Initial Commit

Author: konstantinullrich

.gitignore

@@ -0,0 +1,11 @@
+# https://dart.dev/guides/libraries/private-files
+# Created by `dart pub`
+.dart_tool/
+
+# Avoid committing pubspec.lock for library packages; see
+# https://dart.dev/guides/libraries/private-files#pubspeclock.
+pubspec.lock
+
+# InteliJ
+.idea/
+*.iml

CHANGELOG.md

@@ -0,0 +1,3 @@
+## 1.0.0
+
+- Initial version.

README.md

@@ -0,0 +1,81 @@
+# Polyseed
+
+A dart implementation of [polyseed](https://github.com/tevador/polyseed).
+
+## Features
+
+* 16 mnemonic words (36% shorter than the original 25-word seed)
+* embedded wallet birthday to optimize restoring from the seed
+* supports encryption by a passphrase
+* can store up to 3 custom bits
+* advanced checksum based on a polynomial code
+* seeds are incompatible between different coins
+
+Supported languages:
+
+1. English
+2. Japanese
+3. Korean
+4. Spanish
+5. French
+6. Italian
+7. Czech
+8. Portuguese
+9. Chinese (Simplified)
+10. Chinese (Traditional)
+
+For languages based on the latin alphabet, just the first 4 characters of each word need to be provided when restoring a
+seed. French and Spanish seeds can be input with or without accents. Wordlists are based
+on [BIP-39](https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md) with a few minor changes.
+
+## Encoding
+
+Each word contains 11 bits of information. The data are encoded as follows:
+
+| word # | contents                                 |
+|--------|------------------------------------------|
+| 1      | checksum (11 bits)                       |
+| 2-6    | secret seed (10 bits) + features (1 bit) |
+| 7-16   | secret seed (10 bits) + birthday (1 bit) |
+
+In total, there are 11 bits for the checksum, 150 bits for the secret seed, 5 feature bits and 10 birthday bits. Because
+the feature and birthday bits are non-random, they are spread over the 15 data words so that two different mnemonic
+phrases are unlikely to have the same word in the same position.
+
+### Checksum
+
+The mnemonic phrase can be treated as a polynomial over GF(2048), which enables the use of an efficient Reed-Solomon
+error correction code with one check word. All single-word errors can be detected and all single-word erasures can be
+corrected without false positives.
+
+To prevent the seed from being accidentally used with a different cryptocurrency, a coin flag is XORed with the second
+word after the checksum is calculated. Checksum validation will fail unless the wallet software XORs the same coin flag
+with the second word when restoring.
+
+### Feature bits
+
+There are 5 feature bits in the phrase. The first 2 bits are for internal use (one bit is used to indicate a seed
+encrypted by a passphrase and the other bit is reserved for a future update of the key derivation function). The
+remaining 3 bits are reserved for library users and can be enabled and accessed through the API. The library requires
+reserved bits to be zero (if not, `UnsupportedSeedFeatureException` is thrown).
+
+### Wallet birthday
+
+The mnemonic phrase stores the approximate date when the wallet was created. This allows the seed to be generated
+offline without access to the blockchain. Wallet software can easily convert a date to the corresponding block height
+when restoring a seed.
+
+The wallet birthday has a resolution of 2629746 seconds (1/12 of the average Gregorian year). All dates between November
+2021 and February 2107 can be represented.
+
+### Secret seed
+
+Polyseed was designed for the 128-bit security level. This corresponds to the security of the ed25519 elliptic curve,
+which requires [about 2<sup>126</sup> operations](https://safecurves.cr.yp.to/rho.html) to break a key.
+
+The private key is derived from the 150-bit secret seed using PBKDF2-HMAC-SHA256 with 10000 iterations. The KDF
+parameters were selected to allow for the key to be derived by hardware wallets. Key generation is domain-separated by
+the wallet birthday month, seed features and the coin flag.
+
+The size of the secret seed and the domain separation parameters provide a comfortable security margin
+against [multi-target attacks](https://blog.cr.yp.to/20151120-batchattacks.html).

analysis_options.yaml

@@ -0,0 +1,30 @@
+# This file configures the static analysis results for your project (errors,
+# warnings, and lints).
+#
+# This enables the 'recommended' set of lints from `package:lints`.
+# This set helps identify many issues that may lead to problems when running
+# or consuming Dart code, and enforces writing Dart using a single, idiomatic
+# style and format.
+#
+# If you want a smaller set of lints you can change this to specify
+# 'package:lints/core.yaml'. These are just the most critical lints
+# (the recommended set includes the core lints).
+# The core lints are also what is used by pub.dev for scoring packages.
+
+include: package:lints/recommended.yaml
+
+# Uncomment the following section to specify additional rules.
+
+# linter:
+#   rules:
+#     - camel_case_types
+
+# analyzer:
+#   exclude:
+#     - path/to/excluded/files/**
+
+# For more information about the core and recommended set of lints, see
+# https://dart.dev/go/core-lints
+
+# For additional information about configuring this file, see
+# https://dart.dev/guides/language/analysis-options

