wallet: add seeds argument to importdescriptors
#27351
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
apoelstra
force-pushed
the
2023-03--codex32
branch
from
7686474
to
88ee338
Compare
|
Concept ACK on adding BIP93 support to core. Regarding the approach, my first thought was why not extend |
|
Edit: moved the content of this comment into the PR description (was a description of alternate approaches) |
Great point, I had forgotten about this
This is a very compelling argument, and your approach seems like the path of least resistance towards supporting this use case.
Longterm, I think it would be great to look into a more comprehensive solution which addresses the above EDIT: I'd suggest adding your comment to the description; it really helps in understanding why you're taking this approach |
test/functional/wallet_importseed.py
Outdated
| # Copyright (c) 2013 The Bitcoin Core developers | ||
| # Distributed under the MIT software license, see the accompanying | ||
| # file COPYING or http://www.opensource.org/licenses/mit-license.php. | ||
| """Test the importseed RPC. |
There was a problem hiding this comment.
I don't think that RPC exists? :)
There was a problem hiding this comment.
Lol. Updated the doccomment.
apoelstra
force-pushed
the
2023-03--codex32
branch
from
88ee338
to
38ddc11
Compare
|
Concept ACK. I think we should definitely support the described use case. For the approach, I think we already have some implementation ready for the second alternative you mentioned. #26728 adds support for a wallet master key (I think this is what you meant by "global keys"). And #23544 by @Sjors, built on top of it, adds a RPC for descriptor wallets similar to I like the alternative better because it support more use cases:
|
|
@S3RK I agree that Sjors' PR does what we want (and more), up to the specific import format, but
Meanwhile this PR is narrow in scope, doesn't even touch the actual wallet code and therefore won't conflict with ongoing mega-refactors, and is currently up to date. So I don't think we should put this on hold because it may be made redundant by a future |
In the next commit we will implement a new checksum, codex32, which uses the same encoding and HRP rules as bech32 and bech32m, but has a substantially different checksum verification procedure. To minimize duplicated code, we expose the character conversion in a new bech32::internals module. Github-Pull: bitcoin#27351 Rebased-From: 98dce19
Github-Pull: bitcoin#27351 Rebased-From: 16fe794
Github-Pull: bitcoin#27351 Rebased-From: dcc520e
Github-Pull: bitcoin#27351 Rebased-From: c41e5cf
Github-Pull: bitcoin#27351 Rebased-From: a946f62
Github-Pull: bitcoin#27351 Rebased-From: 38ddc11
In the next commit we will implement a new checksum, codex32, which uses the same encoding and HRP rules as bech32 and bech32m, but has a substantially different checksum verification procedure. To minimize duplicated code, we expose the character conversion in a new bech32::internals module.
Github-Pull: bitcoin#27351 Rebased-From: fd6975d
Github-Pull: bitcoin#27351 Rebased-From: 7eced20
Github-Pull: bitcoin#27351 Rebased-From: 1fa04b1
Github-Pull: bitcoin#27351 Rebased-From: e29e656
Github-Pull: bitcoin#27351 Rebased-From: 9177136
| @@ -0,0 +1,423 @@ | |||
| // Copyright (c) 2017, 2021 Pieter Wuille | |||
| // Copyright (c) 2021-2022 The Bitcoin Core developers | |||
There was a problem hiding this comment.
is this copyright correct? doesn't match the header file
|
Would love to have support for codex32 shares/seeds! Thanks for the detailed comments in codex32.cpp! Really made it easier to follow It looks like this presupposes that you already have an xpub to use with |
|
@rot13maxi right -- though I was imagining that there would (later) be an external tool to compute the master xpub from the seed data, if you didn't already know it. |
In the next commit we will implement a new checksum, codex32, which uses the same encoding and HRP rules as bech32 and bech32m, but has a substantially different checksum verification procedure. To minimize duplicated code, we expose the character conversion in a new bech32::internals module. Github-Pull: bitcoin#27351 Rebased-From: 7a57cda
Github-Pull: bitcoin#27351 Rebased-From: fd6975d
Github-Pull: bitcoin#27351 Rebased-From: 7eced20
Github-Pull: bitcoin#27351 Rebased-From: 1fa04b1
Github-Pull: bitcoin#27351 Rebased-From: e29e656
Github-Pull: bitcoin#27351 Rebased-From: 9177136
|
The approach in this PR does not seem to have support. |
|
Now that we have a codex32 could then be one of the import formats. |
|
Thanks! The next time I am working on codex32 wallet support I will try that approach instead. |
This PR introduces the ability to import BIP32 master seeds alongside xpubs. It currently expects seeds to be provided in BIP 93/codex32 either as a single seed or as a list of shares which can be assembled via Shamir Secret Sharing.
