Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WXWTP-0000mq-GD for bitcoin-development@lists.sourceforge.net; Tue, 08 Apr 2014 13:53:59 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.223.176 as permitted sender) client-ip=209.85.223.176; envelope-from=pieter.wuille@gmail.com; helo=mail-ie0-f176.google.com; Received: from mail-ie0-f176.google.com ([209.85.223.176]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1WXWTN-0004Od-PC for bitcoin-development@lists.sourceforge.net; Tue, 08 Apr 2014 13:53:59 +0000 Received: by mail-ie0-f176.google.com with SMTP id rd18so917591iec.35 for ; Tue, 08 Apr 2014 06:53:52 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.50.43.170 with SMTP id x10mr4305882igl.20.1396965232391; Tue, 08 Apr 2014 06:53:52 -0700 (PDT) Received: by 10.50.141.135 with HTTP; Tue, 8 Apr 2014 06:53:52 -0700 (PDT) In-Reply-To: References: <53344FF8.7030204@gk2.sk> Date: Tue, 8 Apr 2014 15:53:52 +0200 Message-ID: From: Pieter Wuille To: slush Content-Type: text/plain; charset=ISO-8859-1 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (pieter.wuille[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1WXWTN-0004Od-PC Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] New BIP32 structure X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 13:53:59 -0000 I see the cause of our disagreement now. You actually want to share a single BIP32 tree across different currency types, but do it in a way that guarantees that they never use the same keys. I would have expected that different chains would use independent chains, and have serializations encode which chain they belong to. Let me offer an alternative suggestion, which is compatible with the original default BIP32 structure: * You can use one seed across different chains, but the master nodes are separate. * To derive the master node from the seed, the key string "Bitcoin seed" is replaced by something chain-specific. * Every encoded node (including master nodes) has a chain-specific serialization magic. This is in practice almost the same as your suggestion, except that the m/cointype' in m/cointype'/account'/change/n is replaced by different masters. The only disadvantage I see is that you do not have a way to encode the "super master" that is the parent of all chain-specific masters. You can - and with the same security properties - encode the seed, though. -- Pieter On Tue, Apr 8, 2014 at 3:43 PM, slush wrote: > tl;dr; > > It is dangerous to expect that other seed than "xprv" does not contain > bitcoins or that "xprv" contains only bitcoins, because technically are both > situations possible. It is still safer to do the lookup; the magic itself is > ambiguous. > > Marek > > On Tue, Apr 8, 2014 at 3:40 PM, slush wrote: >> >> >> Serialization magic of bip32 seed is in my opinion completely unnecessary. >> Most of software does not care about it anyway; You can use xprv/xpub pair >> for main net, testnet, litecoin, dogecoin, whatevercoin. >> >> Instead using the same seed (xprv) and then separate the chains *inside* >> the bip32 path seems more useful to me. >> >> Marek > >