pull down to refresh
0 sats \ 2 replies \ @03bebce944 3 Jan \ parent \ on: waxwing commentary on twist attacks + bitcoin’s curve bitdevs
deleted by author
That's the
ParsePubKey
function. But if I am not using this function but provide my own bytes, then the secp256k1
package does not make sure. At least that's how I understand this warning for the function PrivKeyFromBytes
.WARNING: This means passing a slice with more than 32 bytes is truncated and that truncated value is reduced modulo N. Further, 0 is not a valid private key. It is up to the caller to provide a value in the appropriate range of [1, N-1]. Failure to do so will either result in an invalid private key or potentially weak private keys that have bias that could be exploited.
Also, bitcoin does not use the https://pkg.go.dev/github.com/decred/dcrd/dcrec/secp256k1/v4 package. It uses libsecp256k1 since it's written in C. LND however is written in golang and uses the aforementioned package.