Going forward: MultiBit HD and MultiBit Classic

[filchef]

My wishes
 1.Console like BitCoin-Qt
 2.Test mode like BitCoin-Qt or test wallet
 3.Function for import and export private and public key - sometimes public key is need for mining in p2pools and private key is need for transfer account to another client.
 

[jim618]

Hi filchef,

Thanks for your input.

For the console (or API, as they are similar) I've not put it into MultiBit and probably won't put it into MultiBit HD. I want MBHD to be as close to 'shrinkwrap' as possible as it is for the general user rather than the advanced user.

Of course there is nothing to stop people using bitcoinj in command line - Mike Hearn has written a CLI.
A CLI also opens up another whole attack vector (scripted attacks) which is another reason I don't want to put it in.


Test mode - yes there should be compatibility with the testnet (it's an oversight it's not really there in multibit rather than a design decision).


Because MBHD will ONLY support HD wallets importing pure keys won't be supported as it invalidates being able to backup and recreate addresses from a seed/ mnemonic phrase. I appreciate this probably won't be very popular with 'private-key-istas' who like to move private keys around. The reason for this is that messing up or losing private keys is the number one problem with MB at the moment. For MBHD to be used by general users they need more safety in managing private keys.


There are a few things that MBHD won't provide because they create LOTS of support calls and it's just not sustainable going forward if and when there are more users.

For instance, choosing where to put your wallet sounds an innocent feature but causes lots of support calls when people create a wallet and then cannot find it. For MBHD I am only going to put wallets in the user data directory to simplify things. Edit: the wallet file name will be derived from the master public key so users won't even choose the filename (there will still be a description field).

[nomailing]

More requests:

1) When I want to send bitcoins, I would like to be able to specify which previous txout's I want to use. This is important for anonymity. It should work similar to the "custom send" in the blockchain.info wallet.

2) I don't know if it is already standardized in the HD proposal how the seed could be exported to a list of words. It would be nice to have the possibility to export the seed in a way which is easier to type in by hand. This would be very helpful if you want to use your offline wallet on PC's that don't have a scanner/printer/webcam. For security you might prefer to only generate random backup words from your seed address and don't allow the user to select his own words.

[filchef]

Because MBHD will ONLY support HD wallets importing pure keys won't be supported as it invalidates being able to backup and recreate addresses from a seed/ mnemonic phrase. I appreciate this probably won't be very popular with 'private-key-istas' who like to move private keys around. The reason for this is that messing up or losing private keys is the number one problem with MB at the moment. For MBHD to be used by general users they need more safety in managing private keys.


There are a few things that MBHD won't provide because they create LOTS of support calls and it's just not sustainable going forward if and when there are more users.

For instance, choosing where to put your wallet sounds an innocent feature but causes lots of support calls when people create a wallet and then cannot find it. For MBHD I am only going to put wallets in the user data directory to simplify things. Edit: the wallet file name will be derived from the master public key so users won't even choose the filename (there will still be a description field).

So if some thing happen with wallet file when you reinstal for example Windows and like to recover your account you can't do noting without your private keys - private key are basic of Bitcoin technology and now i know i never use MBHD and i thing you try to discover hot water.
There are one solution to be function export private key to the file for safety reason and recover account in another client but no function import if  in MBHD is impossyble to recover account from private key but you have to know HMBD will be the first client why can't do this.
And one more question how you generate new addresses and import addresses from another clients - you have to thing about this if you like your client to be more popular.

[jim618]

Security, passwords, private keys and wallet recovery are all related.

Here is a rough draft of what we are thinking of doing (it might be refined as we go but you'll get the overall picture):



MultiBit HD Password Strategy

Introduction
This document describes the overall strategy for password management in MultiBit HD.
Primary goals are that:

1) Data is stored securely, locally.
2) If the user loses their password, there is a way they can recover it.
3) If the user loses their computer, they can recover their wallet from a cloud backup.



