mnemonics do not reproduce P2SH scripts

[scravy]

Describe the bug unit-e implements BIP39 (though the implementation has a bug: https://github.com/dtr-org/unit-e/issues/582 - but this does not affect this issue). bitcoin (and therefore unit-e) implements BIP32. This allows for deterministic key generation from that seed. However, it does not reconstruct scripts as the script hashes have to be learned and stored by the wallet. There is currently no way to reconstruct the scripts from mnemonics.

This is not really a bug, but a missing feature which might be reasonably expected to work.

This might be more easily solvable for P2PK and P2PKH in P2(W)SH, less so for multisig transactions in P2(W)SH.

To Reproduce

• import a master key from mnemonics
• Create a p2sh transaction that pays to a multisig script and send to yourself
• send to that address
• delete wallet
• re-import master key from same mnemonics
• the funds from that transaction do not show up and can not be spent

Expected behavior Importing a master key should recover all means to unlock all funds ever received using a wallet derived from that master key.

Environment any.

Additional context There are a bunch of BIPs which concern themselves with deterministic P2SH generation. However they are not enough to provide the functionality described as missing in this issue. They might be helpful nevertheless. Bitcoin does not implement them.

• BIP45: Structure for Deterministic P2SH Multisignature Wallets
• BIP49: Derivation scheme for P2WPKH-nested-in-P2SH based accounts
• BIP67: Deterministic Pay-to-script-hash multi-signature addresses through public key sorting

[scravy]

To elaborate on this:

You start with a seed which will create the keys A, B, C, D in that order.

1. Create a P2WPKH transaction. It uses A.
2. Create a P2PKH-in-P2WSH transaction. It uses B.
3. Create a P2WPKH transaction. It uses C.
4. Create a P2WPKH transaction. It uses D.

Equally well one could have created:

1. Create a P2PKH-in-P2WSH transaction. It uses A.
2. Create a P2WPKH transaction. It uses B.
3. Create a multisig-in-P2WSKH transaction. It uses C and D.

The scripts generated in step 2 of the first sequence and in steps 1 and 3 in the latter have completely different hashes. How to recover?

It would be helpful if adresses for different kinds of P2SH scripts would be derived along a specific account, such that the next script of a certain always hashes to the same script id. This is roughly what BIP49 suggests.

This would not solve, however, multisig transactions which involve external keys. Without the external keys the scripts can not be recovered. BIP67 might help with that.

The mentioned BIPs rely on BIP43, which is also not implemented in bitcoin nor unit-e.