How is m calculated when generating subaddresses

Question

In Kenshi's notes in the subaddresses PR it says that when generating subaddresses m = Hs(a || i) and i is just the index of the subaddress. so if a is the secret view key "c8904212e0fc51ceecc7113937861c27948c8fef6f555d6b67f53f3a373dbf37" for the subaddress at index 1 m would equal hash_to_scalar("c8904212e0fc51ceecc7113937861c27948c8fef6f555d6b67f53f3a373dbf371") which is just the secret view key with a '1' tacked on at the end? I had asked on #monero-dev and moneromooo quickly responded, but I still don't quite understand.

moneromooo: Plus a common salt IIRC. moneromooo: It's a constant that's concatenated to the key and index too. Just to ensure we can't (usual disclaimer applies) get collisions.

Can anybody shed some light on what this salt actually is/how it is generated?

cryptochangements · Accepted Answer · 2018-02-19T22:29:41.913

2

After digging through the code and asking some more on IRC, it looks like the salt is "SubAddr" https://github.com/kenshi84/monero/blob/53ad5a0f42174bca57e24485ef3d40e4b9cf5599/src/cryptonote_basic/cryptonote_format_utils.cpp#L134 so it is really more like Hs(prefix || a || i). thank you to the people who helped me on #monero-dev

edited Feb 19 '18 at 22:29

answered Feb 19 '18 at 20:07

cryptochangements

61
5

How is m calculated when generating subaddresses

1 Answers1