search

spesmilo / electrum

Electrum Bitcoin Wallet
https://electrum.org
MIT License
7.35k stars 3.06k forks source link

Issue deriving multisig addresses #4246

Closed vzelenko closed 6 years ago

vzelenko commented 6 years ago

I am using a Readonly wallet, seeded by 3 Trezors (m/49'/0'/0'/# derivation path.) P2SH addresses generated by Electrum appear to follow this rule:

Take xPub[i][#], derive Public Key [i][#], where [i] is [0, 1, 2] and [#] increments from 0 and up by 1, and generate the Address consisting of all 3 pubkeys for each xPub @ [#].

However, when I use NBitcoin library as well as Libbitcoin's BX tool, the generated P2SH addresses do NOT match what Electrum derives, although the libraries produce the same addresses between each other.

More surprisingly, the first P2SH address matches across the board with Libraries and Electrum.

Anyone knows of the issue with Electrum's Generator?

SomberNight commented 6 years ago

Why is the "issue with Electrum's generator"? :) You probably just misunderstood something.

Please provide specific examples with xpubs (or seed words / xprvs), derivation paths, and addresses. Also note that "p2sh" address is actually not at all specific. Do you mean a standard p2sh multisig? Or a p2sh-p2wsh multisig?

The first address matching, and the subsequent ones not, suggests that these tools might not be iterating at the same depth. In fact, it is very suspicious that you wrote "m/49'/0'/0'/# derivation path". See https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#path-levels Using your notation, try m/49'/0'/0'/0/#

vzelenko commented 6 years ago

Not near computer now, but you are correct in that I mean Multisig P2SH and not P2WSH. Also, I made a typo with derivation path, but you have correctly caught it. I’ll try to get an example for this issue, @ghost43...

On Apr 9, 2018, at 19:12, ghost43 notifications@github.com wrote:

Why is the "issue with Electrum's generator"? :) You probably just misunderstood something.

Please provide specific examples with xpubs (or seed words / xprvs), derivation paths, and addresses. Also note that "p2sh" address is actually not at all specific. Do you mean a standard p2sh multisig? Or a p2sh-p2wsh multisig?

The first address matching, and the subsequent ones not suggests that these tools might not be iterating at the same depth. In fact, it is very suspicious that you wrote "m/49'/0'/0'/# derivation path". See https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#path-levels Using your notation, try m/49'/0'/0'/0/#

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

vzelenko commented 6 years ago

Summary:

  1. Electrum version 3.1.2
  2. .NET Generator - uses NBitcoin library
  3. Shell - use libbitcoin-explorer (bc script)

Procedure:

  1. Create a readonly Electrum Wallet seeded with xPub keys listed below, using the listed order. Let it generate receive and send addresses.
  2. Use NBitcoin library to Parse the 3 xPub keys, then derive first 10 HD addresses.
  3. Using NBitcoin lib and the 3 xPub keys, create a P2SH script address using corresponding 3 PubKeys (derived above), and 2 out of 3 signature condition.
  4. Print out the 3 PubKeys as well as generated script address.
  5. Create a 'bx' script line for each iteration.

The output of the above procedure will be shown at the end. Addresses generated by NBitcoin Lib and 'libbitcoin' match exactly, while Electrum's list (below) deviates.

Generate HD xPub Keys:

[1] tuition pear insect tragic soul trend recycle letter essay erupt crater uncover xpub661MyMwAqRbcF4SozhNUkbxjS1uWuqT4vFg3iT6NK5xkhvsBn1d7MiwvSWzzTAieoQ9m3559JkbTXjjX9pKWZyLwMJCTGfRFCcin4zb2Gtf

[2] become broken length come display hospital ribbon negative unfair intact warrior relax xpub661MyMwAqRbcGmFiuRxk2ynf9dtyfvUkYWUwCdzw9deqjhWjoXC5mPudtPRSLPfNKrmZmXSMo7etgweeDUNs9Jujwn3Ef6qmGjBoz3N6LbJ

[3] bottom common minute monkey vote among story dentist below witness announce core xpub661MyMwAqRbcGKfDGRJrLWb4agem1Tb8XUe1Lgiy9sTKo1GUSEGwKiifH3tZEr8JdkJCcTDDQqbFMwmTEj7jEtYWXXcK99RhcErzq7qUAq9

List Generated Electrum Addresses (wallet is correct)

$ ./electrum -w ~/.electrum/wallets/wallet_4_demo listaddresses

[
"3CK3HgQE2wEwqZzJeBaTGPvuFTeVYsW1XK",
"3GuFCFjoy3QxjqSPdBjNAxu8SCN9JSvxP8",
"3BngGzwZ2x3q82ijczYuGC5EjZFXFdETt5",
"3CspPreswtUhCBFBS3A47mi5tVUDqfvgfJ",
"3ByEUWgZZELJXYsnRwBitJV59wYTtsUkJX",
"3HvkSFnxXPb9UFxFjfp5gwMi7hE7mSAXbQ",
"3CVsbqgzYRnajJGnhbDLHR6ANC5iQr6aoA",
"3D68BHFdY9BcZAYzKujvFDoA56gt3HGZE9",
"37mNZphxoYa4cDhtYEvVZmQkf6sibhasq2",
"37RJ3vNrCnN2fatjqnsRDsbp37t3fKjp2m",
"38UzaBRmxiXFhoe92AP7LsvKuvUyDTs4Yk",
"36K5Z4mG6K14gGvj3i7GqeBL9H9GehrUbm",
"3BhDhE8nHJeHUNTu9HpXzjnrGz5tzKCq93",
"3CcQFPfPRXEvkbDzwFCSHBgLKmNPJBU6Dc",
"3Nh3efjvjAq6Au7znD4ULnGN21U4tVQyQV",
"3NdqUtXL7aGRC6c5YByBhSKHWDpE2juLSG",
"3EjEtH2ksz5YtbV6oVGxbN1KYinxAxyBhf",
"36UZebiKpiKfZqb9bZ71wJ5pJwCnYLn2J6",
"3AWBV1R5ut23Y3FvU9Pyju7qCKrs8iZkRC",
"3ERzdybPEfvZ5S27abxe56U4VrZH1KfXmg",
"3FYVEPfLAbeuPa1JtWhaAg26o8H5FUDwh8",
"3JN6fwk8xEis9PtufvXi9JHGP3cit682Nq",
"328BmPUrZA1V8g6YbcdZom8M3xD5LY9cpF",
"3Q2n8kwzUGizucc6cBRQUq5qboC99a3nDG",
"32zWFdpRknjNx67jUU3xC6p3HieV5x8bpG",
"368STivGhkba7Yv5cheBw6S3TWFcsCqwtP"
]

NBitcoin Script Output

The below output shows the Script format, 3 public keys, and the resulting P2SH address for each of 10 generations:

+++++++++++++++0++++++++++++++
./bx script-to-address "2 [025fcbb8bdb33022ec2246e28a0ac3ebc0bc9142d5bf368afa316ce5625d2fdc38] [03b5a7cba0c74dc1fda6a0770b5d291a353dc3d506234cde8e4bfdb51944e3f7fe] [025d104173db200990ae10df93d9d21ee861f4b6d5fda0e9d3fa62d42c07cc85e7] 3 checkmultisig"
35A6sPxKJHsMg1i2KUSrMRM3LcdUnkQRCa
+++++++++++++++1++++++++++++++
./bx script-to-address "2 [02ed9e5e412f3e7615cde4da6df8acf77b99f6be3e651d40163fd2df85ee0c80c8] [0287c03891fbcce8f157d647f29774bafe4ad23216ae0f9099a359b51221b2882a] [036da5ac18a5079ba8461de29d5ff1b829fdd502ce4b9871f931dd4e9745acb8e6] 3 checkmultisig"
34GVeyFzjKCE6tRrv2q5iMjvqdrguy55k3
+++++++++++++++2++++++++++++++
./bx script-to-address "2 [025e1c8e178111d0005e36df17bf96de7472dc66dc4c6a97d05f57c7383d84e1c5] [02d8104732ea5bbda84f008bddae60cb320a66323059fbe3c3ee4661589f973f80] [0356531086cc10066171a1bc550ce8794b19d0f35c3ff095e9215bd33ffca29b99] 3 checkmultisig"
3BngGzwZ2x3q82ijczYuGC5EjZFXFdETt5
+++++++++++++++3++++++++++++++
./bx script-to-address "2 [03f83cb2a23eb55e01c95681ceb233535f495acd551fa73eb066c880a877afa9b0] [033f32d3bdc561ad15b2ee792079bbd2401b8161dcd9c29d2737a47644c9a4d0bd] [03a696792935288574b65cfe7526fc88998761e16c3cbe69e86044f1f4fcc18f09] 3 checkmultisig"
3EvTcmfqoDP8cXdgMthVJDW9xJWK1QSgH8
+++++++++++++++4++++++++++++++
./bx script-to-address "2 [021cec99f5de991e350e88367a9feac7a084af6e358e5cfcf0ec7d3851b75d4495] [0384a2d0de018e01b92d77e211207aca7997667cb50906f976577d0f7872657a80] [029f2c91033e71e707a4c16db3752f2f71a46860e1fea581bf61ef53a5855a2932] 3 checkmultisig"
32PJo73hD2jUxqQFjViLb56eZAJyRxE1kh
+++++++++++++++5++++++++++++++
./bx script-to-address "2 [02d6ef2a4e37785b50b071433e8491f0be092706ba74e226bece9dc00fa4848107] [03f7e59f7f85eec2cb45f774f499bda2eb4da31c6194725c0568499dfd28437e73] [02a5ed27a8ddf8d5b6bba2c95cf0a6051c4831ca71a0ca7befeecd8205c2db6261] 3 checkmultisig"
34TbMVnyNpLAo5jxEDjQ6CBM4TwJQ4kTNf
+++++++++++++++6++++++++++++++
./bx script-to-address "2 [026fbfa5c0e79267e2e997d3b979ac3be3c1de4b5e7c1afb3b1443464228dacf33] [025ec1415f602eed58e175f8df8b1aa93f4fcdfee9d3ab6a84f844f3ea6f363daf] [0258a75638a54a4e4546a5aa9a6e20382381c67d0625a88a6ad1c16229ea463768] 3 checkmultisig"
3NfpsL7xqdkWP4wsKxpFQHRHAESbrwVFfE
+++++++++++++++7++++++++++++++
./bx script-to-address "2 [0344c0ba52dc2c3be0c08eba6ef5bf3a449aa10249f6444cd0fe31ce7dcc3ef38f] [03ced39d5b3d9d33f7d8852c4b63161327ecd9d33093de1ab91fd236ee2be6afaf] [0362f0cb9ed7bcb9f2eec57484ede4699511d62d9c135bfe30a75e698e70b2fb5f] 3 checkmultisig"
3G7suRph9sMbqXqHYViPLuDoYwmXqATNuy
+++++++++++++++8++++++++++++++
./bx script-to-address "2 [03352fbfe9706634dd30bbb9b3ed67210e8eeed768e9a020983a51b412e6ee2cd2] [02d10fb106be2b0ba3f374d591b20618c170f598af69e120152d7f1439c241fee3] [0295af1294aa62be35db80d9cc1104520377eb612caae28ef0d819cabb85ebbe09] 3 checkmultisig"
3Mbjm6LPZJJHvgNo44sUag7gRE28kuqTS9
+++++++++++++++9++++++++++++++
./bx script-to-address "2 [02887c2cd265dc89a9ac9aa04669e15b02166edb805e897be311f2a34a8e9fcd1a] [0320e811463a03df19185317f721808176fa05aef365d31f1aec13ae154ff9dc33] [02e5bfbd7ff033892f36097ff0abf9fc64c45104aeab6dfb37965908fea9030d7b] 3 checkmultisig"
3HZcUkFRoqkqtkXoCerErjnsXS2hqaLpet
dabura667 commented 6 years ago

You aren’t canonically sorting the pubkeys.

Every multisig wallet canonically sorts pubkeys before creating the redeemscript.

NBitcoin is not wrong

Electrum is not wrong

Your method of using NBitcoin was wrong.

junderw commented 6 years ago

@vzelenko These should work.

./bx script-to-address "2 [025d104173db200990ae10df93d9d21ee861f4b6d5fda0e9d3fa62d42c07cc85e7] [025fcbb8bdb33022ec2246e28a0ac3ebc0bc9142d5bf368afa316ce5625d2fdc38] [03b5a7cba0c74dc1fda6a0770b5d291a353dc3d506234cde8e4bfdb51944e3f7fe] 3 checkmultisig"
./bx script-to-address "2 [0287c03891fbcce8f157d647f29774bafe4ad23216ae0f9099a359b51221b2882a] [02ed9e5e412f3e7615cde4da6df8acf77b99f6be3e651d40163fd2df85ee0c80c8] [036da5ac18a5079ba8461de29d5ff1b829fdd502ce4b9871f931dd4e9745acb8e6] 3 checkmultisig"
./bx script-to-address "2 [025e1c8e178111d0005e36df17bf96de7472dc66dc4c6a97d05f57c7383d84e1c5] [02d8104732ea5bbda84f008bddae60cb320a66323059fbe3c3ee4661589f973f80] [0356531086cc10066171a1bc550ce8794b19d0f35c3ff095e9215bd33ffca29b99] 3 checkmultisig"
./bx script-to-address "2 [033f32d3bdc561ad15b2ee792079bbd2401b8161dcd9c29d2737a47644c9a4d0bd] [03a696792935288574b65cfe7526fc88998761e16c3cbe69e86044f1f4fcc18f09] [03f83cb2a23eb55e01c95681ceb233535f495acd551fa73eb066c880a877afa9b0] 3 checkmultisig"
./bx script-to-address "2 [021cec99f5de991e350e88367a9feac7a084af6e358e5cfcf0ec7d3851b75d4495] [029f2c91033e71e707a4c16db3752f2f71a46860e1fea581bf61ef53a5855a2932] [0384a2d0de018e01b92d77e211207aca7997667cb50906f976577d0f7872657a80] 3 checkmultisig"
./bx script-to-address "2 [02a5ed27a8ddf8d5b6bba2c95cf0a6051c4831ca71a0ca7befeecd8205c2db6261] [02d6ef2a4e37785b50b071433e8491f0be092706ba74e226bece9dc00fa4848107] [03f7e59f7f85eec2cb45f774f499bda2eb4da31c6194725c0568499dfd28437e73] 3 checkmultisig"
./bx script-to-address "2 [0258a75638a54a4e4546a5aa9a6e20382381c67d0625a88a6ad1c16229ea463768] [025ec1415f602eed58e175f8df8b1aa93f4fcdfee9d3ab6a84f844f3ea6f363daf] [026fbfa5c0e79267e2e997d3b979ac3be3c1de4b5e7c1afb3b1443464228dacf33] 3 checkmultisig"
./bx script-to-address "2 [0344c0ba52dc2c3be0c08eba6ef5bf3a449aa10249f6444cd0fe31ce7dcc3ef38f] [0362f0cb9ed7bcb9f2eec57484ede4699511d62d9c135bfe30a75e698e70b2fb5f] [03ced39d5b3d9d33f7d8852c4b63161327ecd9d33093de1ab91fd236ee2be6afaf] 3 checkmultisig"
./bx script-to-address "2 [0295af1294aa62be35db80d9cc1104520377eb612caae28ef0d819cabb85ebbe09] [02d10fb106be2b0ba3f374d591b20618c170f598af69e120152d7f1439c241fee3] [03352fbfe9706634dd30bbb9b3ed67210e8eeed768e9a020983a51b412e6ee2cd2] 3 checkmultisig"
./bx script-to-address "2 [02887c2cd265dc89a9ac9aa04669e15b02166edb805e897be311f2a34a8e9fcd1a] [02e5bfbd7ff033892f36097ff0abf9fc64c45104aeab6dfb37965908fea9030d7b] [0320e811463a03df19185317f721808176fa05aef365d31f1aec13ae154ff9dc33] 3 checkmultisig"
vzelenko commented 6 years ago

@dabura667 - OF COURSE!!! I had assumed that Electrum keeps keys in the order they were initially specified, but now it makes sense - thanks. @junderw - thank you for clarifying.