From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YgOeK-0004zS-8K for bitcoin-development@lists.sourceforge.net; Fri, 10 Apr 2015 02:26:28 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.220.179 as permitted sender) client-ip=209.85.220.179; envelope-from=etotheipi@gmail.com; helo=mail-qk0-f179.google.com; Received: from mail-qk0-f179.google.com ([209.85.220.179]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YgOeI-0007EI-LV for bitcoin-development@lists.sourceforge.net; Fri, 10 Apr 2015 02:26:28 +0000 Received: by qkx62 with SMTP id 62so9819313qkx.0 for ; Thu, 09 Apr 2015 19:26:21 -0700 (PDT) X-Received: by 10.140.89.149 with SMTP id v21mr38889081qgd.50.1428632781248; Thu, 09 Apr 2015 19:26:21 -0700 (PDT) Received: from [192.168.1.28] (c-69-143-204-74.hsd1.md.comcast.net. [69.143.204.74]) by mx.google.com with ESMTPSA id y18sm592410qgd.24.2015.04.09.19.26.20 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 09 Apr 2015 19:26:20 -0700 (PDT) Message-ID: <552734CB.4070903@gmail.com> Date: Thu, 09 Apr 2015 22:26:19 -0400 From: Alan Reiner User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: William Swanson References: <5524D347.4040507@maza.club> <5526DE29.1060605@maza.club> <5526FF23.9040402@gmail.com> In-Reply-To: Content-Type: multipart/alternative; boundary="------------010803040505020508010305" X-Spam-Score: -1.1 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (etotheipi[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.5 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1YgOeI-0007EI-LV Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Request For Discussion / BIP number - Multi-Currency Hierarchy For Use In Multisignature Deterministic Wallets X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Apr 2015 02:26:28 -0000 This is a multi-part message in MIME format. --------------010803040505020508010305 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit The motivation was that I came up with it before BIP 45 existed, but wasn't vocal enough about it because Armory didn't have BIP32 Multisig trees implemented yet, so I didn't have a strong mental focus or determination around it. If there's momentum behind BIP45, we should use it. I wanted to share the document because it was also created to be educational on the topic of "multisig address generation collisions" as being disucussed in this thread. Though we just put in BIP44 with my modification into our new wallet format (in the works), and if I was to adopt this I'd like to simply merge the two. M / purpose' / coin' / account' / *cosigner* / change*0or1* / address For reference my proposal (and the way I implemented it before BIP45 existed) is just BIP44 but with 2*N change branches instead of 2: M / purpose' / coin' / account' / change*2N* / address Our new code has the goal of being able to easily reconfigure your BIP32 tree for your specific application. But for the default free-public-download software, it would be nice to have a standard everyone agrees to. BIP44 vs original-BIP32 doesn't really matter since you only transfer the account branches, but this particular decision with how the consigners avoid "collisions" does affect it. -Alan On 04/09/2015 10:02 PM, William Swanson wrote: > Hello Alan, > Your scheme is basically the same as the BIP45 scheme, except that you > have collapsed the "cosigner_index" and "change" fields into a single > field with the formula: > > combined = 2*cosigner_index + change > > This removes one level from the hierarchy, but ultimately produces the > same number and type of chains as BIP45 (just addressed differently). > > I kinda like the BIP45's approach of giving each field has its own > dedicated purpose. What is the motivation behind flattening the > hierarchy? > > I ask because the wallet I work on, Airbitz, will be adding multi-sig > at some point in the future, and we need to figure out what kind of HD > tree structure we will be using. Our ideal structure would basically > be BIP 44 plus some "no-collision" logic: > > m / purpose' / coin_type' / wallet' / cosigner_index / change / > address_index > > I feel like interoperability with Copay would be worth the extra HD > branch. Assuming Kefkius adds similar no-collision logic, his proposal > is pretty close to our ideal: > > m / purpose' / wallet' / coin_type / cosigner_index / change / address_index > > Of course, I am open to hearing your thoughts on this as well. > > -William > > On Thu, Apr 9, 2015 at 3:37 PM, Alan Reiner wrote: >> BTW, I had originally proposed a "no-collision" scheme for >> multi-signature wallets, which doesn't require modifying the key tree >> structure at all, except for adding new internal and external chains >> (2*N chains). All siblings watch all chains, but only generate >> receiving and change addresses on their two chains. >> >> The original document is here, which might be educational for the >> purposes of understand precisely the problem that needs a solution (and >> mine is a different solution than BIP45). >> >> https://www.dropbox.com/s/58poxi60d8nfj5w/MultisigWalletNoCollide.pdf >> >> I prefer not adding even more levels to the key tree, and (IMO) it makes >> more sense to add more chains to the wallet instead of adding a new tree >> level (as it allows for a simpler tree in the event that you don't need >> separate cosigners). But I suspect that there's a certain momentum >> behind the cosigner-index method already in BIP45? Just throwing it out >> there. --------------010803040505020508010305 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit The motivation was that I came up with it before BIP 45 existed, but wasn't vocal enough about it because Armory didn't have BIP32 Multisig trees implemented yet, so I didn't have a strong mental focus or determination around it.  If there's momentum behind BIP45, we should use it.  I wanted to share the document because it was also created to be educational on the topic of "multisig address generation collisions" as being disucussed in this thread.
 
Though we just put in BIP44 with my modification into our new wallet format (in the works), and if I was to adopt this I'd like to simply merge the two.  

    M / purpose' / coin' / account' / cosigner / change0or1 / address

For reference my proposal (and the way I implemented it before BIP45 existed) is just BIP44 but with 2*N change branches instead of 2:

    M / purpose' / coin' / account' / change2N / address

Our new code has the goal of being able to easily reconfigure your BIP32 tree for your specific application.  But for the default free-public-download software, it would be nice to have a standard everyone agrees to.  BIP44 vs original-BIP32 doesn't really matter since you only transfer the account branches, but this particular decision with how the consigners avoid "collisions" does affect it. 

-Alan


On 04/09/2015 10:02 PM, William Swanson wrote:
Hello Alan,
Your scheme is basically the same as the BIP45 scheme, except that you
have collapsed the "cosigner_index" and "change" fields into a single
field with the formula:

    combined = 2*cosigner_index + change

This removes one level from the hierarchy, but ultimately produces the
same number and type of chains as BIP45 (just addressed differently).

I kinda like the BIP45's approach of giving each field has its own
dedicated purpose. What is the motivation behind flattening the
hierarchy?

I ask because the wallet I work on, Airbitz, will be adding multi-sig
at some point in the future, and we need to figure out what kind of HD
tree structure we will be using. Our ideal structure would basically
be BIP 44 plus some "no-collision" logic:

    m / purpose' / coin_type' / wallet' / cosigner_index / change /
address_index

I feel like interoperability with Copay would be worth the extra HD
branch. Assuming Kefkius adds similar no-collision logic, his proposal
is pretty close to our ideal:

    m / purpose' / wallet' / coin_type / cosigner_index / change / address_index

Of course, I am open to hearing your thoughts on this as well.

-William

On Thu, Apr 9, 2015 at 3:37 PM, Alan Reiner <etotheipi@gmail.com> wrote:
BTW, I had originally proposed a "no-collision" scheme for
multi-signature wallets, which doesn't require modifying the key tree
structure at all, except for adding new internal and external chains
(2*N chains).  All siblings watch all chains, but only generate
receiving and change addresses on their two chains.

The original document is here, which might be educational for the
purposes of understand precisely the problem that needs a solution (and
mine is a different solution than BIP45).

https://www.dropbox.com/s/58poxi60d8nfj5w/MultisigWalletNoCollide.pdf

I prefer not adding even more levels to the key tree, and (IMO) it makes
more sense to add more chains to the wallet instead of adding a new tree
level (as it allows for a simpler tree in the event that you don't need
separate cosigners).  But I suspect that there's a certain momentum
behind the cosigner-index method already in BIP45?  Just throwing it out
there.

--------------010803040505020508010305--