GPosts: 14 · Reputation: 131
This might be a bit off-topic, but it relates to the BIP38 standard. I’m trying to test a multi-use protocol, but the results don’t match up, even though I’m sure about the input and output values.
I’m using CyberChef for scrypt with parameters 1024,1,1,64. I do AES256Encrypt using the block that combines (pointb[1...16] xor derivedhalf1[0...15]) with key as derivedhalf2, which I call pointbx1. Then I perform AES256Encrypt again, this time on the block (pointb[17...32] xor derivedhalf1[16...31]) with the same key derivedhalf2 to get pointbx2.
In your explanation, you mention using scrypt with parameters 16384,8,8,64 during testing, which works fine, but I can’t figure out how to calculate derivedhalf1 and derivedhalf2. I’ve tested a ton of combinations, but no luck. I’m not sure where I’m going wrong.
IPosts: 629 · Reputation: 3824
It is difficult to say without seeing the code and debugging it. My suggestion is to either take a look at the reference implementation of BIP38[1] which is written in C# or use GitHub to find an implementation in python[2]. Then either go through the code to find where you made the mistake in your code or if that didn't work try modifying one of those implementations to get the intermediary values out to see where the problem is (eg. the correct value for factorb, factorb*G, XOR results, AES256Encrypt result for each chunk, etc.) by checking them against your own values you can find the bug.
Sometimes you may be looking at why your AES doesn't give the correct result while the mistake is in something simple like the very beginning where you used 1 SHA256 to compute factorb instead of 2.
[1] https://github.com/bitcoin/bips/blob/master/bip-0038.mediawiki#user-content-Reference_implementation
[2] https://github.com/search?q=bip38+language%3APython&type=repositories&l=Python