import from docs repo

satoshilabs · Feb 1, 2016 · b761513 · b761513
commit b761513
Show file tree

Hide file tree

Showing 14 changed files with 771 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -0,0 +1,21 @@
+#SatoshiLabs Improvement Proposals
+
+SatoshiLabs projects need a way how to document their technical decisions and features.
+For some of them Bitcoin Improvement Proposal (BIP) is not a right place because
+their range and implications are outside of the scope of Bitcoin and cryptocurrencies.
+
+SLIP repository is an extension to Bitcoin Improvement Proposal (BIP) process
+and contains the documents that are unsuitable for submission to BIP repository.
+
+Each SLIP should provide a concise technical specification of the feature and a rationale for the feature.
+
+| Number                    | Title                                                                 | Type          | Status   |
+|---------------------------|-----------------------------------------------------------------------|---------------|----------|
+| [SLIP-0000](slip-0000.md) | SLIP Template                                                         | Informational | Accepted |
+| [SLIP-0010](slip-0010.md) | Universal private key derivation from master private key              | Standard      | Draft    |
+| [SLIP-0011](slip-0011.md) | Symmetric encryption of key-value pairs using deterministic hierarchy | Standard      | Draft    |
+| [SLIP-0012](slip-0012.md) | Public key encryption using deterministic hierarchy                   | Standard      | Draft    |
+| [SLIP-0013](slip-0013.md) | Authentication using deterministic hierarchy                          | Standard      | Draft    |
+| [SLIP-0014](slip-0014.md) | Stress Test Deterministic Wallet                                      | Informational | Draft    |
+| [SLIP-0015](slip-0015.md) | Format for Bitcoin metadata and its encryption in HD wallets          | Standard      | Draft    |
+| [SLIP-0044](slip-0044.md) | Registered coin types for BIP-0044                                    | Standard      | Draft    |
diff --git a/slip-0000.md b/slip-0000.md
@@ -0,0 +1,28 @@
+#SLIP-0000 : SLIP Template
+
+```
+Number:  SLIP-0000
+Title:   SLIP Template
+Type:    Informational
+Status:  Accepted
+Authors: SatoshiLabs <info@satoshilabs.com>
+Created: 2014-06-06
+```
+
+##Abstract
+
+This is a section for an abstract.
+
+##Motivation
+
+This is a section for a motivation.
+
+##Body
+
+This is a section for a body. The title of the section should be changed
+and the section can be split into multiple sections and subsections.
+
+##References
+
+This is a section for references such as links to other documents (BIP or SLIP)
+or to reference implementations.
diff --git a/slip-0010.md b/slip-0010.md
@@ -0,0 +1,29 @@
+#SLIP-0010 : Universal private key derivation from master private key
+
+```
+Number:  SLIP-0010
+Title:   Universal private key derivation from master private key
+Type:    Standard
+Status:  Draft
+Authors: Pavol Rusnak <stick@satoshilabs.com>
+         Jochen Hoenicke <hoenicke@gmail.com>
+Created: 2015-12-25
+```
+
+##Abstract
+
+This is a section for an abstract.
+
+##Motivation
+
+This is a section for a motivation.
+
+##Body
+
+This is a section for a body. The title of the section should be changed
+and the section can be split into multiple sections and subsections.
+
+##References
+
+This is a section for references such as links to other documents (BIP or SLIP)
+or to reference implementations.
