In this segment of Down the Rabbit Hole, I want to talk about a particular problem that occurs fairly often with new users who are trying to either
recover or migrate a wallet from one wallet to another. For example, from a smartphone wallet to another smartphone wallet, or from a smartphone wallet
to a hardware wallet, or from a hardware wallet
to another hardware wallet, or any combination of the above. Now, we have a standard that
has actually made such things much, much more interoperable. This is where I put on my grandpa voice, and I go, "In the old
days, back three years ago, "when we didn't have BIP39." Yeah, and that standard is BIP39, and it makes life a lot easier, but it does have some weaknesses. As part of BIP39, which is
the mnemonic phrase standard, which allows you to move
a whole tree of keys from one wallet to another using just the English
word mnemonic phrase, as part of that standard
and the related standards, there are some nuances
that often cause problems with newbies.
The underlying standard is called BIP32, which is hierarchal deterministic wallets. Hierarchal deterministic wallets
define a system of wallets that are organized in a
hierarchy that looks like a tree, where you have a root
key that is generated from the mnemonic phrase,
or can be generated and these days is almost always generated from the mnemonic phrase,
the BIP39 mnemonic phrase, and that root key can then be used through a series of hashing operations to derive billions, and
billions, and billions, and billions, and billions
of potential private keys that can each derive an address, and this works across
different cryptocurrencies, and it works with different other systems. It can generate entropy for things, et cetera, et cetera, et cetera. Now, within that system, there is a further specification,
which is called BIP43, and a further specification called BIP44, that tell you how to find
where your keys are hanging on the branches of this tree. Now, if you think about it,
the reason this is complex is because the tree
itself at the first level has 4 billion branches.
Each one of those 4 billion branches has 4 billion branches coming out of it, and so on, and so forth
to an infinite depth. Ah! And, of course, that gives
us a lot of flexibility, but it also means that if you don't know which branch your keys are on, you could be searching for centuries. Almost all wallets, like
90 plus percent of them, put all of their keys on
a very specific branch. For Bitcoin wallets, that would be the M 44 prime, zero
prime, zero prime branch, and what that stands for is 44 prime designates
that this is compliant with the BIP44 branch
derivation path scheme, zero prime specifies that
this is a Bitcoin wallet, and you can have others, one
prime, two prime, et cetera, which are other wallets
for other cryptocurrencies, and then zero prime after that
means the first sub-account, the zeroth sub-account because
it's a multi-account system.
Now, if your money is on that path, M 44 prime, zero prime, zero prime, then you can find it fairly easily. Most wallets are gonna look there first when you import them. But what if your wallet was
weird and put it somewhere else? Or what if the wallet
you're importing to is weird and is looking somewhere else? Well, then it will come up
with a different address, and it's going to find
zero money at that address, which if you're a newbie
causes the following reaction, "AAAHHHHH! Where's my money?" And then, you go to Reddit, and a lot of people will tell you, "Use this website or use this tool." And that's when the problems really start because a lot of people will
go in and type their seed into a web page and lose
their money promptly because they went to the wrong place.
People are squatting on
typos of web addresses. They're compromising generators. They're building software
that they're launching on the Android and the App Store and storing as ZIP files and
executables all over the web for you to stumble across these, think they're the legitimate
or original software you were looking for, type in your seed, and promptly watch your
money be taken away. Don't worry, they know how
to find the derivation path where your money is very, very quickly. So, one of the things
I've been thinking about is how do we fix this problem,
and I came up with an idea, and then I funded this
idea as a software bounty, and just about a week ago, a developer finished building
this, and I'm very excited 'cause I'm hoping that it's
actually going to be merged into a very popular piece of software called the Electrum wallet.
Now, the Electrum wallet
is a desktop wallet that runs on Mac, Linux, and Windows. It's cross platform and
it's very, very featureful. I use it for a variety
of my own activities. By keeping it on your desktop, it's not as perfect as
other security mechanisms, but you can also combine
it with a hardware wallet, in which case your keys are safe and safely stored in a hardware wallet.
Electrum, however, expects you to know where your derivation path is. So if you give it a seed,
or if you simply attach it to a hardware wallet and say,
"Look, my seed is on there. You can't see it, but you can talk to it and ask about the master public keys." Then, it needs you to tell it
where the derivation path is. And the bounty that I funded
was a bounty to create a wizard that scans the most
popular derivation paths of the most popular wallets. Now, this is based on
another great project called walletsrecovery.org that's managed by Janine Romer
and Robert Novak who have, and I hope I got those names
correct, NVK and J9Roem.
That website has basically a table that lists hundreds of wallets and all of the derivation
paths they've been known to use in different versions and
iterations of that software. And most of them are M 44
prime, zero prime, zero prime, but some are some very
weird alternative options. And, yeah, so that plugin
will basically go scan, it will look through and see
if it can find money hanging on various branches that have
been previously identified as popular ones, and by
investigating 20 or 30 branches and picking an address from
each to see if it's been used, it can basically say, "Hey,
there's actually some money hanging off these three branches. Which one would you like to import?" And that way you don't need
to know your derivation path. I'm really excited about this because I think it actually gives newbies a much more secure way to do that search.
And, in fact, just yesterday, I helped a friend figure that
out and recover some money for their father who did
not know how to import from a derivation path that was unknown. Luke Childs is the developer who developed this particular feature. You can see the pull request on the Electrum GitHub repository. I am delighted this worked out, and I'm also really excited
about the possibility of helping newbies with
this little problem that happens with not
knowing your derivation path and trying to migrate wallets. And that's my little Down the Rabbit Hole. The section where I ask myself a question about something that I'm interested in.
In this particular case,
something I'm really excited about because it just finished. And then, I talk about it. If you enjoyed this video, please subscribe, like, and share. All my work is shared for free, so if you want to support
it, join me on Patreon. patreon.com/aantonop.
