From e74b882e54a1f900982e32fba3d03e2503640cd0 Mon Sep 17 00:00:00 2001 From: Daniel Cousens Date: Wed, 17 Aug 2016 13:06:31 +1000 Subject: [PATCH] tests: improved readability for stealth address code --- test/integration/stealth.js | 77 ++++++++++++++++++++++++------------- 1 file changed, 51 insertions(+), 26 deletions(-) diff --git a/test/integration/stealth.js b/test/integration/stealth.js index e7b27ad..47a28ea 100644 --- a/test/integration/stealth.js +++ b/test/integration/stealth.js @@ -6,42 +6,67 @@ var bitcoin = require('../../') var ecurve = require('ecurve') var secp256k1 = ecurve.getCurveByName('secp256k1') +var G = secp256k1.G +var n = secp256k1.n + +// c = sha256: e * (d * G) +// cQ = (d * G) + (c * G) +function stealthSend (e, Q) { + var eQ = Q.multiply(e) // shared secret + + var c = bigi.fromBuffer(bitcoin.crypto.sha256(eQ.getEncoded())) + var cG = G.multiply(c) + + var cQ = new bitcoin.ECPair(null, Q.add(cG)) + + return cQ +} + +// c = sha256: d * (e * G) +// cQ = (d + c) * G +function stealthReceive (d, eG) { + var eQ = eG.multiply(d) // shared secret + + var c = bigi.fromBuffer(bitcoin.crypto.sha256(eQ.getEncoded())) + var cQ = new bitcoin.ECPair(d.add(c).mod(n)) + + return cQ +} describe('bitcoinjs-lib (crypto)', function () { it('can generate a single-key stealth address', function () { - var G = secp256k1.G - var n = secp256k1.n + // XXX: should be randomly generated, see next test for example + var recipient = bitcoin.ECPair.fromWIF('5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss') // private to recipient + var nonce = bitcoin.ECPair.fromWIF('KxVqB96pxbw1pokzQrZkQbLfVBjjHFfp2mFfEp8wuEyGenLFJhM9') // private to sender - function stealthSend (Q) { - var noncePair = bitcoin.ECPair.makeRandom() - var e = noncePair.d - var eQ = Q.multiply(e) // shared secret - var c = bigi.fromBuffer(bitcoin.crypto.sha256(eQ.getEncoded())) - var cG = G.multiply(c) - var Qprime = Q.add(cG) + // ... recipient reveals public key (recipient.Q) to sender + var forSender = stealthSend(nonce.d, recipient.Q) + assert.equal(forSender.getAddress(), '1CcZWwCpACJL3AxqoDbwEt4JgDFuTHUspE') + assert.throws(function () { forSender.toWIF() }, /Error: Missing private key/) - return { - shared: new bitcoin.ECPair(null, Qprime), - nonce: noncePair.Q - } - } + // ... sender reveals nonce public key (nonce.Q) to recipient + var forRecipient = stealthReceive(recipient.d, nonce.Q) + assert.equal(forRecipient.getAddress(), '1CcZWwCpACJL3AxqoDbwEt4JgDFuTHUspE') + assert.equal(forRecipient.toWIF(), 'L1yjUN3oYyCXV3LcsBrmxCNTa62bZKWCybxVJMvqjMmmfDE8yk7n') - function stealthReceive (d, P) { - var dP = P.multiply(d) // shared secret - var c = bigi.fromBuffer(bitcoin.crypto.sha256(dP.getEncoded())) - return new bitcoin.ECPair(d.add(c).mod(n)) - } + // sender and recipient, both derived same address + assert.equal(forSender.getAddress(), forRecipient.getAddress()) + }) - // receiver private key - var receiver = bitcoin.ECPair.fromWIF('5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss') + it('can generate a single-key stealth address (randomly)', function () { + var recipient = bitcoin.ECPair.makeRandom() // private to recipient + var nonce = bitcoin.ECPair.makeRandom() // private to sender - var stealthS = stealthSend(receiver.Q) // public, done by sender - // ... sender now reveals nonce to receiver + // ... recipient reveals public key (recipient.Q) to sender + var forSender = stealthSend(nonce.d, recipient.Q) + assert.throws(function () { forSender.toWIF() }, /Error: Missing private key/) - var stealthR = stealthReceive(receiver.d, stealthS.nonce) // private, done by receiver + // ... sender reveals nonce public key (nonce.Q) to recipient + var forRecipient = stealthReceive(recipient.d, nonce.Q) + assert.doesNotThrow(function () { forRecipient.toWIF() }) - // and check that we derived both sides correctly - assert.equal(stealthS.shared.getAddress(), stealthR.getAddress()) + // sender and recipient, both derived same address + assert.equal(forSender.getAddress(), forRecipient.getAddress()) }) // TODO