1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <gmaxwell@gmail.com>) id 1Tg5aJ-0004j1-Pl
for bitcoin-development@lists.sourceforge.net;
Wed, 05 Dec 2012 03:23:43 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.210.175 as permitted sender)
client-ip=209.85.210.175; envelope-from=gmaxwell@gmail.com;
helo=mail-ia0-f175.google.com;
Received: from mail-ia0-f175.google.com ([209.85.210.175])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1Tg5aI-00038t-UY
for bitcoin-development@lists.sourceforge.net;
Wed, 05 Dec 2012 03:23:43 +0000
Received: by mail-ia0-f175.google.com with SMTP id z3so3638993iad.34
for <bitcoin-development@lists.sourceforge.net>;
Tue, 04 Dec 2012 19:23:37 -0800 (PST)
MIME-Version: 1.0
Received: by 10.42.63.145 with SMTP id c17mr13357066ici.22.1354677817653; Tue,
04 Dec 2012 19:23:37 -0800 (PST)
Received: by 10.64.171.73 with HTTP; Tue, 4 Dec 2012 19:23:37 -0800 (PST)
In-Reply-To: <CAErK2CgWFarfs1WhGHs2L0b6ZuqCMhu72+dLNj0EZ1vN8=Au=g@mail.gmail.com>
References: <CAErK2CgWFarfs1WhGHs2L0b6ZuqCMhu72+dLNj0EZ1vN8=Au=g@mail.gmail.com>
Date: Tue, 4 Dec 2012 22:23:37 -0500
Message-ID: <CAAS2fgQxQEAtspRQixU7KAqhcXYnev=20-hbDpMCO9nTEKT+RQ@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Mike Koss <mike@coinlab.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -1.6 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(gmaxwell[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1Tg5aI-00038t-UY
Cc: "bitcoin-development@lists.sourceforge.net"
<bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] String-based Hierarchical Deterministic
Keys - Alternative to BIP 32
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2012 03:23:44 -0000
On Tue, Dec 4, 2012 at 10:06 PM, Mike Koss <mike@coinlab.com> wrote:
> I've implemented an alternative to the BIP 32 proposal. I wanted a syste=
m
> based on a hierarchical string representation (rather than hierarchy of
> integers as BIP 32 proposes). For example I name keys like this:
>
> [hd1.75491111].store.1. 1D7GM5dkUtxvGeWgn7SYtanBuyj1MD1EZy
> [hd1.75491111].store.2. 1QAqDbzpNKViGSjVe1XmnGbmZtvz5hM7t1
> [hd1.75491111].store.3. 14XkSN92QLGeorYPpoVbG87DQhowEx3mFn
> [hd1.75491111].store.4. 1JLcGdod6Wm33rMZuZZUmAEE6osLhM4QMn
>
> First draft of proposal:
>
> https://gist.github.com/4211704
As Pieter pointed out recently=E2=80=94 it's not (realistically) possible t=
o
blindly iterate through strings. This means your proposal loses the
backup recoverablity property which is part the point of a
deterministic wallet: If you have a backup prior to a new string name
being established you must also have a reliable backup of the string
as well.
Of course, if you're backing up the strings then you can also backup a
map equating the hdwallet indexes to your strings, and in the event of
a catastrophic loss where you are only left with the original ultimate
root you lose no coins (only metadata) with the BIP32 scheme. If,
instead, we have your scheme and the backup of strings is incomplete
then some or all assigned coin may be lost forever.
Your extended hierarchy of multiplers also makes me uncomfortable.
BIP32 uses a HMAC in its construction to obtain strongly unstructured
points.
|