It could be generalized to other seed formats, e.g. a hex-encoding or the old
sethdseedsWIF format, easily enough by just attempting to parse the input in those formats and retrying until we find one that works. (Though we must be extremely careful that these formats are unambiguous! If the user imports a seed they don't expect, which fails to match the one they've backed up, the result could be coin loss. For formats with no prefix or checksum, e.g. hex-encoded bytes, we may need to require the user provide a prefix or a separate flag.)The motivation here is that users who are importing their coins from another wallet likely have them in the form of a public descriptor (probably one of the standard
pkh(BIP44/48/84/whatever)ones) along with a master seed (probably in some seed word format, but this is easy enough to convert to a straight BIP32 seed with an external tool). The seed, presumably, they want to minimize handling of, while the descriptor they are likely to be copy/pasting from somewhere and generally being less careful with.To import this into Core, they currently need to construct a version of their descriptor in which xpubs are replaced by xprivs, and import that. This is cumbersome and potentially dangerous. With this extra RPC flag they are able to separately tweak their descriptor however they need, and then adding their seed data, unmodified, at the last minute in one place.
My specific use case is: I have an estate planning document which contains careful instructions for reconstructing seed data from shares which are stored separately and externally to the planning document. Meanwhile, the document itself contains a public descriptor, with checksum already computed, which is stored in several locations accessible by an open-ended set of people. If I were forced to mix the secret data with the public data, it would increase the risk of leaking the secrets as well as the risk of losing the public part.
Edit: Other approaches, that I considered but chose not to take:
sethdseedRPC. This RPC is legacy-only and not supported by descriptor wallets, because it depends on the legacy "bag of keys" model where you could stick keys into the wallet and it'd "just work", often in surprising ways.importseedRPC or something. This doesn't work for more-or-less the same reason; the descriptor wallet associates all its keys withScriptPubKeyManagers, so we would need to add support for "global keys" somehow. This is a lot of work, lots of room for bikeshedding, and I worry that @achow101 will NACK anything that looks too much like a "bag of keys" model. (The situation would be much less bad than the legacy one, where 3rd parties could do stuff like mapping p2wpkh addresses to p2pkh ones and the wallet would just accept it ... but it would still potentially lead to user confusion about what exact conditions the wallet could sign for what descriptors, and it may constrain future wallet changes.)codex32(...)/1/2/3xpriv format to the descriptor import format. This was suggested to me by @sipa and has the benefit that very closely matches the existing import model.Personally I don't like the latter
But what cinched it, and made me switch to the approach in the PR, was that @roconnor-blockstream pointed out to me that the codex32 model means that you can't predict, at writing-down-the-descriptor time, exactly what shares you'll be inputting. And because descriptors have a checksum which covers their entire string encoding, this means that you can't predict ahead-of-timei what will go into the
codex32(...)slot and therefore what the total checksum ought to be. And this means that either (a) you lose the descriptor checksum, which is a Bad Idea and also inconvenient for importers who' will have to construct a checksum withgetdescriptorinfoto getimportdescriptorsto accept it, even though said checksum had never been used to protect data in storage; or (b) you modify the descriptor checksum algorithm to be aware ofcodex(...)and to skip checksumming the data inside of that. This means even more implementation complexity that other wallets are unlikely to bring in, plus the result generalizes less easily to other seed formats (e.g. hex) which don't have checksums of their own.