example/polyseed_dart_example.dart

@@ -0,0 +1,34 @@
+import 'package:polyseed/polyseed_dart.dart';
+import 'package:polyseed/src/mnemonics/en_lang.dart';
+import 'package:polyseed/src/polyseed_coin.dart';
+import 'package:polyseed/src/utils/key_utils.dart';
+
+void main() {
+  var seed = polyseedCreate(0);
+  var seedStr = polyseed_encode(seed, EnLang(), PolyseedCoin.POLYSEED_MONERO);
+  print('Seed: $seedStr');
+
+  var seed2 = polyseedDecode(seedStr, EnLang(), PolyseedCoin.POLYSEED_MONERO);
+  print(
+      'seed2: ${polyseed_encode(seed2, EnLang(), PolyseedCoin.POLYSEED_MONERO)}');
+
+  var seedEnc = polyseed_crypt(seed, "CakeWallet");
+  print(polyseed_is_encrypted(seedEnc));
+  print(
+      'seedEnc: ${polyseed_encode(seedEnc, EnLang(), PolyseedCoin.POLYSEED_MONERO)}');
+
+
+  var seedDec = polyseed_crypt(seedEnc, "CakeWallet");
+  print(polyseed_is_encrypted(seedDec));
+  print(
+      'seedEnc: ${polyseed_encode(seedDec, EnLang(), PolyseedCoin.POLYSEED_MONERO)}');
+
+  var seedFeatherStr = "unaware yard donate shallow slot sing oil oxygen loyal bench near hill surround forum execute lamp";
+  var seedFeather = polyseedDecode(seedFeatherStr, EnLang(), PolyseedCoin.POLYSEED_MONERO);
+
+  var key = polyseed_keygen(seedFeather, PolyseedCoin.POLYSEED_MONERO, 32);
+  print(polyseed_get_birthday(seedFeather));
+  print(keyToHexString(key));
+}
+
+

lib/polyseed_dart.dart

@@ -0,0 +1,8 @@
+/// Support for doing something awesome.
+///
+/// More dartdocs go here.
+library;
+
+export 'src/polyseed.dart';
+
+// TODO: Export any libraries intended for clients of this package.

lib/src/birthday.dart

@@ -0,0 +1,15 @@
+const EPOCH = 1635768000;  /* 1st November 2021 12:00 UTC */
+const TIME_STEP = 2629746; /* 30.436875 days = 1/12 of the Gregorian year */
+
+const DATE_BITS = 10;
+const DATE_MASK = (1 << DATE_BITS) - 1;
+
+
+int birthdayEncode(int time) {
+  if (time == -1 || time < EPOCH) {
+    return 0;
+  }
+  return ((time - EPOCH) / TIME_STEP).floor() & DATE_MASK;
+}
+
+int birthdayDecode(int birthday) => EPOCH + birthday * TIME_STEP;

lib/src/features.dart

@@ -0,0 +1,30 @@
+const int FEATURE_BITS = 5;
+const int FEATURE_MASK = (1 << FEATURE_BITS) - 1;
+const int INTERNAL_FEATURES = 2;
+const int USER_FEATURES = 3;
+const int USER_FEATURES_MASK = (1 << USER_FEATURES) - 1;
+const int ENCRYPTED_MASK = 16;
+int reservedFeatures = FEATURE_MASK ^ ENCRYPTED_MASK;
+
+int makeFeatures(int userFeatures) => userFeatures & USER_FEATURES_MASK;
+
+int getFeatures(int features, int mask) =>
+    features & (mask & USER_FEATURES_MASK);
+
+bool isEncrypted(int features) => (features & ENCRYPTED_MASK) != 0;
+
+bool polyseedFeaturesSupported(int features) =>
+    (features & reservedFeatures) == 0;
+
+int polyseedEnableFeatures(int mask) {
+  int numEnabled = 0;
+  reservedFeatures = FEATURE_MASK ^ ENCRYPTED_MASK;
+  for (int i = 0; i < USER_FEATURES; ++i) {
+    int fmask = 1 << i;
+    if ((mask & fmask) != 0) {
+      reservedFeatures ^= fmask;
+      numEnabled++;
+    }
+  }
+  return numEnabled;
+}

