BIP 0032 - Bitcoin Wiki

How to convert my public key to a bitcoin address using python?

I'm playing with a little python script to understand how bip32 works.
I can successfully generate my public key using bip32 python module.
pub_key = bip32.get_pubkey_from_path("m/44'/0'/0'/0/0") print(binascii.hexlify(pub_key))
How can I convert my public key to a Bitcoin address ? Should I implement ?
Or can I use another python module for this?
submitted by kikimeter to Bitcoin [link] [comments]

Fun fact: 1815 in ADA's BIP32 path

The 'coin_type' (ref'ed in the BIP44 spec) for Cardano is Ada Lovelace's birth year.
On Yoroi's mobile wallet it shows the 'BIP32' path for ADA, typical value: m/44'/1815'/0'/0/4
I think bitcoin is 0', Litecoin and Digibyte both use 2', was wondering who uses 1', when i found Cardano's 1815. Also, the BIP32 path isn't shown in the browser extension (or i couldn't find it), but found it on the mobile wallet.
submitted by Ninjanoel to cardano [link] [comments]

What is the advantage of sub-addresses over Type 1 or Type 2 (BIP32) style deterministic wallets?

Each allows for the creation of many addresses from a single seed.
So, what are the functional (and/or technical) differences as far as a user is concerned?
Type 1 is "To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed."
Type 2 is the more familiar (BIP32) HD wallet.
submitted by Sing_Cook to Monero [link] [comments]

Lightning in a Schnorr/Taproot world

I'm doing a presentation on the impact of SchnorTaproot on Lightning at the Lightning conference in Berlin next week so I thought I'd set up a post on this topic to collect together the best resources and thoughts on where my understanding is still limited or lacking. I'll also post some questions and hopefully (!) find some answers.
Introductions to Schnorr and Taproot
LTB podcast with Pieter Wuille and Jonas Nick (transcript):
"What this means in practice is you can take a group of people, take their public keys, combine those public keys together into a single public key and now those participants whose public keys you have taken to combine can jointly produce a signature for the combined public key."
"We can't use ed25519 for several reasons. One of them is we like to maintain compatibility with the existing public key system we have so that things like BIP32 and everything built on it don't get invalidated."
"Therefore we can reuse all of the existing encodings and in fact derive private, public and signatures from the same set of standard technologies we have. For example, mnemonic seeds based on BIP39 and hierarchical deterministic wallets on BIP32 etc? That's a huge advantage."
"The way to look at Taproot is it is a generalization that merges pay-to-publickey or pay-to-publickey single key policies and pay-to-scripthash. In a way every output becomes both of them. Everything becomes a combination of a key or a script. "
"It is both a privacy and a scaling advantage. All you see on the chain is a single public key when paying to it and a single signature when spending it, that's all."
Elichai Turkel introduction to Schnorr at Chaincode Labs (transcript):
James Chiang presentation on Taproot at Chaincode Labs (transcript):
The draft BIPs
Early posts discussing SchnorTaproot
Greg Maxwell Bitcointalk post on Schnorr and signature aggregation:
Greg Maxwell mailing list post on Taproot:
Aaron van Wirdum articles for Bitcoin Magazine
Lightning transaction script
submitted by michaelfolkson to u/michaelfolkson [link] [comments]

DarkWallet Update

One of the wallet main devs here. Sorry about not having posted much status on reddit, but we've been very busy with the firm goal of releasing soon.
(note about perks, I think Cody will be updating soon on those, we're not managing that so please keep this topic for wallet development questions or feedback)
Anyways, we have been starting more public communications, starting from the mailing list:
We also have the wiki, that for those interested hosts a lot of information about previous investigation, specs for what we're doing etc:
Regarding the dark wallet planned schedule, we wanted to do an alpha this week, as explained in the following email:
This week we have been delayed due to personal reasons, but hope we can meet the deadline for next week (sorry ppl). Alpha will mean big features are complete (multisig, coinjoin, stealth) and must support testnet.
We are very close to "feature complete" on the chrome version, firefox version shouldn't take much once we have the chrome one running where we're basing our testing. The idea is as soon as we can finish off coinjoin (missing just a few things there) we will be looking into testnet release in order to release an alpha where ppl can test with fake coins. There is also some details about multisig spending we need a few days to finish off (at least to make it more automatic like the coinjoin).
All in all, most of the hard work is already behind us, we have the following:
Not to forget the work done also on the backend that Amir is leading:
Some screenshots of current state (thanks zodman for taking the time to take those):
We are aiming for a full featured wallet, and I think we're delivering soon, maybe it can take a bit more of time in development, but we're putting an incredible amount of effort and love into the wallet. Also, this is just the beginning, this is a infrastructure where soon we can layer much more functionality and we will do it. Also, don't think the project is the kind where we want to do a rushed release, rather delay a bit for really good testing and hardening.
For people that want more specific dates, we can say we will release "when it's ready" and it's the right thing to do, but as said, I think we can take one week to release an alpha on testnet, then about two more weeks to stabilize and tie up things for a beta. During that period we will also be releasing technical documents on bitcointalk to validate our approaches to cryptographic techniques.
We welcome ppl who want to test or check the code: But only recommend it for more technical ppl at the moment (several reasons, check the readme where it says Pre-Alpha!). When we can release the alpha we'll make it better so it's safe to test for anyone.
We are already at the point where the wallet is always working, just features are still dropping.
If you want to support us, you can send BTC to the following multisig address:
( for details)
Of course, all feedback or questions welcome!
Kisses and thanks to all the supporters, we couldn't be doing this without you!!
submitted by caedesv to Bitcoin [link] [comments]

