How HD wallet works for back ups?

[fred21]

Hello,

Blockchain.info is now using BIP44 wallet which I need to understand principle in terms of back ups in order to trust this kind of wallet.

According to what is said, a simple 12 words passphrase can unable the full recovery of the wallet. This is true for blockchain.info and other platforms supporting BIP 44.

But there must be a link between all those platforms supporting BIP 44 allowing wallet recovery on one platform with a passphrase generated on an other platform? what is this link?

thanks,

[Arkazle]

Hey Fred,

I would thoroughly recommend looking through the BIP 44 Github page where it explains all of the technical details about it.

You can check out the GitHub here:

https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki

[achow101]

Hello,

Blockchain.info is now using BIP44 wallet which I need to understand principle in terms of back ups in order to trust this kind of wallet.

According to what is said, a simple 12 words passphrase can unable the full recovery of the wallet. This is true for blockchain.info and other platforms supporting BIP 44.

But there must be a link between all those platforms supporting BIP 44 allowing wallet recovery on one platform with a passphrase generated on an other platform? what is this link?

thanks,

BIP 44 is a specification (it is actually an extension of BIP 32). In order for something to use BIP 44, it must follow the detailed spec that Arkazie posted above. This spec defines a specific algorithm that must be used when deriving addresses. A master private key (encoded as the seed), it will always return the same addresses if the specified algorithm is followed. This is regardless of the wallet so long as it implements BIP 44 correctly.

[odolvlobo]

In short, every private key is derived from the "seed" in the same way using the method described in BIP 44 in every wallet on every platform.

When setting up a wallet with a previously generated seed, the wallet simply searches the block chain for any addresses that might be derived from that seed.

[fred21]

Thanks for clarifying.
1) I guess every platform that is supporting BIP 44 are connected in some ways not only when you recover your wallet with your multiuple word recovery phrase but also when you create this phrase (for not double phrases to be created). How they connect?
2) I am worry that it could be easy to guess the pass phrase, that will allow anyone to recover the wallet of anyone else. I am sure algorithm will be able to test multiple 12 words phrase and then get the relating wallet and funds in it. I heard that there are some technology in BIP 44 algorithm that make stopping attempt if multiple attempts are made. How does BIP 44 allow to stop multiple attempts of HD wallet recovery?

Thanks

[achow101]

Thanks for clarifying.
1) I guess every platform that is supporting BIP 44 are connected in some ways not only when you recover your wallet with your multiuple word recovery phrase but also when you create this phrase (for not double phrases to be created). How they connect?

They do not connect. There is no central server for accounting.

As I explained earlier, there is a very specific algorithm. This algorithm uses no random parts (except for the master private key). It is completely deterministic. This means that given the same master private key (seed), the algorithm will always generate the same addresses. Wallets that implement BIP44 follow this algorithm, so every wallet that implements BIP44 will always get the exact same addresses given the same seed.

2) I am worry that it could be easy to guess the pass phrase, that will allow anyone to recover the wallet of anyone else. I am sure algorithm will be able to test multiple 12 words phrase and then get the relating wallet and funds in it. I heard that there are some technology in BIP 44 algorithm that make stopping attempt if multiple attempts are made. How does BIP 44 allow to stop multiple attempts of HD wallet recovery?

Thanks

No, it would take much too long to bruteforce. The seed is very secure and it has a lot of entropy.

[fred21]

No, it would take much too long to bruteforce. The seed is very secure and it has a lot of entropy.

Finding a 12 words phrase with words in the english dictionnary shouldn't take to long for an algorithm.

What is making the seed secure?

what do yiou mean by a lot of entropy?

[achow101]

No, it would take much too long to bruteforce. The seed is very secure and it has a lot of entropy.

Finding a 12 words phrase with words in the english dictionnary shouldn't take to long for an algorithm.

What is making the seed secure?

I see that you have no concept of probabilities.

