summaryrefslogtreecommitdiff
path: root/d7
diff options
context:
space:
mode:
authormillibitcoin <millibitcoins@gmail.com>2016-07-26 20:31:36 +0200
committerbitcoindev <bitcoindev@gnusha.org>2016-07-26 18:31:41 +0000
commit72079954e41bb4ec396d8f8b6dbe018717237664 (patch)
tree5153ef3c2454f3fa255518d6f86f11e608ce02ad /d7
parent24aa6c22ca0de7880c292e115f8de8f7e6607809 (diff)
downloadpi-bitcoindev-72079954e41bb4ec396d8f8b6dbe018717237664.tar.gz
pi-bitcoindev-72079954e41bb4ec396d8f8b6dbe018717237664.zip
[bitcoin-dev] BIP proposal: derived mnemonics
Diffstat (limited to 'd7')
-rw-r--r--d7/d2b8ce4ee4c3c86e339c2a313a1682a5af4e98223
1 files changed, 223 insertions, 0 deletions
diff --git a/d7/d2b8ce4ee4c3c86e339c2a313a1682a5af4e98 b/d7/d2b8ce4ee4c3c86e339c2a313a1682a5af4e98
new file mode 100644
index 000000000..9793be80c
--- /dev/null
+++ b/d7/d2b8ce4ee4c3c86e339c2a313a1682a5af4e98
@@ -0,0 +1,223 @@
+Return-Path: <millibitcoins@gmail.com>
+Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
+ [172.17.192.35])
+ by mail.linuxfoundation.org (Postfix) with ESMTPS id BED8C92B
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Tue, 26 Jul 2016 18:31:41 +0000 (UTC)
+X-Greylist: whitelisted by SQLgrey-1.7.6
+Received: from mail-wm0-f46.google.com (mail-wm0-f46.google.com [74.125.82.46])
+ by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B4C01259
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Tue, 26 Jul 2016 18:31:40 +0000 (UTC)
+Received: by mail-wm0-f46.google.com with SMTP id f65so184678572wmi.0
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Tue, 26 Jul 2016 11:31:40 -0700 (PDT)
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
+ h=to:from:subject:message-id:date:user-agent:mime-version
+ :content-transfer-encoding;
+ bh=fuPSvWxMdNaFisqS12ZSU8DNkfthbdEfTjP1Jn2TkRA=;
+ b=i24aWkioIl78JDVRMXGjjU/OVTVUOra33k4bS4fT/XCueXYOic/CB5JbOHUv+gWK2a
+ gnBRjjsWcsW4VLfMjBmgyBwjXFfUb34tSyjvGpyb7sLmnd9TlRODozCLu0CEzcQFzZSM
+ BJ85AdmW0jbVC8s0VRkbRQUDc+U14wj2DFyFy8tSlTQXX42JgEzmZ35+kDpRKf8bKOGK
+ jZuAJVCnOyJ72pNPJIlygiOlDMUM9z0v+fcu8tk6QB8HIr+gxKXhDpytcIQbSjInqJNn
+ ItTix4gbwYToUhlyN4eTv/arkbnO4UVw1zU5OQzoi/LY7GEaEQBp22F9sVkQgd0yhZpa
+ 0sZQ==
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+ d=1e100.net; s=20130820;
+ h=x-gm-message-state:to:from:subject:message-id:date:user-agent
+ :mime-version:content-transfer-encoding;
+ bh=fuPSvWxMdNaFisqS12ZSU8DNkfthbdEfTjP1Jn2TkRA=;
+ b=CxGXJzj9aCZwf+wLnwn7HuokJkEiQiD4Bg1VI/HUYuoU9yabztgoZYE0/L+4lYndqa
+ ngPANSLc7PeCWPp5lkilINAT7+ZEzDR6QUvUTJr0wRX5EtM3GB3vdiroCavpYl1BzgdY
+ /HKW1xmPB9qXb6hqqlZjfysF7xtEkgEif6ebxU+AOamdHkN/KsvnbWFrB1uLD0QmYx2t
+ 4v5NJhfwBIPUQus/JkQxfNlzBbAwVAOTnvB0zKvMjFmYjuHRtPAe5SOhkIVKsumTMLKc
+ p18A/Ka7H2RMEI9K+7032fc6loSFY6mGiZQ3nWFmsPhlat52bv7uKWTllfzSx4Rlhbpg
+ JF5Q==
+X-Gm-Message-State: AEkooutgLBjX0hy0MatpFlfsjqyMpRC/y+U1c+fMdAVeSXx+Ovz+z4bUyOINFw/xOCp69g==
+X-Received: by 10.28.41.131 with SMTP id p125mr24605774wmp.15.1469557899005;
+ Tue, 26 Jul 2016 11:31:39 -0700 (PDT)
+Received: from [192.168.178.13] (52D9D6D7.cm-11-1d.dynamic.ziggo.nl.
