Byron addresses have derivation indexes that are not only hardened. #1041
Assignees
Milestone
Comments
1 task
iohk-bors bot
added a commit
that referenced
this issue
Nov 15, 2019
1042: use a special 'ByronHybrid' index with range going from 0 to 2^32 r=KtorZ a=KtorZ # Issue Number <!-- Put here a reference to the issue this PR relates to and which requirements it tackles --> #1041 # Overview <!-- Detail in a few bullet points the work accomplished in this PR --> - [x] I have used a special 'ByronHybrid' index with range going from 0 to 2^32 for the address path. # Comments <!-- Additional comments or screenshots to attach if any --> :question: Should we also worry about the account path :question: <!-- Don't forget to: ✓ Self-review your changes to make sure nothing unexpected slipped through ✓ Assign yourself to the PR ✓ Assign one or several reviewer(s) ✓ Once created, link this PR to its corresponding ticket ✓ Acknowledge any changes required to the Wiki --> Co-authored-by: KtorZ <[email protected]>
iohk-bors bot
added a commit
that referenced
this issue
Nov 15, 2019
1042: use a special 'ByronHybrid' index with range going from 0 to 2^32 r=KtorZ a=KtorZ # Issue Number <!-- Put here a reference to the issue this PR relates to and which requirements it tackles --> #1041 # Overview <!-- Detail in a few bullet points the work accomplished in this PR --> - [x] I have used a special 'ByronHybrid' index with range going from 0 to 2^32 for the address path. # Comments <!-- Additional comments or screenshots to attach if any --> :question: Should we also worry about the account path :question: <!-- Don't forget to: ✓ Self-review your changes to make sure nothing unexpected slipped through ✓ Assign yourself to the PR ✓ Assign one or several reviewer(s) ✓ Once created, link this PR to its corresponding ticket ✓ Acknowledge any changes required to the Wiki --> Co-authored-by: KtorZ <[email protected]>
iohk-bors bot
added a commit
that referenced
this issue
Nov 15, 2019
1042: use a special 'ByronHybrid' index with range going from 0 to 2^32 r=KtorZ a=KtorZ # Issue Number <!-- Put here a reference to the issue this PR relates to and which requirements it tackles --> #1041 # Overview <!-- Detail in a few bullet points the work accomplished in this PR --> - [x] I have used a special 'ByronHybrid' index with range going from 0 to 2^32 for the address path. # Comments <!-- Additional comments or screenshots to attach if any --> :question: Should we also worry about the account path :question: <!-- Don't forget to: ✓ Self-review your changes to make sure nothing unexpected slipped through ✓ Assign yourself to the PR ✓ Assign one or several reviewer(s) ✓ Once created, link this PR to its corresponding ticket ✓ Acknowledge any changes required to the Wiki --> Co-authored-by: KtorZ <[email protected]>
KtorZ
added a commit
that referenced
this issue
Nov 20, 2019
… hardened indexes As a regression test for #1041
1 task
KtorZ
added a commit
that referenced
this issue
Nov 20, 2019
… hardened indexes As a regression test for #1041
|
lgtm. |
iohk-bors bot
added a commit
that referenced
this issue
Nov 21, 2019
1055: Golden test for Random discovery and addresses with non-hardened indexes r=KtorZ a=KtorZ # Issue Number <!-- Put here a reference to the issue this PR relates to and which requirements it tackles --> #1041 # Overview <!-- Detail in a few bullet points the work accomplished in this PR --> - [x] I have added an additional golden test to verify that we can correctly identify addresses that have non-hardened indexes in their derivation path. # Comments <!-- Additional comments or screenshots to attach if any --> <!-- Don't forget to: ✓ Self-review your changes to make sure nothing unexpected slipped through ✓ Assign yourself to the PR ✓ Assign one or several reviewer(s) ✓ Once created, link this PR to its corresponding ticket ✓ Assign the PR to a corresponding milestone ✓ Acknowledge any changes required to the Wiki --> Co-authored-by: KtorZ <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Context
Addresses in
Byronuses HD derivation with 3 levels: root, account and addresses.It was believed that Byron addresses indexes used only hardened derivation, i.e. they would range from
2^31=2147483648to2^32=4294967296.However, some addresses and in particular change addresses embed derivation indexes that range from outside of the hardened domain (e.g.
1594290073was found in a mainnet address).This appeared to has been fixed in
cardano-slin:released somewhere between March 2018 and June 2018. So any old wallet before these dates have been using non-hardened indexes for addresses.
Steps to Reproduce
v0in [email protected], or [email protected] or [email protected].Expected behavior
Actual behavior
Resolution Plan
Use another type of derivation index specially for Byron addresses that can go over the whole range (hardened and non hardened).
Assess whether this is also true for the account path?Confirmed by looking at old versions of Cardano, accounts indexes were used using the same buggy function and are therefore subject to the same rule. We need to reflect this in code.Curse Serokell one more time.
PR
mastermasterQA
Hard to reproduce since this occurred on old addresses that were carrying a wrong payload. Payloads are however encrypted with a passphrase derived from the root public key. Without this, we can't reliably know whether or not the fix solved issues of users.
We've however tried out with @Anviking's wallet for which the fix has been successful.
Additionally, the fixed version shipped to users has solved most user issues but a few. From those, it appears that they've been trying again using an old version of Daedalus which didn't include the fix.
Added an extra golden test in the address discovery spec for random derivation about an address which carries non-hardened derivation index. This more as a regression test to make sure that this bug isn't re-introduced in the future. (see: Golden test for Random discovery and addresses with non-hardened indexes #1055)
The text was updated successfully, but these errors were encountered: