I had been using this formula for the receiveKeypair:
scanKeypair + payloadKeypair + sharedKeypair
However, Dark Wallet uses this formula:
payloadKeypair + sharedKeypair
It is not actually necessary to add the scanKeypair in order to have all the
features of stealth addresses, at least as far as I can tell. So in order to
bring my implementation closer to Dark Wallet's, I have removed the scanKeypair
from this calculation.
...will be useful in transactions. Note that we already have a primitive
understanding of Varints in the BufferReader and BufferWriter classes. However,
the new Varint class is a varint object which actually depends on BufferReader
and BufferWriter for reading and writing varints. This class is for keeping
track of the raw buffer that is read in from a buffer.
Javascript only supports 64 bit floating points, which have uint precision up
to Math.pow(2, 53). We now support reading variable sized numbers up to that
size. If the number is bigger than that, then we need to use BN.
It should be possible to check to see if a message isForMe with only the
scanKeypair, and not the payloadKeypair. There was a bug where only the
scanKeypair was being used to produce the receiveKeypair, but this was a
mistake. Both the scanPubkey and payloadPubkey should be necessary to produce
the receivePubkey, and both the scanPrivkey and payloadPrivkey should be
necessary to produce the receivePrivkey. If an online computer has only the
public keys of both (and the scanPrivkey), then that is good enough to check
for isForMe.
This code should be regarded as being a proof-of-concept, and needs more review
before being used in production code. At least one thing is guaranteed to
change, and that is the format of a stealth address.
Ryan X. Charles
Ryan X. Charles