Bitcoin Core. Alles über Kryptowährung - BitcoinWiki
List of address prefixes - BitcoinWiki
Deterministische Brieftasche – HD Wallet for Bitcoin ...
BIP 0085 - Bitcoin Wiki
How to convert my public key to a bitcoin address using python?
Hello, I'm playing with a little python script to understand how bip32 works. I can successfully generate my public key using bip32 python module. pub_key = bip32.get_pubkey_from_path("m/44'/0'/0'/0/0") print(binascii.hexlify(pub_key)) How can I convert my public key to a Bitcoin address ? Should I implement https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses ? Or can I use another python module for this?
The 'coin_type' (ref'ed in the BIP44 spec) for Cardano is Ada Lovelace's birth year. On Yoroi's mobile wallet it shows the 'BIP32' path for ADA, typical value: m/44'/1815'/0'/0/4 I think bitcoin is 0', Litecoin and Digibyte both use 2', was wondering who uses 1', when i found Cardano's 1815. Also, the BIP32 path isn't shown in the browser extension (or i couldn't find it), but found it on the mobile wallet.
Hi! One of the wallet main devs here. Sorry about not having posted much status on reddit, but we've been very busy with the firm goal of releasing soon. (note about perks, I think Cody will be updating soon on those, we're not managing that so please keep this topic for wallet development questions or feedback) Anyways, we have been starting more public communications, starting from the mailing list:
This week we have been delayed due to personal reasons, but hope we can meet the deadline for next week (sorry ppl). Alpha will mean big features are complete (multisig, coinjoin, stealth) and must support testnet. We are very close to "feature complete" on the chrome version, firefox version shouldn't take much once we have the chrome one running where we're basing our testing. The idea is as soon as we can finish off coinjoin (missing just a few things there) we will be looking into testnet release in order to release an alpha where ppl can test with fake coins. There is also some details about multisig spending we need a few days to finish off (at least to make it more automatic like the coinjoin). All in all, most of the hard work is already behind us, we have the following:
Robust bip32 implementation (on top of bitcoinjs-lib that we personally review and will review more), using it extensively for "pocket" support (high level coin control).
Multisig creation and importing (also creating spends without signatures... easier spending will come soon)
Stealth impementation (current version needs testing but we've already successfully tested a previous version)
Secure logical communication channel (using Curve25519) - this means the communications could go on top of different transports without security requirements, this is what coinjoin is built on at the moment. Whe have chosen curve25519 since it will allow more advanced cryptographic protocols than plain bitcoin curves, we did test the same thing before using bitcoin curve encryption only. 25519 supports blind signatures.
Multi identity. This means you can switch identity at any moment, and we could even run several at the same time (for now just run one simultaneusly).
Qr scanning of course
Identicons as visual hashes for checking fingerprints
Showing as different btc units
Show balance or pay using any other fiat (as supported by bitcoinavg at the moment) as denomination.
Not to forget the work done also on the backend that Amir is leading:
Lots of stabilization, testing and improments on libbitcoin and obelisk
Gateway working as frontend for the wallets
Transaction broadcaster with radar for better feedback
Some screenshots of current state (thanks zodman for taking the time to take those): http://i.imgur.com/SmlZ7Bb.pnghttp://i.imgur.com/JZPv9pz.pnghttp://i.imgur.com/CcLLecf.pnghttp://i.imgur.com/DPM4jAd.pnghttp://i.imgur.com/FA7TIA6.png We are aiming for a full featured wallet, and I think we're delivering soon, maybe it can take a bit more of time in development, but we're putting an incredible amount of effort and love into the wallet. Also, this is just the beginning, this is a infrastructure where soon we can layer much more functionality and we will do it. Also, don't think the project is the kind where we want to do a rushed release, rather delay a bit for really good testing and hardening. For people that want more specific dates, we can say we will release "when it's ready" and it's the right thing to do, but as said, I think we can take one week to release an alpha on testnet, then about two more weeks to stabilize and tie up things for a beta. During that period we will also be releasing technical documents on bitcointalk to validate our approaches to cryptographic techniques. We welcome ppl who want to test or check the code: https://github.com/darkwallet/darkwallet/blob/develop/README.md But only recommend it for more technical ppl at the moment (several reasons, check the readme where it says Pre-Alpha!). When we can release the alpha we'll make it better so it's safe to test for anyone. We are already at the point where the wallet is always working, just features are still dropping. If you want to support us, you can send BTC to the following multisig address: 32wRDBezxnazSBxMrMqLWqD1ajwEqnDnMc (https://wiki.unsystem.net/index.php/DarkWallet/Project_multisig_fund for details) Of course, all feedback or questions welcome! Kisses and thanks to all the supporters, we couldn't be doing this without you!!
As we're closing on a beta release for Dogecoin Core 1.10, I wanted to talk about where 1.9 went to, why we haven't had a major release in 11 months, and what we're doing differently in future. This is a long post, but I swear it's worth reading in full. First of all, important security announcement: If you're using brain wallets (this won't be many of you, but want to ensure we catch anyone who is), stop, and move your funds right now. There was a security talk at DEF CON which basically explained how much their security is broken, more detail at https://rya.nc/cracking_cryptocurrency_brainwallets.pdf. For anyone who's unsure, brain wallets are where you pick a set of words and use them to generate a wallet, such as bip32.org (I'm not linking that) lets you do. If you have been given words by a random process (i.e. Multibit HD, Electrum, Trezor, Ledger), these are AFAIK fine, it's just manually chosen words that are a disaster waiting to happen. Next, there's a Bitcoin village, at Chaos Communication Camp next weekend, and while the core developers can't attend (we're doing dull day job things instead), Dogerain's developer will be there, and they're organising a video hangout with the Dogecoin core devs. Not sure if others can attend remotely, but if you're at the camp we'd love to get to talk to you! Right, back to 1.9; Dogecoin Core 1.9 was going to be 1.8 with the Bitcoin Core 0.10 changes merged in. The same process was used to make Dogecoin Core 1.8 from 1.7 with Bitcoin Core 0.9, so we knew what we were doing. With almost 1,300 commits to review and apply it would take a while, but in theory was straight forward enough. A spreadsheet was created to track progress amongst the developers, and in January we set out to start merging. At this point we discovered several things:
Some patches from 0.10 had been merged in early and out of sequence, so we had to avoid merging them twice.
A lot of the changes were less readily compatible with Dogecoin Core than we expected.
1,300 is really a lot of changes
As time dragged on, we gained further assistance (Sporklin, this means you) in preparing merged commits, and I made several attempts at automating much of the process. Around March we started struggling with keeping development motivation up, and pace faltered, with Sporklin taking on much of the charge to keep work continuing. In June, we were about half way, and Bitcoin Core 0.11 hit release candidate, and at that point we realised this wasn't going to work. So, Dogecoin Core 1.10 is a rebuild. We've started with Bitcoin Core 0.11 as a base and then manually re-applied the Dogecoin changes. This makes a lot of sense, in as much as they're a smaller set of changes (and less invasive by design), but does mean that we risk losing subtle tweaks to the code (which is what the beta period is intended to help catch). Most of the changes have been totally rewritten to make them simpler to apply, and better fit in with the hugely revised code base. We also see a significant number of changes in the strings with Dogecoin, so previous improvements to translations cannot necessarily be used as-is, and when we hit beta we'll be looking for help with updating translations. The loss of motivation is something we need to be more aware of as a risk; while the Dogecoin developers are not doing this to try getting rich, that doesn't mean that there's no motivation required. We enjoy the challenge and opportunity to work with interesting technology, and based on that it's important that we ensure the work does have its interesting parts in amongst just getting stuff shipped. Looking ahead to future work:
We'll do a full rebuild once per year, potentially twice, to keep us close to the Bitcoin Core code and ensure compatibility.
In between these rebuilds, we'll merge in changes where feasible.
To avoid Dogecoin and Bitcoin diverging, we'll push new features and fixes into the relevant upstream project where practical. We avoid divergence because it makes it harder to update, and requires custom code to adopt Dogecoin compared to Bitcoin.
Dogecoin Core will be promoted as the reference base for other Scrypt-based altcoins. This happens already, and we get fixes from downstream (i.e. Fractalcoin caught that the fork detection code is too sensitive) as a result.
I know there are those who wish to see Dogecoin split further from Bitcoin, but there's just far too much effort being poured into Bitcoin, and too much available expertise from working with them, to ignore. On a related note, bitcoinj 0.14 now has all of the changes to make it work with the libdohj wrapper library. Patricklodder's been testing libdohj, and so far mostly it seems to work well (there's an issue with the advertised network protocol version that I need to fix, but apart from that so far so good). There's a similar model for python-bitcoinlib and python-altcoinlib, although I need to dust off python-altcoinlib somewhat. There's tons more I could write about HD wallets, user defined consensus or Ledger wallet support, but I think that's quite enough for today. There will be an interim update for Dogecoin Core 1.10 work around next weekend, hopefully a beta around the same sort of time, and the next full update post should be on the 23rd or thereabouts. Meantime, stay wow! Ross P.S. All of these posts go up on my site as well, if you want to read back at all: https://jrn.me.uk/
Abstract Resource-constrained devices are unable to maintain a full copy of the Bitcoin Blockchain in memory. This paper proposes a bidirectional payment channel framework for IoT devices. This framework utilizes Bitcoin Lightning-Network-like payment channels with low processing and storage requirements. This protocol enables IoT devices to open and maintain payment channels with traditional Bitcoin nodes without a view of the blockchain. Unlike existing solutions, it does not require a trusted third party to interact with the blockchain nor does it burden the peer-to-peer network in the way SPV clients do. The contribution of this paper includes a secure and crypto-economically fair protocol for bidirectional Bitcoin payment channels. In addition, we demonstrate the security and fairness of the protocol by formulating it as a game in which the equilibrium is reached when all players follow the protocol. References  K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts for the internet of things,” IEEE Access, vol. 4, pp. 2292–2303, 2016.  J. Basden and M. Cottrell, “How utilities are using blockchain to modernize the grid,” Harvard Business Review, 2017.  S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system.” http://bitcoin.org/bitcoin.pdf, 2008.  V. Buterin, “Ethereum white paper: A next gerneration smart contract and decentralized application platform,” tech. rep., 2014.  “Bitcoin wiki.” https://en.bitcoin.it/wiki. Accessed: 2018-05-28.  J. Poon and T. Dryja, “The bitcoin lightning network,: Scalable off-chain instant payments,” 2016.  C. Decker and R. Wattenhofer, “A fast and scalable payment network with bitcoin duplex micropayment channels,” in Proceedings of the 17th International Symposium on Stabilization, Safety, and Security of Distributed Systems - Volume 9212, (Berlin, Heidelberg), pp. 3–18, Springer-Verlag, 2015.  brainbot, “The raiden network.” https://raiden.network, 2018. Accessed: 2018-05-28.  H. A. Kalodner, S. Goldfeder, A. Chator, M. Moser, and A. Narayanan, ¨ “Blocksci: Design and applications of a blockchain analysis platform,” CoRR, vol. abs/1709.02489, 2017.  P. Wuille, “Bip32: Hierarchical deterministic wallets.” https://github.com/bitcoin/bips/blob/mastebip-0032.mediawiki. Accessed: 2018-05-28.  M. Green and I. Miers, “Bolt: Anonymous payment channels for decentralized currencies.” Cryptology ePrint Archive, Report 2016/701, 2016. https://eprint.iacr.org/2016/701.  J. Poon and V. Buterin, “Plasma: Scalable autonomous smart contracts.” https://plasma.io/plasma.pdf, 2017. Accessed: 2018-10-28.  S. Popov, “The tangle.” https://www.iota.org/research/academic-papers, 2018. Accessed: 2018-10-28.  N. Z. Aitzhan and D. Svetinovic, “Security and privacy in decentralized energy trading through multi-signatures, blockchain and anonymous messaging streams,” IEEE Transactions on Dependable and Secure Computing, pp. 1–1, 2016.  M. Mihaylov, S. Jurado, N. Avellana, K. Van Moffaert, I. M. de Abril, and A. Nowe, “Nrgcoin: Virtual currency for trading of renewable ´ energy in smart grids,” in European Energy Market (EEM), 2014 11th International Conference on the, pp. 1–6, IEEE, 2014.  E. Mengelkamp, B. Notheisen, C. Beer, D. Dauer, and C. Weinhardt, “A blockchain-based smart grid: towards sustainable local energy markets,” Computer Science-Research and Development, vol. 33, no. 1-2, pp. 207–214, 2018.  A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, “Blockchain for iot security and privacy: The case study of a smart home,” in 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 618–623, March 2017.  G. Liang, S. R. Weller, F. Luo, J. Zhao, and Z. Y. Dong, “Distributed blockchain-based data protection framework for modern power systems against cyber attacks,” in IEEE Transactions on Smart Grid (Early Access), 2018.
Notes on a first quick test of NTumblebit, on Linux and regtest.
I just thought I'd jot down a few notes on the experience of trying out the current NTumbleBit code. This is testing on regtest, done for the simple reason that you don't have to wait for testnet blocks (nor sync testnet which is mildly annoying). At this stage I just wanted to learn how this works. Your starting point is this wiki page.
You need to download Bitcoin Core. Use at least 0.13.1 - this turned out to be only major blocking point in the whole test, funnily enough, for me - it took me a few hours(!) in debugging to realize that the reason my wallet's coins were not being recognized was simply because 0.12.1 didn't support the necessary RPC syntax. (Note to devs: is there a way to expose errors/exception to the user in the client to help with under-the-hood errors like that? RPC configuration errors are exposed, so that's good of course). Since this is regtest, that's it: you don't need to sync any blockchains :) However, you do of course have to configure and start it. Put a bitcoin.conf somewhere (if you're currently running a node it's easiest to make a separate one from your main ~/.bitcoin/bitcoin.conf one, of course. I put one in ~/bitcoin.conf with these settings:
(you'll need those values again in a minute) and then run with
Now your regtest bitcoind is running, you can move on to Tumblebit. Follow the instructions in the wiki page mentioned at the start; install .Net Core - the Microsoft instructions are easy to follow, just a couple of apt-gets and install the *.deb. Next, clone the github repo and run the Unit Tests. They passed first time for me.
Next, start up the server, following the instructions in the wiki, except note you're using regtest, so:
cd NTumbleBit.TumblerServer dotnet run -regtest
The first start up will compile but also set up RSA keys, all that is fine without changes, but you'll need to edit the config so that the RPC is pointing at your regtest instance properly. In this case it (the new config should be located in ~/.ntumblebit/RegTest/server.config) should be edited to look like:
Then restart and check you get no RPC errors. Leave that console open, it's running a server loop. Next, configure and start the client. Note, we are still following the wiki page, except for the regtest element, so:
cd NTumbleBit.CLI dotnet run -regtest
You'll most likely get an RPC error again, before it shuts down. Now we need to edit the ~/.ntumblebit/RegTest/client.config file. The server can be left as the default localhost:5000, but you need the right RPC settings:
the last two fields are the important bit, which the wiki page explains in some detail for the testnet case.
Details on setting up a receiving wallet (for this test!)
What you need is a BIP32 based wallet (HD) that supports testnet, and can be run against regtest here (which in most cases will be the same thing to a wallet, as long as it can connect via RPC to sync itself). The good news is the wallet doesn't need to contain any coins. The details of the following probably won't be suitable for most (if you've never used joinmarket it's a bit convoluted), so you'll probably want to find another easy to use wallet; the wiki page should be a good starting point. For my test I used joinmarket; all we need to do is (a) hook it up to the regtest instance, and (b) extract the BIP32 xpub key that we'll be sending coins to. So in my case the flow of coins is: Regtest Bitcoin Core wallet (containing 'mined' coins) one branch of my BIP32 joinmarket wallet, configured to sync against the same regtest instance. I used my new joinmarket code but it's the same for the main joinmarket code. I overwrote joinmarket.cfg to have regtest settings (use this file; only the highlighted settings matter, those are the right ones for this test), then just run python wallet-tool.py randomseed. "randomseed" there can be literally anything, it's read as a brainwallet style seed for the bip32 wallet (because testnet, we don't care about its insecurity). The tpub.. keys seen for each branch are the "xpub" public keys at that branch of the BIP32 wallet. Tumblebit is going to send to a branch below whatever xpub we need, so the simplest is to add a print statement to print the xpub key above that; e.g. add this code:
for i in range(max_mix_depth): print('master for index: ' + str( i) + ' : ' + btc.bip32_privtopub(mixing_depth_keys[i]))
immediately above this line. Then run again python wallet-tool.py randomseed. Extract an xpub for any one of the "mixdepths", e.g. I chose:
master for index: 3 : tpubDBFGvUbWtEPKXeWPeG7rUh98iV9GuXSDbnk6ZrZHjcmp134BPByT293HPPQ93DktrVFKpZeAU1ULSdyfmwWuUGvUVLP19JkdUq2mzNKFJPR
and put that tpub.. key into the field pubkey in the above mentioned 'client.config':
Restart the client. If RPC is right, it'll start running, waiting for blocks. Your regtest Core instance will have coins (after the previous generate 101), and those coins will be automatically tumbled, one coin at a time, into the output wallet (in my case, the branch m/0/3/0 which is labelled there 'mixdepth 3, external'). Now you can test and watch the process! Open up a third console and repeatedly generate blocks:
As each block is generated you'll see the state in the client terminal window updating, showing the phases. A new 'epoch' (right term?) is started every N blocks (I haven't investigated the timing yet), and several epochs run concurrently. In each one, the client can pay in 1 Bitcoin (from Core) and eventually get out 1 coin - fees to the destination (Joinmarket in my case, any other BIP32 in yours). You can replace generate 1 with generate N but I'm not sure if the code will always correctly handle you mining lots of blocks at once! After a large enough number of blocks you'll start to see 'ClientCashout phase' occurring, and txids being printed out. You can go back to your (JM or other) wallet and see the coins arriving; here's what I see after a few epochs have gone through (using my python wallet-tool.py randomseed command):
for mixdepth=2 balance=0.00000000btc mixing depth 3 m/0/3/ external addresses m/0/3/0 tpubDDMAxSHJmxzeXwDnATuvtDizqNSsQKpXGufBDnER44BzEbHy7kg485zZwHqvzprgf6yEQYg9qYYfsLYS1HMmdSuXDzQb2dJSiga9geyM62R m/0/3/0/007 mw9s7tYucxB9yr2L6HkqeDVsh3wdgMdcyK used 0.99995750 btc m/0/3/0/008 mq5TgTNgwYHv88Q4T7wL6kTb1MBSPE3mqK used 0.99995750 btc m/0/3/0/009 mhzQFY8FNvux6SKWKLKmhBB3Sw4MLaSnyu used 0.99995750 btc m/0/3/0/010 mrYECmCf5UKa1BBRMuzprVugsCi9z7oiHo new 0.00000000 btc m/0/3/0/011 mopUNXmHT8ngfBymM3c3EYMg7RLZAf6Zc6 new 0.00000000 btc m/0/3/0/012 mmaVXVfQP4UAYJPhMpQ3FhgXfHzujaxyw4 new 0.00000000 btc m/0/3/0/013 mzYD1AcUFz8SVwJM8EjVCfEM6pcYnHooBR new 0.00000000 btc m/0/3/0/014 my5unLCEMWQBkXBdeJ75VVGk1wrMrT8iDE new 0.00000000 btc m/0/3/0/015 muA76YSTtKKmD6HnVKYhkd9K9TZnPLh8pp new 0.00000000 btc internal addresses m/0/3/1 for mixdepth=3 balance=2.99987250btc
Im currently studying the seed generation of various wallets, and as part of my research i wanted to know what world list does GreenAdress use when generating the mnemonic passphrase for the private key ? This site says: "Where are my Bitcoin keys stored?
Your private keys are not stored. They are derived on demand from your mnemonics as a seed to a BIP32 hierarchical wallet."
Electrum 2.0 has been tagged | Thomas Voegtlin | Mar 01 2015
Thomas Voegtlin on Mar 01 2015: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Bitcoin devs, I just tagged version 2.0 of Electrum: https://github.com/spesmilo/electrum/tree/2.0 The electrum.org website will be updated later today. The release notes are a bit dense, due to the large amount of changes and new features in this release. In the coming weeks we will be adding more detailed documentation to the wiki and to the website. There has been a very long hiatus in Electrum releases, because it took me a lot of time to decide about the new seed derivation method and wallet structure. Now that this part is done, I hope that we will resume to a faster release pace. I would like to thank all the people who contributed to this release, developers, beta testers, but also people from this list who provided useful feedback. Cheers, Thomas RELEASE-NOTES
Before you upgrade, make sure you have saved your wallet seed on
New seed derivation method (not compatible with BIP39). The seed
phrase includes a version number, that refers to the wallet structure. The version number also serves as a checksum, and it will prevent the import of seeds from incompatible wallets. Old Electrum seeds are still supported.
New address derivation (BIP32). Standard wallets are single account
and use a gap limit of 20.
Support for Multisig wallets using parallel BIP32 derivations and
P2SH addresses ("2 of 2", "2 of 3").
Compact serialization format for unsigned or partially signed
transactions, that includes the BIP32 master public key and derivation needed to sign inputs. Serialized transactions can be sent to cosigners or to cold storage using QR codes (using Andreas Schildbach's base 43 idea).
Support for BIP70 payment requests:
Verification of the chain of signatures uses tlslite.
In the GUI, payment requests are shown in the 'Invoices' tab.
Support for hardware wallets: Trezor (Satoshilabs) and Btchip (Ledger).
Two-factor authentication service by TrustedCoin. This service uses
"2 of 3" multisig wallets and Google Authenticator. Note that wallets protected by this service can be deterministically restored from seed, without Trustedcoin's server.
Cosigner Pool plugin: encrypted communication channel for multisig
wallets, to send and receive partially signed transactions.
Audio Modem plugin: send and receive transactions by sound.
OpenAlias plugin: send bitcoins to aliases verified using DNSSEC.
New 'Receive' tab in the GUI:
create and manage payment requests, with QR Codes
the former 'Receive' tab was renamed to 'Addresses'
the former Point of Sale plugin is replaced by a resizeable
window that pops up if you click on the QR code
The 'Send' tab in the Qt GUI supports transactions with multiple
outputs, and raw hexadecimal scripts.
The GUI can connect to the Electrum daemon: "electrum -d" will
start the daemon if it is not already running, and the GUI will connect to it. The daemon can serve several clients. It times out if no client uses if for more than 5 minutes.
The install wizard can be used to import addresses or private
keys. A watching-only wallet is created by entering a list of addresses in the wizard dialog.
New file format: Wallets files are saved as JSON. Note that new
wallet files cannot be read by older versions of Electrum. Old wallet files will be converted to the new format; this operation may take some time, because public keys will be derived for each address of your wallet.
The client accepts servers with a CA-signed SSL certificate.
ECIES encrypt/decrypt methods, availabe in the GUI and using
the command line: encrypt decrypt
The Android GUI has received various updates and it is much more
stable. Another script was added to Android, called Authenticator, that works completely offline: it reads an unsigned transaction shown as QR code, signs it and shows the result as a QR code. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJU8y7fAAoJECvVgkt/lHDm78oP/2uIqCyOwLsAJGkAI3CPFxtw WssFJlnCnFiA4tPv5pd7HdOgxQkTaPbUHftexfdd/lpfmFvxZVoHcA/32IIKFH63 BU2bnEyYOaW1A4XfNDQH6VG7eT2er1HOlHCtIgzRl0KJNmVggU6DnXnHkUs1PVvg pyEIR7Xv3GiK7rcS4qCS/9COroqQGFOXJAiLnOaQP5KszT1bMUdoL7mBPTfavnla LM+2MgKJOWv+JpHQCDp3XwAXX62LLsS2BjdK1Jt6OpGA6IuVQGBSaTIn5K81S+Yh M6RDKbP3kObYQ+bzLvtWrzgUD3sdht/V8L5ZPS3+Jibvmhae2zRrm/YpJZ77Yjd4 7QliCFGH0+Gwle72yOempFGWULwq7p6yo4dVZXpj1G3XmbZXuvFg4jYeC/usCx+T kQgMBPWME2m80fCzhJew1pRChSs/lzVreB0Lh6Tm/5Pibmy721J4oUr6oLkaR9Uy NMrYqnSy0+tCEOXHrpCYhqogyzzdjOlv0gWKqB2uSkO5TkEHv2eyHeiZttAn11qO sb85q/k0kYQBZZEvKJ9022eyKHjejDhQjKsCVIHhb81BJ1QYnZFIxBiKkVMxf0u5 sT2TTi18eOrYCUGD2WJ+ALyI1zN1sHO0/sn5+XzlC0jg+1KUXoo0j8NYnzmHb0Yx 5lbdlcaw0Uo7iWkFdMYT =IGGP -----END PGP SIGNATURE----- original: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-March/007620.html
New BIP32 structure for P2SH multisig wallets [BIP-45] | Jean-Pierre Rupp | Oct 03 2015
Jean-Pierre Rupp on Oct 03 2015: Hello, I have been reviewing BIP-45 today. There is a privacy problem with it that should at least be mentioned in the document. When using the same extended public key for all multisig activity, and dealing with different cosigners in separate multisig accounts, reuse of the same set of public keys means that all cosigners from all accounts will be able to monitor multisig activity from every other cosigner, in every other account. Besides privacy considerations, HD wallet's non-reuse of public keys provide some defence against wallets that do not implement deterministic signing, and use poor entropy for signature nonces. Unless users are expected to establish a single cosigning account, this scheme will result in reuse of public keys, and degradation of privacy. I understand that for convenience it is useful to have a single extended public key that can be handed to every cosigner. This makes setting up accounts or recovering from data loss a easier. I suggest that privacy & potential security degradation due to increased public key reuse in the case of users with multiple multisig accounts should get a mention in the BIP-45 document. Greetings On 25/04/14 23:27, Manuel Araoz wrote:
Each party must generate their master private keys independently.
Use multisig P2SH for all addresses.
Use BIP32 to derive public keys, then create a multisig script, and
use the P2SH address for that.
The address generation process should not require communicating with
other parties. (Thus, all parties must be able to generate all public keys)
Transaction creation + signing requires communication between
parties, of course. Following BIP43, we're be using: m / purpose' / * where /purpose/ is the hardened derivation scheme based on the new BIP number. We then define the following levels: m / purpose' / cosigner_index / change / address_index Each level has a special meaning detailed below: /cosigner_index/ <http://en.wikipedia.org/wiki/Co-signing>: the index of the party creating this address. The indices can be determined independently by lexicographically sorting the master public keys of each cosigner. /change/: 0 for change, 1 for receive address. /address_index/: Addresses are numbered from index 0 in sequentially increasing manner. We're currently syncing the max used index for each branch between all parties when they connect, but we're open to considering removing the index sync and doing the more elegant used-address discovery via a gap limit, as discussed in BIP44 <https://github.com/bitcoin/bips/blob/mastebip-0044.mediawiki#address-gap-limit>. We feel 20 might be too low though. Wallet high-level description: Each party generates their own extended master keypair and shares the extended purpose' public key with the others, which is stored encrypted. Each party can generate any of the other's derived public keys, but only his own private keys. General address generation procedure: When generating an address, each party can independently generate the N needed public keys. They do this by deriving the public key in each of the different trees, but using the same path. They can then generate the multisig script and the corresponding p2sh address. In this way, each path corresponds to an address, but the public keys for that address come from different trees. Receive address case: Each cosigner generates addresses only on his own branch. One of the n cosigners wants to receive a payment, and the others are offline. He knows the last used index in his own branch, because only he generates addresses there. Thus, he can generate the public keys for all of the others using the next index, and calculate the needed script for the address. /Example: /Cosigner #2 wants to receive a payment to the shared wallet. His last used index on his own branch is 4. Then, the path for the next receive address is m/$purpose/2/1/5. He uses this same path in all of the cosigners trees to generate a public key for each one, and from that he gets the new p2sh address. Change address case: Again, each cosigner generates addresses only on his own branch. One of the n cosigners wants to create an outgoing payment, for which he'll need a change address. He generates a new address using the same procedure as above, but using a separate index to track the used change addresses. / Example: /Cosigner #5 wants to send a payment from the shared wallet, for which he'll need a change address. His last used change index on his own branch is 11. Then, the path for the next change address is m/$purpose/5/0/12. He uses this same path in all of the cosigners trees to generate a public key for each one, and from that he gets the new p2sh address. Transaction creation and signing: When creating a transaction, first one of the parties creates a Transaction Proposal. This is a transaction that spends some output stored in any of the p2sh multisig addresses (corresponding to any of the copayers' branches). This proposal is sent to the other parties, who decide if they want to sign. If they approve the proposal, they can generate their needed private key for that specific address (using the same path that generated the public key in that address, but deriving the private key instead), and sign it. Once the proposal reaches m signatures, any cosigner can broadcast it to the network, becoming final. The specifics of how this proposal is structured, and the protocol to accept or reject it, belong to another BIP, in my opinion. Final comments:
We're currently lexicographically sorting the public keys for each
address separately. We've read Mike Belshe's comments about sorting the master public keys and then using the same order for all derived addresses, but we couldn't think of any benefits of doing that (I mean, the benefits of knowing whose public key is which).
We originally thought we would need a non-hardened version of purpose
for the path, because we needed every party to be able to generate all the public keys of the others. With the proposed path, is it true that the cosigners will be able to generate them, by knowing the extended purpose public key for each copayer? (m/purpose')
The reason for using separate branches for each cosigner is we don't
BIP0032 proposes Hierarchical Deterministic Wallets in a tree structure based on a master key
This proposed BIP0032 standard is fascinating and very promising for a variety of uses. I'm implementing a BIP0032 compliant system and I'm looking into the tree structure. Anyone interested in discussing it? For more advanced discussion... I am wondering about this part:
One weakness that may not be immediately obvious, is that knowledge of the extended public key + a private key descending from it is equivalent to knowing the extended private key (i.e., every private and public key) in case public derivation is used. This means that extended public keys must be treated more carefully than regular public keys. This is the reason why accounts at the first level of the default wallet layout use private derivation, so a leak of account-specific (or below) private key never risks compromising the master.
I understand that the 12 word bitcoin mnemonic is completely secure - that even if someone decided to spin up a huge army of Amazon EC2 instances and set them to work guessing mnemonics, trying to "recover" random wallets by brute forcing the system, they would expend much more on their effort than they would manage to steal. But unlike cracking a password, where you have to combine it with the correct username, this effort - like an attack on brain wallets longer used since they are insecure, could be brute forced and I presume that eventually with enough computing power, wallets would be recovered. I'd like to know if there is a great explanation of this technology available, and if not, why? Perhaps users of bitcoin wallets, when asked to entrust their balances in a few words, have some level of doubt that this is "good enough" for them to secure their bitcoins with, and makes them question the security of the system more than they need to. What would be really great would be a high quality animated video, with references and mathematical proofs, posted on YouTube, that you could refer people to who are not technically or mathematically minded, to set their minds at ease. Because I do think, as adoption outside of the extremely tech literate grows, this question will come up more and more. Sorry I'm not posting this video myself, I'm not a great animator and don't know others who are. I also don't understand all the facts behind this. Perhaps, in leiu of such a video, others could write competing "best explanations for the layman" of this backup tool, and together we could form a really fantastic explanation. Here are some resources on the subject: https://www.reddit.com/Bitcoin/comments/2twczy/how_are_mnemonic_words_secure_only_12_words/https://blog.blockchain.com/.../understanding-mnemonics-and-the-blockchain-wallet/http://bitcoin.stackexchange.com/questions/30879/pros-cons-limitations-of-mnemonic-phrases-bip39http://www.explainxkcd.com/wiki/index.php/936#Explanation People do know that computers are very fast, and the thought of their backup phrase needing to withstand an attack from a supercomputer, or some unknown entity called "hackers" that are out there on the Internet, breaking into things, the better we can explain how insanely well protected they are by mathematics, the better. And maybe, some people would like the option to encrypt their mnemonic with a password of their own choosing - they just might believe by securing it with 1023albertstreetGod, like they do their bank account, will make this OK. Lastly, where are people advised to keep their mnemonic passphrases? Not everyone has a safe. They shouldn't be written down in Google Keep, or saved in an e-mail. Maybe they can write them down in the back of their diary, but what if their house burns down? Personally, mine is buried in the ground. I couldn't think of a fireproof solution (my flat burned down a few years ago, this is a real problem). Some people live in areas that might flood, though, or just not feel like buying a small gardening trowel. There are reasons people would rather trust their money to a bank - the bank guarantee that you can show up, and show them your ID, and get access to your money. And that if your money is stolen by hackers, you'll get a refund. We can secure our own money, but it's new to us, having something we can't just buy an insurance policy for, or give to a third party to look after for us, these aren't things a lot of people are used to dealing with themselves. Custodial accounts are not the answer, as BitFinex and countless other custodial accounts at exchanges demonstrate (some people would have trusted that because BitFinex had "upgraded" their security with BitGo, their funds were maybe safer there than in their own hands). I appreciate that it was BitFinex's setup, not BitGo, that was at fault here, but the point stands - who knows what security some third party are using, better to have trustworthy ways of securing your money aside custodial control. Trezor is great, but still has a backup mnemonic incase your house burns to the ground (or something much less likely). EDIT: Andreas Antonopolous on some of what I wrote here: "Welcome. I’d like to know your take on brain wallets. Most consider brain wallet bad for newbies. Do you think it’s good for cold storage when applied by hardcore bitcoiners? Say, to mix the private key in the password-generation phrases to get a secured address. By the way, I personally use this method for most of my own bitcoins, is it ok? Many thx. No, I think it is a terrible idea to try to make your own brainwallet or try to make complex security solutions if you are not an expert. Even for an expert, the best security is standardized, peer-reviewed, well-tested security. For cold storage I use BIP39 mnemonic phrases and standardized BIP32/BIP44 wallets built on top of those. I do not try to invent my own and I do not use brainwallets." Source: https://docs.google.com/document/d/1BEqEhxJjN05HgAZ_OYvVUJ6kxDvEDxGebLvea7XqP-c/edit?ts=57958319&pref=2&pli=1
> Key management (bip32) Yes check.png > Receive Yes check.png > Send Yes check.png > Show history Yes check.png
looks like they almost have a basic functioning wallet. No updates, their indigogo page says they will no longer be updating the project there and to go to the above site, which also features no updates. http://www.indiegogo.com/projects/bitcoin-dark-wallet?c=comments# Look at these comments, the only ones posted over the last three months: [Quote]
johnfox415 said 3 days ago No update here either. Anonymous Contributor said 15 days ago Did not receive the backerit email :/ Max Küng said 17 days ago Never received anything. Haven’t gotten an email from backerkit either. Even sent an email after the last update saying that we should email if we didn’t get the backerkit link. Didn’t receive a reply in about a month. Just nada… Don Pomeroy said 18 days ago never received my shirt :( tom1gorman said 25 days ago Never received the t-shirt but, more importantly, still no Darkwallet or updates. Whats happening team? Jesse Rodgers said 1 month ago Also wondering about perks, I’m happy to contribute to the campaign but I was looking forward to my Bitcoin magazine subscription. I tried emailing once, but haven’t heard anything. on.yr.shouldr said 1 month ago what is happening? i still have not heard from “backerkit” about claiming my perk, and i’ve been trying to get in touch with you guys for over a week. :( osclark said 1 month ago I’m with peter. WTF is going on? I’ve heard NOTHING since this thing ended. I’m trying to join the BTC market, but I want a secure wallet. That was the whole idea, right? Let’s get this thing going, please. AT LEAST AN UPDATE. peter said 1 month ago hey guys :) whats up with this project? any news? over a month now since the campaign was funded, estimated delivery for some perks was december and still not even an update? ;) looking forward to here some news from you :) cheers
[/quote] But they do have a highly produced video and a professionally designed website extolling all their fundementals: https://darkwallet.unsystem.net/ $50k in USD and 50 bitcoins raised at $1000/piece, [Quote]
Never received the t-shirt but, more importantly, still no Darkwallet or updates. Whats happening team? Jesse Rodgers said 1 month ago
Hi all, The Marketplace has recently released a slew of updates targeted at decreasing the learning curve for new users. We feel that Multi Sig is an important tool and it is up to providers like The Marketplace, not customers, to make this transition bearable and to keep innovating. Our recent break has given us a new passion for TMP and we have listened to our users concerns. We know that many users have wished to try The Marketplace but have been scared that their funds may be lost due to the complexity of multi sig and we feel that our continued innovations have made this now impossible.
A large complaint from users is recording transaction ids.
Automatic transaction recording
We have now implemented an internal transaction recorder which automatically detects new transactions and records the transaction details. To pay for your order, you are now simply required to send funds to your multisig escrow address and your order page will instantly update to let you know the transaction was recorded when your payment is received, no need to click buttons or reload the page. It's almost easier than a traditional centralized marketplace with all the benefits of provable multi sig security to boot!
Updated UI & improved vendor search
Our new UI is also cleaner and easier to navigate, with fully responsive design that works even for small screen sizes. We have implemented changes to our search to recognize common variations of a vendors name so users searching for a specific vendor will be sent to their shop immediately.
A key concern for vendors is loss of their private keys or transactions going unredeemed when The Marketplace is seized.
To alleviate one of these concerns, we have implemented BIP32 and Electrum Deterministic address generation using Master Public Keys. Vendors must now only record a single master public key and The Marketplace will automatically generate a new deterministic address for every transaction, this removes the complexity of vendors wallet management which many vendors have complained about.
Time locked transactions
Another key concern is the ability to redeem transactions should The Marketplace be seized. Many vendors worry about their ability to redeem transactions because they cannot reach customers or private keys are lost. We have now released the first ever (clearnet & darknet) Time locked transaction implementation (see https://en.bitcoin.it/wiki/NLockTime). Time locked transactions are specially crafted transactions which are not valid till a specific date or block. This feature of the Bitcoin Protocol allows The Marketplace to provide verified vendors with a special transaction when they ship orders which is not valid for 2 months (sequence 0). This allows the vendor to know that upon shipping a product, they will be able to claim their payments if The Marketplace is seized in that time, albeit some months later. By utilizing the Bitcoin protocol, we are removing the need to trust third parties to help claim payments in the future and makes us the first marketplace to provide provable dead man switches in preparation for any seizure attempts. Many users will say that The Marketplace is one of the hardest to use marketplaces and will thus stay away, we have listened to all their concerns and feedback and we think it's now one of the easiest! Schultz
What are Dogecoin's Live & TestNet address prefixes?
The bitcoin wiki lists several decimal prefixes (and their associated address letters), but it doesn't list the dogecoin prefixes. I have found what appear to be Dogecoin's Live prefixes in cruptocoin's coininfo module. And what could possibly be the testnet prefixes too in brainwallet's bip32 implementation. However, I can't see how these values actually convert to the decimal prefixes. Thanks for your help guys!
This BIP describes the implementation of a mnemonic code or mnemonic sentence -- a group of easy to remember words -- for the generation of deterministic wallets. It consists of two parts: generating the mnemonic and converting it into a binary seed. This seed can be later used to generate ... From Bitcoin Wiki. Jump to: navigation, search. This page describes a BIP (Bitcoin Improvement Proposal). Please see BIP 2 for more information about BIPs and creating them. Please do not just create a wiki page. Please do not modify this page. This is a mirror of the BIP from the source Git repository here. BIP: 85 Layer: Applications Title: Deterministic Entropy From BIP32 Keychains Author ... Bitcoin is a distributed, worldwide, decentralized digital money. Bitcoins are issued and managed without any central authority whatsoever: there is no government, company, or bank in charge of Bitcoin. You might be interested in Bitcoin if you like cryptography, distributed peer-to-peer systems, or economics. A large percentage of Bitcoin enthusiasts are libertarians, though people of all ... Es war beabsichtigt, Bitcoin Address von einem Teamschlag zu erzeugen. Änderungen an dem Bitcoin-Protokoll, das BIP 0032 genannt wird, werden jetzt in vielen Desktop-, Mobil- und Wallet-Geräten verwendet - TREZOR, Electrum, CarbonWallet und viele andere. Der Hauptschlüssel hier ist der 128-Bit-Wert, der für den Benutzer wie eine reguläre Phrase von 12 Wörtern aussieht. Um den einfachen ... From Bitcoin Wiki. Jump to: navigation, search. This page describes a BIP (Bitcoin Improvement Proposal). Please see BIP 2 for more information about BIPs and creating them. Please do not just create a wiki page. Please do not modify this page. This is a mirror of the BIP from the source Git repository here. RECENT CHANGES: (16 Apr 2013) Added private derivation for i ≥ 0x80000000 (less risk ...