA256.  
32 bytes are returned.

The multiplication by 'G' that you mention is part of my EC.PointAdd...

I should probably just publish all my code as MIT and be done with it ;-)

Thanks,
Jeremy


public static byte[] PointAdd(byte[] point, byte[] scalar, bool compressed  
= true)
{
     var point1 = new OpenSSL.Crypto.EC.Point(EcGroup, point);

     var num = OpenSSL.Core.BigNumber.FromArray(scalar);
     var point2 = OpenSSL.Crypto.EC.Point.Multiply(EcGroup, num,  
EcBnContext);

     var result = point1.Add(point2, EcBnContext);

     if (compressed)
         return result.GetBytes(ConversionForm.Compressed);
     else
         return result.GetBytes(ConversionForm.Uncompressed);
}









More information about the bitcoin-dev mailing list