Keypair Creation with python-ed25519

General Discussion
#1

I can generate keypairs using the Account.py wrapper found in [url=https://github.com/NewEconomyMovement/nickel]https://github.com/NewEconomyMovement/nickel but once I try to use [url=https://github.com/NewEconomyMovement/python-ed25519]https://github.com/NewEconomyMovement/python-ed25519 no ncc/nis compatible keypair comes out.

one of the many things I tried:

from binascii import hexlify<br />import ed25519<br /><br />sk, vk = ed25519.create_keypair()<br />privateKey = sk.to_seed()<br />publicKey = vk.to_bytes()<br />hexPrivateKey = hexlify(privateKey[::-1])<br />hexPublicKey = hexlify(publicKey)<br /><br />print(hexPrivateKey)<br />print(hexPublicKey)

b'1864da7813375abb612affabfe4f10383de0d88963271e160b03b25eb094d86d'
b'e9f7baf31ea7b456fba6473ff2b90292a76b2e2ef6e9df31f9274c033a2d3ab9'


The right public key would be 28f2aa94e58bea12ee5402902c514090c6d2d8eb04824dcfc273f731efa1675c.
Probably I am doing something wrong with the reversion?
#2

Is this problem resolved or still present?
(as there was the talk with gimre on telegram)

#3

Still present. But I just figured out the python-ed25519 package uses sha512, hence sha2 instead of sha3.

Not having done C/C++ for more than 10 years, I have little hope I can fix this easily.
Gimre pointed me to [url=https://github.com/NewEconomyMovement/vanitygen-cpp/]https://github.com/NewEconomyMovement/vanitygen-cpp/ where it is done in C++, but I need a python wrapper.

#4

Shouldn't I be able to just copy the sha3 folder of vanitygen to the src folder of python-ed25519 and then rewrite the sha512-hash.c like so:

#include &quot;sha512.h&quot;<br />#include &quot;../sha3/KeccakNISTInterface.h&quot;<br /><br />typedef unsigned long long uint64;<br /><br />int crypto_hash_sha512(unsigned char *out,const unsigned char *in,unsigned long long inlen)<br />{<br />&nbsp; hashState _hctx, *hctx = &amp;_hctx;<br />&nbsp; Init(hctx, 512);<br />&nbsp; Update(hctx, in, inlen *;<br />&nbsp; Final(hctx, out);<br />&nbsp; <br />&nbsp; return 0;<br />}

(omitting the crypto_hashblocks function, which I'm not yet sure about)

Doing that I get

sha512-hash.obj : error LNK2019: unresolved external symbol _Final referenced in function _crypto_hash_sha512
sha512-hash.obj : error LNK2019: unresolved external symbol _Update referenced in function _crypto_hash_sha512
sha512-hash.obj : error LNK2019: unresolved external symbol _Init referenced in function _crypto_hash_sha512


Probably a problem with mixing c and cpp? Yeah I know, I feel like a monkey flying an airplane myself.
#5

Hi,

a) as you've noticed, we use sha3
b) there's a bug in (PYTHON) sha3 implementation, nickel repository has this bug fixed


Here's a sample line from nem-test-vectors  (newlines for clarity)

<br />: 575dbb3062267eff57c970a336ebbc8fbcfe12c5bd3ed7bc11eb0481d7704ced<br /> : 575dbb3062267eff57c970a336ebbc8fbcfe12c5bd3ed7bc11eb0481d7704ced<br /> : c5f54ba980fcbb657dbaaa42700539b207873e134d2375efeab5f1ab52f87844<br /> : NDD2CT6LQLIYQ56KIXI3ENTM6EK3D44P5JFXJ4R4<br />

so let's try to use it in python:

