API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 22nd, 2019
273
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.16 KB | None | 0 0
raw download clone embed print report
  1. # hsd Watch Only Wallet Simplification
  2.  
  3. ## Overview
  4.  
  5. The `hsd` wallet has an edge case regarding watch only wallet usage
  6. that results in the incorrect path being returned to the client.
  7. This will result in invalid signature creation because the wrong
  8. key will be derived and used to sign the transaction. Using an
  9. extra API call, it is possible to work around this problem right
  10. now, but it is not ideal and is fixable.
  11.  
  12. ## Background
  13.  
  14. The `hsd` wallet server uses bip44 key derivation to make key backup
  15. simple. In practice, users often have business constraints that do
  16. not perfectly match 1:1 with the way that bip44 works. The `hsd` wallet
  17. server uses the `Wallet` abstraction to represent a `mnemonic`, or the
  18. root of a bip44 based wallet, and the `Account` abstraction to represent
  19. the depth 3 index. This is often referred to as the "account index".
  20.  
  21. A single `Wallet` can have many `Accounts`, as creating a new account
  22. is as simple as incrementing the integer at depth 3 in the bip44 path
  23. and rederiving keys. All of the receive addresses and change addresses
  24. derived from the extended public key that represents the account can
  25. be deterministically regenerated and will automatically be indexed
  26. by the `hsd` wallet database as new blocks come in.
  27.  
  28. Currently, the `hsd` wallet increments the account index for each new
  29. account that is created. This makes sense if the mnemonic is on the
  30. server, but that is a less safe practice for large sums of money.
  31. The `hsd` wallet also supports "watch only wallets", or when the private
  32. keys are not kept on the server at all and instead the depth 3 extended
  33. public key is indexed. This is generally called an xpub and can derive
  34. receive and change addresses, which allows the wallet to watch and index
  35. any transactions but not spend them.
  36.  
  37. The problem arises when the user adds an xpub from a different index
  38. than the next expected index that the wallet is expecting. Since the
  39. wallet increments the account index each time and does not validate
  40. incoming xpubs, it is possible to index an xpub of any account index
  41. at the incorrect account index in the database. This will result in
  42. an incorrect path being returned by the database for account index,
  43. as it will return the index in the database instead of the actual
  44. index of the xpub. Luckily this bug can be worked around by parsing
  45. the actual account index out of the xpub, since it gets serialized into
  46. it. The current method to use watch only wallets reliably involves
  47. fetching the account information and the key information for the utxo
  48. being signed. The account information will include the xpub, from which
  49. the account index can be parsed from, and the key information includes
  50. the branch and index. All of this information together will result in
  51. the full path, assuming standard bip44:
  52.  
  53. ```
  54. m/44'/0'/accountIndex'/branch/index
  55. ```
  56.  
  57. ## Possible Solution
  58.  
  59. The current wallet database has a uniqueness constraint on the account index.
  60. The proposed solution involves changing the account index to an "account id",
  61. which autoincrements and has a uniqueness constraint, but has no relationship
  62. to the bip44 account index. This would allow for many xpubs with the same
  63. account index to be indexed in the database without a problem (ie different
  64. mnemonics, different ancestor in the hd tree). It also means that two database
  65. lookups would be necessary instead of one.
  66.  
  67. Another index could be added to hold the bip44 account index, but that would
  68. be duplicating data as the bip44 account index is serialized into the xpub.
  69. Pending further inspection of the code, it could be possible to make this
  70. change without needing to add extra buckets to the database.
  71.  
  72. Some questions to take into account:
  73.  
  74. - Should watch only wallets be strict bip44 compliant?
  75. - Enforce the xpub's index and parent chain matches
  76. - Should there be a catch all type of wallet that allows more flexiblity
  77.  
  78. ## Implementation Notes
  79.  
  80. In the `lib/wallet/account.js`, some changes to `Account` might be necessary.
  81.  
  82. - `Account.id` is the wallet name, a human readable string
  83. - `Account.accountIndex` needs to be altered to not be used at the primary
  84. key in the database
  85.  
  86. Line 24 needs to switch from account index to account id, and everywhere
  87. index is metioned, it needs to swtich to id.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!