[Bitcoin-development] BIP32 Index Randomisation
Matias Alejo Garcia
matias at bitpay.com
Fri Mar 13 03:48:05 UTC 2015
We are working on bitcore-wallet-server (BWS), a HD multisig wallet
'facilitator'. We have a couple of questions regarding BIP32 path usage,
and we would love to have feedback from you before moving forward.
Currently the BWS instances hold the set of extended public keys of the
wallet's peers to be able to derive addresses.
Since this is a problem from the privacy point of view, we thought using
pseudo-random BIP32 paths, with a seed only known be the peers, so the
server will be able to verify that addresses submitted by peers belong to
the wallet, but will not be able to derive future wallet addresses.
The workflow would be something like:
Peer > getCurrentIndex
< Server [index]
pathSeed = PRNG(seed, index);
Peer > createAddress(index, pathSeed);
derives the address and add it to the wallet.
< Server new address
Peer: Verifies the address and inform it the user.
This way, accessing server data won't reveal future wallet addresses. The
seed (only known by the peers) could
be derived from hashes of their xprivs, so wallet funds can still be
1) The complete set of xprivs
2) The quorum of xprivs + the complete set of xpubs + the address seed.
Thanks a lot in advance for any comment on this schema.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bitcoin-dev