ecdsa
commented
5 years ago Closed jtomtan closed 5 years ago
ecdsa
commented
5 years ago 
jtomtan
commented
5 years ago see https://electrum.readthedocs.io/en/latest/seedphrase.html
This document didn't answer my question.
What's the BIP32 path for segwit address ? I know m/0 is used for legacy address
SomberNight
commented
5 years ago You seem confused about many things. You should read the source code, that is the best resource for technical details.
Derivation paths for electrum seeds: https://github.com/spesmilo/electrum/blob/b08cfac643bf6e6c3fdd54b6f35787e3876e068c/electrum/keystore.py#L830-L849
What's the BIP32 path for segwit address ? I know m/0 is used for legacy address
So no, it is not m/0 for legacy.
Re seed version numbers (hash prefixes): https://github.com/spesmilo/electrum/blob/b08cfac643bf6e6c3fdd54b6f35787e3876e068c/electrum/version.py#L7-L8 ^ note that this is in hex characters
a. 0x00000001 (decimal value: 1) -> for Legacy address b. 0x00010000 (decimal value: 16) -> for Segwit address
So no, that's not the correct value for segwit.
We know that BIP39 uses the last words for checksum (last 4 bits in case of 12 words), If we try to validate BIP39 checksum for Electrum mnemonics, most of the time will fail. I wonder it is possible for some Electrum mnemonics succeed with the validation by accident? And what's the ratio?
Modern Electrum seeds, when generated by Electrum, use the English BIP39 wordlist. The BIP39 checksum and the Electrum hash prefix depend on independent cryptographically secure hash-function-based random variables. Given a modern Electrum seed, the probability that the BIP39 checksum passes is the same it would be for any same-number-of-words random word-selection for the BIP39 wordlist; i.e. as you said, for a 12 word seed, 4 bits, i.e. 1/16. The BIP39 checksum is ridiculously weak.
jtomtan
commented
5 years ago You seem confused about many things. You should read the source code, that is the best resource for technical details.
Derivation paths for electrum seeds: https://github.com/spesmilo/electrum/blob/b08cfac643bf6e6c3fdd54b6f35787e3876e068c/electrum/keystore.py#L830-L849
What's the BIP32 path for segwit address ? I know m/0 is used for legacy address
So no, it is not m/0 for legacy.
Re seed version numbers (hash prefixes): https://github.com/spesmilo/electrum/blob/b08cfac643bf6e6c3fdd54b6f35787e3876e068c/electrum/version.py#L7-L8
^ note that this is in hex characters
a. 0x00000001 (decimal value: 1) -> for Legacy address b. 0x00010000 (decimal value: 16) -> for Segwit address
So no, that's not the correct value for segwit.
We know that BIP39 uses the last words for checksum (last 4 bits in case of 12 words), If we try to validate BIP39 checksum for Electrum mnemonics, most of the time will fail. I wonder it is possible for some Electrum mnemonics succeed with the validation by accident? And what's the ratio?
Modern Electrum seeds, when generated by Electrum, use the English BIP39 wordlist. The BIP39 checksum and the Electrum hash prefix depend on independent cryptographically secure hash-function-based random variables. Given a modern Electrum seed, the probability that the BIP39 checksum passes is the same it would be for any same-number-of-words random word-selection for the BIP39 wordlist; i.e. as you said, for a 12 word seed, 4 bits, i.e. 1/16. The BIP39 checksum is ridiculously weak.
Thanks for the reply. This helps a lot!
Hi, I've got three questions here:
What's the BIP32 path does Electrum use for Segwit address(bc1) ?
For Seed Version Number, when I compute the SHA512 for mnemonics, get the following (the first byte of the hash):
a. 0x00000001 (decimal value: 1) -> for Legacy address b. 0x00010000 (decimal value: 16) -> for Segwit address
am I right? Since it looks a little different from the document.
Thanks.