Generate addresses independently of Electrum

[anon4250158]

I'm trying to make a version of https://iancoleman.io/bip39/ in java for my own use (mostly to learn about HD wallets).  I seem to have gotten it down, except for Electrum-generated addresses.  Here's what I know about Electrum's differences:

1. Electrum uses a version system that only allows certain mnemonics
2. When generating the seed, Electrum concats the passphrase to "electrum" instead of "mnemonic" to generate the PBKDF2 HMAC

It took a few minutes, but I found a 3-word mnemonic that is both BIP39 and Electrum (standard) compatible: "friend deposit glove".  If I go to New/Restore wallet and choose BIP39 (no passphrase), it generates the same as Ian Coleman and mine: 1BPEpJbnex8z19J9eDfbMakD7d5b9fa5KX (m/44'/0'/0'/0 index 0), etc.  However, if I just use Electrum standard with no passphrase, it generates 1N3UPoVAkX7pQanefb8aAAZGLrMpxC1EYX.  I'm not getting that with any of the following derivation paths: m/0, m/0', m/44'/0'/0'/0.

So, I have 2 questions:
1. What are the default derivation paths Electrum uses?
2. Are there any other internal differences for generating addresses like #2 above?

I'm trying to follow the source code, but it's a lot easier to write code than read it.

[1713564456]

1713564456

[1713564456]

1713564456

[1713564456]

1713564456

[1713564456]

1713564456

[1713564456]

1713564456

[anon4250158]

Well this is dumb.  My code was generating the uncompressed addresses, not the proper compressed ones.  m/0 is the proper derivation path for standard p2pkh addresses.  

I'd still like to know what derivation path Electrum uses for segwit bech32 p2wpkh addresses.

[Abdussamad]

it uses bip84 for bech32 addresses. only one account is used (0').

https://github.com/bitcoin/bips/blob/master/bip-0084.mediawiki

keystore.py has code relevant to derivation paths but it's a bit of a mess really. there's no one function or set of constants AFAICT. it's spread out.

[anon4250158]

I've tried m/84'/0'/0' , m/84'/0'/0'/0' , and m/84'/0'/0'/0 with valid Electrum segwit and BIP39 mnemonic "abandon about razor", but I'm not getting the same result as Electrum (bc1qp0efh7jms7f580e7nnywjg5vzm90njm0rdvqpe for index 0).  Everything matches the results from BIP84 in Ian Coleman, so I'm not sure what's going wrong here.

[HCP]

Check out the project here: https://github.com/FarCanary/ElectrumSeedTester

Using that it generates the Address: bc1qp0efh7jms7f580e7nnywjg5vzm90njm0rdvqpe from the mnemonic "abandon about razor"

BIP32 Root Key: zprvAWgYBBk7JR8Gjbwr8fxvpq5zF33z4wyGYduJVPhcab4iUm8CfePDbKcf2u1pTmgsUwNGGMQdPTN XGkjj9iNqTsRoSQde254shHJJtXe8Weh
BIP32 Derivation Path used: m/0'/0
BIP32 extended private key: zprvAc8htgxrZRryygy2zcbcRFb9C7ybGYhmfJ4PX34YXpfSoorUJugPgUNmdBuNmDgUodvCXMcu3iy 8AMdTCmLZx42hTjvpLcQ74mLdegJzBzC

m/0'/0/0   bc1qp0efh7jms7f580e7nnywjg5vzm90njm0rdvqpe   02cd91d2ca04f60a727bbb86bd5869135069f5ec516da31ef8fc5edd4ba39af240   KyiVJaSALAurEwB9BzoCe7cGR6gQc96f1B8Y3eCmNKuBBDyyvKwf

[Abdussamad]

I've tried m/84'/0'/0' , m/84'/0'/0'/0' , and m/84'/0'/0'/0 with valid Electrum segwit and BIP39 mnemonic "abandon about razor", but I'm not getting the same result as Electrum (bc1qp0efh7jms7f580e7nnywjg5vzm90njm0rdvqpe for index 0).  Everything matches the results from BIP84 in Ian Coleman, so I'm not sure what's going wrong here.

