Skip to content

Home

Jump to bottom
tzumby edited this page Feb 27, 2019 · 7 revisions

BlockKeys

BIP32 Cheat Sheet

Here is a link to a checklist for each step of the BIP32 standard.

BIP44 Derivation Summary

BIP44 Derivation Diagram

Generate 24 word phrase

The mnemonic generator from random entropy is currently implemented. The BIP32Mnemonic module will output 24 mnemonic words corresponding to a 256bit entropy.

iex(1)> BlockKeys.Mnemonic.generate_phrase
"baby shadow city tower diamond magnet avocado champion crash evolve circle chair boring runway remain fantasy finger impose crumble profit excuse group twist purse"

The steps to generate the mnemonic words are the following:

  • Create random sequence of 256bits
  • Create the checksum by taking the first 8 bits of the entropy SHA256 hash
  • Add checksum to the end of the random sequence (now 264bit)
  • Split result into 11 bit sequences -> 24 sequences
  • Map each 11 bit value to a word in the predefined dictionary

Restore entropy given phrase

iex(1)> BlockKeys.Mnemonic.entropy_from_phrase("fade joy announce clever yellow special near expand bus jealous memory usual just daughter bring oppose tone bind cloud mosquito route warfare engage champion")
<<81, 207, 16, 37, 21, 79, 241, 161, 228, 226, 129, 30, 238, 242, 43, 248, 23,
  150, 111, 135, 12, 220, 228, 66, 200, 175, 200, 11, 201, 238, 18, 145>>

The steps to restore the entropy given the phrase are:

  • Split the string into individual words
  • Look up the index in the word dictionary for each word and create a list
  • Convert each element in that list to a binary string of 0s and 1s
  • Remove checksum (last 8 bits)
  • Split the bitstring into groups of 8 bits
  • Convert each chunk into a byte (8 bits)
  • Convert the byte list into a binary

Generate seed from mnemonic phrase and optional password

To generate the final seed that will in turn derive our tree of private in public addresses we will use a key stretching function called PBKDF2. The hashing function we will use is HMAC-SHA512 with 2048 iterations.

iex(1)> BlockKeys.Mnemonic.generate_seed("future skate cash mountain senior maze spoil supply flee front ocean organ pause patrol define box save exhibit bike blush length globe jungle bacon")
"d18b764b7360473e6ccb533cc3f162e69b6197c4ca846fc71e0c3f0088569b62cefdf6ebadfe217335ab2a4288564b3c72f3e6f972b7faae724916acb05a2177"

Note that there is no such thing as a right or wrong password. If you use the wrong password you will generate a completely different seed that will in turn create a completely different tree of wallet addresses.

Here are the steps:

  • Create a salt. If no password is chosen, the salt will be comprised of the string "mnemonic"
  • Create initial PBKDF2 round by passing the mnemonic phrase as the key and the salt as the data.
  • Repeat this 2048 times. The mnemonic phrase parameter stays the same, while the data is the xor of the current and previous result
  • The final binary is encoded in hex

Calculate master private key hash from private key and chain code

iex(1)> { private_key, chain_code } = BlockKeys.CKD.master_keys(seed)
{<<113, 145, 195, 94, 170, 105, 18, 17, 17, 182, 22, 144, 118, 37,
    125, 140, 53, 20, 236, 95, 178, 2, 123, 70, 132, 73, 116, 63, 48, 205, 237, 240>>,
 <<171, 225, 133, 190, 77, 45, 123, 69, 76, 189, 218, 198, 15,
    195, 157, 184, 133, 130, 105, 77, 106, 57, 206, 251, 102, 183, 90, 236, 206, 162, 
    34, 118>>}
iex(2)> BlockKeys.CKD.master_private_key({private_key, chain_code})
"xprv9s21ZrQH143K3BwM39ubv3fkaHxCN6M4roETEg68Jviq9AnbRjmqVAF4qJHkoLqgSv2bNqYTnRNY9yBQhjNYceZ1NxiDe8WcNJAeWetCvfR"

Here are the steps:

  • Derive the private key and chain code by HMAC-SHA512 hash of the seed and using 'Bitcoin Seed' as the seed
  • Put together the master private key binary by combining: version_number, depth, fingerprint, index
  • Take the Base58Check of this

Derive a BIP44 path from an extended private key

iex(1)> xprv = "xprv9s21ZrQH143K3BwM39ubv3fkaHxCN6M4roETEg68Jviq9AnbRjmqVAF4qJHkoLqgSv2bNqYTnRNY9yBQhjNYceZ1NxiDe8WcNJAeWetCvfR"
"xprv9s21ZrQH143K3BwM39ubv3fkaHxCN6M4roETEg68Jviq9AnbRjmqVAF4qJHkoLqgSv2bNqYTnRNY9yBQhjNYceZ1NxiDe8WcNJAeWetCvfR"
iex(2)> child_xprv = BlockKeys.CKD.derive(xprv, "m/44'/0'/0'")
"xprv9yAYtNSBnu2ojv5BR1b8T39t8oPnbzG8H8CbEHnhBhoXWf441nRA3zDW7PFBL4wkz7CNqtbhr4YVnLuSquiR1QPJgk72jVN8uZ4S2UkuLVk"
iex(3)> child_xpub = BlockKeys.CKD.master_public_key(child_xprv) 
"xpub6C9uHsy5dGb6xQ9eX388pB6cgqEH1SyyeM8C2gCJk3LWPTPCZKjQbnXyxfCy6uTSoEqL26V73ofvyJFbPdPmwza5EuNTyA5EQFDTA3bgH9w"
iex(4)> BlockKeys.CKD.derive(child_xpub, "M/0/0")
"xpub6FhGWXgKmE4HPRkoc4sxvkQY5NJfR9pa6C22SRcy4PsMpvekgpGjHsNGr6SnHV4K3134nd9bEZX8PTX3HEyeQTZT9UPM5TfcfpdReEafTXN"
iex(5)> BlockKeys.CKD.derive(xprv, "M/44'/0'/0'/0/0")
"xpub6FhGWXgKmE4HPRkoc4sxvkQY5NJfR9pa6C22SRcy4PsMpvekgpGjHsNGr6SnHV4K3134nd9bEZX8PTX3HEyeQTZT9UPM5TfcfpdReEafTXN"

The example demonstrates how you can generate a hardened path extended private key from a master private key. The child extended private key is converted to an extended public key. This key can be deployed and used to generate un-hardened (normal) addresses without exposing any private keys. Using our child private key we can watch for incoming transactions.

From public key to Bitcoin Address or Ethereum Address

iex(1)> xpub = "xpub6FhGWXgKmE4HPRkoc4sxvkQY5NJfR9pa6C22SRcy4PsMpvekgpGjHsNGr6SnHV4K3134nd9bEZX8PTX3HEyeQTZT9UPM5TfcfpdReEafTXN"
"xpub6FhGWXgKmE4HPRkoc4sxvkQY5NJfR9pa6C22SRcy4PsMpvekgpGjHsNGr6SnHV4K3134nd9bEZX8PTX3HEyeQTZT9UPM5TfcfpdReEafTXN"
iex(2)> BlockKeys.Bitcoin.Address.from_xpub(xpub)
"1aiuNGfWzvaFattQKrFNqqroT9ERtEqFK"
iex(3)> BlockKeys.Ethereum.Address.from_xpub(xpub)
"0xbfb5eb28f7571c6bbf55e94aa75827e7865a0c0e"
Clone this wiki locally