I'll discuss BIP39 here as that is what most wallets use for generated the seed, but some don't. A 12 word seed is secure in the same way that a 12 character random passphrase is secure. In fact, it is even more secure than a 12 character random passphrase, due to the fact that there are 2048 possible words for each of the 12 words instead of less than 100 possible characters for the 12 characters in a 12 character passphrase.

BIP39 uses 2048 possible words for each of the twelve words. That's 5444517870735015415413993718908291383296 possible combinations of 12 word seeds. Furthermore, BIP39 specifies that the seed can be in any of 7 langauges (AFAIK the seed has to be in the same language). So if you don't know the language, that's 38111625095145107907897956032358039683072 possible combinations. That is a lot of possible seeds to have to search through, and it would take much too long to search for that.

what do yiou mean by a lot of entropy?

Entropy here means randomness. The seed is based upon a completely random master private key. Additional randomness is added by hashing parts of said key and used in the seed phrase. Since the phrase is essentially completely random, there are no patterns or easy to guess things that usually make brute forcing a password easier.

Edit: Math

[DannyHamilton]

Finding a 12 words phrase with words in the english dictionnary shouldn't take to long for an algorithm.

That depends on what you mean by "shouldn't take long".

It should take longer than the universe has existed.  Would you consider that to be long?

What is making the seed secure?

VERY big numbers.

what do yiou mean by a lot of entropy?

Very random.  Nothing predictable about it, no repeatable algorithm.  Just a completely random selection of one of the 5,444,517,870,735,015,415,413,993,718,908,291,383,296 possible sets of 12 words.

[achow101]

completely random selection of one of the 5,444,517,870,735,015,415,413,993,718,908,291,383,296 possible sets of 12 words.

2048 possible words for each of the twelve words. With no repetitions, that's 1.672691931910011705169952468793676234018189696109... × 10^5894 possible combinations of 12 word seeds.

It's a very big number, but I don't think it's as large as you've indicated.

2048¹² is a bit less than 5.5 × 10³⁹  isn't it?

Or did I get that math wrong?

Yeah, I did my math wrong. I also assumed that there were no repetitions, although I'm not sure if that is actually the case.

[fred21]

If we round the number of possibilities for the 12 words seed to 10^40.

Let's assume that there are 10^7 seeds that are linked to a actual wallet with bitcoin.

This means that at every attempt with a combination of 12 words there is 10^7 chances out of 10^40 that one wallet become hacked which is the same probability than 1 chance out of 10^33.

If we consider that nowadays computer can make 10^15 operations per second and there is 3155760 second in a year.

One computer could then make 3155760*10^15 of 12 words attempts per year for seed which can be approximate to 10^21.

This mean that in one year, that computer, will have 10^21 chances out of 10^33 to get a seed related to an actual wallet with BTC which is the same probability as 1 chance out of 10^12.

After two years, the numbers of attempts become 3155760^2*10^15 which is approximately 10^28 attempts which make the probability of getting an actual wallet to 10^28 chances out of 10^33 which is equal to 1 chance out of 10^5.

For 3 years, this computer will have tried all possibilities and discovered all wallets.


what do you think?

[odolvlobo]

If we round the number of possibilities for the 12 words seed to 10^40.

Let's assume that there are 10^7 seeds that are linked to a actual wallet with bitcoin.
...
what do you think?

You have made some serious errors:

1. There are 31 million seconds in a year, not 3 million.
2. A computer cannot calculate 10¹⁵ hashes per second -- more like 10⁸. A current ASIC device can do 10¹⁴ hashes per second.
3. If one year is 31557600x10¹⁴ hashes, then two years is 2x31557600x10¹⁴, and not 3155760²x10¹⁵.
4. Three years would be 3x31557600x10¹⁴, or about 10²², which with 10⁷ out of 10⁴⁰ addresses means a 1 out of 10¹¹ chance.

[achow101]

2. A computer cannot calculate 10¹⁵ hashes per second -- more like 10⁸. A current ASIC device can do 10¹⁴ hashes per second.