<br />from Account import Account<br /><br />hexPrivateKey = &#039;575dbb3062267eff57c970a336ebbc8fbcfe12c5bd3ed7bc11eb0481d7704ced&#039;<br /><br />account = Account(hexPrivateKey)<br /><br />print(&quot;private: %s&quot; % account.getHexPrivateKey())<br />print(&quot; public: %s&quot; % account.getHexPublicKey())<br />print(&quot;address: %s&quot; % account.address)<br />

output is:
<br />private: 575dbb3062267eff57c970a336ebbc8fbcfe12c5bd3ed7bc11eb0481d7704ced<br /> public: c5f54ba980fcbb657dbaaa42700539b207873e134d2375efeab5f1ab52f87844<br />address: NDD2CT6LQLIYQ56KIXI3ENTM6EK3D44P5JFXJ4R4<br />

so as you can see it matches data in test vectors…

EDIT:

or if you prefer "low-level" api:
<br />import sys<br />import ed25519<br />from binascii import hexlify, unhexlify<br /><br />sys.path.insert(0, &#039;python-sha3&#039;)<br />from python_sha3 import *<br /><br />hexPrivateKey = &#039;575dbb3062267eff57c970a336ebbc8fbcfe12c5bd3ed7bc11eb0481d7704ced&#039;<br />binPrivateKey = unhexlify(hexPrivateKey )[::-1]<br />binPublicKey = ed25519.publickey_hash_unsafe(binPrivateKey , sha3_512)<br /><br />print (hexlify(binPublicKey))<br />


EDIT 2

The name unsafe comes from the fact, that the python implementation might be prone to side-channel attack
(more specificaly timing attack, as the public key generation, does not have constant time in regard to private key),
but if it's for your own use, I wouldn't bother with that too much.

#6

I am aware of what the unsafe means and that is why I don't want to use it. While not an immediate problem, it could well become one at some later point being used in a django project.

So I'll go with the nickel way for now and revisit the issue later. Thanks everyone!

Edit:

Regarding the bug of sha3 (Python): I was using hashlib.sha3_512 after installing [url=https://pypi.python.org/pypi/pysha3/]https://pypi.python.org/pypi/pysha3/ instead of nickels python-sha3, because the latter is python 2.x (which of course I can fix, but wanted to avoid). What is this bug and would you know if it's present in pysha3, which is a wrapper around the optimized reference implementation from [url=http://keccak.noekeon.org?]http://keccak.noekeon.org?

Edit2:

Ported python-sha3 and Account.py to Python 3, so everything works now. Thanks again.

#7

I am aware of what the unsafe means and that is why I don't want to use it. While not an immediate problem, it could well become one at some later point being used in a django project.

So I'll go with the nickel way for now and revisit the issue later. Thanks everyone!

Edit:

Regarding the bug of sha3 (Python): I was using hashlib.sha3_512 after installing [url=https://pypi.python.org/pypi/pysha3/]https://pypi.python.org/pypi/pysha3/ instead of nickels python-sha3, because the latter is python 2.x (which of course I can fix, but wanted to avoid). What is this bug and would you know if it's present in pysha3, which is a wrapper around the optimized reference implementation from [url=http://keccak.noekeon.org?]http://keccak.noekeon.org?

Edit2:

Ported python-sha3 and Account.py to Python 3, so everything works now. Thanks again.


django? Someone building a webwallet ?  :o
#8

Not quite. It's somewhat more spectacular (at least in my head) and something that does not exist yet anywhere as far as I know.
Just have to get to a working rudimentary version with my rather modest programming skills before taking other people on board.

That said, if some django guru comes along who would be willing to help, I probably won't reject.

#9

Regarding the bug of sha3 (Python): I was using hashlib.sha3_512 after installing [url=https://pypi.python.org/pypi/pysha3/]https://pypi.python.org/pypi/pysha3/ instead of nickels python-sha3, because the latter is python 2.x (which of course I can fix, but wanted to avoid). What is this bug and would you know if it's present in pysha3, which is a wrapper around the optimized reference implementation from [url=http://keccak.noekeon.org?]http://keccak.noekeon.org?


We've chosen python-sha3 (and same for ed25519), not to force users to install any additional packages, and have something that works right after cloning.

Ofc, obvious price in this case is speed.

Bug was in python-sha3 implementation that we've used, (it was altering the results obviously) fix is here:
https://github.com/NewEconomyMovement/nickel/commit/9a05733e39e440fe7c3bf85518f2cba086aa5f1b

(ofc passing multiplied r,n couldn't help, as it's used in other places too)