[dev] What went wrong with 1.9

As we're closing on a beta release for Dogecoin Core 1.10, I wanted to talk about where 1.9 went to, why we haven't had a major release in 11 months, and what we're doing differently in future. This is a long post, but I swear it's worth reading in full.
First of all, important security announcement: If you're using brain wallets (this won't be many of you, but want to ensure we catch anyone who is), stop, and move your funds right now. There was a security talk at DEF CON which basically explained how much their security is broken, more detail at For anyone who's unsure, brain wallets are where you pick a set of words and use them to generate a wallet, such as (I'm not linking that) lets you do. If you have been given words by a random process (i.e. Multibit HD, Electrum, Trezor, Ledger), these are AFAIK fine, it's just manually chosen words that are a disaster waiting to happen.
Next, there's a Bitcoin village, at Chaos Communication Camp next weekend, and while the core developers can't attend (we're doing dull day job things instead), Dogerain's developer will be there, and they're organising a video hangout with the Dogecoin core devs. Not sure if others can attend remotely, but if you're at the camp we'd love to get to talk to you!
Right, back to 1.9; Dogecoin Core 1.9 was going to be 1.8 with the Bitcoin Core 0.10 changes merged in. The same process was used to make Dogecoin Core 1.8 from 1.7 with Bitcoin Core 0.9, so we knew what we were doing. With almost 1,300 commits to review and apply it would take a while, but in theory was straight forward enough. A spreadsheet was created to track progress amongst the developers, and in January we set out to start merging.
At this point we discovered several things:
As time dragged on, we gained further assistance (Sporklin, this means you) in preparing merged commits, and I made several attempts at automating much of the process. Around March we started struggling with keeping development motivation up, and pace faltered, with Sporklin taking on much of the charge to keep work continuing. In June, we were about half way, and Bitcoin Core 0.11 hit release candidate, and at that point we realised this wasn't going to work.
So, Dogecoin Core 1.10 is a rebuild. We've started with Bitcoin Core 0.11 as a base and then manually re-applied the Dogecoin changes. This makes a lot of sense, in as much as they're a smaller set of changes (and less invasive by design), but does mean that we risk losing subtle tweaks to the code (which is what the beta period is intended to help catch). Most of the changes have been totally rewritten to make them simpler to apply, and better fit in with the hugely revised code base. We also see a significant number of changes in the strings with Dogecoin, so previous improvements to translations cannot necessarily be used as-is, and when we hit beta we'll be looking for help with updating translations.
The loss of motivation is something we need to be more aware of as a risk; while the Dogecoin developers are not doing this to try getting rich, that doesn't mean that there's no motivation required. We enjoy the challenge and opportunity to work with interesting technology, and based on that it's important that we ensure the work does have its interesting parts in amongst just getting stuff shipped.
Looking ahead to future work:
I know there are those who wish to see Dogecoin split further from Bitcoin, but there's just far too much effort being poured into Bitcoin, and too much available expertise from working with them, to ignore.
On a related note, bitcoinj 0.14 now has all of the changes to make it work with the libdohj wrapper library. Patricklodder's been testing libdohj, and so far mostly it seems to work well (there's an issue with the advertised network protocol version that I need to fix, but apart from that so far so good). There's a similar model for python-bitcoinlib and python-altcoinlib, although I need to dust off python-altcoinlib somewhat.
There's tons more I could write about HD wallets, user defined consensus or Ledger wallet support, but I think that's quite enough for today. There will be an interim update for Dogecoin Core 1.10 work around next weekend, hopefully a beta around the same sort of time, and the next full update post should be on the 23rd or thereabouts.
Meantime, stay wow!
P.S. All of these posts go up on my site as well, if you want to read back at all:
submitted by rnicoll to dogecoin [link] [comments]

Bitcoin Payment-channels for Resource Limited IoT Devices

Date: 2018-12-26
Author(s): Christopher Hannon, Dong Jin

Link to Paper

Resource-constrained devices are unable to maintain a full copy of the Bitcoin Blockchain in memory. This paper proposes a bidirectional payment channel framework for IoT devices. This framework utilizes Bitcoin Lightning-Network-like payment channels with low processing and storage requirements. This protocol enables IoT devices to open and maintain payment channels with traditional Bitcoin nodes without a view of the blockchain. Unlike existing solutions, it does not require a trusted third party to interact with the blockchain nor does it burden the peer-to-peer network in the way SPV clients do. The contribution of this paper includes a secure and crypto-economically fair protocol for bidirectional Bitcoin payment channels. In addition, we demonstrate the security and fairness of the protocol by formulating it as a game in which the equilibrium is reached when all players follow the protocol.

