Re: [Bitcoin-development] Multisign payment protocol?

[Thomas Voegtlin <thomasv1@gmx.de>]

> Trezor and Electrum may be earlier than this.

Sorry for not joining the discussion earlier.

I have postponed the release of bip32 features in Electrum due to 
ongoing discussions with Trezor and bitcoinj developers.
I planned to post a summary in a separate thread, but this info is also 
relevant for this thread, so I'm posting here.
(sorry if this is a bit offtopic, though)

I plan to create a 2-factor authentication service that uses p2sh 
addresses in Electrum.
All addresses are derived from the wallet root seed, and should be 
recoverable from it.
(of course this departs from scenarios where master keys are generated 
independently;
my opinion is that both should be possible)

So, when the user activates 2fa protection, the root private key is 
deleted from their hard drive, as well as the
master private key of one of the branches used to create p2sh addresses 
(which is sent to a remote server).

See this (fairly old) description here for more details: 
https://bitcointalk.org/index.php?topic=274182.0

Since I still want to be able to generate 1of1 accounts after the 2fa 
protection is activated,
1of 1 accounts should not be generated directly from the root of the tree.
Thus, an extra level must be inserted in the tree.

For example, 1of1 addresses can be derived as follows:

m/reserved'/n'

where n is the account index, and "reserved" is an index that indicates 
the type of address.
(0 would be reserved for 1of1 addresses)

slush suggested that another layer of derivation would be useful, in 
order to use wallets
with altcoins on the same seed. This lead to this type of derivation:

m/coin'/reserved'/n'

where "coin" would be 0 for Bitcoin, and "reserved" would be 0 for 1of1 
addresses

Thomas