diff options
author | millibitcoin <millibitcoins@gmail.com> | 2016-07-26 20:31:36 +0200 |
---|---|---|
committer | bitcoindev <bitcoindev@gnusha.org> | 2016-07-26 18:31:41 +0000 |
commit | 72079954e41bb4ec396d8f8b6dbe018717237664 (patch) | |
tree | 5153ef3c2454f3fa255518d6f86f11e608ce02ad /d7 | |
parent | 24aa6c22ca0de7880c292e115f8de8f7e6607809 (diff) | |
download | pi-bitcoindev-72079954e41bb4ec396d8f8b6dbe018717237664.tar.gz pi-bitcoindev-72079954e41bb4ec396d8f8b6dbe018717237664.zip |
[bitcoin-dev] BIP proposal: derived mnemonics
Diffstat (limited to 'd7')
-rw-r--r-- | d7/d2b8ce4ee4c3c86e339c2a313a1682a5af4e98 | 223 |
1 files changed, 223 insertions, 0 deletions
diff --git a/d7/d2b8ce4ee4c3c86e339c2a313a1682a5af4e98 b/d7/d2b8ce4ee4c3c86e339c2a313a1682a5af4e98 new file mode 100644 index 000000000..9793be80c --- /dev/null +++ b/d7/d2b8ce4ee4c3c86e339c2a313a1682a5af4e98 @@ -0,0 +1,223 @@ +Return-Path: <millibitcoins@gmail.com> +Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org + [172.17.192.35]) + by mail.linuxfoundation.org (Postfix) with ESMTPS id BED8C92B + for <bitcoin-dev@lists.linuxfoundation.org>; + Tue, 26 Jul 2016 18:31:41 +0000 (UTC) +X-Greylist: whitelisted by SQLgrey-1.7.6 +Received: from mail-wm0-f46.google.com (mail-wm0-f46.google.com [74.125.82.46]) + by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B4C01259 + for <bitcoin-dev@lists.linuxfoundation.org>; + Tue, 26 Jul 2016 18:31:40 +0000 (UTC) +Received: by mail-wm0-f46.google.com with SMTP id f65so184678572wmi.0 + for <bitcoin-dev@lists.linuxfoundation.org>; + Tue, 26 Jul 2016 11:31:40 -0700 (PDT) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; + h=to:from:subject:message-id:date:user-agent:mime-version + :content-transfer-encoding; + bh=fuPSvWxMdNaFisqS12ZSU8DNkfthbdEfTjP1Jn2TkRA=; + b=i24aWkioIl78JDVRMXGjjU/OVTVUOra33k4bS4fT/XCueXYOic/CB5JbOHUv+gWK2a + gnBRjjsWcsW4VLfMjBmgyBwjXFfUb34tSyjvGpyb7sLmnd9TlRODozCLu0CEzcQFzZSM + BJ85AdmW0jbVC8s0VRkbRQUDc+U14wj2DFyFy8tSlTQXX42JgEzmZ35+kDpRKf8bKOGK + jZuAJVCnOyJ72pNPJIlygiOlDMUM9z0v+fcu8tk6QB8HIr+gxKXhDpytcIQbSjInqJNn + ItTix4gbwYToUhlyN4eTv/arkbnO4UVw1zU5OQzoi/LY7GEaEQBp22F9sVkQgd0yhZpa + 0sZQ== +X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=1e100.net; s=20130820; + h=x-gm-message-state:to:from:subject:message-id:date:user-agent + :mime-version:content-transfer-encoding; + bh=fuPSvWxMdNaFisqS12ZSU8DNkfthbdEfTjP1Jn2TkRA=; + b=CxGXJzj9aCZwf+wLnwn7HuokJkEiQiD4Bg1VI/HUYuoU9yabztgoZYE0/L+4lYndqa + ngPANSLc7PeCWPp5lkilINAT7+ZEzDR6QUvUTJr0wRX5EtM3GB3vdiroCavpYl1BzgdY + /HKW1xmPB9qXb6hqqlZjfysF7xtEkgEif6ebxU+AOamdHkN/KsvnbWFrB1uLD0QmYx2t + 4v5NJhfwBIPUQus/JkQxfNlzBbAwVAOTnvB0zKvMjFmYjuHRtPAe5SOhkIVKsumTMLKc + p18A/Ka7H2RMEI9K+7032fc6loSFY6mGiZQ3nWFmsPhlat52bv7uKWTllfzSx4Rlhbpg + JF5Q== +X-Gm-Message-State: AEkooutgLBjX0hy0MatpFlfsjqyMpRC/y+U1c+fMdAVeSXx+Ovz+z4bUyOINFw/xOCp69g== +X-Received: by 10.28.41.131 with SMTP id p125mr24605774wmp.15.1469557899005; + Tue, 26 Jul 2016 11:31:39 -0700 (PDT) +Received: from [192.168.178.13] (52D9D6D7.cm-11-1d.dynamic.ziggo.nl. + [82.217.214.215]) by smtp.googlemail.com with ESMTPSA id + f10sm2268383wje.14.2016.07.26.11.31.37 + for <bitcoin-dev@lists.linuxfoundation.org> + (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); + Tue, 26 Jul 2016 11:31:38 -0700 (PDT) +To: bitcoin-dev@lists.linuxfoundation.org +From: millibitcoin <millibitcoins@gmail.com> +Message-ID: <5797AC88.8030507@gmail.com> +Date: Tue, 26 Jul 2016 20:31:36 +0200 +User-Agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 + Thunderbird/38.8.0 +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf-8; format=flowed +Content-Transfer-Encoding: 7bit +X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, + DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, + RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on + smtp1.linux-foundation.org +X-Mailman-Approved-At: Tue, 26 Jul 2016 18:44:46 +0000 +Subject: [bitcoin-dev] BIP proposal: derived mnemonics +X-BeenThere: bitcoin-dev@lists.linuxfoundation.org +X-Mailman-Version: 2.1.12 +Precedence: list +List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> +List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> +List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> +List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> +List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> +List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> +X-List-Received-Date: Tue, 26 Jul 2016 18:31:41 -0000 + +(not sure so sent again after subscribing (one use case added)) + +Dear Bitcoin developers, + +Below is provided a draft BIP proposal for a master mnemonic sentence +from which other mnemonics sentences can be derived in a deterministic +non-reversible way (on an offline computer). This would make it much +easier to split funds into smaller fractions and use those in a +HD-wallet when appropriate (just by inserting 12 or more words), without +ever putting the master mnemonic at risk on an online computer. But +there are many more use