diff --git a/slip-0010/test.py b/slip-0010/test.py
@@ -0,0 +1,69 @@
+#!/usr/bin/env python2
+
+import binascii
+import hashlib
+import hmac
+import struct
+
+
+def int_to_string(x, pad):
+    result = ['\x00'] * pad
+    while x > 0:
+        pad -= 1
+        ordinal = x & 0xFF
+        result[pad] = (chr(ordinal))
+        x >>= 8
+    return ''.join(result)
+
+def string_to_int(s):
+    result = 0
+    for c in s:
+        if not isinstance(c, int):
+            c = ord(c)
+        result = (result << 8) + c
+    return result
+
+
+# mode 0 - compatible with BIP32 private derivation
+def derive(parent_key, parent_chaincode, i):
+    assert len(parent_key) == 32
+    assert len(parent_chaincode) == 32
+    secp256k1_n = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
+    k = parent_chaincode
+    d = '\x00' + parent_key + struct.pack('>L', i)
+    h = hmac.new(k, d, hashlib.sha512).digest()
+    key, chaincode = h[:32], h[32:]
+    key = (string_to_int(key) + string_to_int(parent_key)) % secp256k1_n
+    key = int_to_string(key, 32)
+    return (key, chaincode)
+
+# mode 1 - universal
+def derive_universal(parent_key, parent_chaincode, i, n, curveid, data):
+    assert len(parent_key) == 32
+    assert len(parent_chaincode) == 32
+    ctr = 0
+    while True:
+        k = parent_chaincode
+        d = '\x01' + parent_key + struct.pack('>L', i) + curveid + struct.pack('>L', ctr) + data
+        h = hmac.new(k, d, hashlib.sha512).digest()
+        key, chaincode = h[:32], h[32:]
+        if string_to_int(key) >= n:
+            ctr += 1
+        else:
+            return (key, chaincode)
+
+
+master_key = binascii.unhexlify('e8f32e723decf4051aefac8e2c93c9c5b214313817cdb01a1494b917c8436b35')
+master_chaincode = binascii.unhexlify('873dff81c02f525623fd1fe5167eac3a55a049de3d314bb42ee227ffed37d508')
+
+
+k, c = derive(master_key, master_chaincode, 0x80000000 + 44)
+assert binascii.hexlify(k) == '8a8e34c835bceec0213d542623158811d5686d931d51efbf8e3ea8f62edc703f'
+assert binascii.hexlify(c) == '4681a20841656292a6f6fda184811ace2c5fa67de53c47eb9d0cc557bae2dea4'
+print 'ok'
+
+
+k, c = derive_universal(master_key, master_chaincode, 1337, n=(2**255 - 19), curveid='ed25519', data='https://www.example.com')
+assert binascii.hexlify(k) == '51e7ccf5c5fd11301926ccdf195f6c02b2696a2b9e5a95a930f7e527654b5d03'
+assert binascii.hexlify(c) == 'b45f2b67f218223833f5607d1a26b030e6a1ebc7fdd7b3bc9481e1d78ee2c728'
+print 'ok'
diff --git a/slip-0011.md b/slip-0011.md
@@ -0,0 +1,29 @@
+#SLIP-0011 : Symmetric encryption of key-value pairs using deterministic hierarchy
+
+```
+Number:  SLIP-0011
+Title:   Symmetric encryption of key-value pairs using deterministic hierarchy
+Type:    Standard
+Status:  Draft
+Authors: Pavol Rusnak <stick@satoshilabs.com>
+         Marek Palatinus <slush@satoshilabs.com>
+Created: 2014-06-12
+```
+
+##Abstract
+
+This is a section for an abstract.
+
+##Motivation
+
+This is a section for a motivation.
+
+##Body
+
+This is a section for a body. The title of the section should be changed
+and the section can be split into multiple sections and subsections.
+
+##References
+
+This is a section for references such as links to other documents (BIP or SLIP)
+or to reference implementations.
diff --git a/slip-0012.md b/slip-0012.md
@@ -0,0 +1,29 @@
+#SLIP-0012 : Public key encryption using deterministic hierarchy
+
+```
+Number:  SLIP-0012
+Title:   Public key encryption using deterministic hierarchy
+Type:    Standard
+Status:  Draft
+Authors: Pavol Rusnak <stick@satoshilabs.com>
+         Marek Palatinus <slush@satoshilabs.com>
+Created: 2014-06-12
+```
+
+##Abstract
+
+This is a section for an abstract.
+
+##Motivation
+
+This is a section for a motivation.
+
+##Body
+
+This is a section for a body. The title of the section should be changed
+and the section can be split into multiple sections and subsections.
+
+##References
+
+This is a section for references such as links to other documents (BIP or SLIP)
+or to reference implementations.
diff --git a/slip-0013.md b/slip-0013.md
@@ -0,0 +1,81 @@
+#SLIP-0013 : Authentication using deterministic hierarchy
+
+```
+Number:  SLIP-0013
+Title:   Authentication using deterministic hierarchy
+Type:    Standard
+Status:  Draft
+Authors: Pavol Rusnak <stick@satoshilabs.com>
+Created: 2015-03-12
+```
+
+##Abstract
+
+This document describes a method that is used for authenticating
+to various services such as websites or remote shells using a determinstic
+hierarchy.
