Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Tg5aJ-0004j1-Pl for bitcoin-development@lists.sourceforge.net; Wed, 05 Dec 2012 03:23:43 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.210.175 as permitted sender) client-ip=209.85.210.175; envelope-from=gmaxwell@gmail.com; helo=mail-ia0-f175.google.com; Received: from mail-ia0-f175.google.com ([209.85.210.175]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Tg5aI-00038t-UY for bitcoin-development@lists.sourceforge.net; Wed, 05 Dec 2012 03:23:43 +0000 Received: by mail-ia0-f175.google.com with SMTP id z3so3638993iad.34 for ; Tue, 04 Dec 2012 19:23:37 -0800 (PST) MIME-Version: 1.0 Received: by 10.42.63.145 with SMTP id c17mr13357066ici.22.1354677817653; Tue, 04 Dec 2012 19:23:37 -0800 (PST) Received: by 10.64.171.73 with HTTP; Tue, 4 Dec 2012 19:23:37 -0800 (PST) In-Reply-To: References: Date: Tue, 4 Dec 2012 22:23:37 -0500 Message-ID: From: Gregory Maxwell To: Mike Koss Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1Tg5aI-00038t-UY Cc: "bitcoin-development@lists.sourceforge.net" Subject: Re: [Bitcoin-development] String-based Hierarchical Deterministic Keys - Alternative to BIP 32 X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Dec 2012 03:23:44 -0000 On Tue, Dec 4, 2012 at 10:06 PM, Mike Koss wrote: > I've implemented an alternative to the BIP 32 proposal. I wanted a syste= m > based on a hierarchical string representation (rather than hierarchy of > integers as BIP 32 proposes). For example I name keys like this: > > [hd1.75491111].store.1. 1D7GM5dkUtxvGeWgn7SYtanBuyj1MD1EZy > [hd1.75491111].store.2. 1QAqDbzpNKViGSjVe1XmnGbmZtvz5hM7t1 > [hd1.75491111].store.3. 14XkSN92QLGeorYPpoVbG87DQhowEx3mFn > [hd1.75491111].store.4. 1JLcGdod6Wm33rMZuZZUmAEE6osLhM4QMn > > First draft of proposal: > > https://gist.github.com/4211704 As Pieter pointed out recently=E2=80=94 it's not (realistically) possible t= o blindly iterate through strings. This means your proposal loses the backup recoverablity property which is part the point of a deterministic wallet: If you have a backup prior to a new string name being established you must also have a reliable backup of the string as well. Of course, if you're backing up the strings then you can also backup a map equating the hdwallet indexes to your strings, and in the event of a catastrophic loss where you are only left with the original ultimate root you lose no coins (only metadata) with the BIP32 scheme. If, instead, we have your scheme and the backup of strings is incomplete then some or all assigned coin may be lost forever. Your extended hierarchy of multiplers also makes me uncomfortable. BIP32 uses a HMAC in its construction to obtain strongly unstructured points.