First of all that mnemonic is not valid bip39 according to electrum but it is according to the ian coleman site. Regardless you can still create a bip39 wallet with it in electrum. The way to do this is to make sure to click on options and choose bip39 in the seed entry step and in the next step choose native segwit as the derivation path. If you do this you will get addresses that match the bip84 derivation path option on iancoleman's site (m/84'/0'/0'/0).

That mnemonic is also a valid electrum seed so if you don't click on options and check bip39 electrum will use a different method to convert to the binary seed (2 in the op) and as a result you get different addresses.

So overall you have to pay attention to details like these.

[anon4250158]

Check out the project here: https://github.com/FarCanary/ElectrumSeedTester

Using that it generates the Address: bc1qp0efh7jms7f580e7nnywjg5vzm90njm0rdvqpe from the mnemonic "abandon about razor"

BIP32 Root Key: zprvAWgYBBk7JR8Gjbwr8fxvpq5zF33z4wyGYduJVPhcab4iUm8CfePDbKcf2u1pTmgsUwNGGMQdPTN XGkjj9iNqTsRoSQde254shHJJtXe8Weh
BIP32 Derivation Path used: m/0'/0
BIP32 extended private key: zprvAc8htgxrZRryygy2zcbcRFb9C7ybGYhmfJ4PX34YXpfSoorUJugPgUNmdBuNmDgUodvCXMcu3iy 8AMdTCmLZx42hTjvpLcQ74mLdegJzBzC

m/0'/0/0   bc1qp0efh7jms7f580e7nnywjg5vzm90njm0rdvqpe   02cd91d2ca04f60a727bbb86bd5869135069f5ec516da31ef8fc5edd4ba39af240   KyiVJaSALAurEwB9BzoCe7cGR6gQc96f1B8Y3eCmNKuBBDyyvKwf

Thanks for this.  My code returns the same address now that I have the proper derivation path.

I've tried m/84'/0'/0' , m/84'/0'/0'/0' , and m/84'/0'/0'/0 with valid Electrum segwit and BIP39 mnemonic "abandon about razor", but I'm not getting the same result as Electrum (bc1qp0efh7jms7f580e7nnywjg5vzm90njm0rdvqpe for index 0).  Everything matches the results from BIP84 in Ian Coleman, so I'm not sure what's going wrong here.

First of all that mnemonic is not valid bip39 according to electrum but it is according to the ian coleman site. Regardless you can still create a bip39 wallet with it in electrum. The way to do this is to make sure to click on options and choose bip39 in the seed entry step and in the next step choose native segwit as the derivation path. If you do this you will get addresses that match the bip84 derivation path option on iancoleman's site (m/84'/0'/0'/0).

That mnemonic is also a valid electrum seed so if you don't click on options and check bip39 electrum will use a different method to convert to the binary seed (2 in the op) and as a result you get different addresses.

So overall you have to pay attention to details like these.

I'm guessing Electrum would find "abandon about razor" to be valid, but according to the source code, it will return a failed checksum if the mnemonic is less than 12 words before actually calculating the checksum.  I have next to no experience with Python, so following the code has been difficult.  Nowhere could I find the m/0'/0 derivation path that leads to p2wpkh addresses even after HCP demonstrated that was what is used.  I guess it would be nice if the derivation paths were clearly set as constants in the code.  Thanks for your help.

[HCP]

That stuff seems to happen in bip32.py.

Check the derivation path related functions at the end of the file: https://github.com/spesmilo/electrum/blob/master/electrum/bip32.py#L276-L343


EDIT: Actually, it's probably more clear in the base_wizard.py: https://github.com/spesmilo/electrum/blob/fb76fcc886b7c999387a6676f479678df742fdaa/electrum/base_wizard.py#L397-L399

You can see if sets up the derivation points there based on user choice of type... this then uses the bip44_derivation() function in keystore.py to set the path: https://github.com/spesmilo/electrum/blob/fb76fcc886b7c999387a6676f479678df742fdaa/electrum/keystore.py#L791-L793