[1] K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts for the internet of things,” IEEE Access, vol. 4, pp. 2292–2303, 2016.
[2] J. Basden and M. Cottrell, “How utilities are using blockchain to modernize the grid,” Harvard Business Review, 2017.
[3] S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system.”, 2008.
[4] V. Buterin, “Ethereum white paper: A next gerneration smart contract and decentralized application platform,” tech. rep., 2014.
[5] “Bitcoin wiki.” Accessed: 2018-05-28.
[6] J. Poon and T. Dryja, “The bitcoin lightning network,: Scalable off-chain instant payments,” 2016.
[7] C. Decker and R. Wattenhofer, “A fast and scalable payment network with bitcoin duplex micropayment channels,” in Proceedings of the 17th International Symposium on Stabilization, Safety, and Security of Distributed Systems - Volume 9212, (Berlin, Heidelberg), pp. 3–18, Springer-Verlag, 2015.
[8] brainbot, “The raiden network.”, 2018. Accessed: 2018-05-28.
[9] H. A. Kalodner, S. Goldfeder, A. Chator, M. Moser, and A. Narayanan, ¨ “Blocksci: Design and applications of a blockchain analysis platform,” CoRR, vol. abs/1709.02489, 2017.
[10] P. Wuille, “Bip32: Hierarchical deterministic wallets.” Accessed: 2018-05-28.
[11] M. Green and I. Miers, “Bolt: Anonymous payment channels for decentralized currencies.” Cryptology ePrint Archive, Report 2016/701, 2016.
[12] J. Poon and V. Buterin, “Plasma: Scalable autonomous smart contracts.”, 2017. Accessed: 2018-10-28.
[13] S. Popov, “The tangle.”, 2018. Accessed: 2018-10-28.
[14] N. Z. Aitzhan and D. Svetinovic, “Security and privacy in decentralized energy trading through multi-signatures, blockchain and anonymous messaging streams,” IEEE Transactions on Dependable and Secure Computing, pp. 1–1, 2016.
[15] M. Mihaylov, S. Jurado, N. Avellana, K. Van Moffaert, I. M. de Abril, and A. Nowe, “Nrgcoin: Virtual currency for trading of renewable ´ energy in smart grids,” in European Energy Market (EEM), 2014 11th International Conference on the, pp. 1–6, IEEE, 2014.
[16] E. Mengelkamp, B. Notheisen, C. Beer, D. Dauer, and C. Weinhardt, “A blockchain-based smart grid: towards sustainable local energy markets,” Computer Science-Research and Development, vol. 33, no. 1-2, pp. 207–214, 2018.
[17] A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, “Blockchain for iot security and privacy: The case study of a smart home,” in 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 618–623, March 2017.
[18] G. Liang, S. R. Weller, F. Luo, J. Zhao, and Z. Y. Dong, “Distributed blockchain-based data protection framework for modern power systems against cyber attacks,” in IEEE Transactions on Smart Grid (Early Access), 2018.
submitted by dj-gutz to myrXiv [link] [comments]

Notes on a first quick test of NTumblebit, on Linux and regtest.

I just thought I'd jot down a few notes on the experience of trying out the current NTumbleBit code.
This is testing on regtest, done for the simple reason that you don't have to wait for testnet blocks (nor sync testnet which is mildly annoying). At this stage I just wanted to learn how this works.
Your starting point is this wiki page.


You need to download Bitcoin Core. Use at least 0.13.1 - this turned out to be only major blocking point in the whole test, funnily enough, for me - it took me a few hours(!) in debugging to realize that the reason my wallet's coins were not being recognized was simply because 0.12.1 didn't support the necessary RPC syntax. (Note to devs: is there a way to expose errors/exception to the user in the client to help with under-the-hood errors like that? RPC configuration errors are exposed, so that's good of course).
Since this is regtest, that's it: you don't need to sync any blockchains :)
However, you do of course have to configure and start it. Put a bitcoin.conf somewhere (if you're currently running a node it's easiest to make a separate one from your main ~/.bitcoin/bitcoin.conf one, of course. I put one in ~/bitcoin.conf with these settings:
rpcuser=bitcoinrpc rpcpassword=123456abcdef 
(you'll need those values again in a minute) and then run with
~/bitcoininstallationdibitcoind -regtest -daemon -conf=homedibitcoin.conf 
(I didn't need to add server=1 to config).
Note that coins are not available until maturity, so you need to use the generate command to mine blocks, like this:
~/bitcoininstallationdibitcoin-cli -regtest -rpcuser=bitcoinrpc -rpcpassword=123456abcdef generate 101 
Now your regtest bitcoind is running, you can move on to Tumblebit. Follow the instructions in the wiki page mentioned at the start; install .Net Core - the Microsoft instructions are easy to follow, just a couple of apt-gets and install the *.deb. Next, clone the github repo and run the Unit Tests. They passed first time for me.


Next, start up the server, following the instructions in the wiki, except note you're using regtest, so:
cd NTumbleBit.TumblerServer dotnet run -regtest 
The first start up will compile but also set up RSA keys, all that is fine without changes, but you'll need to edit the config so that the RPC is pointing at your regtest instance properly. In this case it (the new config should be located in ~/.ntumblebit/RegTest/server.config) should be edited to look like:
rpc.url=http://localhost:18332/ rpc.user=bitcoinrpc rpc.password=123456abcdef #rpc.cookiefile=yourbitcoinfolde.cookie 
Then restart and check you get no RPC errors. Leave that console open, it's running a server loop.
Next, configure and start the client. Note, we are still following the wiki page, except for the regtest element, so:
cd NTumbleBit.CLI dotnet run -regtest 
You'll most likely get an RPC error again, before it shuts down. Now we need to edit the ~/.ntumblebit/RegTest/client.config file. The server can be left as the default localhost:5000, but you need the right RPC settings:
rpc.url=http://localhost:18332/ rpc.user=bitcoinrpc rpc.password=123456abcdef #rpc.cookiefile=yourbitcoinfolde.cookie tumbler.server=http://localhost:5000 outputwallet.extpubkey= outputwallet.keypath=0 
the last two fields are the important bit, which the wiki page explains in some detail for the testnet case.

Details on setting up a receiving wallet (for this test!)