Description of Seeds and Passwords.
As the wallet used in MultiBit HD is a hierarchical deterministic wallet it has a seed from which all the Bitcoin addresses can be calculated. (BIP 32)

This seed can be transformed to a mnemonic phrase, typically 12 words long. (BIP 39). At wallet creation the user is strongly advised to write this mnemonic phrase down on a piece of paper and keep it safe.

The seed is the master private key which can be used to sign spends. It can also be used to create a master public key which can be used to generate addresses but cannot sign spends.

The master private key needs to be stored locally, securely and so needs to be encrypted. A wallet password (similar to the existing MultiBit Classic) is used to encrypt this. The user chooses this password in a similar way to the existing MultiBit Classic.

The wallet password is used to encrypt:
1) The master private key and any derived private keys. These are decrypted as required on spends.
2) The user's transaction details. These are decrypted at MultiBit HD start up.
3) The user's contact details. These are decrypted at MultiBit HD start up.


Wallet Password recovery
Users are used to the idea of being able to recover a forgotten password. To enable this an encrypted copy of the wallet password is stored locally. This is encrypted with a PGP public key that is derived from the master private key. This means that as long as you have the mnemonic phrase you can recover the wallet password.

The process is as follows:

1) The master private key is used to generate a PGP private key and PGP public key.
2) The PGP public key is used to encrypt the wallet password. This is stored locally. The PGP private key is discarded. (It can be regenerated given the master private key).

When the user needs to recover their wallet password they do the following:

1) User enters the mnemonic phrase.
2) The mnemonic phrase is used to regenerate the master private key.
3) The master private key is used to generate the PGP private key.
4) The PGP private key is used to decrypt the locally stored encrypted wallet password.
5) The recovered wallet password is shown to the user. They can then use this to decrypt their wallet and use it.

Wallet cloud backup
A wallet that is both encrypted and backed up to the cloud enables the user to recover their wallet if their computer is lost or stolen.

This will be implemented as follows:
1) The mnemonic phrase is used to generate the master private key.
2) The master private key is used to generate a PGP private key and a PGP public key.
3) The PGP public key is stored locally. The PGP private key is discarded (It can be regenerated from the mnemonic phrase).
4) Wallet backups are stored locally (in a similar way to the existing Multibit Classic). These are encrypted with the PGP public key.
5) The user can also choose to store backups in their “cloud backup” directory e.g. SpiderOak sync directory. These wallets are encrypted with the PGP public key.


If the user needs to reuse a wallet backup they offer it up to MultiBit HD, which will then prompt for the mnemonic phrase. This will enable the PGP private key to be recreated and the wallet decrypted.

[nomailing]

As the wallet used in MultiBit HD is a hierarchical deterministic wallet it has a seed from which all the Bitcoin addresses can be calculated. (BIP 32)

This seed can be transformed to a mnemonic phrase, typically 12 words long. (BIP 39). At wallet creation the user is strongly advised to write this mnemonic phrase down on a piece of paper and keep it safe.

The seed is the master private key which can be used to sign spends. It can also be used to create a master public key which can be used to generate addresses but cannot sign spends.

If this is true, then I don't understand why it is necessary to have a wallet backup at all.
Why couldn't it work without a wallet backup?

For example, why not like this:
mnemonic phrase -> seed -> master private key -> all-your-private-addresses

This would work on a live-cd without having any wallet backup stored on any cloud or whatever. Just a simple list of 12 words...

EDIT: Or if you want to use 256 bit security in BIP 32 then you use 24 words in BIP 39.

[jim618]

You are correct that with the mnemonic phrase you can reconstruct all the private keys.   

Why have wallet backups?

1) There is more data in a wallet than just private keys (and there will be more in the future). For instance: you can give someone an extended public key and they can put in their contact info they keep on you. Then they can create addresses to send bitcoin to you. Only you and they know the generated addresses are related. It's private, even though it is on the blockchain.

