[bitcoin-dev] Bip44 extension for P2SH/P2WSH/...

Kenneth Heutmaker ken at keepkey.com
Sat May 14 17:37:02 UTC 2016

> * What if the "old" wallet has used more then 1000 addresses? I guess
> some wallets do not even create a lookup window up to 1000 addresses.
> There is a high chance of loosing funds when doing sweep (move all funds
> to a new wallet) operation.

If that is the case, the wallet is not following the standard. The wallet hierarchy standards like BIP44 specify how to walk an address chain. They all specify that you should keep going until you don’t find any more used keys within the lookup window. If a wallet leaves gaps that are too big, that is also not compliant.

In any case, if the sweeping wallet understands how the “old” wallet uses the hierarchy, it can be safely swept without a potential loss of funds.

> * I guess most or maybe all wallets will keep all keys (the
> "lookup-window" keys) in the wallet database which could affect
> performance [4]

Yes, wallets with more addresses take more time to process.

> * I guess most wallets do not offer "moving the funds to a new seed" [5]
> which results in not solving the problem of a "lost" or "compromised"
> wallet and implies wrong security to the enduser.

Some wallets do and for those that don’t, implementing it is straight forward if it already implements BIP32. It’s just a matter of knowing how the old wallet uses the hierarchy and prioritizing the work.

> * If I import a bip39 mnemonic into a hardware wallet (assume Trezor or
> Keepkey) I have to type in the words into my computer which bypasses
> some of the security my hardware wallet provides me (MITM seed attack).
> Together with the point above this reduces the security of a wallet (in
> particular cold storage significant).

Both TREZOR and KeepKey have developed strategies to prevent MITM attacks during seed recovery. TREZOR asks for the words in a random order and in some cases, adds ’noise’ words. KeepKey uses a rotating substitution cipher.

> I just wanted to point out that importing a wallet is a tricky step
> especially cross-wallet imports (I think cross wallet imports is an
> experts job without further improvements).

I don’t think it is as hard as you think. If a wallet uses BIP32 HD, all of the hard code is already implemented. It is just a matter of stringing the correct sequence of steps together.

Also, if the new hierarchy is under a separate purpose code as specified in BIP43, there is no need to create new seed. The BIP44 hierarchy and the new hierarchy can be extended from the same seed.

Ken Heutmaker, KeepKey

More information about the bitcoin-dev mailing list