On Tue, Jan 24, 2017 at 02:27:43PM +0200, George Kadianakis wrote:
And given the above, here is the new microproposal:
onion_address = base32(pubkey || checksum || version) checksum = SHA3(".onion checksum" || pubkey || version)
where: pubkey is 32 bytes ed25519 pubkey version is one byte (default value for prop224: '\x03') checksum hash is truncated to two bytes
Here are a few example addresses (with broken checksum):
l5satjgud6gucryazcyvyvhuxhr74u6ygigiuyixe3a6ysis67ororad.onion btojiu7nu5y5iwut64eufevogqdw4wmqzugnoluw232r4t3ecsfv37ad.onion vckjr6bpchiahzhmtzslnl477hdfvwhzw7dmymz3s5lp64mwf6wfeqad.onion
Checksum strength: The checksum has a false negative rate of 1/65536.
Address handling: Clients handling onion addresses first parse the version field, then extract pubkey, then verify checksum.
Let me know how you feel about this one. If people like it I will transcribe it to prop224.
FYI, I've implemented derivation and verification of v3 onion addresses (https://github.com/nogoegst/onionutil/blob/master/address.go). Some test vectors I got:
private key onion address
33a7e5c16e0308a3e6a0e7f4a621b3caad9ed1acdb3f78369b1377c5e605027879bcc625184b05194975c28b66b66b0469f7f6556fb1ac3189a79b40dda32f1f pg6mmjiyjmcrsslvykfwnntlaru7p5svn6y2ymmju6nubxndf4pscryd
62a70904f219a788f3c3c46b64c7bc6e800fed54079f2bb88c4fe3800fe2264593f6ad7b54b6391d2b78147a0b2e808e143780de07f1bda6ee7f052d2e9da67b sp3k262uwy4r2k3ycr5awluarykdpag6a7y33jxop4cs2lu5uz5sseqd
8d31e643f3693944817172030bab236a818d4a1d1ecbd7b8ce3ccb005dfb15fbb8391d2003bb3bd285b035ac8eb30c80c4e2a29bb7a2f0ce0df8743c37ec3593 xa4r2iadxm55fbnqgwwi5mymqdcofiu3w6rpbtqn7b2dyn7mgwj64jyd
a7f82fdf8f93a299e947f302313971b6759b8140d86468ead9cc960474c274b5f2ba31b35974d6a5214360cc3098fc69cf0a51d9944672a8904c97cba06c3945 6k5ddm2zotlkkikdmdgdbgh4nhhquuozsrdhfkeqjsl4xidmhfc6ntqd
ba85d39f1e45ca1627a4d5e28fb891fa810669feec96a146551c87109376f01b07ec065de1daa2b12da5fc2d8b8ae516b23d4a2cbe00edc11c87636c2f3d2129 a7wamxpb3krlclnf7qwyxcxfc2zd2srmxyao3qi4q5rwylz5eeu35xqd -- Ivan Markin