Wallets - Obsidian Publish

- From a programmer's perspective, the word "wallet" refers to the data structure used to store and manage a user's keys ### Wallet Technology Overview - Wallets do not contain bitcoin, they contain keys and the coins are recorded in the blockchain on the bitcoin network - Users control the coins on the network by signing transactions with the keys in their wallets **Nondeterministic (Random) Wallets** - Each key is independently generated from a random number and are unrelated to each other (JBOK - Just a Bunch of Keys) - The first bitcoin wallets (now called Bitcoin Core) were like this - Discouraged for anything other than simple tests - Too cumbersome to backup and use - Instead, use an industry standard based HD wallet with a mnemonic seed for backup - A Type-0 nondeterministic wallet is a poor choice of wallet, especially if you want to avoid address reuse because it means managing many keys which creates the need for frequent backups **Deterministic Wallets** - All the keys are derived from a single master key (known as the *seed*) through the use of a one-way hash function - All the keys are related to each other and can be generated again if one has the original seed - There are a number of different key derivation methods, the most common being the Hierarchical Deterministic (HD) wallet - Seeds are often encoded as english words (mnemonic code words) - The seed is sufficient to recover all derived keys and is sufficient for a wallet export or import **HD Wallets - BIP-32/BIP-44** - The most advanced form of deterministic wallet is the HD wallet defined by the BIP-32 standard - Contains keys derived in a tree structure, such that a parent key can derive a sequence of children keys, and so on into infinite depth - HD wallets offer 2 major advantages over random (nondeterministic) keys 1. The tree structure can be used to express additional organizational meaning, such as when a specific branch of subkeys is used to receive incoming payments and a different branch is used to receive change from outgoing payments - Branches of keys can also be used in corporate settings, allocating different branches to departments, subsidiaries, specific functions, or accounting categories 2. Users can create a sequence of public keys without having access to the corresponding private keys - This allows HD wallets to be used on an insecure server or in a *receive-only* capacity, issuing a different public key for each transaction - The public keys do not need to be preloaded or derived in advance, yet the server does not have the private keys that can spend the funds - ![[Pasted image 20241210182650.png]] **Seeds and Mnemonic Codes - BIP-39** - HD wallets are very powerful for managing many keys and addresses, though they are even more useful if combined with a standardized way of creating seeds from a sequence of english words that are easy to transcribe, export, and import across wallets - This is known as a mnemonic and the standard is defined by BIP-39 - Most cryptocurrency wallets to day use this standard **Wallet Best Practices** - Most common standards - Mnemonic code words based on BIP-39 - HD wallets based on BIP-32 - Multipurpose HD wallet structure based on BIP-43 - Multicurrency and multiaccount wallets based on BIP-44 - Standards have been adopted making the wallets interoperable - A user can export a mnemonic generated on one of these wallets and import it in another wallet, recovering all transactions, keys, and addresses - If you are implementing a bitcoin wallet, it should be built as a HD wallet, with a seed encoded as mnemonic code for backup, following the BIP-32, BIP-39, BIP-43, and BIP-44 standards - e.g. Gabriel - He uses a Trezor which generates a mnemonic and seed from built-in hardware random number generator - He writes down each of the mnemonic words in order, which creates a backup that can be used for recovery in case of loss or damage to the device **Mnemonic Code Words - BIP-39** - Mnemonic code words are word sequences that represent (encode) a random number used as a seed to derive a deterministic wallet - The sequence of words is sufficient to recreate the seed and from there recreate the wallet and all derived keys - Brainwallets are different and consist of words chosen by the user, whereas mnemonic words are created randomly by the wallet (thus making mnemonic words more secure) - BIP-39 defines the creation of a mnemonic code and seed - Generating mnemonic words 1. Create a random sequence (entropy) of 128 to 256 bits 2. Create a checksum of the random sequence by taking the first (entropy-length/32) bits of its SHA256 hash 3. Add the checksum to the end of the random sequence 4. Divide the sequence into sections of 11 bits 5. Map each 11-bit value to a word from a predefined dictionary of 2048 words 6. The mnemonic code is the sequence of words ![[Pasted image 20241210185103.png]] ![[Pasted image 20241210185144.png]] - From mnemonic to seed - The mnemonic words represent entropy with a length of 128 to 256 bits, where this entropy is then used to derive a longer (512-bit) seed through the use of the key-stretching function $\text{PBKDF2}$ - This function takes 2 parameters: the mnemonic and a salt - The salt is used to make to make it difficult to build a lookup table enabling a brute force attack - In BIP-39 however the salt instead allows the introduction of a passphrase that serves as an additional security factor protecting the seed - The seed produced is then used to build a deterministic wallet and derive its keys -