1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
|
Delivery-date: Tue, 28 May 2024 15:29:33 -0700
Received: from mail-yb1-f186.google.com ([209.85.219.186])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBDSMPXWBREDRBRNV3GZAMGQEM33YLII@googlegroups.com>)
id 1sC5K1-0007qA-Cj
for bitcoindev@gnusha.org; Tue, 28 May 2024 15:29:33 -0700
Received: by mail-yb1-f186.google.com with SMTP id 3f1490d57ef6-df7721f2e70sf388270276.0
for <bitcoindev@gnusha.org>; Tue, 28 May 2024 15:29:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1716935367; x=1717540167; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:message-id:to:from:date:sender:from:to:cc:subject:date
:message-id:reply-to;
bh=z4S8zB8bx/38qfIVDCOjnlJNcHEKpN3gGs//SWyCm3I=;
b=ufzgvIa8X8OaXrhgX3G7IPF1S2Wn0WCT6p7W1klO/00PQixVDEYKA1WkAwaT2ZQHTM
R2m9n5C2svzjfvwbjmMoDy5hvmgNmjS4OAQy7cgf9iW1DYgR9cZ+e1LYVETAg/SqeS86
lPniNbYrWnjs7GWXZX4RLFbJGbd3sCmR1OyuQFaU2THMrsZiHpDp7Ut3WxTd5Xqz2Zxx
wSZHbGCy9XyQ4sebDXsrMWk95VGT5w+CwxXNuqOVu4wKmw5iMAqNXS5XJ73D0IyTB9mx
SasCH0Qc/hEVR1bKVuNcjbJ5ReVku7aoOQ7PycbMRmTbC/49fVk5jOI7qC44A1E+Lvwk
kZQQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1716935367; x=1717540167; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:message-id:to:from:date:from:to:cc:subject:date:message-id
:reply-to;
bh=z4S8zB8bx/38qfIVDCOjnlJNcHEKpN3gGs//SWyCm3I=;
b=NtP/t4tp/Y2RbP8CAx1kcazrYWgSz6OFWvpb0u8JqCRJ3Uwpsu12Io8VtFiHSPSuo6
Be0VTEwp2qGBXtgZeunmFo4cg82RzG5Es/B9huhMbEw/6dCoAoTlYEsosFpPZw9mbbXT
sZ6NzRuC33q3gunWkhn/m7HSP7ySaKfVGFK8265SWPcXT0BTOsL6fZTdM59UTsEYg4E6
hJB26X0+gxSf9OmZK+HoiF8vsCaw1vU2w6kegkxXo0rfgA0WLHZ8KsrJwnfQDkGqSiLF
0im8RwJG4kcgtjBeTFiAPq606fgBG06BhThFncewfcQpUiJ6kIos2MgwpFrpcA8WFeFX
U3Hw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1716935367; x=1717540167;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:message-id:to:from:date:x-beenthere:x-gm-message-state
:sender:from:to:cc:subject:date:message-id:reply-to;
bh=z4S8zB8bx/38qfIVDCOjnlJNcHEKpN3gGs//SWyCm3I=;
b=GZMC3r6t4C6QhlxKc9jy9JjajMtPXucJgZ1JL/40OM6i5cEimUi+mKQL9C/Ga2wTGN
E2I3YI4hnO5F/Isy7r5jkzXV2AQtw5DW8Zu7ztmkS+YMYPXKv/Vfyje8m8zs74vNIJQT
0x3f2Ha3RB/wAE1R62xLZgB92DxwgdIhIrLG3HbgmMrILx8sxiDKlcXunOBDm+XvMT9w
fJSxdDnVy9rcFXFqgzvfTwUt8nPFZDHwn1XGMB/XFltdHYQUphyq3oMv5k3JC6lGRJzz
20lXBfnGMtN1nPLFmg5bIOOzlgZvMP5D8S5eOtwnENWE5L4TPpdBfkWYoxzAj52a8/sl
T4oQ==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCVJVQeRkta9B4LtfcgM0Tspmr85fJesEXaWiWPvbnWm/J/7JRB0T9oOdup5vIKnyuLQ4XkIN8Z/KVwRtuMp0NmUmookcR0=
X-Gm-Message-State: AOJu0YxA/GBkiskMHhAjULo8OLiweE5EDQdPqbmAvdy8nnaWmVmTYFCC
ut4Zxke0985PF5skm+DUOulyXFqbMxVfssnslIMMHPjsS1Tn3cqK
X-Google-Smtp-Source: AGHT+IFBJilUbdSSg2wxtc6PPIV8uJN8lZW9pzgPtjEAXHey/UpHVsGnDjAl+Oxiu5G3fS4LGzKrTA==
X-Received: by 2002:a25:af13:0:b0:df4:d93b:cabb with SMTP id 3f1490d57ef6-dfa46430361mr385997276.1.1716935367099;
Tue, 28 May 2024 15:29:27 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a25:7416:0:b0:df4:e354:514c with SMTP id 3f1490d57ef6-df7c6797be7ls321742276.1.-pod-prod-05-us;