2) We want triple redundancy for the critical wallet info. Namely:
+ Wallet seed
+ Local backup
+ Cloud backup

Each technique may give us '2 or 3' nines of reliability so, in combination, it should be good enough for rolling out to 1,000,000+ users. We don't want a single user losing bitcoin.

[steeev]

hi, i'm just wondering if Multibit HD will be able to freeze addresses - like the Electrum wallet does...

also, i'm running multibit from a memory stick, will this be an option for HD ?

incidentally, are there any images of the new look/layout fo HD ?

[nomailing]

You are correct that with the mnemonic phrase you can reconstruct all the private keys.   

Why have wallet backups?

1) There is more data in a wallet than just private keys (and there will be more in the future). For instance: you can give someone an extended public key and they can put in their contact info they keep on you. Then they can create addresses to send bitcoin to you. Only you and they know the generated addresses are related. It's private, even though it is on the blockchain.

2) We want triple redundancy for the critical wallet info. Namely:
+ Wallet seed
+ Local backup
+ Cloud backup

Each technique may give us '2 or 3' nines of reliability so, in combination, it should be good enough for rolling out to 1,000,000+ users. We don't want a single user losing bitcoin.

Ok, that sounds much better. So I don't need any backup at all to restore all my bitcoins from the mnemonic?
Then, I will prefer to not upload my wallet to a cloud, because I am more afraid of someone breaking into some cloud storage and stealing my coins.

Am I correct that Multibit HD will support my user behavior as follows:
I use Multibit HD on a linux live cd and always backup my wallet file on an external usb drive.
In case of a corrupt usb drive I will still be able to recover my coins using the mnemonic phrase. Of course then I will lose the additional contact infos and labels which I stored in the wallet, but this is only in case my usb stick is corrupted. Correct?

Another question: Can I then export an extended private key, which I can import in some android app to have a small fraction of my coins in a spendable wallet?

[jim618]

hi, i'm just wondering if Multibit HD will be able to freeze addresses - like the Electrum wallet does...

also, i'm running multibit from a memory stick, will this be an option for HD ?

incidentally, are there any images of the new look/layout fo HD ?

TBH I am not sure how and what we are going to provide in address management yet. We are still thinking about it.

You should be able to run it from a memory stick yes. It will have a Jave runtime in it so it should be better.

We are still playing around with the UI so don't really want to show it yet. It is still early days for it yet so there is still a lot to do in it yet.

[jim618]

You are correct that with the mnemonic phrase you can reconstruct all the private keys.   

Why have wallet backups?

1) There is more data in a wallet than just private keys (and there will be more in the future). For instance: you can give someone an extended public key and they can put in their contact info they keep on you. Then they can create addresses to send bitcoin to you. Only you and they know the generated addresses are related. It's private, even though it is on the blockchain.

2) We want triple redundancy for the critical wallet info. Namely:
+ Wallet seed
+ Local backup
+ Cloud backup

Each technique may give us '2 or 3' nines of reliability so, in combination, it should be good enough for rolling out to 1,000,000+ users. We don't want a single user losing bitcoin.

Ok, that sounds much better. So I don't need any backup at all to restore all my bitcoins from the mnemonic?
Then, I will prefer to not upload my wallet to a cloud, because I am more afraid of someone breaking into some cloud storage and stealing my coins.

Am I correct that Multibit HD will support my user behavior as follows:
I use Multibit HD on a linux live cd and always backup my wallet file on an external usb drive.
In case of a corrupt usb drive I will still be able to recover my coins using the mnemonic phrase. Of course then I will lose the additional contact infos and labels which I stored in the wallet, but this is only in case my usb stick is corrupted. Correct?

Another question: Can I then export an extended private key, which I can import in some android app to have a small fraction of my coins in a spendable wallet?

Yes you can just use the mnemonic phrase to recreate your wallet (though it will have to replay the blocks from when you created it so eventually this will take a while).