What you need is a BIP32 based wallet (HD) that supports testnet, and can be run against regtest here (which in most cases will be the same thing to a wallet, as long as it can connect via RPC to sync itself). The good news is the wallet doesn't need to contain any coins. The details of the following probably won't be suitable for most (if you've never used joinmarket it's a bit convoluted), so you'll probably want to find another easy to use wallet; the wiki page should be a good starting point.
For my test I used joinmarket; all we need to do is (a) hook it up to the regtest instance, and (b) extract the BIP32 xpub key that we'll be sending coins to. So in my case the flow of coins is:
Regtest Bitcoin Core wallet (containing 'mined' coins) one branch of my BIP32 joinmarket wallet, configured to sync against the same regtest instance.
I used my new joinmarket code but it's the same for the main joinmarket code. I overwrote joinmarket.cfg to have regtest settings (use this file; only the highlighted settings matter, those are the right ones for this test), then just run python randomseed. "randomseed" there can be literally anything, it's read as a brainwallet style seed for the bip32 wallet (because testnet, we don't care about its insecurity). The tpub.. keys seen for each branch are the "xpub" public keys at that branch of the BIP32 wallet. Tumblebit is going to send to a branch below whatever xpub we need, so the simplest is to add a print statement to print the xpub key above that; e.g. add this code:
for i in range(max_mix_depth): print('master for index: ' + str( i) + ' : ' + btc.bip32_privtopub(mixing_depth_keys[i])) 
immediately above this line. Then run again python randomseed.
Extract an xpub for any one of the "mixdepths", e.g. I chose:
master for index: 3 : tpubDBFGvUbWtEPKXeWPeG7rUh98iV9GuXSDbnk6ZrZHjcmp134BPByT293HPPQ93DktrVFKpZeAU1ULSdyfmwWuUGvUVLP19JkdUq2mzNKFJPR 
and put that tpub.. key into the field pubkey in the above mentioned 'client.config':
outputwallet.extpubkey=tpubDBFGvUbWtEPKXeWPeG7rUh98iV9GuXSDbnk6ZrZHjcmp134BPByT293HPPQ93DktrVFKpZeAU1ULSdyfmwWuUGvUVLP19JkdUq2mzNKFJPR outputwallet.keypath=0 
Now save and quit.

Running the tumble

Restart the client. If RPC is right, it'll start running, waiting for blocks. Your regtest Core instance will have coins (after the previous generate 101), and those coins will be automatically tumbled, one coin at a time, into the output wallet (in my case, the branch m/0/3/0 which is labelled there 'mixdepth 3, external').
Now you can test and watch the process! Open up a third console and repeatedly generate blocks:
/path/to/bitcoin/bin/bitcoin-cli -regtest -rpcpassword=123456abcdef generate 1 
As each block is generated you'll see the state in the client terminal window updating, showing the phases. A new 'epoch' (right term?) is started every N blocks (I haven't investigated the timing yet), and several epochs run concurrently. In each one, the client can pay in 1 Bitcoin (from Core) and eventually get out 1 coin - fees to the destination (Joinmarket in my case, any other BIP32 in yours). You can replace generate 1 with generate N but I'm not sure if the code will always correctly handle you mining lots of blocks at once! After a large enough number of blocks you'll start to see 'ClientCashout phase' occurring, and txids being printed out. You can go back to your (JM or other) wallet and see the coins arriving; here's what I see after a few epochs have gone through (using my python randomseed command):
for mixdepth=2 balance=0.00000000btc mixing depth 3 m/0/3/ external addresses m/0/3/0 tpubDDMAxSHJmxzeXwDnATuvtDizqNSsQKpXGufBDnER44BzEbHy7kg485zZwHqvzprgf6yEQYg9qYYfsLYS1HMmdSuXDzQb2dJSiga9geyM62R m/0/3/0/007 mw9s7tYucxB9yr2L6HkqeDVsh3wdgMdcyK used 0.99995750 btc m/0/3/0/008 mq5TgTNgwYHv88Q4T7wL6kTb1MBSPE3mqK used 0.99995750 btc m/0/3/0/009 mhzQFY8FNvux6SKWKLKmhBB3Sw4MLaSnyu used 0.99995750 btc m/0/3/0/010 mrYECmCf5UKa1BBRMuzprVugsCi9z7oiHo new 0.00000000 btc m/0/3/0/011 mopUNXmHT8ngfBymM3c3EYMg7RLZAf6Zc6 new 0.00000000 btc m/0/3/0/012 mmaVXVfQP4UAYJPhMpQ3FhgXfHzujaxyw4 new 0.00000000 btc m/0/3/0/013 mzYD1AcUFz8SVwJM8EjVCfEM6pcYnHooBR new 0.00000000 btc m/0/3/0/014 my5unLCEMWQBkXBdeJ75VVGk1wrMrT8iDE new 0.00000000 btc m/0/3/0/015 muA76YSTtKKmD6HnVKYhkd9K9TZnPLh8pp new 0.00000000 btc internal addresses m/0/3/1 for mixdepth=3 balance=2.99987250btc 
As you can see, 3 coins have arrived.
submitted by waxwing to TumbleBit [link] [comments]

Word list in GreenAdress seed generation

Im currently studying the seed generation of various wallets, and as part of my research i wanted to know what world list does GreenAdress use when generating the mnemonic passphrase for the private key ?
This site says: "Where are my Bitcoin keys stored?
Your private keys are not stored. They are derived on demand from your mnemonics as a seed to a BIP32 hierarchical wallet." 
Does this mean that there is a BIP32 word list somewhere or are the words used from the BIP39 world list that is found on BTC wiki:
I am interestd in the English wordlist mind you..
Any help would be much appreciated ! :)
submitted by Tandrax218 to greenaddress [link] [comments]

Electrum 2.0 has been tagged | Thomas Voegtlin | Mar 01 2015

Thomas Voegtlin on Mar 01 2015:
Hash: SHA1
Dear Bitcoin devs,
I just tagged version 2.0 of Electrum:
The website will be updated later today. The release
notes are a bit dense, due to the large amount of changes and new
features in this release. In the coming weeks we will be adding more
detailed documentation to the wiki and to the website.
There has been a very long hiatus in Electrum releases, because it
took me a lot of time to decide about the new seed derivation method
and wallet structure. Now that this part is done, I hope that we will
resume to a faster release pace.
I would like to thank all the people who contributed to this release,
developers, beta testers, but also people from this list who provided
useful feedback.

