[Bitcoin-development] BIP32 Index Randomisation

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Matias Alejo Garcia <matias@bitpay.com>
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: [Bitcoin-development] BIP32 Index Randomisation
Date: Fri, 13 Mar 2015 00:48:05 -0300	[thread overview]
Message-ID: <CA+vKqYfG=SoNAgTeD0C_Q7F2p6MWdWE90u7728g9s3=nkmNi4w@mail.gmail.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 1367 bytes --]

Hello everyone,

We are working on bitcore-wallet-server (BWS), a HD multisig wallet
'facilitator'. We have a couple of questions regarding BIP32 path usage,
and we would love to have feedback from you before moving forward.

Currently the BWS instances hold the set of extended public keys of the
wallet's peers to be able to derive  addresses.

Since this is a problem from the privacy point of view, we thought using
pseudo-random  BIP32 paths, with a seed only known be the peers, so the
server will be able to verify that addresses  submitted by peers belong to
the wallet, but will not be able to derive future wallet addresses.

The workflow would be something like:

```
Peer >   getCurrentIndex

< Server [index]

Peer:
  pathSeed = PRNG(seed, index);

Peer > createAddress(index, pathSeed);

Server:
  derives the address and add it to the wallet.

< Server  new address

Peer: Verifies the address and inform it the user.
```

This way, accessing server data won't reveal future wallet addresses. The
seed (only known by the peers) could
be derived from hashes of their xprivs, so wallet funds can still be
recover with:
  1) The complete set of xprivs
  2) The quorum of xprivs + the complete set of xpubs + the address seed.

Thanks a lot in advance for any comment on this schema.

matías

-- 
BitPay.com

[-- Attachment #2: Type: text/html, Size: 1898 bytes --]

next             reply	other threads:[~2015-03-13  3:48 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-03-13  3:48 Matias Alejo Garcia [this message]
2015-03-13  4:01 ` [Bitcoin-development] BIP32 Index Randomisation Gregory Maxwell
2015-03-13 16:40 ` Mike Hearn
2015-03-13 18:01   ` Matias Alejo Garcia
2015-03-13 18:04     ` Mike Hearn
2015-03-13 20:26       ` Matias Alejo Garcia
2015-03-13 21:34         ` Mike Hearn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CA+vKqYfG=SoNAgTeD0C_Q7F2p6MWdWE90u7728g9s3=nkmNi4w@mail.gmail.com' \
    --to=matias@bitpay.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox