Comments (6)
I think the best way to move forward would be to create deriveUnsafe
, which would follow the cross-library-compatible behavior.
from scure-bip32.
You have invalid index, obviously.
The specification clearly says indexes over 2^31-1 are banned. Your numbers are bigger than that.
Bip32 package does not implement spec correctly. They could change their behavior later and your code would stop running.
from scure-bip32.
From BIP32 spec:
Each extended key has 2^31 normal child keys, and 2^31 hardened child keys. Each of these child keys has an index. The normal child keys use indices 0 through 2^31-1. The hardened child keys use indices 2^31 through 2^32-1. To ease notation for hardened key indices, a number iH represents i+2^31.
Also, the path syntax is only remotely mentioned here, the convention of whether to use m
or M
for the root, whether m
should be used when trying to derive from a non-root state, whether '
or H
or h
should be used, whether they are optional etc. are noticeably not specified in BIP32.
This is not an issue of spec, but rather, an issue of interpretation of "what is the norm among other implementations?" since the syntax is not specified.
That said, I don't care either way, but changing our interpretation from m/2147483648 and m/0' are parsed to mean the exact same thing.
into m/2147483648 throws an error because it is not within 0 <= N <= 2^31-1
is a breaking change, so I would need to see whether a majority of implementations in other languages etc. parse in that way.
If it is the case that m/2147483648
is an Error and not a hardened derive in a large majority of BIP32 implementations across languages, I would be willing to change to match.
from scure-bip32.
If the spec had said "a string path representation of i+2^31 MUST be represented as iH"
then it would be spec... but also it would mean i'
(apostrophe style hardened notation) would be non-spec.
There have been instances of BIPs being modified to match convention when ambiguous in the past, so maybe this could be proposed as a clarification modification to BIP32.
@Dolu89 @paulmillr Thanks for bringing this up. Please let me know if either of you want to move forward with proposing a change to BIP32, or if anyone wants to take the time to look up the behavior of other libraries.
from scure-bip32.
pathSuffix.join('/')
Can also be changed to
Array.from(pathSuffix).map(n => n & 2**31 ? `${n & 2**31-1}'` : `${n}`).join('/')
Which should work with either implementation.
Edit: Also this, which circumvents the string parsing entirely.
[138+2**31].concat(Array.from(pathSuffix)).reduce((hd, idx) => hd.deriveChild(idx), root);
from scure-bip32.
sigh another disadvantage of bip32 specification. It's too complex: some different solution could achieve similar functionality in a radically simplified fashion.
Adjusting scure's behavior to match other libraries can be beneficial in this case. Keeping the current behavior as-is could also be fine, since it asks users to be precise; also keeping it as-is makes audit results more relevant than if we change it.
from scure-bip32.
Related Issues (9)
- Add engines.node field to package.json
- hdkey does not expose a method to get the uncompressed public key HOT 7
- Update `@noble/curves` and `@noble/hashes` deps HOT 1
- Possible discrepancy with the cryptocoinjs hdkey lib HOT 4
- Support for ed25519 and NIST P-256 as per SLIP-10 HOT 1
- Add a package.lock. HOT 1
- Type check issue HOT 4
- HARDENED_OFFSET is not a static property of HDKey
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scure-bip32.