The cloud backups you can simply not set up yes.

I expect the first version won't be able to import and export extended public and private keys but it would be a great feature to be able to choose which 'sort' you want to export and import.  It will be a bit difficult to explain it to people in a simple fashion though so we might have to put in an 'Advanced' mode or something.

[filchef]

I expect the first version won't be able to import and export extended public and private keys but it would be a great feature to be able to choose which 'sort' you want to export and import.  It will be a bit difficult to explain it to people in a simple fashion though so we might have to put in an 'Advanced' mode or something.

So i will waiting for this future day when I can export pure private and public keys  for all my addresses   

[boozezela]

There are a few things that MBHD won't provide because they create LOTS of support calls and it's just not sustainable going forward if and when there are more users.

For instance, choosing where to put your wallet sounds an innocent feature but causes lots of support calls when people create a wallet and then cannot find it. For MBHD I am only going to put wallets in the user data directory to simplify things. Edit: the wallet file name will be derived from the master public key so users won't even choose the filename (there will still be a description field).

For the love of God, give me the ability to put all the files together with the executable.

Better: instead of having to create a .properties file (like with multibit "classic") within the same directory where the Multibit HD executable is/will be, create one there by default.
Then give an advanced used the possibility to make portability happen just by changing a simple flag. Something like this:

Code:

# Set this to true if you want to carry Multibit around on a USB stick
# Default: false
portable = true

And pick the location for the rest of the files accordingly.

[newts]

My input would be to have the ability to install Multi-bit in addition to Miltibit classis,  then its just a matter of sending btc over to the new HD wallents.  Once Miltibit classic is empty it can be uninstalled .  Maybe some fee grace for this, makes it simple.

My last upgrade to the latest version went so smooth I was amazed,  it has to be that easy.

[garyrowe]

My input would be to have the ability to install Multi-bit in addition to Miltibit classis,  then its just a matter of sending btc over to the new HD wallents.  Once Miltibit classic is empty it can be uninstalled .  Maybe some fee grace for this, makes it simple.

My last upgrade to the latest version went so smooth I was amazed,  it has to be that easy.

MultiBit HD and MultiBit Classic will both be able to operate side by side. Our recommended upgrade path would include a "sweep" of all funds out of MultiBit Classic and into MBHD. This would not be part of the standard install wizard, but rather something the user would do at their discretion through a simple "Request Bitcoin" operation.

Once that has confirmed then the user would be free to archive/uninstall MultiBit Classic. We would obviously recommend that people not delete any private keys in case someone ever attempts to send them funds through an old address. In that circumstance a user would be able to reinstall MultiBit Classic (we will provide maintenance releases and an archive) to open their old wallets and sweep those funds.

At present we have no plans for a combination of HD wallet with a few private keys mixed in. This is because people should not be reusing standard addresses (I know we're all guilty of it, but it leaks privacy). It will also cause more complexity within the code that will incur development effort.

[oktay50000]

i want multibit HD

[jim618]

Thanks for your enthusiasm !

We are busy "baking the cake" at the moment, but like all things it takes a while.

[oktay50000]

Thanks for your enthusiasm !

We are busy "baking the cake" at the moment, but like all things it takes a while.

thanks for your hard work mate..
any eta??

[jim618]

We've got it sending and receiving etc now but still have things like all the Preferences to do.

At the moment we have a 'placeholder' deterministic wallet that is very simple - Mike's going to be working on the HD wallet support in bitcoinj throughout March.

We don't really want people (except early beta testers) using it until we have proper HD wallets in as it will no doubt cause problems for people when the formats change.

It's still 'bleeding edge' at the moment.

[skivrmt]

This may seem like a silly and basic question, but I have most of my coins stored on 2 different laptops with 2 different MultiBit accounts.  If I export private keys to a USB drive is that enough should one of my computers ever crash or get infected?  I'm assuming no seed on MultiBit classic, correct?

Thanks for any help!