Release 2.0

phrase includes a version number, that refers to the wallet
structure. The version number also serves as a checksum, and it
will prevent the import of seeds from incompatible wallets. Old
Electrum seeds are still supported.
and use a gap limit of 20.
P2SH addresses ("2 of 2", "2 of 3").
transactions, that includes the BIP32 master public key and
derivation needed to sign inputs. Serialized transactions can be
sent to cosigners or to cold storage using QR codes (using Andreas
Schildbach's base 43 idea).
"2 of 3" multisig wallets and Google Authenticator. Note that
wallets protected by this service can be deterministically restored
from seed, without Trustedcoin's server.
wallets, to send and receive partially signed transactions.
window that pops up if you click on the QR code
outputs, and raw hexadecimal scripts.
start the daemon if it is not already running, and the GUI will
connect to it. The daemon can serve several clients. It times out
if no client uses if for more than 5 minutes.
keys. A watching-only wallet is created by entering a list of
addresses in the wizard dialog.
wallet files cannot be read by older versions of Electrum. Old
wallet files will be converted to the new format; this operation
may take some time, because public keys will be derived for each
address of your wallet.
the command line:
stable. Another script was added to Android, called Authenticator,
that works completely offline: it reads an unsigned transaction
shown as QR code, signs it and shows the result as a QR code.
Version: GnuPG v1
submitted by bitcoin-devlist-bot to bitcoin_devlist [link] [comments]

Export format for xpub | Levin Keller | Feb 02 2015

Levin Keller on Feb 02 2015:
Hello everyone,
I think this is my first email to this mailinglist so I will shortly
introduce myself:
I am Levin and the CEO of Coyno ( Based in Berlin,
mathematician. Bitcoiner since 2011.
And now the reason for this email: Andreas (Schildbach) just released a new
update of his wallet. It now provides an export functionality for the m/0'
key in order to run read only copies on other devices. We already support
the format on our website. Of course we would love for this to become
standard. I also updated the Wiki article for Andreas' Wallet:
How do you like it? How does this format get standard? Shall I try to get a
pull request to BIP32 passed?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
submitted by bitcoin-devlist-bot to bitcoin_devlist [link] [comments]

New BIP32 structure for P2SH multisig wallets [BIP-45] | Jean-Pierre Rupp | Oct 03 2015

Jean-Pierre Rupp on Oct 03 2015:
I have been reviewing BIP-45 today. There is a privacy problem with it
that should at least be mentioned in the document.
When using the same extended public key for all multisig activity, and
dealing with different cosigners in separate multisig accounts, reuse of
the same set of public keys means that all cosigners from all accounts
will be able to monitor multisig activity from every other cosigner, in
every other account.
Besides privacy considerations, HD wallet's non-reuse of public keys
provide some defence against wallets that do not implement deterministic
signing, and use poor entropy for signature nonces.
Unless users are expected to establish a single cosigning account, this
scheme will result in reuse of public keys, and degradation of privacy.
I understand that for convenience it is useful to have a single extended
public key that can be handed to every cosigner. This makes setting up
accounts or recovering from data loss a easier.
I suggest that privacy & potential security degradation due to increased
public key reuse in the case of users with multiple multisig accounts
should get a mention in the BIP-45 document.
On 25/04/14 23:27, Manuel Araoz wrote:
Hi, I'm part of the team building copay
<>, a multisignature P2SH HD
wallet. We've been following the discussion regarding standardizing the
structure for branches both on this list and on github (1
<>, 2
<>, 3
<>, 4
<>, 5
<>). Soon, we realized the
assumptions in the discussions were not true for a multisig hd wallet,
so we wanted to share our current approach to that, to get feedback and
see if we can arrive to a new standard (and possibly a new BIP)
These are our assumptions:
use the P2SH address for that.
other parties. (Thus, all parties must be able to generate all public keys)
parties, of course.
Following BIP43, we're be using:
m / purpose' / *
where /purpose/ is the hardened derivation scheme based on the new BIP
We then define the following levels:
m / purpose' / cosigner_index / change / address_index
Each level has a special meaning detailed below:
/cosigner_index/ <>: the index of
the party creating this address. The indices can be determined
independently by lexicographically sorting the master public keys of
each cosigner.
/change/: 0 for change, 1 for receive address.
/address_index/: Addresses are numbered from index 0 in sequentially
increasing manner. We're currently syncing the max used index for each
branch between all parties when they connect, but we're open to
considering removing the index sync and doing the more elegant
used-address discovery via a gap limit, as discussed in BIP44
We feel 20 might be too low though.
Wallet high-level description:
Each party generates their own extended master keypair and shares the
extended purpose' public key with the others, which is stored encrypted.
Each party can generate any of the other's derived public keys, but only
his own private keys.
General address generation procedure:
When generating an address, each party can independently generate the N
needed public keys. They do this by deriving the public key in each of
the different trees, but using the same path. They can then generate the
multisig script and the corresponding p2sh address. In this way, each
path corresponds to an address, but the public keys for that address
come from different trees.
Receive address case:
Each cosigner generates addresses only on his own branch. One of the n
cosigners wants to receive a payment, and the others are offline. He
knows the last used index in his own branch, because only he generates
addresses there. Thus, he can generate the public keys for all of the
others using the next index, and calculate the needed script for the
/Example: /Cosigner #2 wants to receive a payment to the shared wallet.
His last used index on his own branch is 4. Then, the path for the next
receive address is m/$purpose/2/1/5. He uses this same path in all of
the cosigners trees to generate a public key for each one, and from that
he gets the new p2sh address.
Change address case:
Again, each cosigner generates addresses only on his own branch. One of
the n cosigners wants to create an outgoing payment, for which he'll
need a change address. He generates a new address using the same
procedure as above, but using a separate index to track the used change
Example: /Cosigner #5 wants to send a payment from the shared wallet,
for which he'll need a change address. His last used change index on his
own branch is 11. Then, the path for the next change address is
m/$purpose/5/0/12. He uses this same path in all of the cosigners trees
to generate a public key for each one, and from that he gets the new
p2sh address.
Transaction creation and signing:
When creating a transaction, first one of the parties creates a
Transaction Proposal. This is a transaction that spends some output
stored in any of the p2sh multisig addresses (corresponding to any of
the copayers' branches). This proposal is sent to the other parties, who
decide if they want to sign. If they approve the proposal, they can
generate their needed private key for that specific address (using the
same path that generated the public key in that address, but deriving
the private key instead), and sign it. Once the proposal reaches m
signatures, any cosigner can broadcast it to the network, becoming
final. The specifics of how this proposal is structured, and the
protocol to accept or reject it, belong to another BIP, in my opinion.
Final comments:
  • We're currently lexicographically sorting the public keys for each
address separately. We've read Mike Belshe's comments about sorting the
master public keys and then using the same order for all derived
addresses, but we couldn't think of any benefits of doing that (I mean,
the benefits of knowing whose public key is which).
  • We originally thought we would need a non-hardened version of purpose
for the path, because we needed every party to be able to generate all
the public keys of the others. With the proposed path, is it true that
the cosigners will be able to generate them, by knowing the extended
purpose public key for each copayer? (m/purpose')
  • The reason for using separate branches for each cosigner is we don't
want two of them generating the same address and receiving simultaneous
payments to it. The ideal case is that each address receives at most one
payment, requested by the corresponding cosigner.
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
Bitcoin-development mailing list
Bitcoin-development at
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

BIP0032 proposes Hierarchical Deterministic Wallets in a tree structure based on a master key

This proposed BIP0032 standard is fascinating and very promising for a variety of uses.
I'm implementing a BIP0032 compliant system and I'm looking into the tree structure.
Anyone interested in discussing it?
For more advanced discussion...
I am wondering about this part:
One weakness that may not be immediately obvious, is that knowledge of the extended public key + a private key descending from it is equivalent to knowing the extended private key (i.e., every private and public key) in case public derivation is used. This means that extended public keys must be treated more carefully than regular public keys. This is the reason why accounts at the first level of the default wallet layout use private derivation, so a leak of account-specific (or below) private key never risks compromising the master.
Can someone explain the last sentence above?
submitted by andreasma to Bitcoin [link] [comments]

Bitcoin Mnemonic: Best Explanation?

I understand that the 12 word bitcoin mnemonic is completely secure - that even if someone decided to spin up a huge army of Amazon EC2 instances and set them to work guessing mnemonics, trying to "recover" random wallets by brute forcing the system, they would expend much more on their effort than they would manage to steal. But unlike cracking a password, where you have to combine it with the correct username, this effort - like an attack on brain wallets longer used since they are insecure, could be brute forced and I presume that eventually with enough computing power, wallets would be recovered.
I'd like to know if there is a great explanation of this technology available, and if not, why?
Perhaps users of bitcoin wallets, when asked to entrust their balances in a few words, have some level of doubt that this is "good enough" for them to secure their bitcoins with, and makes them question the security of the system more than they need to.
What would be really great would be a high quality animated video, with references and mathematical proofs, posted on YouTube, that you could refer people to who are not technically or mathematically minded, to set their minds at ease.
Because I do think, as adoption outside of the extremely tech literate grows, this question will come up more and more.
Sorry I'm not posting this video myself, I'm not a great animator and don't know others who are. I also don't understand all the facts behind this.
Perhaps, in leiu of such a video, others could write competing "best explanations for the layman" of this backup tool, and together we could form a really fantastic explanation.
Here are some resources on the subject:
People do know that computers are very fast, and the thought of their backup phrase needing to withstand an attack from a supercomputer, or some unknown entity called "hackers" that are out there on the Internet, breaking into things, the better we can explain how insanely well protected they are by mathematics, the better. And maybe, some people would like the option to encrypt their mnemonic with a password of their own choosing - they just might believe by securing it with 1023albertstreetGod, like they do their bank account, will make this OK.
Lastly, where are people advised to keep their mnemonic passphrases? Not everyone has a safe. They shouldn't be written down in Google Keep, or saved in an e-mail. Maybe they can write them down in the back of their diary, but what if their house burns down? Personally, mine is buried in the ground. I couldn't think of a fireproof solution (my flat burned down a few years ago, this is a real problem). Some people live in areas that might flood, though, or just not feel like buying a small gardening trowel.
There are reasons people would rather trust their money to a bank - the bank guarantee that you can show up, and show them your ID, and get access to your money. And that if your money is stolen by hackers, you'll get a refund. We can secure our own money, but it's new to us, having something we can't just buy an insurance policy for, or give to a third party to look after for us, these aren't things a lot of people are used to dealing with themselves.
Custodial accounts are not the answer, as BitFinex and countless other custodial accounts at exchanges demonstrate (some people would have trusted that because BitFinex had "upgraded" their security with BitGo, their funds were maybe safer there than in their own hands). I appreciate that it was BitFinex's setup, not BitGo, that was at fault here, but the point stands - who knows what security some third party are using, better to have trustworthy ways of securing your money aside custodial control. Trezor is great, but still has a backup mnemonic incase your house burns to the ground (or something much less likely).
EDIT: Andreas Antonopolous on some of what I wrote here: "Welcome. I’d like to know your take on brain wallets. Most consider brain wallet bad for newbies. Do you think it’s good for cold storage when applied by hardcore bitcoiners? Say, to mix the private key in the password-generation phrases to get a secured address. By the way, I personally use this method for most of my own bitcoins, is it ok? Many thx.
No, I think it is a terrible idea to try to make your own brainwallet or try to make complex security solutions if you are not an expert. Even for an expert, the best security is standardized, peer-reviewed, well-tested security. For cold storage I use BIP39 mnemonic phrases and standardized BIP32/BIP44 wallets built on top of those. I do not try to invent my own and I do not use brainwallets." Source:
submitted by jj8091 to Bitcoin [link] [comments]

Looks like Darkwallet was a scam [x-post TheHub]
3 months and this is where their at
Base wallet
 > Key management (bip32) Yes check.png > Receive Yes check.png > Send Yes check.png > Show history Yes check.png 
looks like they almost have a basic functioning wallet. No updates, their indigogo page says they will no longer be updating the project there and to go to the above site, which also features no updates.
Look at these comments, the only ones posted over the last three months:
johnfox415 said 3 days ago No update here either. Anonymous Contributor said 15 days ago Did not receive the backerit email :/ Max Küng said 17 days ago Never received anything. Haven’t gotten an email from backerkit either. Even sent an email after the last update saying that we should email if we didn’t get the backerkit link. Didn’t receive a reply in about a month. Just nada… Don Pomeroy said 18 days ago never received my shirt :( tom1gorman said 25 days ago Never received the t-shirt but, more importantly, still no Darkwallet or updates. Whats happening team? Jesse Rodgers said 1 month ago Also wondering about perks, I’m happy to contribute to the campaign but I was looking forward to my Bitcoin magazine subscription. I tried emailing once, but haven’t heard anything. on.yr.shouldr said 1 month ago what is happening? i still have not heard from “backerkit” about claiming my perk, and i’ve been trying to get in touch with you guys for over a week. :( osclark said 1 month ago I’m with peter. WTF is going on? I’ve heard NOTHING since this thing ended. I’m trying to join the BTC market, but I want a secure wallet. That was the whole idea, right? Let’s get this thing going, please. AT LEAST AN UPDATE. peter said 1 month ago hey guys :) whats up with this project? any news? over a month now since the campaign was funded, estimated delivery for some perks was december and still not even an update? ;) looking forward to here some news from you :) cheers 
But they do have a highly produced video and a professionally designed website extolling all their fundementals:
$50k in USD and 50 bitcoins raised at $1000/piece,
Never received the t-shirt but, more importantly, still no Darkwallet or updates. Whats happening team? Jesse Rodgers said 1 month ago 
and we didnt even get a lousy t-shirt.
submitted by Ji1209019 to Bitcoin [link] [comments]

Huge update, too many changes too list!

Hi all,
The Marketplace has recently released a slew of updates targeted at decreasing the learning curve for new users. We feel that Multi Sig is an important tool and it is up to providers like The Marketplace, not customers, to make this transition bearable and to keep innovating.
Our recent break has given us a new passion for TMP and we have listened to our users concerns. We know that many users have wished to try The Marketplace but have been scared that their funds may be lost due to the complexity of multi sig and we feel that our continued innovations have made this now impossible.

For customers:

A large complaint from users is recording transaction ids.

Automatic transaction recording

We have now implemented an internal transaction recorder which automatically detects new transactions and records the transaction details. To pay for your order, you are now simply required to send funds to your multisig escrow address and your order page will instantly update to let you know the transaction was recorded when your payment is received, no need to click buttons or reload the page. It's almost easier than a traditional centralized marketplace with all the benefits of provable multi sig security to boot!

Updated UI & improved vendor search

Our new UI is also cleaner and easier to navigate, with fully responsive design that works even for small screen sizes. We have implemented changes to our search to recognize common variations of a vendors name so users searching for a specific vendor will be sent to their shop immediately.

For vendors:

A key concern for vendors is loss of their private keys or transactions going unredeemed when The Marketplace is seized.

Wallet Management

To alleviate one of these concerns, we have implemented BIP32 and Electrum Deterministic address generation using Master Public Keys. Vendors must now only record a single master public key and The Marketplace will automatically generate a new deterministic address for every transaction, this removes the complexity of vendors wallet management which many vendors have complained about.

Time locked transactions

Another key concern is the ability to redeem transactions should The Marketplace be seized. Many vendors worry about their ability to redeem transactions because they cannot reach customers or private keys are lost. We have now released the first ever (clearnet & darknet) Time locked transaction implementation (see Time locked transactions are specially crafted transactions which are not valid till a specific date or block.
This feature of the Bitcoin Protocol allows The Marketplace to provide verified vendors with a special transaction when they ship orders which is not valid for 2 months (sequence 0). This allows the vendor to know that upon shipping a product, they will be able to claim their payments if The Marketplace is seized in that time, albeit some months later. By utilizing the Bitcoin protocol, we are removing the need to trust third parties to help claim payments in the future and makes us the first marketplace to provide provable dead man switches in preparation for any seizure attempts.
Many users will say that The Marketplace is one of the hardest to use marketplaces and will thus stay away, we have listened to all their concerns and feedback and we think it's now one of the easiest!
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - iQIcBAEBCgAGBQJTyQV6AAoJEDke4vmlZMwqbMkP+wb56iiAfESZbInfGg4cLnBG /zS84SQZ7kK2XrjeLRB90PjISv01WpOrIsDpI6jwSd7RWZ/uipSi73xWA4jHm/bR dRcDKcAmoip4uup2DlBwW+AkwiBpzYHO2HW5BzbpzAPUqluh6AM0gRzhWmJjrA k/tsMEeHBiP2mPOQqh6x6cPc69siqPfctRMoZJgBLp3pnYGWLBccfeELfo1n8kKi av0X6tesfdvFTQRr5hS+Cd9kJyvOwtCxOb1rSuewk/MWV86ezieqWgG7exP+bLFu yfEAT2iKmFeWLowTC50TxZ5E46PIg1lfESkyLYgUbzx1L9/0BjdF5T+gwBVHGPRg P8FSF29VKho2HnTeYwstVDaUM/ujihSFbMcojpF6olLu/vrTgIkeLqEAOYSHENGc VDaXsACinq/WvPBdj6xv/Fz/Dbug3cRbeeqzowCzi4uOCR+DRZkEFbbu1Ij+y+ZX aoIvsQ3SL1johjcktGbD2XeHlGpql2iDkt2277MShcLAlm21LFRJkIexYGA5RH8Z p3pmJmS263usnJRlNObym8OEUCApEndQ5LNzeyG72+u69PZxGhaJYW0FaRzAx9pG PesWQrGK0lGQnZOt6Y7GG6zH5D/G3NTP9hI4FuyGWnahBU7/Xj6NXumu7FKyNOGE ar0O+Lml40XZXeKtey9W =SiuJ -----END PGP SIGNATURE----- 
Source: http://43y5mwjvhxd6zf7v.onion/forum/index.php?topic=971.msg5623#new
submitted by TMPSchultz to themarketplace [link] [comments]

What are Dogecoin's Live & TestNet address prefixes?

The bitcoin wiki lists several decimal prefixes (and their associated address letters), but it doesn't list the dogecoin prefixes.
I have found what appear to be Dogecoin's Live prefixes in cruptocoin's coininfo module.
And what could possibly be the testnet prefixes too in brainwallet's bip32 implementation. However, I can't see how these values actually convert to the decimal prefixes.
Thanks for your help guys!
submitted by jesstelford to dogecoindev [link] [comments]

23/09/2013 - Seismograph, Firefox OS Simulator, nodejs, Pixar Narrative, GoPro Bus Interface, Wifi Pineapple


Firefox OS Simulator


Pixar Narrative


GoPro Bus Interface

Wifi Pineapple

submitted by peeloo to webstoric [link] [comments]

Bitcoin: Gerador de Seeds feito em NodeJS (BIP-32 e BIP-39) Bitcoin Cash Wallet Coding Tutorial: Basic Withdrawal. (Part 6) Bitcoin Cash Wallet Coding Tutorial: UI Wiring. (Part 3) Hierarchical Deterministic Wallets (HD) - BIP32 generating master xprv xpub from seed How To Create A Bitcoin Address Validation Form

From Bitcoin Wiki. Jump to: navigation, search. This page describes a BIP (Bitcoin Improvement Proposal). Please see BIP 2 for more information about BIPs and creating them. Please do not just create a wiki page. Please do not modify this page. This is a mirror of the BIP from the source Git repository here. BIP: 85 Layer: Applications Title: Deterministic Entropy From BIP32 Keychains Author ... hd-wallet-derive: A command-line tool that derives bip32 addresses and private keys from bip32 extended keys or mnemonic. hd-wallet-addrs: A command-line tool for finding bitcoin hd-wallet addresses that have actually received funds, including change addresses. (note: key derivation occurs offline, but funds lookup requires internet connection.) This BIP describes the implementation of a mnemonic code or mnemonic sentence -- a group of easy to remember words -- for the generation of deterministic wallets. It consists of two parts: generating the mnemonic and converting it into a binary seed. This seed can be later used to generate ... Bitcoin is a distributed, worldwide, decentralized digital money. Bitcoins are issued and managed without any central authority whatsoever: there is no government, company, or bank in charge of Bitcoin. You might be interested in Bitcoin if you like cryptography, distributed peer-to-peer systems, or economics. A large percentage of Bitcoin enthusiasts are libertarians, though people of all ... Es war beabsichtigt, Bitcoin Address von einem Teamschlag zu erzeugen. Änderungen an dem Bitcoin-Protokoll, das BIP 0032 genannt wird, werden jetzt in vielen Desktop-, Mobil- und Wallet-Geräten verwendet - TREZOR, Electrum, CarbonWallet und viele andere. Der Hauptschlüssel hier ist der 128-Bit-Wert, der für den Benutzer wie eine reguläre Phrase von 12 Wörtern aussieht. Um den einfachen ...

[index] [43808] [14157] [47063] [9446] [48307] [44729] [17725] [23018] [21568] [48766]

Bitcoin: Gerador de Seeds feito em NodeJS (BIP-32 e BIP-39)

= Bitcoin Cash Wallet Coding Tutorial Welcome to this tutorial on how to create a Bitcoin Cash single-address wallet from scratch in JavaScript. In this tutorial, you will learn how to build a ... Single-Coin Wallets, z.B. das Bitcoin Core Wallet, verwenden meist nur BIP32, also eine lange Zeichenkette. Grundlagen: Die 24 Wörter Mnemonic (Wortliste mit 2048 Wörter) oder der BIP39 Standard. In this video I go over how to create a simple form that validates the checksum of a bitcoin address. Link to RosettaCode: = Bitcoin Cash Wallet Coding Tutorial Welcome to this tutorial on how to create a Bitcoin Cash single-address wallet from scratch in JavaScript. In this tutorial, you will learn how to build a ... Continuation of bitcoin python series, this time I'm generating master extended private (xprv) and master extended public (xpub) keys using python3. I am going through the implementation of BIP32 ...