Gregory Maxwell [ARCHIVE] on Nostr: 📅 Original date posted:2012-12-05 📝 Original message:On Tue, Dec 4, 2012 at ...
📅 Original date posted:2012-12-05
📝 Original message:On Tue, Dec 4, 2012 at 10:06 PM, Mike Koss <mike at coinlab.com> wrote:
> I've implemented an alternative to the BIP 32 proposal. I wanted a system
> based on a hierarchical string representation (rather than hierarchy of
> integers as BIP 32 proposes). For example I name keys like this:
>
> [hd1.75491111].store.1. 1D7GM5dkUtxvGeWgn7SYtanBuyj1MD1EZy
> [hd1.75491111].store.2. 1QAqDbzpNKViGSjVe1XmnGbmZtvz5hM7t1
> [hd1.75491111].store.3. 14XkSN92QLGeorYPpoVbG87DQhowEx3mFn
> [hd1.75491111].store.4. 1JLcGdod6Wm33rMZuZZUmAEE6osLhM4QMn
>
> First draft of proposal:
>
> https://gist.github.com/4211704
As Pieter pointed out recently— it's not (realistically) possible to
blindly iterate through strings. This means your proposal loses the
backup recoverablity property which is part the point of a
deterministic wallet: If you have a backup prior to a new string name
being established you must also have a reliable backup of the string
as well.
Of course, if you're backing up the strings then you can also backup a
map equating the hdwallet indexes to your strings, and in the event of
a catastrophic loss where you are only left with the original ultimate
root you lose no coins (only metadata) with the BIP32 scheme. If,
instead, we have your scheme and the backup of strings is incomplete
then some or all assigned coin may be lost forever.
Your extended hierarchy of multiplers also makes me uncomfortable.
BIP32 uses a HMAC in its construction to obtain strongly unstructured
points.
📝 Original message:On Tue, Dec 4, 2012 at 10:06 PM, Mike Koss <mike at coinlab.com> wrote:
> I've implemented an alternative to the BIP 32 proposal. I wanted a system
> based on a hierarchical string representation (rather than hierarchy of
> integers as BIP 32 proposes). For example I name keys like this:
>
> [hd1.75491111].store.1. 1D7GM5dkUtxvGeWgn7SYtanBuyj1MD1EZy
> [hd1.75491111].store.2. 1QAqDbzpNKViGSjVe1XmnGbmZtvz5hM7t1
> [hd1.75491111].store.3. 14XkSN92QLGeorYPpoVbG87DQhowEx3mFn
> [hd1.75491111].store.4. 1JLcGdod6Wm33rMZuZZUmAEE6osLhM4QMn
>
> First draft of proposal:
>
> https://gist.github.com/4211704
As Pieter pointed out recently— it's not (realistically) possible to
blindly iterate through strings. This means your proposal loses the
backup recoverablity property which is part the point of a
deterministic wallet: If you have a backup prior to a new string name
being established you must also have a reliable backup of the string
as well.
Of course, if you're backing up the strings then you can also backup a
map equating the hdwallet indexes to your strings, and in the event of
a catastrophic loss where you are only left with the original ultimate
root you lose no coins (only metadata) with the BIP32 scheme. If,
instead, we have your scheme and the backup of strings is incomplete
then some or all assigned coin may be lost forever.
Your extended hierarchy of multiplers also makes me uncomfortable.
BIP32 uses a HMAC in its construction to obtain strongly unstructured
points.