Not only that but it isn't even just hashes being performed. There are other functions and key stretching that happens to in order to get a seed and reverse. Then to get addresses there is also some key stretching and more hashing required. The computer would be doing significantly less operations per second.

[fred21]

Sorry, I have done this in a hurry.

let's assume :
1 computer can do 10^8 hashes per second
There are 10^7 wallets using seed of 12 words
There are 10^40 combinations of 12 words seed
1 year is 31 millions seconds

how many years it will take to this computer to test all combinations?

In one year, it can do 31* 10^6*10^8 hashes which is approximately 10^15 hashes.

dividing 10^40 by 10^15 leads to 10^25.

Thus it will take 10^25 years to tests all seeds and get all the wallets

How many years it will take to this computer to get only one wallet?

As there are 10^7 wallet with seeds and a total of 10^40 possible combinations, we can assume that 1 wallet will be hacked every 10^33 attempts which will take (10^33 divided by 10^15) 10^18 years

But what if more than one computer is used? 
Is there not something on the algorithm that is blocking attempts when to much are made?

[achow101]

Sorry, I have done this in a hurry.

let's assume :
1 computer can do 10^8 hashes per second

Again, it isn't hashes. There is much more to it, please read BIP 32. There are word lookups and then multiple rounds of hashing and key stretching and other operations in order to get the private key. It isn't just hashing, so a computer will not be able to find master private keys as quickly.

There are 10^7 wallets using seed of 12 words
There are 10^40 combinations of 12 words seed
1 year is 31 millions seconds

how many years it will take to this computer to test all combinations?

In one year, it can do 31* 10^6*10^8 hashes which is approximately 10^15 hashes.

dividing 10^40 by 10^15 leads to 10^25.

Thus it will take 10^25 years to tests all seeds and get all the wallets

How many years it will take to this computer to get only one wallet?

As there are 10^7 wallet with seeds and a total of 10^40 possible combinations, we can assume that 1 wallet will be hacked every 10^33 attempts which will take (10^33 divided by 10^15) 10^18 years

But what if more than one computer is used? 

Do you realize how ridiculously long 10^18 years is? That is 72463768.1159 longer than the universe has even existed. Even if you used multiple computers, you would barely make a dent in that time frame.

Is there not something on the algorithm that is blocking attempts when to much are made?

No because there is no central server and there is nothing you can do to block attempts when there is no central authority.

[odolvlobo]

Sorry, I have done this in a hurry.

let's assume :
...
As there are 10^7 wallet with seeds and a total of 10^40 possible combinations, we can assume that 1 wallet will be hacked every 10^33 attempts which will take (10^33 divided by 10^15) 10^18 years

But what if more than one computer is used?  
Is there not something on the algorithm that is blocking attempts when to much are made?

Why did you avoid answering your own last question? Let's assume there are 10¹⁰ PCs in the world (there are certainly less).

If every PC in the world searched for wallets, it would still take (10¹⁸ divided by 10¹⁰)  10⁸, or 100 million years.

[Snorek]

Pardon my technical ignorance but can I use passphrase of one HD wallet and use it in another wallet to restore my private key?
I.e. passphrase generated by blockchain.info will can be used and will work when applied in Multibit HD or Electrum?

[achow101]

Pardon my technical ignorance but can I use passphrase of one HD wallet and use it in another wallet to restore my private key?
I.e. passphrase generated by blockchain.info will can be used and will work when applied in Multibit HD or Electrum?

The master private key will, but not necessarily the seed phrase.(or mnemonic, both the same). Electrum uses a different seed phrase format that isn't BIP 39.

[fred21]

@achow101 where can I find the 2048 English words list used in BIP 44 ?

@Snorek  It is possible to recover wallet with BIP 44 in coinvault.io, Mycelium & Trezor wallets

[achow101]

@achow101 where can I find the 2048 English words list used in BIP 44 ?

It's actually BIP39 for mnemonics. BIP44 specifies something else. BIP39 is specified here: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki. There are additional links to the wordlists used.