Tue, 28 May 2024 15:29:25 -0700 (PDT)
X-Received: by 2002:a05:6902:1207:b0:df4:ee8a:bfd2 with SMTP id 3f1490d57ef6-df77221652emr3798392276.12.1716935365476;
Tue, 28 May 2024 15:29:25 -0700 (PDT)
Received: by 2002:a05:690c:2b83:b0:620:26bb:319f with SMTP id 00721157ae682-62a0b4bcbe4ms7b3;
Mon, 27 May 2024 19:04:51 -0700 (PDT)
X-Received: by 2002:a05:690c:62c8:b0:622:d03f:ebf with SMTP id 00721157ae682-62a08dcb424mr28620017b3.3.1716861890901;
Mon, 27 May 2024 19:04:50 -0700 (PDT)
Date: Mon, 27 May 2024 19:04:50 -0700 (PDT)
From: Aneesh Karve <aneesh.karve@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <6d012560-4a66-4346-a1e8-8d8e5c879b29n@googlegroups.com>
Subject: [bitcoindev] Pre-BIP feedback: Secrets keychain with semantic derivation
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_161068_542952046.1716861890607"
X-Original-Sender: aneesh.karve@gmail.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)
------=_Part_161068_542952046.1716861890607
Content-Type: multipart/alternative;
boundary="----=_Part_161069_700989787.1716861890607"
------=_Part_161069_700989787.1716861890607
Content-Type: text/plain; charset="UTF-8"
Greetings,
After reading and implementing BIP-85 <https://github.com/akarve/bipsea> I
entertained the possibility of a generalized keychain application atop
hierarchical deterministic wallets.
Here is the pre-proposal for said BIP-Keychain on GitHub
<https://github.com/akarve/bip-keychain>. Below are the Abstract and
Motivation. See the link above for the full spec.
Let me know if I should proceed to submit this as a proper BIP.
Thank you.
# Abstract
We extend the hierarchical deterministic wallet chain from BIP-32 with a new
application code for BIP-85 and a deterministic path derivation algorithm
that allows applications to create a large key-value map of secrets where
the key
for each secret is a meaningful semantic path, as opposed to an arbitrary
integer.
This secure key-value map can replace modern password managers and offers
an improved, possibly trustless security profile.
# Motivation
BIP-85 specifies how to derive passwords, private keys, and entropy from
paths
with the following form:
```
m/83696968'/{app_no}'/{index}'
```
Nevertheless BIP-85 has the following ambiguities and shortcomings:
1. Path construction is arbitrary in that there is no well-defined
procedure to
extend the path for applications that require more than two parameters.
The implied convention is for paths to end with `{some_integer_n}'{index}'`
but there is no guidance on the order of parameters for applications that
need more
than two inputs.
1. Return types for applications vary in interpretation and are
not specific enough to be actionable. For example sometimes `n` represents
the
number of bytes, sometimes the number of characters, sometimes the number of
BIP-39 words, etc.
Moreover, modern password managers protect hot child secrets with a single
root
master hot secret such that if the master secret is compromised all
children are
also compromised.