+ [82.217.214.215]) by smtp.googlemail.com with ESMTPSA id
+ f10sm2268383wje.14.2016.07.26.11.31.37
+ for <bitcoin-dev@lists.linuxfoundation.org>
+ (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
+ Tue, 26 Jul 2016 11:31:38 -0700 (PDT)
+To: bitcoin-dev@lists.linuxfoundation.org
+From: millibitcoin <millibitcoins@gmail.com>
+Message-ID: <5797AC88.8030507@gmail.com>
+Date: Tue, 26 Jul 2016 20:31:36 +0200
+User-Agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101
+ Thunderbird/38.8.0
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf-8; format=flowed
+Content-Transfer-Encoding: 7bit
+X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
+ DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM,
+ RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
+X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
+ smtp1.linux-foundation.org
+X-Mailman-Approved-At: Tue, 26 Jul 2016 18:44:46 +0000
+Subject: [bitcoin-dev] BIP proposal: derived mnemonics
+X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
+X-Mailman-Version: 2.1.12
+Precedence: list
+List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
+List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
+List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
+List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
+List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
+List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
+X-List-Received-Date: Tue, 26 Jul 2016 18:31:41 -0000
+
+(not sure so sent again after subscribing (one use case added))
+
+Dear Bitcoin developers,
+
+Below is provided a draft BIP proposal for a master mnemonic sentence
+from which other mnemonics sentences can be derived in a deterministic
+non-reversible way (on an offline computer). This would make it much
+easier to split funds into smaller fractions and use those in a
+HD-wallet when appropriate (just by inserting 12 or more words), without
+ever putting the master mnemonic at risk on an online computer. But
+there are many more use cases.
+
+A reference implementation, specifically for use with a Trezor, has been
+generated and can be found at:
+http://thebitcoinecosystem.info/DerivedMnemonics.html
+
+I'm not a professional programmer or cryptographer, so the idea and
+reference implementation will probably need a lot of reviewing but I do
+think Bitcoin needs this extension and the corresponding ease of use and
+improved security model.
+
+In the hope you like the idea,
+
+Regards,
+sumBTC
+
+
+<pre>
+ BIP: ???
+ Title: Derived mnemonics from a master mnemonic.
+ Author: sumBTC <millibitcoins@gmail.com>
+ Status: For Discussion
+ Type:
+ Created: 2016-07-24
+</pre>
+
+==Abstract==
+
+This BIP??? uses a master mnemonic sentence, as described in BIP39, for
+the deterministic generation of derived mnemonic sentences. The derived
+mnemonics are of the same format as the master mnemonic but can consist
+of a higher or lower number of words.
+
+Binary seeds can then be generated for derived mnemonics (and master
+mnemonic) as described in BIP39. Each of these seeds can be used to
+generate deterministic wallets using BIP-0032 or similar methods.
+
+==Motivation==
+
+A mnemonic code or sentence is superior for human interaction as
+described in BIP39 and can, for example, be written on paper or even
+memorized. However, once a mnemonic has been used online, even through
+the use of a hardware wallet, the mnemonic could be compromised. This
+should be considered a bad practice from a security standpoint.
+
+We therefore propose the generation of a master mnemonic offline and
+from this generate (also offline) multiple derived mnemonics in a
+deterministic way for online use. The master mnemonic is never used
+online and the master mnemonic cannot be obtained from the derived
+mnemonics. Examples of use cases are described below.
+
+==Generating the master mnemonic==
+
+The master mnemonic is first derived as a standard mnemonic as described
+in BIP39.
+
+==From master mnemonic to derived mnemonics==
+
+ From the master mnemonic a new string is created:
+
+string = MasterMnemonic + " " + Count + " " + Strength;
+
+Here, MasterMnemonic are the space separated words of the master
+mnemonic. Count = 0, 1, 2 denotes the different derived mnemonics of a
+given strength and Strength = numWords / 3 * 32, where numWords is the
+number of words desired for the derived mnemonic and only integer
+arithmetic is used in the calculation (e.g. for numWords = 14, Strength
+= 128). Both Count and Strength are converted to strings.
+
+This string is then hashed using sha512:
+
+hash = sha512(string);
+
+and turned into a byte array:
+
+for (var i=0; i<strength/8; i++) {
+ byteArray[i] = (hash[Math.floor((i%64)/4)] >>> ((i%4)*8)) & 0b11111111;
+}
+
+This byte array is then used to generate a new mnemonic as shown in the
+reference implementation using the method described in BIP39. The core
+of the new code in the reference manual can be found by jumping to
+"start: new code" in the reference software.
+
+A passphrase for the master mnemonic has the same effect on the derived
+mnemoncis (so must be included).
+
+==Reference Implementation==
+
+The reference implementation generates addresses based on BIP44 for a 24
+word master mnemonic and is available from
+
+http://thebitcoinecosystem.info/DerivedMnemonics.html
+
+or
+
+github (not yet)
+
+==Checking the derived mnemonics using Electrum==
+
+The displayed addresses in each of the reference implementations can be
+easily checked using Electrum in the following manner:
+
+move the directory ~/.electrum to a backup directory.
+start Electrum and choose:
+Restore a wallet or import keys
+Hardware wallet
+Restore Electum wallet from device seed words
+TREZOR wallet
+Insert one of the mnemonics and check that the same addresses are
+generated by Electrum
+
+Check the private keys:
+move the directory ~/.electrum to a backup directory.
+start Electrum and choose:
+Restore a wallet or import keys
+Standard wallet
+Import one of the private keys and check that the correct address has
+been generated.
+
+Some checks should include a passphrase.
+
+==Examples of Use Cases==
+
+A person with 25 bitcoin splits funds using 5 derived mnemonics and
+sends 5 bitcoins to the first address of each derived mnemonic. He can
+then use a (hardware) HD-wallet and simply insert one of the derived
+mnemonics to put only 5 bitcoins online and at risk at once. All funds
+can be recovered from the master mnemonic.
+
+A person wants to give 10 bitcoin to each of his family members, giving
+each participant a derived mnemonic and sending bitcoin to each of them.
+The donating person can always recover the derived mnemonic if one of
+his family members loses his derived mnemonic.
+
+For his Trezor wallet, someone wants to memorize only a 12 words master
+seed but wants to insert a 24 words derived seed so a key logger on his
+computer has 24! possibilities to check and not 12! (not a possibility
+for the current reference implementation but trivial to add).
+