+
+##Motivation
+
+Using Deterministic Hierarchy for authenticating into systems is ideal,
+because the same concepts of easy backup that relate to backing up
+deterministic wallets can be applied to backing up user identities.
+
+##Service Identity
+
+Let's introduce the service identity. It consists of two elements:
+
+a) RFC 3986 URI `proto://[user@]host[:port][/path]`
+
+Examples:
+
+- https://example.com
+- ftp://public@example.com/pub
+- ssh://root@example.com:2222
+
+b) index (32-bit unsigned integer)
+
+The index is used so one can generate more keys corresponding to the same URI.
+
+##HD Structure
+
+1. Let's concatenate the little endian representation of index with the URI.
+
+2. Compute the SHA256 hash of the result.
+
+3. Let's take first 128 bits of the hash and split it into four 32-bit numbers A, B, C, D.
+
+4. Set highest bits of numbers A, B, C, D to 1.
+
+5. Derive the HD node m/13'/A'/B'/C'/D' according to BIP32.
+
+##Challenge - Response
+
+Service issues the challenge consisting of three parts:
+
+a) service identity described above (e.g. https://example.com 0)
+
+b) hidden challenge
+   - random bytes sequence of maximum length 64
+   - this won't be shown to the user
+
+c) visual challenge
+   - arbitrary string of text of maximum length 64
+   - this will be shown to the user and we recommend using timestamp in `YYYY-MM-DD HH:MM:SS` format or similar
+
+Signer takes this data and computes the private key according to section HD Structure.
+Then it concatenates sha256 hashes of challenge hidden and challenge visual and
+signs the result using the standard Bitcoin message signing.
+Finally, the signature is returned together with the node public key and node address.
+
+It's up to service operator to take this message and react in three possible ways:
+
+1. signature is invalid or not present -> show error to user
+2. signature is valid, address/public key seen for the first time -> create user account
+3. signature is valid, address/public key known -> login to user account
+
+##References
+
+- [BIP-0032: Hierarchical Deterministic Wallets](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki)
+- [BIP-0043: Purpose Field for Deterministic Wallets](https://github.com/bitcoin/bips/blob/master/bip-0043.mediawiki)
+- [RFC 3986: Uniform Resource Identifier (URI): Generic Syntax](https://tools.ietf.org/html/rfc3986)
diff --git a/slip-0014.md b/slip-0014.md
@@ -0,0 +1,69 @@
+#SLIP-0014 : Stress Test Deterministic Wallet
+
+```
+Number:  SLIP-0014
+Title:   Stress Test Deterministic Wallet
+Type:    Informational
+Status:  Draft
+Authors: Pavol Rusnak <stick@satoshilabs.com>
+Created: 2015-01-12
+```
+
+##Abstract
+
+SLIP-0014 describes a stress test deterministic wallet, which can be used
+to test various cornercases that such wallet can encounter.
+
+##Motivation
+
+During the development of myTREZOR deterministic wallet we realized there
+are quite a lot of different types of transactions in the network. In order
+to simplify testing of transaction history we came up with the idea to create
+a special xpub that will contain these various types of transactions.
+
+##xpubs, xprvs, mnemonics, etc.
