monero-project/monero-docs
monero-project/monero-docs
2
1
Fork 0
mirror of https://github.com/monero-project/monero-docs.git synced 2024-12-22 19:49:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Enhancements to private and public keys articles

Browse source
This commit is contained in:
Piotr Włodarek 2018-01-09 14:33:55 +01:00
parent fdc9af1ea9
commit 5ad59f45b2
7 changed files with 59 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
docs/cryptography/asymmetric/ed25519.md
View file

@ -1,26 +1,11 @@
# Ed25519 curve
!!! danger
Article author is nowhere close to being a cryptographer. Be sceptical on accuracy.
Author is nowhere close to being a cryptographer. Be sceptical on accuracy.
!!! note
This article is only about the underlying curve. Public key derivation and signing algorithm will be treated separately.
!!! note
Before we get to Monero, a little bit of context. We are talking asymmetric cryptography here.
The "asymmetric" simply means the are two keys:
* the private key (used primarily for signing data and for decrypting data)
* the public key (used primarily for signature verification and encrypting data)
This is in contrast to symmetric cryptography which uses a single (secret) key.
Historically, asymmetric cryptography was based on the problem of factorization of a very large integers
back into prime numbers (which is practically impossible for large enough integers).
Recently, asymmetric cryptography is based on a mathematical notion of elliptic curves.
Ed25519 is a specific, well researched and standardized elliptic curve.
Monero employs Ed25519 elliptic curve as a basis for its key pair generation.
However, Monero does not exactly follow EdDSA reference signature scheme.

2
docs/cryptography/asymmetric/intro.md
View file

@ -1,7 +1,7 @@
# Asymmetric cryptography used in Monero
!!! danger
Article author is nowhere close to being a cryptographer. Be sceptical on accuracy.
Author is nowhere close to being a cryptographer. Be sceptical on accuracy.
Before we get to Monero specific stuff, a little bit of context. We are talking asymmetric cryptography here.
The "asymmetric" simply means the are two keys:

36
docs/cryptography/asymmetric/private-key.md
View file

@ -1,12 +1,9 @@
# Private keys in Monero
!!! danger
Article author is nowhere close to being a cryptographer. Be sceptical on accuracy.
Author is nowhere close to being a cryptographer. Be sceptical on accuracy.
!!! warning
Article is a work in progress.
Private key is generated [randomly](/cryptography/prng).
In Monero, the root private key is generated [randomly](/cryptography/prng). Other private keys are derived deterministically from the root private key.
Private key must be kept secret.
@ -24,10 +21,31 @@ In user-facing contexts, private key is encoded in a [little-endian](https://en.
## Relation to Ed25519
Being a simple random integer, private key is not specific to any particular asymmetric cryptography scheme.
Being simply a random integer, private key is not specific to any particular asymmetric cryptography scheme.
However, before deriving Ed25519 public key, the private key is subject to modulo `l`,
where `l` is the maximum scalar allowed by [Ed25519 scheme](/cryptography/asymmetric/ed25519).
In context of Monero EC cryptography the private key is a number the base point `G` is multiplied by.
The result of the multiplication is the public key `P` (another point on the curve).
Multiplication of a point by a number has a very special definition in EC cryptography.
See this [this guide](https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/) for details.
### Key strength
Before deriving Ed25519 public key, the private key is subject to modulo `l`,
where `l` is the maximum scalar allowed by the [Ed25519 scheme](/cryptography/asymmetric/ed25519).
The `l` is on the order of 2^252, so the effective key strength is technically 252 bits, not 256 bits.
This is standard for EC cryptography and is more of a cosmetic nuance than any real concern.
This is standard for EC cryptography and is more of a cosmetic nuance than any concern.
## Private spend key
Private spend key is used to spend moneros.
More specifically, it is used to build one-time private keys which allow to spend related outputs.
## Private view key
Private view key is used to recognize your incoming transactions on the otherwise opaque blockchain.
## One-time private keys
One-time private key like construct is used in [stealth addresses](https://monero.stackexchange.com/questions/1409/constructing-a-stealth-monero-address).

7
docs/cryptography/asymmetric/public-key.md
View file

@ -1,7 +1,7 @@
# Public keys in Monero
!!! danger
Article author is nowhere close to being a cryptographer. Be sceptical on accuracy.
Author is nowhere close to being a cryptographer. Be sceptical on accuracy.
!!! warning
Article is a work in progress.
@ -36,3 +36,8 @@ However, the addition is **not** a simple vector addition. It has a very specifi
definition nicely described in [this article](https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/).
What is important is that result of addition is always a point on the curve.
For example, G + G is another point on the curve.
## Use cases
[Monero address](/public-address/standard-address) is composed of public spend key and public view key.
These keys are used to build stealth addresses to receive payments.

2
docs/index.md
View file

@ -1,4 +1,4 @@
# Unofficial Monero Documentation (1% done)
# Unofficial Monero Documentation (2% done)
Monerodocs attempts to organize basic technical knowledge on Monero in one place.

5
docs/public-address/standard-address.md
View file

@ -37,6 +37,11 @@ It totals to 69 bytes. The bytes are then encoded ([src](https://github.com/mone
`4AdUndXHHZ6cfufTMvppY6JwXNouMBzSkbLYfpAV5Usx3skxNgYeYTRj5UzqtReoS44qo9mtmXCqY45DJ852K5Jv2684Rge`
## Generating
Standard address is derived from the root private key. TODO: describe.
## Reference
* [StackExchenge answer](https://monero.stackexchange.com/questions/980/what-are-the-public-viewkeys-and-spendkeys)
* [https://xmr.llcoins.net/addresstests.html](https://xmr.llcoins.net/addresstests.html)

18
docs/public-address/subaddress.md
View file

@ -33,6 +33,10 @@ All subaddresses can be derived from the wallet seed.
Additionally, you conveniently manage your subaddresses within a single user interface.
## Wallet level feature
Subaddresses are a wallet-level feature to construct and interpret transactions. They do not affect the consensus.
## Data structure
Subaddress has a dedicated "network byte":
@ -46,6 +50,20 @@ Otherwise the data structure is the same as for [standard address](/public-addre
Each subaddress conceptually has an index (with 0 being the base standard address).
The index is not directly included in subaddress structure but is used as input to create the private spend key.
## Generating
The private key `m` related to a subaddress is derived as follows:
m = Hs(a || i)
Where:
* `Hs` is a Keccak-256 hash function interpreted as integer and modulo `l` (maximum Ed25519 scalar)
* `a` is a private view key
* `i` is a subaddress index
TODO: describe rest of the procedure.
## Caveates
* Subaddress **cannot** be used to receive transactions having multiple destinations (e.g. pool payouts). Only the standard address (the one with index == 0) can receive such transactions.