BIP39 Mnemonic非匹配测试矢量种子

Question

我正在编写比特币的BIP39的Java实现。到目前为止，我的代码能够正确地生成一个随机生成的助记符短语。但是，当将12字Mnemonic短语转换为512位种子时，结果值与伊恩科尔曼() BIP39工具的结果不匹配。

首先，SecureRandom对象生成一个随机的512位熵值(ENT).使用SHA256对ENT值进行散列，以计算校验和值(CS)，这是哈希的前4位。校验和被连接到ENT的末尾以给出ENT_CS。ENT_CS被分割成每个11位的部分，并使用11位的对应整数值作为索引号，从单词列表中获取一个单词。这就产生了我的12个单词Mnemonic短语。到目前为止，所有的步骤都与前面提到的BIP39工具的预期结果相匹配。

为了创建种子，我使用PBKDF2和HmacSHA512，将迭代设置为2048，密钥大小设置为512位(64字节)。我已经在这些PBKDF2、Google的"crypto“包实现和NovaCrypto的JavaBIP39实现上测试了我的实现。助记符单词(不包括分隔符)与"mnemonic"+password的盐一起用作输入，如比特币核心BIP39规范所示。

PBKDF2函数

  public static byte[] PBKDF2(String mnemonic, String salt) {
    try {
      byte[] fixedSalt = ("mnemonic"+salt).getBytes(StandardCharsets.UTF_8);
      KeySpec spec = new PBEKeySpec(mnemonic.toCharArray(), fixedSalt, 2048, 512);
      SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
      return f.generateSecret(spec).getEncoded();
    } catch (NoSuchAlgorithmException | InvalidKeySpecException ex) {
      throw new RuntimeException(ex);
    }
  }

生成Mnemonic函数

public static String[] generateMnemonic() {
  // Generate 128-bit Random Number for Entropy
  byte[] ENT = getEntropy();

  // Hash the Entropy value
  byte[] HASH = SHA256(ENT);

  // Copy first 4 bits of Hash as Checksum
  boolean[] CS = Arrays.copyOfRange(bytesToBits(HASH), 0, 4);

  // Add Checksum to the end of Entropy bits
  boolean[] ENT_CS = Arrays.copyOf(bytesToBits(ENT), bytesToBits(ENT).length + CS.length);
  System.arraycopy(CS, 0, ENT_CS, bytesToBits(ENT).length, CS.length);

  // Split ENT_CS into groups of 11 bits and creates String array for
  // mnemonicWords
  String[] mnemonicWords = new String[12];
  for (int i = 0; i < 12; i++) {
    boolean[] numBits = Arrays.copyOfRange(ENT_CS, i * 11, i * 11 + 11);
    mnemonicWords[i] = wordList.get(bitsToInt(numBits));
  }
  return mnemonicWords;
}

辅助函数

// Returns randomly generated, 16-byte number
  public static byte[] getEntropy() {
    byte[] ent = new byte[16];
    sr.nextBytes(ent);
    return ent;
  }

// Returns bit representation of byte array
  public static boolean[] bytesToBits(byte[] data) {
    boolean[] bits = new boolean[data.length * 8];
    for (int i = 0; i < data.length; ++i)
      for (int j = 0; j < 8; ++j)
        bits[(i * 8) + j] = (data[i] & (1 << (7 - j))) != 0;
    return bits;
  }

// Returns hex string from byte array
  private final static char[] hexArray = "0123456789ABCDEF".toCharArray();
  public static String bytesToHex(byte[] bytes) {
    char[] hexChars = new char[bytes.length * 2];
    for (int j = 0; j < bytes.length; j++) {
      int v = bytes[j] & 0xFF;
      hexChars[j * 2] = hexArray[v >>> 4];
      hexChars[j * 2 + 1] = hexArray[v & 0x0F];
    }
    return new String(hexChars);
  }

// Returns SHA256 hash of input data
  public static byte[] SHA256(byte[] data) {
    try {
      MessageDigest digest = MessageDigest.getInstance("SHA-256");
      System.out.println(Arrays.toString(data));
      return digest.digest(data);
    } catch (NoSuchAlgorithmException ex) {
      throw new RuntimeException(ex);
    }
  }

// Returns int value of a bit array
  public static int bitsToInt(boolean[] bits) {
    int n = 0, l = bits.length;
    for (int i = 0; i < l; ++i) {
      n = (n << 1) + (bits[i] ? 1 : 0);
    }
    return n;
  }

用法

// Generate Mnemonic Words, Mnemonic Phrase, and Seed
    String[] mnemonicWords = generateMnemonic();
    String mnemonicPhrase = "";
    for (String word : mnemonicWords)
      mnemonicPhrase += word;
    byte[] seed = PBKDF2(mnemonicPhrase, "");
    System.out.println("Seed: " + bytesToHex(seed));

实例结果

    My Program Trial
Entropy (hex): 3CCB62D9AF76F1E8DB113E66B2D84656
Checksum bits: 1100
Raw Binary: 00111100110 01011011000 10110110011 01011110111 01101111000 11110100011 01101100010 00100111110 01100110101 10010110110 00010001100 1010110
Mnemonic: devote force reopen galaxy humor virtual hobby chief grit nothing bag pulse
Seed: 013FFA714C57AA26C59DC215880D9C2398A8B38D10D7E41A882CF98C35976F0BF26BCC08B0B196945DE8778C7FD561FB0F20A8B9BAD46B12196C963A85E3B40E

    Expected Results (Derived from same Entropy)
Entropy (hex): 3CCB62D9AF76F1E8DB113E66B2D84656
Checksum bits: 1100
Raw Binary: 00111100110 01011011000 10110110011 01011110111 01101111000 11110100011 01101100010 00100111110 01100110101 10010110110 00010001100 1010110
Mnemonic: devote force reopen galaxy humor virtual hobby chief grit nothing bag pulse
Seed: 0c3c5f9ae724a2a3ed70aeb24919c10506e4962223a5375f70164be8b897d615ec9bf9f3e64a889cff03318cc5d0b3c8378ba0264d198e307c609632016ddd01

Answer 1

看来我能回答我自己的问题了。在我的程序中，我使用

String mnemonicPhrase = "";
for (String word : mnemonicWords)
  mnemonicPhrase += word;

但这不是正确的格式，因为空格将包括在内。更改此代码块以添加空格：

String mnemonicPhrase = "";
for(int i=0; i<mnemonicWords.length; i++) {
    mnemonicPhrase += mnemonicWords[i];
    if(i < mnemonicWords.length-1) mnemonicPhrase += " ";
}

获得使用"TREZOR“密码发布这里的预期测试向量结果。

Answer 2

字符串mnemonicPhrase = ""；for (String word : mnemonicWords) mnemonicPhrase += word bc1qsrgkdlk8ruk7uyer3jkv502ykww243yu367ay9