It appears S256Field
uses the incorrect modulo. You arrive at the correct chaincode, and the first half of the key is correct. So the issue is that when you do the step parse_256(I_L) + k_par (mod n)
, your n
is incorrect.
We can reverse engineer what value you used for n
by finding the difference between the expected key and the calculated key, and adding that to the real value of n
.
0x32b6b93726e1121f2553bb18ff5b9f263067afe01019538fe34db8761cb94ad0 - 0x32b6b93726e1121f2553bb18ff5b9f24eb168cc6bf61f3cba3201703ecef8fe2 = 0x14551231950b75fc4402da1722fc9baee 0x14551231950b75fc4402da1722fc9baee + 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f
The n
your modulo is computed with is 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f
, which is actually the curve parameter p
. However the value your modulo needs to be computed with is n = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
.
p
is the finite field for the curve. It defines that largest value for the coordinates of a curve point. You do mod p
when doing arithmetic with curve points.
n
is the order of the generator point G. It is the number of discrete logarithms (number of private keys) for the curve. You do mod n
when doing arithmetic with scalars (private keys).
Since in this step you are adding two scalars, you need to be doing it mod n
rather than mod p
.
You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.
Comments