Mnemonic is converted to seed differently than in Daedalus

[refi93]

I found out that when I run index.html after building everything as suggested in the readme, the generated seed does not correspond with the seed generated by Daedalus (cardano-sl) for the same mnemonic. Is that a deliberate choice? Because that implies that your implementation would produce a totally different lineage of wallets for the same mnemonic than Daedalus does currently. Otherwise the root key derivation seems to be the same. I give an example below:

Let's take the mnemonic 'scissors basket lunch wasp index gather runway nerve portion angry priority senior'

I found out that Daedalus generates for this mnemonic the seed: 5820c0bffab455cf86117cff257de97ff333586e0922e38c220e21f00f2591e7aaad

On the other hand, your code generates the following seed: f20485724b951bcd154e53bea20104f2636b37503a54441f01ea3c0033e1af9a

It seems like Daedalus before performing the blake2b256 hash encodes the BIP39 entropy to CBOR and the output of the hash function as well before generating the keypair

(look at the "toHashSeed" function here: https://github.com/input-output-hk/cardano-sl/blob/0b85142eede30cac8e1c5e627785d523f7ee8432/wallet/src/Pos/Util/BackupPhrase.hs and "createKeypairFromSeed" here: https://github.com/input-output-hk/cardano-sl/blob/05bea127ac698bd8737d88c69e51de02ae3c2c17/crypto/Pos/Crypto/Signing/Signing.hs)

, but your implementation takes the entropy as a string (the output of bip39.mnemonicToEntropy) and puts it directly into the blake2b256 function ("mnemonicToSeedImpl" function here: https://github.com/input-output-hk/js-cardano-wasm/blob/13132f770970e45d1ae2773f599e44ebb2339a40/js-example/src/Components/Bindings/BIP39.js). If you need more clarifications, feel free to ask and I will try to provide a more detailed explanation. Of course I admit that I can be missing something or that I got something wrong when analyzing the outputs of both implementations.

[DominikGuzei]

Thanks for the feedback @refi93, we definitely have to look into this! @NicolasDP @vincenthz can you also tune in this discussion?

[NicolasDP]

Hi @refi93 , thank you for your interest in this project.

The issue you are reporting is in js-example, please be aware that this is an example and is not production ready. It has been written quickly as an example of what one can do with this wasm library, it is not impossible that there are bugs in this example.

The Wasm library does not allow compatibility with Daedalus wallet yet. We are not going to look into this feature just yet as we are tied to other tasks at the moment. We will work into adding compatibility with Daedalus wallet as soon as the project has matured and stabilised.

[refi93]

@NicolasDP thanks for your reply. I encourage you to check out the js implementation for Cardano that we are currently developing independently - https://github.com/vacuumlabs/cardano (hosted at: https://cardanolite.com/) It is a light wallet for Cardano made entirely in js that currently works just like Daedalus with the difference that addresses are being generated deterministically to be able to efficiently look them up in the blockchain explorer without the need to permanently store any local data.

Feedback and cooperation would be really welcome. The contact form is on the landing page or the email is in the footer of the wallet app.

[rahilzebpay]

@NicolasDP Hello,

By Daedalus incompatibility do you mean that ADA stored on this wallet cannot be moved to Daedalus and vice versa?

[refi93]

@rahilzebpay if it fully worked (i.e. was able to create and submit transactions, which AFAIK it does not currently), you would be able to send funds from and to Daedalus, since for that it should be enough for the addresses and key pairs derived to be valid if I understand right. This issue is just about seed derivation from mnemonic incompatibility - i.e. you would not be able to recover this wallet from Daedalus and vice versa. But I'm not a contributor to this repo, I'm just speaking from the experience with developing cardanolite, a different project mentioned above.

[NicolasDP]

Hi all, @refi93 is right. One should be able to send ada to this JS Wallet and to send back ada to the daedalus addresses. However it is not possible, at the moment, to recover a Daedalus wallet with this JS binding.

However, it is possible to reconstruct the seed from the mnemonic, we just don't provide ready to use tool for this. The only tool one could use is the paper wallet function which will give you back the expected seed (see daedalus' paperwallet). Now from this seed, you would not be able to derive the same addresses.