Skip to content

Latest commit

 

History

History
143 lines (116 loc) · 23.1 KB

README.md

File metadata and controls

143 lines (116 loc) · 23.1 KB

Wallets Recovery [Beta]

Giving users their seed phrase is not enough.

While great advances have been made in interoperability and recoverability, developers across the industry continue to build wallets that either:

  • Don't implement BIP standard(s).
  • Implement a BIP standard, but inconsistently when compared with other wallets.
  • Implement a BIP standard, but one that has not been widely adopted (and perhaps only by them).
  • Don't have clear documentation about their derivation paths, backup and recovery processes.

This chart is meant to gather information about wallet defaults for external recovery. Wallets come and go, information gets lost, and users are left with tears. Responsible wallet developers document external recovery. Users should not have to dig through the source code to figure out the Derivation Paths or Redeem Scripts.

If we went to your website and couldn't find it => ☠️☠️☠️ [EXTERNAL RECOVERY NOT DOCUMENTED].

This list is not an endorsement of the security or the quality of any of the wallets.

Status Hardware Wallets Supported Paths BIP39 Pass BIP174 PSBT Note
✅😵👁🚸 BitBox01↗︎ m/44'|49'|84'/0'/0' Required No Docs, Recovery Tool
✅👁 BitBox02↗︎ m/44'|49'|84'/0'/0' Optional No Docs, Recovery tool
⚠️ CoboVault↗︎ m/49'/0'/0' Optional No Docs, [EXTERNAL RECOVERY NOT DOCUMENTED]
✅😵 ColdCard Mk1↗︎ m/44'|48'|49'|84'/0'/0' + Custom Optional Yes Docs
ColdCard Mk2↗︎ m/44'|48'|84'/0'/0' + Custom Optional Yes Docs
ColdCard Mk3↗︎ m/44'|48'|84'/0'/0' + Custom Optional Yes Docs
✅👁 Ledger Nano S↗︎ m/49'|84'/0'/0' Optional No Docs
✅👁 Ledger Nano X↗︎ m/49'|84'/0'/0' Optional No Docs
✅🚸👁 Trezor One↗︎ m/44'|49'/0'/0' Optional No Docs
✅🚸👁 Trezor Model T↗︎ m/44'|49'/0'/0' Optional No Docs
✅🚸👁 KeepKey↗︎ m/44'/0'/0' Optional No Docs, xPub, Compatible Wallets
Opendime↗︎ WIF N/A N/A Docs, Archive
Status Software Wallet Path and/or Script BIP39 Pass WIF Support BIP174 PSBT Note
☠👁⑂ AirGap Wallet (AirGap Vault)↗︎ m/44'/0'/0' Optional No No [EXTERNAL RECOVERY NOT DOCUMENTED].
Atomic Wallet↗︎ m/44'/0'/0'/0/0 (Single Address Wallet) No No No Non-Standard derivation path for non-BTC coins, [EXTERNAL RECOVERY NOT DOCUMENTED].
⚠️ Bitcoin Core↗︎ m/0'/0' N/A Yes WIP Github Issue
✅👁⑂ Bitcoin Wallet app↗︎ BIP32 non 44 Compatible No Docs, Archive
⚠️ Bisq↗︎ m/44'/0'/0' N/A No Github Issue
⚠️ Bither↗︎ m/44'|49'/0'/0' No [EXTERNAL RECOVERY NOT DOCUMENTED]
✅👁⑂ Blockchain.com↗︎ m/44'/0'/n' No Docs, xPub
✅👁⑂ Blockstream Green (GreenAddress)↗︎ Custom 2-of-2 Script Optional (on restore) Yes Recovery tool
✅👁⑂ BlueWallet↗︎ m/44'|m/49'|84'/0'/0' N/A Yes Yes Docs, Archive, Features
⚠️👁⑂ BRD (Bread Wallet)↗︎ m/0' N/A Yes No Github Issue, Reddit Post
⚠️👁⑂ BTC.com app↗︎ Multisig: m/0' No Unofficial Docs
⚠️👁 Casa↗︎ m/49/0/X (X increments with each key rotation) No Unofficial Docs
⚠️👁⑂ Coin Wallet↗︎ m/0' No [EXTERNAL RECOVERY NOT DOCUMENTED]
✅👁⑂ Coinomi↗︎ m/44'|49'|84'/0'/0' Yes Yes No Export, Import
✅😵👁⑂ Copay↗︎ Single Signer: ≥ v1.2 m/44/0'/X' (X increments with each wallet addition) Multisig: < v1.2 m/45'/2147483647/0/x m/45'/2147483647/1/y ≥ v1.2 m/44/0'/0' ≥ v1.5 m/48'/0'/0'/1' m/48'/0'/0'/2' Optional Yes No Docs, Recovery tool, ❌Endangered users by misrepresenting Bitcoin, SegWit on 44 deriv path
⚠️👁⑂ DropBit↗︎ New Wallets: m/84/0'/0' Old Wallets: m/44/0'/0' No No No
✅👁⑂ Edge Wallet↗︎ m/44'|49'/0'/0' No Docs
✅👁⑂ Electrum↗︎ Single Signer: m/|44'|49'|84'/0'/0' Multisig: m/45'/0/0/0 m/48'/0'/0'/1' m/48'/0'/0'/2' Does not use BIP39 seed phrases but can import them Optional Yes Yes Docs
✅👁⑂ Exodus↗︎ m/44'|84'/0'/0' No Docs
FullyNoded↗︎ m/84'/0'/0' However can be used to import/recover any wallet with any derivation, single sig and multisig Yes Yes Yes Recovery Docs
✅👁⑂ Hodl Wallet↗︎ m/0' N/A Yes No Docs iOS, Docs Android
⚠️😵 Jaxx Liberty↗︎ m/44'/0'/0' No [EXTERNAL RECOVERY NOT DOCUMENTED]
JoinMarket↗︎ m/49'/0'/n' Optional No Docs
✅😵☠️ JoinMarket (legacy)↗︎ m/0 BIP32 non 44 Compatible No Yes No Docs
✅👁⑂ Ledger Live↗︎ m/44'|49'/0'/0' No Docs
Luxstack↗︎ m/0' [EXTERNAL RECOVERY NOT DOCUMENTED]
✅👁⑂ KeepKey Client↗︎ m/44'/0'/0' Optional No Docs, xPub, Compatible Wallets
⚠👁⑂ Multibit HD↗︎ m/0' N/A No Github Issue
✅👁⑂ Mycelium↗︎ m/44'|49'|84'/0'/0' Optional (on restore) Yes No Docs, Github Issue
OpenBazaar↗︎ m/44'/0'|1'|133'|145'/0' No Docs
⚠️ Pine↗︎ m/49'/0'/0' No No No [EXTERNAL RECOVERY NOT DOCUMENTED]
⚠️👁⑂ Rise Wallet↗︎ m/49'/0'/0' No [EXTERNAL RECOVERY NOT DOCUMENTED]
Samourai↗︎ Deposit: m/44'|49'|84'|47'/0'/0'Bad Bank: m/84'/0'/2147483644'Pre Mix: m/84'/0'/2147483645'Post Mix: m/84'/0'/2147483646'Ricochet: m/44'|49'|84'/0'/2147483647' Required Yes WIP Docs, BIPs Supported
Specter Desktop↗︎ Single Signer: m/49'/0'/0' m/84'/0'/0' Multisig: m/48'/0'/0'/1' m/48'/0'/0'/2' Optional No Yes Coming soon...
✅👁⑂ Trezor Web Wallet↗︎ m/44'|49'/0'/0' Optional No Docs
⚠️👁⑂ Unchained Capital↗︎ m/45’/0’/0’/0/0 + Redeem Script No Docs, Archive, Script 404
Unstoppable Wallet↗︎ m/44'|m/49'|84'/0'/0' Yes No No [EXTERNAL RECOVERY NOT DOCUMENTED]
Wasabi↗︎ m/84'/0'/0' Very Deep Depths Optional No Yes Docs, BIPs Supported
Status Lightning Wallet Path and/or Script Passphrase Note
BLW (Bitcoin Lightning Wallet)↗︎ m/84'/0'/0' BIP32 non 44 Compatible N/A Docs
⚠️ c-Lightning↗︎ m/84'|141'/0'/0'/Keys derived from hsm_secret file N/A BIP32 layout explained, xPriv/xPub Export Tool
Eclair Mobile↗︎ m/49'/0'/0' Optional Docs
LND (Lightning Network Daemon)↗︎ aezeed Optional Docs
⚠️ Stakenet DEX Open Beta↗︎ P2WPKH bech32 addresses m/44'/0'/0' N/A [EXTERNAL RECOVERY NOT DOCUMENTED]
Status Combo HW+SW Path and/or Script BIP39 Pass BIP174 PSBT Note
BTCPay Server (Coldcard)↗︎ m/44'|49'|84'/0'/0' Optional Yes Docs
⚠️ Electrum (CoboVault)↗︎ m/49'/0'/0' Optional No Docs, [EXTERNAL RECOVERY NOT DOCUMENTED]
Electrum (Coldcard)↗︎ m/44'|49'|84'/0'/0' Optional Yes Docs
Electrum (Ledger S/Nano)↗︎ m/44'|49'|84'/0'/0' Optional No Docs
Electrum (KeepKey)↗︎ m/44'|49'|84'/0'/0' Optional No Docs, xPub, Compatible Wallets
Electrum (Trezor One / Model T)↗︎ m/44'|49'|84'/0'/0' Optional No Docs
Wasabi (Coldcard)↗︎ m/44'|49'|84'/0'/0' Optional Yes Docs

Notes:

  • Hardware wallets don't care about derivation in certain modes.
  • Wallets which have been frequently exploited, or which have endangered users by misrepresenting forked coins as if they are Bitcoin, may only be included with a warning.
Icon Legend
🛑 Unknown. No obvious docs, research in progress
😵 Discontinued and/or no longer maintained
🚸 HW Physically unsafe with "full secret" (ie without BIP39 passphrase or multisig) against a automated attack and/or unsophisticated attacker (ie chipshouter blackbox)
👁 Privacy concerns (default is third party node)
Validation concerns (default is third party node)
☠️ Not publicly available, or complex without a external tool available for the average user
⚠️ Known, but unofficially documented
Documented + Link to doc