lib/src/gf.dart

@@ -0,0 +1,151 @@
+import 'dart:typed_data';
+
+import 'package:polyseed/src/birthday.dart';
+import 'package:polyseed/src/features.dart';
+import 'package:polyseed/src/polyseed_data.dart';
+
+import 'polyseed.dart';
+import 'dart:math';
+
+const int CHAR_BIT = 8;
+const int SECRET_BITS = 150;
+const int SECRET_BUFFER_SIZE = 32;
+
+const int GF_BITS = 11;
+const int GF_SIZE = 1 << GF_BITS;
+const int GF_MASK = GF_SIZE - 1;
+const int POLY_NUM_CHECK_DIGITS = 1;
+
+const int SHARE_BITS = 10; /* bits of the secret per word */
+const int DATA_WORDS = POLYSEED_NUM_WORDS - POLY_NUM_CHECK_DIGITS;
+
+List<int> polyseed_mul2_table = [5, 7, 1, 3, 13, 15, 9, 11];
+// POLYSEED_PRIVATE gf_elem polyseed_mul2_table[8] = {
+// 5, 7, 1, 3, 13, 15, 9, 11
+// };
+
+class GFPoly {
+  List<int> coeff = Uint16List(POLYSEED_NUM_WORDS);
+}
+
+int gf_elem_mul2(int x) {
+  if (x < 1024) {
+    return 2 * x;
+  }
+  return polyseed_mul2_table[x % 8] + 16 * ((x - 1024) ~/ 8);
+}
+
+int gf_poly_eval(GFPoly poly) {
+  int result = poly.coeff[POLYSEED_NUM_WORDS - 1];
+  for (int i = POLYSEED_NUM_WORDS - 2; i >= 0; --i) {
+    result = gf_elem_mul2(result) ^ poly.coeff[i];
+  }
+  return result;
+}
+
+GFPoly gf_poly_encode(GFPoly message) {
+  message.coeff[0] = gf_poly_eval(message);
+  return message;
+}
+
+bool gf_poly_check(GFPoly message) => gf_poly_eval(message) == 0;
+
+GFPoly polyseed_data_to_poly(PolyseedData data, GFPoly poly) {
+  int extraVal = (data.features << DATE_BITS) | data.birthday;
+  int extraBits = FEATURE_BITS + DATE_BITS;
+
+  int wordBits = 0;
+  int wordVal = 0;
+
+  int secretIdx = 0;
+  int secretVal = data.secret[secretIdx];
+  int secretBits = CHAR_BIT;
+  int seedRemBits = SECRET_BITS - CHAR_BIT;
+
+  for (int i = 0; i < DATA_WORDS; ++i) {
+    while (wordBits < SHARE_BITS) {
+      if (secretBits == 0) {
+        secretIdx++;
+        secretBits = min(seedRemBits, CHAR_BIT);
+        secretVal = data.secret[secretIdx];
+        seedRemBits -= secretBits;
+      }
+
+      int chunkBits = min(secretBits, SHARE_BITS - wordBits);
+      secretBits -= chunkBits;
+      wordBits += chunkBits;
+      wordVal <<= chunkBits;
+      wordVal |= (secretVal >> secretBits) & ((1 << chunkBits) - 1);
+    }
+    wordVal <<= 1;
+    extraBits--;
+    wordVal |= (extraVal >> extraBits) & 1;
+    poly.coeff[POLY_NUM_CHECK_DIGITS + i] = wordVal;
+    wordVal = 0;
+    wordBits = 0;
+  }
+
+  assert(seedRemBits == 0);
+  assert(secretBits == 0);
+  assert(extraBits == 0);
+
+  return poly;
+}
+
+PolyseedData polyseed_poly_to_data(GFPoly poly) {
+  int birthday = 0;
+  int features = 0;
+  Uint8List secret = Uint8List(SECRET_BUFFER_SIZE);
+  int checksum = poly.coeff[0];
+
+  int extraVal = 0;
+  int extraBits = 0;
+
+  int wordBits = 0;
+  int wordVal = 0;
+
+  int secretIdx = 0;
+  int secretBits = 0;
+  int seedBits = 0;
+
+  for (int i = POLY_NUM_CHECK_DIGITS; i < POLYSEED_NUM_WORDS; ++i) {
+    wordVal = poly.coeff[i];
+
+    extraVal <<= 1;
+    extraVal |= wordVal & 1;
+    wordVal >>= 1;
+    wordBits = GF_BITS - 1;
+    extraBits++;
+
+    while (wordBits > 0) {
+      if (secretBits == CHAR_BIT) {
+        secretIdx++;
+        seedBits += secretBits;
+        secretBits = 0;
+      }
+
+      int chunkBits = min(wordBits, CHAR_BIT - secretBits);
+      wordBits -= chunkBits;
+      int chunkMask = ((1 << chunkBits) - 1);
+      if (chunkBits < CHAR_BIT) {
+        secret[secretIdx] <<= chunkBits;
+      }
+      secret[secretIdx] |= (wordVal >> wordBits) & chunkMask;
+      secretBits += chunkBits;
+    }
+  }
+
+  seedBits += secretBits;
+
+  assert(wordBits == 0);
+  assert(seedBits == SECRET_BITS);
+  assert(extraBits == FEATURE_BITS + DATE_BITS);
+
+  birthday = extraVal & DATE_MASK;
+  features = extraVal >> DATE_BITS;
+
+  return PolyseedData(birthday: birthday,
+      features: features,
+      secret: secret,
+      checksum: checksum);
+}