Difference between revisions of "Deterministic wallet"

Line 24: Line 24:
 
* [[Seed phrase]]
 
* [[Seed phrase]]
 
* [[BIP_0032]]
 
* [[BIP_0032]]
 
 
=DISCLAIMER=
 
This page has been copied verbatim from https://en.bitcoin.it/wiki/Deterministic_wallet_tools and may require extensive editing.
 
Edit by: 26 Oct 2019
 
 
 
 
List of tools/services for working with Hierarchical Deterministic Wallets, aka hd-wallets aka bip32 wallets.
 
 
Tools listed on this page can typically perform some form of key derivation and list hd-wallet addresses.
 
 
'''Warning: You should never give an online service your master extended private key (xprv) as they could use it to drain your entire wallet'''.  Even sharing an extended public key [[#Risks of Sharing an Extended Public Key (xpub)|entails risks]].  If using an online hosted javascript tool, be careful to work with it offline only.
 
 
See also [[Deterministic Wallet]].
 
 
=== Online Services ===
 
 
* [https://blockpath.com/wallets/new?action=appxpub Blockpath]: Automatically scan all derivation paths for an xPub/yPub/zPub and view the balance of each used address, or generate all addresses and export them as text.
 
* [http://bip32.org/ bip32.org]: A tool for displaying information derived from bip32 extended key, or nmenonic phrase.  Appears to list only the first address.
 
* [https://iancoleman.github.io/bip39/ Mnemonic Code Converter]:  A tool for listing keys and addresses from a bip39 mnemonic phrase.  The tool can be saved as a file and used without any internet connection.
 
* [https://webhdwallet.github.io/ WebHDWallet]: Implementing the Hierarchical Deterministic Wallet proposal BIP32, with the aim of creating easy to use, secure, and powerful tools for managing HD wallets and the funds within.
 
* [https://mybitprices.info/hd-wallet-addrs.html mybitprices.info]: A tool that can derive all used wallet addresses from an extended public key and can further lookup historic price information for all wallet transactions and create gain/loss reports.
 
* [https://bitcore.io/playground/#/hdkeys bitcore playground]: Derive HD keys from a private or public extended key and a path.
 
 
=== Offline Command-line software ===
 
 
* [https://github.com/trezor/python-mnemonic python-mnemonic]: Reference implementation of BIP-0039: Mnemonic code for generating deterministic keys
 
* [https://github.com/dan-da/hd-wallet-derive hd-wallet-derive]: A command-line tool that derives bip32 addresses and private keys from bip32 extended keys or mnemonic, and can generate new master keys as well.  Supports segwit (p2sh,bech32) and hundreds of altcoins.
 
* [https://github.com/dan-da/hd-wallet-addrs hd-wallet-addrs]: A command-line tool for finding bitcoin hd-wallet addresses that have actually received funds, including change addresses.  (note: key derivation occurs offline, but funds lookup requires internet connection.)
 
* [https://github.com/vbuterin/pybitcointools pybitcointools]: Simple, common-sense Bitcoin-themed Python ECC library.  by Vitalik Buterin.
 
* [https://github.com/trezor/python-trezor python-trezor]: Client side implementation for TREZOR-compatible Bitcoin hardware wallets.
 
 
=== Risks associated with sharing extended keys with a third party ===
 
 
==== Risks of Sharing an Extended Private Key (xprv) DO-NOT-DO-THIS!!! ====
 
 
# '''The recipient can spend (steal) all your wallet funds.'''
 
# The recipient can obtain all your wallet keys and addresses, private and public.
 
# The recipient can identify and view all your historic transactions.
 
# The recipient can link all your wallet transactions together, possibly linking anonymous transactions with those associated with your identity.
 
 
==== Risks of Sharing an Extended Public Key (xpub) ====
 
 
In general it is safest NOT to share an extended public key.
 
 
# The recipient can obtain all your wallet public keys and addresses, but not your private keys.
 
# The recipient can identify and view all your historic transactions.
 
# The recipient can link all your wallet transactions together, possibly linking anonymous transactions with those associated with your identity.
 
# If, and only if, the recipient ''also'' obtains a single private key from your wallet, the recipient can obtain all your private keys and steal your funds, just as if they had your xprv key.
 

Revision as of 08:17, 15 January 2020

A deterministic wallet is a system of deriving keys from a single starting point known as a seed. The seed allows a user to easily back up and restore a wallet without needing any other information and can in some cases allow the creation of public addresses without the knowledge of the private key. Seeds are typically serialized into human-readable words in a Seed phrase. The BIP 0032 standard for Hierarchical Deterministic Wallets is used by most wallets as of 2019.

Benefits

Early clients such as the Satoshi client generate a buffer of fresh random private keys to be used as receiving and change addresses in the future. This has the effect of invalidating backups after a short period when the keypool buffer (typically 100 addresses) is exhausted. Deterministic wallets can generate an unlimited number of addresses on the fly and as such don't suffer from this issue. As the addresses are generated in a known fashion rather than randomly some clients can be used on multiple devices without the risk of losing funds. Users can conveniently create a single backup of the seed in a human readable format that will last the life of the wallet, without the worry of this backup becoming stale.

Master public key

Some deterministic wallets allow for the complete separation of private and public key creation for greater security and convenience. In this model a server can be set up to only know the Master Public Key (MPK) of a particular deterministic wallet. This allows the server to create as many public keys as is necessary for receiving funds, but a compromise of the MPK will not allow an attacker to spend from the wallet. They can alternatively be used to enable completely offline storage and spending. In this case an offline computer knows the private key and an online one knows only the MPK. Transactions spending coins are ferried between the two computers using methods such as visual transfer (QR code) or USB storage which avoids exposing the offline computer to a network-based attack.

Deterministic wallets implemented by hardware wallets keep the generated private keys offline and do not expose them to the computer even when spending coins.

Types

Type 1 deterministic wallet

A type 1 deterministic wallet is a simple method of generating addresses from a known starting string, as such it does not allow advanced features such as a Master Public Key. To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.

Type 2 hierarchical deterministic wallet

This wallet type is described in BIP 0032 and is the most common wallet type. The seed is a random value presented to the user as a 12 or 24 word Seed phrase using common English words. The seed goes through 100,000 rounds of SHA256 before any keys are created to slow down attacks against weak user-chosen strings.

Wallets using Diffie Hellman secret sharing

In order to leverage the techniques showcased in nCrypt whitepaper 42, wallets must be configured to manage the handshaking and Elliptic Curve mathematics needed to support the generation of shared secrets. Currently, no wallets support this type of deterministic addressing.

See Also