首先,我们需要知道一点,比特币钱包里面并没有比特币。钱包是管理密钥、地址、跟踪余额和创建交易的软件。我们的比特币数据是存储在区块链上的,而不是在钱包里。
经过前面几篇文章的解读,我们知道一个私钥生成公钥,公钥生成地址,这三者是一一对应的,就是一个私钥只有一个公钥和一个地址。但是我们在往交易所充币的时候,看到交易所为我们每个人生成一个独一无二的地址。这是怎么做的呢?接下来均益就来解读比特币的钱包。
目前钱包分为两种,一种是非确定性(随机)的钱包,就是随机生成多个私钥,钱包管理这些私钥。如果需要成千上万的地址,通过随机的方式来生成私钥,这就需要存储那么多无规律的私钥,这样就很麻烦不好管理。另一种是确定性(种子)的钱包,就是通过种子可以生成无数的私钥,我们只需要记住种子就可以了。我们在使用钱包时记住的助记词可以生成种子,只要我们保管好助记词,我们的币就能找回来。那么问题来了?
First of all, we need to know that there is no bitcoin in the Bitcoin wallet. But when we go to the exchange, we see that the exchange creates a unique address for each of us. What does that do? Our bitcoin data is stored on the block chain, not in the wallet.
After reading the previous articles, we know that a private key generates a public key, a public key generation address, and these three are the corresponding keys, and there is only one public key and one address. But if we need thousands of addresses, they generate a private key by random means. This requires that each exchange creates a unique address for each of us. This is how to do.
- 种子是怎么来的?
- 种子是怎么生成无数地址的?
带着这两个问题,我们来研究一下。先上一个大概图,然后我们再一步一步来解析
With these two questions in mind, let's look at them. The last general picture, and then one step at 主要流程是这样的 Here's the main process.
& nbsp; 接下来均益一步步解析这里面的细节 The next step is a step-by-step analysis of the details 1、随机生成一个128到258位的数字,叫做熵 1, randomly generated a number of 128 to 258 words called entropy 助记词表示长度为128至256位的熵。 通过使用密钥延伸函数PBKDF2,熵被用于导出较长的(512位)种子。 The basic rationale of the 512位分成平均分成两部分,左边的256位为母私钥,右边的256位为链码。母私钥、链码和索引号,CKD(child key derivation)函数去从母密钥衍生出子密钥。如图 The 512 are divided into two parts, the 256 on the left are the parent private key, and the 256 on the right are the chain code. The parent private key, chain code and index number, the CKD function is designed to derive subkeys from the parent key. For example 母密钥、链码、索引合并在一起并且用HMAC-SHA512函数散列之后可以产生512位的散列。所得的散列可被拆分为两部分。散列右半部分的256位产出可以给子链当链码。左半部分256位散列以及索引码被加载在母私钥上来衍生子私钥。在图中,我们看到这个说明——索引集被设为0去生产母密钥的第0个子密钥(第一个通过索 引)。 The female key, chain code, index is combined and the HMAC-SHA512 function is used to produce 512 hashs. The resulting hash is divided into two parts. The 256-digit output in the right half of the hash is assigned to the chain as a chain number. The left half of the 256 hash and the index code are loaded on the parent's private key. In the graph, we see the note - the index set is set at 0 to produce the mother's key's zero key (the first is quoted via the file): 母密钥和链码结合叫做扩展密钥,拥有扩展私钥可以推导出子私钥,扩展公钥可以推导出子公钥。拥有扩展公钥就可以推导出子公钥,在服务器不需要母私钥也可以,这样就更安全更方便。但是还有一个问题,那就是扩展公钥包含有链码,如果子私钥被知道或者被泄漏的话,链码就可以被用来衍生所有的其他子私钥。简单地泄露的私钥以及一个母链码,可以暴露所有的子密钥。更糟糕的是,子私钥与母链码可以用来推断母私钥。 The parent key and chain code combination are called extension keys. The extended private key is used to extract the private key. The extended public key is used to deduce the private key. 1、前面说到索引和私钥链码可以生成子密钥,这个索引号码是32位的整数。为了区分密钥是从正常衍生函数中衍生出来还是从强化衍生函数中产出,这个索引号被分为两个范围。索引号在0和2^31–1(0x0 to 0x7FFFFFFF)之间的是只被用在常规衍生。索引号在2^31和2^32– 1(0x80000000 to 0xFFFFFFFF)之间的只被用在强化衍生。因此,索引号小于2^31就意味着子密钥是常规的,而大于或者等于2^31的子密钥就是强化型的。 The index number is divided into two domains to distinguish whether the key is derived from a normal derivative function or from an enhanced derivative function. The index number is used only as a regular derivative. The index number is used only as an enhanced derivative between 0 and 2 31–1 (0x0 to 0x7FF#F). The index number is used only as an enhanced derivative between 2:31 and 2:32–1 (0x8,000,000 to 0x). Thus, index number less than 2:31 means that the sub-key is conventional, and a sub-key greater than or equal to 2:231 is an enhanced key. 2、钱包索引识别路径 2 The wallet index path
& nbsp;
第一,随机生成128到258位的随机数,我们这里叫做熵;
第二,熵经过一定处理方法,生成助记词;
第三,助记词经过密钥延伸函数PBKDF2,生成种子;
第四,种子经过HMAC-SHA512算法,生成母密钥;
第五,通过CKD(child key derivation)函数,母密钥生成众多子密钥。
First, randomly generated random numbers of 128 to 258 places, which we call entropy;
Second, entropy is treated with a certain method to generate a credit word;
Third, letters are generated by the key extension PBKDF2 and seeds are generated;
Fourth, seeds are generated by the HMAC-SHA512 algorithm;
Fifth, the parent key is generated by the CKD (child key definition) function.