cases. + +A reference implementation, specifically for use with a Trezor, has been +generated and can be found at: +http://thebitcoinecosystem.info/DerivedMnemonics.html + +I'm not a professional programmer or cryptographer, so the idea and +reference implementation will probably need a lot of reviewing but I do +think Bitcoin needs this extension and the corresponding ease of use and +improved security model. + +In the hope you like the idea, + +Regards, +sumBTC + + +<pre> + BIP: ??? + Title: Derived mnemonics from a master mnemonic. + Author: sumBTC <millibitcoins@gmail.com> + Status: For Discussion + Type: + Created: 2016-07-24 +</pre> + +==Abstract== + +This BIP??? uses a master mnemonic sentence, as described in BIP39, for +the deterministic generation of derived mnemonic sentences. The derived +mnemonics are of the same format as the master mnemonic but can consist +of a higher or lower number of words. + +Binary seeds can then be generated for derived mnemonics (and master +mnemonic) as described in BIP39. Each of these seeds can be used to +generate deterministic wallets using BIP-0032 or similar methods. + +==Motivation== + +A mnemonic code or sentence is superior for human interaction as +described in BIP39 and can, for example, be written on paper or even +memorized. However, once a mnemonic has been used online, even through +the use of a hardware wallet, the mnemonic could be compromised. This +should be considered a bad practice from a security standpoint. + +We therefore propose the generation of a master mnemonic offline and +from this generate (also offline) multiple derived mnemonics in a +deterministic way for online use. The master mnemonic is never used +online and the master mnemonic cannot be obtained from the derived +mnemonics. Examples of use cases are described below. + +==Generating the master mnemonic== + +The master mnemonic is first derived as a standard mnemonic as described +in BIP39. + +==From master mnemonic to derived mnemonics== + + From the master mnemonic a new string is created: + +string = MasterMnemonic + " " + Count + " " + Strength; + +Here, MasterMnemonic are the space separated words of the master +mnemonic. Count = 0, 1, 2 denotes the different derived mnemonics of a +given strength and Strength = numWords / 3 * 32, where numWords is the +number of words desired for the derived mnemonic and only integer +arithmetic is used in the calculation (e.g. for numWords = 14, Strength += 128). Both Count and Strength are converted to strings. + +This string is then hashed using sha512: + +hash = sha512(string); + +and turned into a byte array: + +for (var i=0; i<strength/8; i++) { + byteArray[i] = (hash[Math.floor((i%64)/4)] >>> ((i%4)*8)) & 0b11111111; +} + +This byte array is then used to generate a new mnemonic as shown in the +reference implementation using the method described in BIP39. The core +of the new code in the reference manual can be found by jumping to +"start: new code" in the reference software. + +A passphrase for the master mnemonic has the same effect on the derived +mnemoncis (so must be included). + +==Reference Implementation== + +The reference implementation generates addresses based on BIP44 for a 24 +word master mnemonic and is available from + +http://thebitcoinecosystem.info/DerivedMnemonics.html + +or + +github (not yet) + +==Checking the derived mnemonics using Electrum== + +The displayed addresses in each of the reference implementations can be +easily checked using Electrum in the following manner: + +move the directory ~/.electrum to a backup directory. +start Electrum and choose: +Restore a wallet or import keys +Hardware wallet +Restore Electum wallet from device seed words +TREZOR wallet +Insert one of the mnemonics and check that the same addresses are +generated by Electrum + +Check the private keys: +move the directory ~/.electrum to a backup directory. +start Electrum and choose: +Restore a wallet or import keys +Standard wallet +Import one of the private keys and check that the correct address has +been generated. + +Some checks should include a passphrase. + +==Examples of Use Cases== + +A person with 25 bitcoin splits funds using 5 derived mnemonics and +sends 5 bitcoins to the first address of each derived mnemonic. He can +then use a (hardware) HD-wallet and simply insert one of the derived +mnemonics to put only 5 bitcoins online and at risk at once. All funds +can be recovered from the master mnemonic. + +A person wants to give 10 bitcoin to each of his family members, giving +each participant a derived mnemonic and sending bitcoin to each of them. +The donating person can always recover the derived mnemonic if one of +his family members loses his derived mnemonic. + +For his Trezor wallet, someone wants to memorize only a 12 words master +seed but wants to insert a 24 words derived seed so a key logger on his +computer has 24! possibilities to check and not 12! (not a possibility +for the current reference implementation but trivial to add). + |