BIP-Keychain proposes a new paradigm where numerous hot or cold secrets are
derived
from hot but non-secret-compromising _derivation path keys_ that are in
turn stored
under a hot master secret such that if this hot master is compromised only
the
_derivation path keys_, and not the actual child secrets (_derivation path
values_),
are compromised. Said hot master secret can itself be the child derivative
of a
cold master key. The master key for deriving the secret values need not be
stored
online nor with the derivation path keys and may be provided just-in-time
by the
application.
Moreover, _generalized derivation paths_ may be interpreted not simply as an
input to key derivation but also as information about the real world.
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/6d012560-4a66-4346-a1e8-8d8e5c879b29n%40googlegroups.com.
------=_Part_161069_700989787.1716861890607
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Greetings,<div><br /></div><div>After reading and <a href=3D"https://github=
.com/akarve/bipsea">implementing BIP-85</a> I entertained the possibility o=
f a generalized keychain application atop hierarchical deterministic wallet=
s.</div><div><br /></div><div>Here is the <a href=3D"https://github.com/aka=
rve/bip-keychain">pre-proposal for said BIP-Keychain on GitHub</a>. Below a=
re the Abstract and Motivation. See the link above for the full spec.</div>=
<div><br /></div><div>Let me know if I should proceed to submit this as a p=
roper BIP.</div><div><br /></div><div>Thank you.</div><div><br /></div><div=
><br /></div><div># Abstract<br /><br />We extend the hierarchical determin=
istic wallet chain from BIP-32 with a new<br />application code for BIP-85 =
and a deterministic path derivation algorithm<br />that allows applications=
to create a large key-value map of secrets where the key<br />for each sec=
ret is a meaningful semantic path, as opposed to an arbitrary integer.<br /=
>This secure key-value map can replace modern password managers and offers =
an improved, possibly trustless security profile.<br /></div><div><br /></d=
iv><div># Motivation<br /><br />BIP-85 specifies how to derive passwords, p=
rivate keys, and entropy from paths<br />with the following form:<br /><br =
/>```<br />m/83696968'/{app_no}'/{index}'<br />```<br /><br />Nevertheless =
BIP-85 has the following ambiguities and shortcomings:<br /><br />1. Path c=
onstruction is arbitrary in that there is no well-defined procedure to<br /=
>extend the path for applications that require more than two parameters.<br=
/>The implied convention is for paths to end with `{some_integer_n}'{index=
}'`<br />but there is no guidance on the order of parameters for applicatio=
ns that need more<br />than two inputs.<br /><br />1. Return types for appl=
ications vary in interpretation and are<br />not specific enough to be acti=
onable. For example sometimes `n` represents the<br />number of bytes, some=
times the number of characters, sometimes the number of<br />BIP-39 words, =
etc.<br /><br />Moreover, modern password managers protect hot child secret=
s with a single root<br />master hot secret such that if the master secret =
is compromised all children are<br />also compromised.<br /><br />BIP-Keych=
ain proposes a new paradigm where numerous hot or cold secrets are derived<=
br />from hot but non-secret-compromising _derivation path keys_ that are i=
n turn stored<br />under a hot master secret such that if this hot master i=
s compromised only the<br />_derivation path keys_, and not the actual chil=
d secrets (_derivation path values_),<br />are compromised. Said hot master=
secret can itself be the child derivative of a<br />cold master key. The m=
aster key for deriving the secret values need not be stored<br />online nor=
with the derivation path keys and may be provided just-in-time by the<br /=
>application.<br /><br />Moreover, _generalized derivation paths_ may be in=
terpreted not simply as an<br />input to key derivation but also as informa=
tion about the real world.=C2=A0<br /></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion on the web visit <a href=3D"https://groups.google.c=
om/d/msgid/bitcoindev/6d012560-4a66-4346-a1e8-8d8e5c879b29n%40googlegroups.=
com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msg=
id/bitcoindev/6d012560-4a66-4346-a1e8-8d8e5c879b29n%40googlegroups.com</a>.=
<br />
------=_Part_161069_700989787.1716861890607--
------=_Part_161068_542952046.1716861890607--
|