& nbsp;
2、熵通过SHA256哈希得一个值,取前面的几位(熵长/32),记为y
3、熵和y组成一个新的序列,
4、将新序列以11位为一部分,已经预先定义2048个单词的字典做对应,单词的列表像这样的 https://github.com/trezor/python-mnemonic/blob/master/mnemonic/wordlist/english.txt
5、生成的有顺序的单词组就是助记词
如图:
2, entropy by a value of SHA256 Hashid, formerly recorded as y
3, entropy and y by a new sequence,
4, with the new series as part of 11, matched by a dictionary with a predefined 2048 words, such as https://gethub.com/trezor/python-mnemonic/blob/mnemonic/mnemonic/world:english.txt
5, resulting in a sequence of words
>
PBKDF2的基本原理是通过一个伪随机函数(例如HMAC函数),把明文和一个盐值作为输入参数,然后重复进行运算,并最终产生密钥。如果重复的次数足够大,破解的成本就会变得很高。而盐值的添加也会增加“彩虹表”攻击的难度。
比特币钱包中,PBKDF2函数的第一个参数是助记词,第二个参数盐,由字符串常数“助记词”与可选的用户提供的密码字符串连接组成。使用HMAC-SHA512算法,使用2048次哈希来延伸助记符和盐参数,产生一个512位的值作为其最终输出。 这个512位的值就是种子。如图
PBKDF2 is to use a pseudo-random function (e.g. the HMAC function) to use an explicit and a salt value as input parameter, and then to repeat the key. If the number of repeats is large, the cost of decomposition will become high. The addition of salt value will also increase the difficulty of an attack by the Rainbow Watch.
![seed to the main key](http://junyiseo.com/wp-content/uploads/2018/05/hawalets.png")
为此,HD钱包使用一种叫做硬化衍生(hardened derivation)的替代衍生函数。这就“打破”了母公钥以及子链码之间的关系。这个硬化衍生函数使用了母私钥去推导子链码,而不是母公钥。这就在母/子顺序中创造了一道“防火墙”——有链码但并不能够用来推算子链码或者姊妹私钥。强化衍生函数看起来几乎与一般的衍生的子私钥相同,不同的是母私钥被用来输入散列函数中而不是母公钥。如图
HD钱包中的密钥是用“路径”命名的,且每个级别之间用斜杠(/)字符来表示(见表5-6)。由主私钥衍生出的私钥起始以“m”打头。由主公钥衍生的公钥起始以“M“打头。因此,母密钥生成的第一个子私钥是m/0。第一个公钥是M/0。第一个子密钥的子密钥就是m/0/1,以此类推。
密钥的“祖先”是从右向左读,直到你达到了衍生出的它的主密钥。举个例子,标识符m/x/y/z描述的是子密钥m/x/y的第z个子密钥。而子密钥m/x/y又是m/x的第y个子密钥。m/x又是m的第x个子密钥。
HD wallet key is named after the "path" and the slash (/) character is used between levels (see table 5-6). The private key derived from the main private key starts with "m". The public key derived from the main key starts with "m". The first private key generated by the parent key is therefore m/0. The first public key is M/0. The first key is m/0. The first subkey is m/0/1, and the first subkey is m/0/[s) is "m/[s)s", and the sub-key of "b/comtos/[wlots/) tems/ < > >cont < > scort > < < n/p" = < pp/y = < pp/y > > p/yp/ys/x[m/x[swwn/wws/wws_ < < < < < < < < < > > < > < > > < > > < > > < > < > > > < > > > > > > > > > < > > < > > > < > > < > > > < > < < < < < < < < < < < < < < < < < < < < < < < < < < < < > < < < < /bs < < < < < < < < < < < < < > > > < > > > > > > > < < < < < < < < < < < < < < < < < < < < < < < >
参考链接:
http://book.8btc.com/books/6/masterbitcoin2cn/_book/ch05.html
https://blog.csdn.net/xy010902100449/article/details/52078767
References:
http://book.8btc.com/books/6/masterbitcoin2cn/_book/ch05.html
https://blog.csdn.net/xy010902100449/article/details/52078767
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论