Author: Jean-Paul Kogelman 2013-07-19 18:15:32
Published on: 2013-07-19T18:15:32+00:00
This document describes a method for encoding and optionally encrypting a Bitcoin Hierarchical Deterministic (HD) Wallet master seed. The proposal provides two encoding methodologies in 3 lengths each (16, 32 and 64 byte seeds). One is a clear version of the master seed with verification information for integrity checking and the other is an encrypted representation.The extended private keys proposed in BIP 0032 are long, fixed length records and don't offer any form of security. The master seed used to generate the HD wallet is typically shorter than the extended master private key that results from it. A compact representation of the master seed is easier to handle and a 2-factor version of the master seed record allows for safe storage and the creation of paper wallets by 3rd parties. The proposal makes use of AES256Encrypt, AES256Decrypt, SHA256, RIPEMD160, scrypt, HMAC-SHA512, Base58Check, G and N functions and definitions.The proposed method involves encrypting a master seed with a passphrase. The encrypted master seed is generated by concatenating the prefix, salt, and encrypted seed. To decrypt the master seed, the user must provide both the encrypted master seed and the passphrase. The decryption process involves using the passphrase and salt to perform step 9 of encryption, and then using AES256Decrypt to decrypt the encrypted seed. The first number of bytes in H, which is equal to the length of the decrypted seed, is XORed with the decrypted seed to produce S. The same generation steps are performed as during encryption to verify that the generated salt is equal to the salt from the encrypted master seed. The proposal allows for easy implementation with alt-chains, but does not cover Bitcoin testnet representations of encoded master seeds. The document also includes test vectors and acknowledgements to BIP 0038.
Updated on: 2023-06-07T14:06:30.176909+00:00