Explainer: Wallet Types

  • Paper wallets are not actually wallets, but rather private keys and addresses printed out on paper. While the keys and addresses can technically be generated non-deterministically or deterministically, the usability is basically the same or poorer than a non-deterministic software wallet. Paper wallets have a number of significant drawbacks, including encouraging address reuse, exposing keys to poorly secured networked devices (printer), and not handling change addresses. Paper wallets should not be confused with recovery seeds.
  • Non-deterministic wallets randomly generate all private / public key pairs independent of each other. A keypool buffer was added to the Bitcoin-Qt / Bitcoin Core wallet in October 2010, which allowed the wallet to create a collection of unused addresses, rather than generating new addresses one by one upon use. While this feature allowed for less frequent backups than before, the non-determinism still carried the risk of key loss if the pool was exhausted and a new key was generated beyond what was saved in backup.
  • Deterministic wallets are essentially any wallet where "you can backup once... because all future addresses are determined in advance," which was a massive improvement in recoverability. There are two different forms:
    • Sequential deterministic wallets take a single seed phrase / passphrase and repeatedly increment it in order to generate new keypairs. This meant that the system would only need to store addresses, and then re-generate the private keys when needed.
    • Hierarchical deterministic wallets take a single seed phrase and randomly generate a master private / public key pair, which is then used to derive child key pairs that generate addresses. This system allows for the generation of addresses to occur without the master private key, with only the public key.
  • Multi-signature wallets require multiple signatures or parties to sign a transaction in order to spend bitcoin. An M-of-N BIP11 address must first be generated in order to receive bitcoin for spending in multi-signature transactions. While the 2-of-2 and 2-of-3 schemes are the most common, the maximum number of public keys is higher, and this could increase much more in the future with Schnorr signatures and Taproot. 'Partially Signed Bitcoin Transactions' (PSBT) according to BIP174 (proposed), where unsigned or partially signed transactions are passed around to multiple signers or signing devices, may also be an option.

Explainer: Derivation Paths

In hierarchical deterministic wallets (BIP32), a derivation path is a sequence of fields or levels through which a wallet organizes coins in a multi-currency, multi-account, and multi-address system. According to BIP44, this hierarchy consists of five levels, in addition to the master extended private key ('xpriv') represented by m. Derivation paths for the master extended public key ('xpub') use M. Double-check what fields your wallet uses in our chart above, as BIP44 has been implemented inconsistently!

m / purpose' / coin_type' / account' / change / address_index

  • Purpose: This field, which was added through BIP43, indicates which standard the derivation path follows. Possibilities include 0 or 44 referring to the default BIP44 P2PKH / '1' legacy addresses, 45 referring to BIP45 P2SH multi-party multi-signature wallets (proposed), 47 referring to BIP47 reusable payment codes (draft), 48 referring to hardware multisignature wallets (no BIP or standard proposal), 49 referring to BIP49 P2WPKH-nested-in-P2SH / '3' SegWit addresses, or 84 referring to BIP84 P2WPKH / 'bc1' native SegWit addresses. Some wallets support more than one (for example, many wallets now have both the legacy and wrapped or native SegWit address types).
  • Coin Type: This field indicates which cryptocurrency is being used in a multi-currency wallet. All coins, including testnet bitcoin, are assigned a constant number. For example, a derivation path for a Monero (XMR) account would be m/44'/128'. Note that BIP45 would designate this level as the 'Cosigner Index' instead.
  • Account: This field, in a multi-account wallet, indicates the identity or collection of addresses, which allows users to segregate funds for different things (ex. savings, donations). Note that BIP45 would not include this field. BIP47 would designate this level as 'Identity', though it is equivalent to 'Account.'
  • Change: This field, if the constant 0 is present, indicates "external chain" (regular) addresses; if the constant 1, indicates "internal chain" or change addresses. Note that BIP47 would designate this level for the notification keys and ephemeral payment codes.
  • Address Index: This field indicates the specific address number in a sequence, within an account.

Note that the fields 'Account' and 'Address Index' start with zero (0). This is because they use zero-based numbering, just as the "ground floor" of buildings in the U.K. and Europe are considered level zero, rather than the first floor / level one in the United States.

Practical Example: A user has a BIP44 compliant bitcoin wallet, and wants to locate the second change address in their third account. The derivation path for the second change address in the third account would look like this: m/44'/0'/2'/1/1.

Another point of confusion may occur when wallets use the same derivation path for different script types. Especially if you are using any newer / more novel script types, wallets that have earmarked those paths for other scripts may cause errors during import. Example with Bread Wallet and Multibit mentioned here.

The meaning of "public" / unhardened versus hardened derivation, indicated in the fields by apostrophes, is explained here, here, and here.


Did we get it wrong? Just let us know, and this will be updated. :)

Want to contribute? Open an issue or make a Pull Request.