Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question on "Warning - Segwit addresses may not be compatible with other wallets" #3694

Closed
foederati opened this issue Jan 11, 2018 · 6 comments
Closed

Question on "Warning - Segwit addresses may not be compatible with other wallets" #3694

foederati opened this issue Jan 11, 2018 · 6 comments

Comments

@foederati
Copy link

After creating a normal segwit wallet with 3.0.5, I noticed when viewing the private key of an individual receiving key, there's the warning in the title. Was just hoping to get more elaborate explanation on this -- how are these addresses not following a standard and what's the contingency for a point in the future where Electrum may no longer be maintained/running on a modern OS?
@bauerj
Copy link
Collaborator

bauerj commented Jan 11, 2018

I explained this in a bit more detail here:
https://www.reddit.com/r/Electrum/comments/7dku5r/segwit_wallets_and_electrum/

For the second part of your question: Spending funds from segwit addresses does not rely on Electrum or any specific address format.

@SomberNight
Copy link
Member

SomberNight commented Jan 11, 2018
edited

@bauerj I think that's not what the question is about.

elec_305_privkeys

@foederati If you mean the above warning, that is regarding the private key WIF.
Electrum currently uses an extended Wallet Import Format, due to segwit.
This started with version 3.0, and is also in the release notes:

electrum/RELEASE-NOTES

Lines 90 to 103 in a9973ce

- The Wallet Import Format (WIF) is similarly extended for segwit
scripts. After a base58-encoded key is decoded to binary, its
first byte encodes the script type:
* 128 + 0: p2pkh
* 128 + 1: p2wpkh
* 128 + 2: p2wpkh-in-p2sh
* 128 + 5: p2sh
* 128 + 6: p2wsh
* 128 + 7: p2wsh-in-p2sh
The distinction between p2sh and p2pkh in private key means that
it is not possible to import a p2sh private key and associate it
to a p2pkh address.

The code is here:

electrum/lib/bitcoin.py

Lines 512 to 528 in 3c755aa

# extended key export format for segwit
SCRIPT_TYPES = {
'p2pkh':0,
'p2wpkh':1,
'p2wpkh-p2sh':2,
'p2sh':5,
'p2wsh':6,
'p2wsh-p2sh':7
}
def serialize_privkey(secret, compressed, txin_type):
prefix = bytes([(SCRIPT_TYPES[txin_type]+NetworkConstants.WIF_PREFIX)&255])
suffix = b'\01' if compressed else b''
vchIn = prefix + secret + suffix
return EncodeBase58Check(vchIn)

In short, Electrum encodes information in the WIF regarding the script type. By virtue of doing this, the app can know when you import a key that it is a segwit key and exactly what type even within that broad term. The alternative could be for example to import a key and guess the wrong type, hence not finding coins, OR import ALL the types...
We had originally hoped other wallets would follow as this would be beneficial to everyone, but at the moment it looks Bitcoin Core might not do this, and we might have to act accordingly. It seems they might be going with the "import ALL the types" option.
The point is that, as the warning states, the format is not inter-operable with other wallets.

However, the key contains, as can be seen from the code above, the ECDSA secret material, hence with potentially some wizardry, you can extract that and re-encode it to another format that you need, even 10 years from now, if you label your backup well (e.g. exported from Electrum 3.0.5 on 2018-01-11; corresponding bitcoin address; script type).

In any case, if you want to be really sure, you should back up seed words.

how are these addresses not following a standard

That's the thing, there is no standard, and we were trying to set one.

@bauerj
Copy link
Collaborator

bauerj commented Jan 11, 2018

Oh sorry, I misunderstood.

@ecdsa
Copy link
Member

ecdsa commented Jan 11, 2018

same as #3620

@ecdsa ecdsa closed this as completed Jan 11, 2018
@foederati
Copy link
Author

@SomberNight Thanks for the detailed response. I didn't realize Core provided no guidance - scary on the frontier! I was coming from a place where an offline individual private key generated in 2009 is still as usable today as it was then. Protect that key and you can always spend from that address. I've always found a certain comfort in that. I guess seed words and relying on restoring derived addresses are realistically the "minimum" today as Bitcoin evolves.

In any case, if you want to be really sure, you should back up seed words.

So to clarify, the seed words would not be dependent on Electrum and Core would be able to restore the wallet?

@SomberNight
Copy link
Member

So to clarify, the seed words would not be dependent on Electrum and Core would be able to restore the wallet?

No; seed words too would be dependent on Electrum, or another tool that implements the spec.

There are two de-facto-standards for seed words today, the one used by Electrum, and BIP39. Both are well documented. Both have their pros and cons, but one of the pros of Electrum seeds is especially relevant in this context, they are versioned. Due to this versioning, there are much better guarantees that you will be able to find/access all your coins in the ~distant future.

It is unrealistically unlikely that IF Electrum was discontinued, but Bitcoin itself lived on, there were no tools at all to recover coins from Electrum seeds. There would be such tools, and they would be easy to use.

@SomberNight SomberNight mentioned this issue Feb 10, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bauerj @ecdsa @SomberNight @foederati