+
+```
+mnemonic: all all all all all all all all all all all all
+
+m/0/i account:
+xprv9xj9UhHNKHr6kJKJBVj82ZxFrbfhczBDUHyVj7kHGAiZqAeUenz2JhrphnMMYVKcWcVPFJESngtKsVa4FYEvFfWUTtZThCoZdwDeS9qQnqm
+xpub6BiVtCpG9fQPxnPmHXG8PhtzQdWC2Su4qWu6XW9tpWFYhxydCLJGrWBJZ5H6qTAHdPQ7pQhtpjiYZVZARo14qHiay2fvrX996oEP42u8wZy
+
+m/i account:
+xprvA1xn6h6qAwinYq5P37sJsEY39ntjzDpueQPAX9dBQcU81dqZrfBJBVMVuyqnVrMRViPxriZkdLd2vTtpnJaoaomJ67JBk3G1xMagp89w2XX
+xpub6Ex8WCdj1KH5mK9r99QKENUmhpjEPgYm1dJmKY2nxx16tSAiQCVYjHfymFdzfpYDAHGtWYTif7WkUKLMULRJFPeV1hvEbeXqrM11K85yPjp
+```
+
+[link to blockchain.info](https://blockchain.info/xpub/xpub6BiVtCpG9fQPxnPmHXG8PhtzQdWC2Su4qWu6XW9tpWFYhxydCLJGrWBJZ5H6qTAHdPQ7pQhtpjiYZVZARo14qHiay2fvrX996oEP42u8wZy)
+
+##Addresses
+
+index | address                            | private key
+------|------------------------------------|-----------------------------------------------------
+   0  | 1JAd7XCBzGudGpJQSDSfpmJhiygtLQWaGL | L1KjqxZkUwdXaKNL15F2jJZVZpgi2HkHPHGyqTrQNNegyZez3A7Z
+   1  | 1GWFxtwWmNVqotUPXLcKVL2mUKpshuJYo  | KyBcuurcaJw6NqnZsmtpDqjbsS67PTXEZAK9QyFEDsyYjmNJJozj
+   2  | 1Eni8JFS4yA2wJkicc3yx3QzCNzopLybCM | L3yYwqub7bYq6qKkPf9UAE7uuZYV8adAHvEaceXY9fKX8G7FDCoZ
+   3  | 124dT55Jqpj9AKTyJnTX6G8RkUs7ReTzun | L2SNnZeTNHwgr9mayyHLZxmpyQN4SNbrxjBf9Rwq5Fvu2wwTm476
+   4  | 15T9DSqc6wjkPxcr2MNVSzF9JAePdvS3n1 | L4jzKXRhQXesPeUSUNi7EMHAEBFzwJuAkZsNi5tja9rLxgGajwPv
+   5  | 1GA9u9TfCG7SWmKCveBumdA1TZpfom6ZdJ | L1N67rzEMn6fqvhkFeDnt11LMxYdGZtGQgdYVuASNpmQRawgbJEN
+   6  | 1PogPE3bXc84abzEuM2rJEZf2vCbCEZzXz | L3Y5pgT2ewKqdqh6kcGDQ7YHFoW5Vh4xErrPqb4Yjb5re9QYZw7D
+   7  | 176U2WABbj4h5PCrxE963wmxzXd2Mw6bP4 | L2RpVajejxusxUXqLHTFJAyp1nzJnT2xuJpfm7Uah4GGUHz7XD58
+   8  | 1HRZDR7CmLnq59w6mtzNa7SHtVWPSxdgKA | Kx8nBDjAkXkykD62AF8XjP8W5Z4a79iZC8Z7axyDWXsZTcn5agzM
+   9  | 1MPdvYLzcekvEzAB7DmiHa1oU8Foh4KUw8 | L1xWyxmCkjsB2Z9wnjoZ5TGabeg8KbpZt1PjgVsKA9pn3L7JCiTs
+
+##Transactions
+
+  # |  block | transaction id                                                   | description
+----|--------|------------------------------------------------------------------|---------------------------------
+  1 | 338841 | 350eebc1012ce2339b71b5fca317a0d174abc3a633684bc65a71845deb596539 | regular incoming transaction
+  2 | 338841 | 1869cdbb3a86ab8b71a3e4a0d11135926b18f62bc0ebeb8e8a56635135616f00 | regular outgoing transaction
+  3 | 341049 | 485579924ce684df7aa7a9861abb4b2858a8d917aa1df94bf3a234368a250516 | coinbase transaction
+  4 | 341650 | a831a97917a3ae58a3c0cd700ed7ef08529b8218d3f71ed16152c7898c3d909e | regular outgoing transaction
+  5 | 342246 | f54fae106758ffa17822b0f959f267eb9514b2fd7e15b89a98dad6e319e2af0c | sent to myself (in same account)
+
+##References
+
+- [BIP-0032: Hierarchical Deterministic Wallets](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki)
+- [BIP-0039: Mnemonic code for generating deterministic keys](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki)
+- [BIP-0044: Multi-Account Hierarchy for Deterministic Wallets](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki)