📅 Original date posted:2014-03-11
📝 Original message:> Trezor and Electrum may be earlier than this.
Sorry for not joining the discussion earlier.
I have postponed the release of bip32 features in Electrum due to
ongoing discussions with Trezor and bitcoinj developers.
I planned to post a summary in a separate thread, but this info is also
relevant for this thread, so I'm posting here.
(sorry if this is a bit offtopic, though)
I plan to create a 2-factor authentication service that uses p2sh
addresses in Electrum.
All addresses are derived from the wallet root seed, and should be
recoverable from it.
(of course this departs from scenarios where master keys are generated
independently;
my opinion is that both should be possible)
So, when the user activates 2fa protection, the root private key is
deleted from their hard drive, as well as the
master private key of one of the branches used to create p2sh addresses
(which is sent to a remote server).
See this (fairly old) description here for more details:
https://bitcointalk.org/index.php?topic=274182.0
Since I still want to be able to generate 1of1 accounts after the 2fa
protection is activated,
1of 1 accounts should not be generated directly from the root of the tree.
Thus, an extra level must be inserted in the tree.
For example, 1of1 addresses can be derived as follows:
m/reserved'/n'
where n is the account index, and "reserved" is an index that indicates
the type of address.
(0 would be reserved for 1of1 addresses)
slush suggested that another layer of derivation would be useful, in
order to use wallets
with altcoins on the same seed. This lead to this type of derivation:
m/coin'/reserved'/n'
where "coin" would be 0 for Bitcoin, and "reserved" would be 0 for 1of1
addresses
Thomas
Thomas Voegtlin [ARCHIVE] /
npub10f…7ej47
2023-06-07 15:15:07
in reply to nevent1q…fgfs
Author Public Key
npub10f96gqrsu4qpygfgvuvzce47aavjvql703egfde0l2hua8dzpszs67ej47Published at
2023-06-07 15:15:07Event JSON
{
"id": "b5ff32755eace5cd05c063a00913dfd3ebe3521cd12b970f57ca798b4abf628f",
"pubkey": "7a4ba40070e54012212867182c66beef592603fe7c7284b72ffaafce9da20c05",
"created_at": 1686150907,
"kind": 1,
"tags": [
[
"e",
"07851d213f227977a351770e7dfc2e7354779fae77670cd215beec4023ffb144",
"",
"root"
],
[
"e",
"ddf379ef99126659e84dc7a8d7f445b54241d9c3d323eb0f4d19f1207791a143",
"",
"reply"
],
[
"p",
"de70b2e669cfc1a6bd252e0469b74b1d28d0e6720864f44300dea89d4cf7654d"
]
],
"content": "📅 Original date posted:2014-03-11\n📝 Original message:\u003e Trezor and Electrum may be earlier than this.\n\nSorry for not joining the discussion earlier.\n\nI have postponed the release of bip32 features in Electrum due to \nongoing discussions with Trezor and bitcoinj developers.\nI planned to post a summary in a separate thread, but this info is also \nrelevant for this thread, so I'm posting here.\n(sorry if this is a bit offtopic, though)\n\nI plan to create a 2-factor authentication service that uses p2sh \naddresses in Electrum.\nAll addresses are derived from the wallet root seed, and should be \nrecoverable from it.\n(of course this departs from scenarios where master keys are generated \nindependently;\nmy opinion is that both should be possible)\n\nSo, when the user activates 2fa protection, the root private key is \ndeleted from their hard drive, as well as the\nmaster private key of one of the branches used to create p2sh addresses \n(which is sent to a remote server).\n\nSee this (fairly old) description here for more details: \nhttps://bitcointalk.org/index.php?topic=274182.0\n\nSince I still want to be able to generate 1of1 accounts after the 2fa \nprotection is activated,\n1of 1 accounts should not be generated directly from the root of the tree.\nThus, an extra level must be inserted in the tree.\n\nFor example, 1of1 addresses can be derived as follows:\n\nm/reserved'/n'\n\nwhere n is the account index, and \"reserved\" is an index that indicates \nthe type of address.\n(0 would be reserved for 1of1 addresses)\n\nslush suggested that another layer of derivation would be useful, in \norder to use wallets\nwith altcoins on the same seed. This lead to this type of derivation:\n\nm/coin'/reserved'/n'\n\nwhere \"coin\" would be 0 for Bitcoin, and \"reserved\" would be 0 for 1of1 \naddresses\n\nThomas",
"sig": "c355e9b2c2ac408564000d25a48b4682d550d1de3e73ae28c038cfcfb0789ea22d049fdb3713560ce1416d18d7d9aebc5d68ec2b2d522153ad0395674ab049c9"
}