Olivia
Online
Sebastien Guillemot
@SebastienGllmt
CTO @midnightfdn.
Current focus: ZK (lattice,folding,Starstream), consume apps and chain abstraction. drep1kyppjlhz4lawh4g0ewx2d8a5l20t4yclfnppnuvdkmt7vccg836
東京 - Tokyo, Japan
Joined March 2011
3.6K Following
43.9K Followers
7.3K Posts
@apruden08 Sent you a DM in case you get anything in a shareable state!
@P3b7_ Yes, that's exactly what you want
The master private key (known only by the true wallet owner) is used to derive (in a ZK circuit) down to the affected address
This proves they know the parent hardened private key for a leaked address key
This skips the expensive BIP39 step
The recovery phrase is used to generate a "master key" (called m) with a one-way function (see BIP39 / CIP3 for more info)
Afterwards, BIP32/CIP1852 is used to derive child keys
Only the address key (the last one) leaked, so proving ownership of the master key is sufficient
Who to follow
.
@bigpey
✌️
Rick McCracken DIGI 🇺🇸
@RickMcCracken
Cardano SPO @DIGI_StakePool | Midnight Validator | USN Senior Chief (ret) | Former Ocean Systems Engineer @ Progeny | Stake Ada at https://t.co/BGdeNiutYd | USA 🇺🇸
NMKR
@nmkr_io
Plug-and-play tools to launch NFTs, Tokens and Real-World Assets.
Built for Cardano & Midnight.
https://t.co/MR7Y44vJfl
Given the current week, it felt timely to do a refresher on the details of how Cardano wallet key generation works.
So we double-checked the different specs and summarized what we found in this thread.
From raw randomness to a shareable address 🧵
@AshiyaPool @IOHK_Charles @Quantumplation Unfortunately you can't use biometrics to solve this
In wallets, biometrics usually encrypt the master key, but you still have to prove (ex: ZKP) the master key is the correct key for the funds
In biometrics 2FA you'd be right, but that's not the case in non-custodial wallets
@adamKDean Fortunately, you don't need to derive another address index to sign. The account key is a valid key (just drop the chaincode), so you can sign with it directly
Thread: how can SecondFi users prove they owned the original wallet?
Here are two options I think are both likely viable:
@VEGAS_ADA_Pool Yes, recovery phrase → master key is one-way
You cannot reverse key → recovery phrase
That's what I mention below
https://t.co/TJ91jPHndt
Option 1 is the very conservative approach:
Key idea: deriving a secret key from a recovery phrase is a one-way operation
Therefore, even if your secret key is compromised, you can prove you're the owner of the wallet by creating a ZK proof that you know it's recovery phrase
@PhilippeVleLong Just by knowing the private key of an address,
- You don't know private keys higher up the hierarchy (cip1852)
- You don't know the recovery phrase (bip39)
@PhilippeVleLong No, the output would likely be the public address (you're proving you know a recovery phrase (input) for an address (output))
The fact that you've generated a proof shows that you know the private key (no need to output it)
@PhilippeVleLong This is what privacy-preserving ZK proofs give you
You can prove the result of a computation without making its inputs public
For example, in Midnight, input arguments to a smart contract are private by default
@ShawnHuolihan Yes, that's correct
Option #1 is just much more engineering work compared to option #2
@Bastian_SHARE I'm not in contact with the team, so I can't say anything definitely. Their codebase is not the same I worked on many years ago
Currently, it sounds like if you've signed a transaction using their app this year, you may be affected
@maxalexweber Of course, they could put all the custodian's funds in a smart contract and do the recovery process onchain if they want to
but that's not the approach they're taking at the moment
@maxalexweber Recovery from the custodian is an offchain process, so you don't need to settle anything on Midnight's chain
You can leverage Midnight's cryptography if you want, but not need to settle it onchain as an offchain generated proof is sufficient
@Rizzabeast Fortunately, yes you can in this case!
Option #1 (prove you know the recovery phrase) is doable even if your master key is compromised
Option #2 should also work in SecondFi's case (where only the address key is compromised)
@Rizzabeast A KYC route would require massive coordination with exchanges, and would only help you for wallets directly funded from exchanges (not true for a lot of them)
Proving you own the wallet is the only generically viable route
So it's possible SecondFi only requires proof that you know the private key for the account's public key (very easy: just sign a message with it)
this means the recovery process may not be complicated cryptographically speaking (ofc, cryptography isn't the only hard part)
That means you can prove you own the wallet by sharing a key above it in the hierarchy
Address key leaked (like SecondFi)? You can just prove you know the account's key
Last Seen Users on Sotwe
Innocent College Nympho 😇
Seen from United States
stw binor
Seen from Singapore
Mahmoud Waly
Seen from United States
سهام و علي زوجين
Seen from Netherlands
Luisa Lena
Seen from Japan
星乃こはね⭐︎Kohane
Seen from Germany
دياثة سودانية🐽
Seen from United Arab Emirates
Megh Updates 🚨™
Seen from India
الاردن 😍
Seen from Jordan
Sukaketekk_
Seen from Singapore
Most Popular Users
Elon Musk
@elonmusk
240.5M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.4M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
72.9M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.7M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers