[bitcoindev] [BIP Draft] Bitcoin Encrypted Backup

[bitcoindev] [BIP Draft] Bitcoin Encrypted Backup

[pyth]

Hi all,

At WizardSardine (where we’re building Liana wallet) we have been
discussing an encryption scheme for descriptors for at least two years.

A few months ago Salvatore Ingala published on delvingbitcoin a clear
scheme that matches our requirements.  
I have been working on implementing this scheme over the past few weeks
and would like to share a draft implementations & BIP in order to
collect feedback, remarks, and reviews.

Draft BIP: https://github.com/bitcoin/bips/pull/1951
Rust implementation + CLI:
https://github.com/pythcoiner/encrypted_backup
A simple GUI using rust implem: https://github.com/pythcoiner/bed
Salvatore delving post:
https://delvingbitcoin.org/t/a-simple-backup-scheme-for-wallet-accounts

**Open questions**

- **Deterministic nonce:** Currently the nonce is generated randomly.
Is it safe to produce a deterministic nonce, e.g. `hash("NONCE" ||
plaintext || key_1 || … || key_n)`, or are there known security
concerns with this approach?  
- **Cipher choice:** I arbitrarily chose AES‑GCM‑256. Is this the best
choice for this use case, or would another construction be preferable?
- **Byte order:** All fields are defined to be encoded in big‑endian.
Is there any reason to consider a different endianness?

Any thoughts, suggestions, or references are welcome.

Thanks,  
pyth  

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/e0b1a14c74645e34c1b2e1d5bb1b60ea69dd6437.camel%40pythcoiner.dev.