Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

(CRITICAL) Incorrect derivation for certain BIP39 keys, fund loss >:(

See original GitHub issue

Test case (by luck this is the first one I generated, thankfully I cross-referenced with other tools. Not all mnemonics / root keys trigger this bug)

mnemonic: fruit wave dwarf banana earth journey tattoo true farm silk olive fence passphrase: banana

https://iancoleman.github.io/bip39/ derived first address: 17rxURoF96VhmkcEGCj5LNQkmN9HVhWb7F (also shared by Electrum)

Other clients derive a different address (Copay, BIP32JP, etc): 13EuKhffWkBE2KUwcbkbELZb1MpzbimJ3Y

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Comments:27 (10 by maintainers)

github_iconTop GitHub Comments

9reactions
braydonfcommented, Feb 23, 2017

I’ve extensively compared results across several libraries, and bcoin (https://github.com/bcoin-org/bcoin), bitcoinjs-lib (https://github.com/bitcoinjs/bitcoinjs-lib), libbtc (https://github.com/libbtc/libbtc), hdkeys (https://github.com/cryptocoinjs/hdkey), and many others, are all using correct BIP32 derivation.

The derivation in Copay (and anything using bitcore-lib) is incorrect. The bug is when there is a leading zero of the private key and the hash during derivation does not include the zero. The BIP32 specification states that the size of the private key is always 32 bytes before it’s hashed.

FWIW: Funds will still be recoverable, however it may be cumbersome to derive both sets of private keys for recovery for those derivations affected.

2reactions
NicolasDoriercommented, Feb 23, 2017

NBitcoin: 17rxURoF96VhmkcEGCj5LNQkmN9HVhWb7F @dangershony I used @Thashiznets implementation, but kind of changed lots of stuff, so you might need to check also.

new Mnemonic("fruit wave dwarf banana earth journey tattoo true farm silk olive fence")
.DeriveExtKey("banana")
.Derive(new KeyPath("m/44'/0'/0'/0/0"))
.Neuter()
.PubKey
.GetAddress(Network.Main).ToString()

Output

17rxURoF96VhmkcEGCj5LNQkmN9HVhWb7F
Read more comments on GitHub >

github_iconTop Results From Across the Web

If you use ALGO with your Ledger, be aware that the BIP39 ...
In order to enable recovery from a BIP39 seed, we would need tools to generated the ALGO private keys from the BIP39 seed...
Read more >
Seed phrases are forever: paper, metal, and other backups
Seed phrases are key to bitcoin custody, so your back up method—paper, metal, or otherwise—is also essential to ensure your bitcoin remain ...
Read more >
Mnemonic Seed - A simple explanation of BIP39.
A mnemonic sentence (“mnemonic code”, “seed phrase”, “seed words”) is a way of representing a large randomly-generated number as a sequence of words,...
Read more >
Bad Proofs in Formal Verification - Devcon Archive
Formal verification can be a huge boon to smart contract security as it checks all possible execution paths. Unfortunately, even verified code can...
Read more >
Recovery Seed, PIN and Passphrase - Trezor Blog
Your recovery seed is the most critical part of your crypto wallet. ... he may see you clicking some blank buttons, but he...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Deriving ETH addresses from BIP32 Extended Public Key

Next page

unflatten with lists