These functions are prefixed DW which stands for Dark Wallet. The code for the
Dark Wallet address format can be found here:
https://github.com/darkwallet/darkwallet/blob/develop/js/util/stealth.js
Note that I deliberately support only the simplest possible format, which is
where there is only one payload pubkey and the prefix is blank. I should now go
back and replace my old toString, fromString, toBuffer, fromBuffer functions
with these Dark Wallet versions, since they are much more well-thought out than
mine.
I had been using this formula for the receiveKeypair:
scanKeypair + payloadKeypair + sharedKeypair
However, Dark Wallet uses this formula:
payloadKeypair + sharedKeypair
It is not actually necessary to add the scanKeypair in order to have all the
features of stealth addresses, at least as far as I can tell. So in order to
bring my implementation closer to Dark Wallet's, I have removed the scanKeypair
from this calculation.
It should be possible to check to see if a message isForMe with only the
scanKeypair, and not the payloadKeypair. There was a bug where only the
scanKeypair was being used to produce the receiveKeypair, but this was a
mistake. Both the scanPubkey and payloadPubkey should be necessary to produce
the receivePubkey, and both the scanPrivkey and payloadPrivkey should be
necessary to produce the receivePrivkey. If an online computer has only the
public keys of both (and the scanPrivkey), then that is good enough to check
for isForMe.
Ryan X. Charles
Ryan X. Charles