We Need to Document Bitcoin HD Derivations for Multisig (aka m/48' or BIP-0048) #16
Replies: 7 comments 6 replies
-
My biggest problem with current practices of m/48' is that since most wallets are stateless or airgapped, there is a risk that a multisig coordinator will request the use of a HD derivation during multisig setup that was used by a different multisig coordinator app that doesn't know about the use of the first one issued. Ideally, the wallet should just give the next incremental path when it generates the child HD key, but without knowing state it doesn't know which one is the next one. |
Beta Was this translation helpful? Give feedback.
-
correction: its |
Beta Was this translation helpful? Give feedback.
-
relevant: https://github.com/satoshilabs/slips/blob/master/slip-0132.md |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
While it is certainly not ideal that there exists no BIP48 for this emerged 'standard', there does not seem to be any rational option but to follow it. Given the widespread usage, proposing anything else will immediately create a double standard, leading to confusion and likely loss of funds through misconfiguration. This seems to be far worse than proceeding with the generally accepted derivation paths we already have. In answer to the questions above, I have for Account 0:
Yes.
No,
In all cases, the third element of the path increments e.g. P2WSH Account 1: I have used these paths in defining a standard for sharing BIP44 account level information: BlockchainCommons/Research#50 and started a discussion topic for the PR here: #24 |
Beta Was this translation helpful? Give feedback.
-
This is the best documentation I can find for m/48'
How does this work without a |
Beta Was this translation helpful? Give feedback.
-
If we are creating a standard for secure offline multisignature wallets, it should include all devices, ie computers (state obviously) and HWW (some with state? and most without). So there's a simple solution if the device has access to any state (just keep track), but I don't believe there is any solution for m/48' for stateless devices. |
Beta Was this translation helpful? Give feedback.
-
Bitcoin HD Derivations for Multisig (aka m/48' or BIP-0048)
Problem Statement
A number of wallet companies have settled on using the HD key derivation of m/48' for use with hardware wallets doing multisig, but so far there is no formal documenation in the form of a BIP or SLIP.
My best guess that the idea was that by using m/48' for multisig paths, you'd never need to check a single signature bitcoin address for balance from those derived keys, and you'l never reuse a derived key that will be used for a single-signature wallet and also multisig wallet.
Christopher Allen writes a side note
Who is using it
It appears that Coldpay may have initiated it.
https://github.com/bitpay/copay#wallet-export-format :
Trezor has some limited notes on it at https://wiki.trezor.io/Standard_derivation_paths
@stepansnigirev reports that Electrum wallet, Trezor, Ledger and ColdCard all use it.
Questions
Paths for legacy, nested segwit, and native segwit
Reportedly (reported by @stepansnigirev not confirmed)
Hardened Paths
Are all of these hardened paths like above?
Change
Anything weird in change addresses?
Accounts
How are different accounts handled?
Beta Was this translation helpful? Give feedback.
All reactions