Commit 1008a2a5 authored by Éloïs's avatar Éloïs
Browse files

[DEWIF] add nonce

parent c069ef33
......@@ -19,6 +19,11 @@ The purpose of this RFC is to define a standard, inter-operable and secure forma
This RFC does not define a file format, it is agnostic of the way the wallet is stored on the disk.
## conventions
* `||` means binary concanetanation.
* All string must be encoded in UTF-8 with [NFKD normalization].
## DUBP
[DUBP] only deals with public keys and signatures.
......@@ -59,9 +64,9 @@ The 4 bytes of the version field must be interpreted as an unsigned integer enco
### Version 1
| log N | Algorithm | Encrypted data |
|:---------:|:-----------:|:---------------:|
| 1 byte | 1 byte | Any bytes |
| log N | Algorithm | Nonce | Encrypted data |
|:---------:|:-----------:|:--------:|:----------------:|
| 1 byte | 1 byte | 12 bytes | Any bytes |
#### Algorithm
......@@ -73,6 +78,11 @@ The 4 bytes of the version field must be interpreted as an unsigned integer enco
*\* Future algorithms can be added to DEWIF v1.*
#### Nonce
The nonce is used to vary the encryption key (see next section).
It must be randomly generated at the creation of the DEWIF.
#### Encrypted data
**Symmetric encryption algorithm:** [XOR cipher]
......@@ -81,14 +91,14 @@ The 4 bytes of the version field must be interpreted as an unsigned integer enco
**XOR key** = scrypt of user passphrase with the following parameters:
| Parameter | Value |
|:--------------:|:-----------------------------:|
|**Password:** | passphrase |
|**Salt** | sha256("dewif" ++ passphrase) |
|**N** | `2^(log N)` |
|**r** | 16 |
|**p** | 1 |
|**dkLen** | Encrypted data length |
| Parameter | Value |
|:--------------:|:--------------------------------------------:|
|**Password:** | passphrase |
|**Salt** | sha256(`"dewif" \|\| nonce \|\| passphrase`) |
|**N** | `2^(log N)` |
|**r** | 16 |
|**p** | 1 |
|**dkLen** | Encrypted data length |
##### Algorithm Ed25519
......@@ -102,7 +112,7 @@ The public key serves as a checksum. To check that the DEWIF base64 string is no
| Parameter | Value |
|:-----------------:|:----------------------------:|
|**Log N** | 15 |
|**Log N** | 12 |
|**Algorithm** | Ed25519 |
|**Keypair seed** | 0xbfa3f6e322cf21d0e652f79a69df9498fdf5347665e5646d9041f756496a1143 |
......@@ -111,6 +121,7 @@ The public key serves as a checksum. To check that the DEWIF base64 string is no
0x100000001 #g1-test
0x0C # log N
0x00 # Algorithm Ed25519
0x013194f1286512cf094295cb # nonce
0xbfa3f6e322cf21d0e652f79a69df9498fdf5347665e5646d9041f756496a1143 # keypair seed
0x17df9d2b059cdd2825955691e3a783e6da403148ddebb1144d1a9b9e545f2371 # public key
```
......@@ -126,7 +137,7 @@ The public key serves as a checksum. To check that the DEWIF base64 string is no
DEWIF base 64 string (with xor key `"toto titi tata"`):
`AAAAARAAAAEMALUJm4gAYvodNzw/CPBV4Pckm+pv1taVmMdXpbthi9YyDSu9ioexcFO1YJpKPKATZR5IMBpeOOnZkzhTb3k2SYo=`
`AAAAARAAAAEMAAExlPEoZRLPCUKVy0iKnn1HUSFcmhwJPQETAghFDvH8ZmX59IuvR9hYV1gnVjCpU+TGOdUzyQmj3+auw3vUpFQYBiRlh67/I1xAhZM=`
##### Algorithm Bip32-Ed25519
......@@ -151,7 +162,7 @@ Mnemonic entropy is defined on [BIP39].
The entropy is stored in 32 bytes to avoid revealing the size of the stored mnemonic.
If the entropy of the mnemonic is less than 32 bytes, the extra bytes are ignored (they can have any value).
To check that the DEWIF base64 string is not corrupted, compute the hash sha256 of `Language code || Entropy length || Mnemonic entropy`. The first eight bytes of the sha256 hash constitute the checksum.
To check that the DEWIF base64 string is not corrupted, compute the hash sha256 of `Nonce || Language code || Entropy length || Mnemonic entropy`. The first eight bytes of the sha256 hash constitute the checksum.
WARNING: Only the "useful" part of the entropy is used to calculate the checksum, the extra bytes are ignored.
**Example 2:**
......@@ -167,11 +178,12 @@ WARNING: Only the "useful" part of the entropy is used to calculate the checksum
0x100000001 #g1-test
0x0F # log N
0x01 # Algorithm Bip32-Ed25519
0xc54299ae71fe2a4ecdc7d58a # nonce
0x00 # Language english
0x10 # Entropy length
0x33E46BB13A746EA41CDDE45C90846A79 # Mnemonic entropy
0x 00000000000000000000000000000000 # Mnemonic entropy padding
0xa058ad20f43a5aa2 # checksum (SHA256 of 0x001033E46BB13A746EA41CDDE45C90846A79)
0x00000000000000000000000000000000 # Mnemonic entropy padding
0x8a2bb5a0cb0acfba # checksum (SHA256 of 0xc54299ae71fe2a4ecdc7d58a || 0x00 || 0x10 || 0x33E46BB13A746EA41CDDE45C90846A79)
```
**XOR key generated from scrypt with the following parameters:**
......@@ -191,4 +203,5 @@ DEWIF base 64 string (with xor key `"toto titi tata"`):
[BIP39]: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#generating-the-mnemonic
[DUBP]: https://git.duniter.org/nodes/common/doc/blob/master/rfc/0010_Duniter_Blockchain_Protocol_V12.md
[Ed25519]: https://tools.ietf.org/html/rfc8032
[NFKD normalization]: https://unicode.org/reports/tr15/#Norm_Forms
[XOR cipher]: https://en.wikipedia.org/wiki/XOR_cipher
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment