Does Electrum actually use the derivation path specified during setup?

[msafi]

When creating a new wallet with a BIP39 seed, Electrum gives me the option to specify a derivation path. I usually leave it at the default, m/84'/1'/0'.

As you can see, the default has hardened derivation at all levels. This tells me that the addresses that this wallet will generate will use my master private key as the root. But if I check the details of the first generated address, it shows the derivation path of that address as m/0/0. That's the first clue that Electrum didn't use the original derivation path.

Another clue is when I create a watch-only wallet with the master public key. In that case, Electrum is able to re-create my addresses, which I thought were hardened.

What's going on here? I'd like to understand.

[jackg]

Hardened adrresses still have an extended public key it's just that it's harder (could be impossible) to find a private key given another private key of the wallet and the extended public key.

I think the derivation path is for electrums internal compatibility and probably doesn't mean much but I could be wrong.

[HCP]

Basically, Electrum generates the "extended key" at m/84'/0'/0' and then uses that extended key as the root key... it then starts generating addresses as m/0/0, m/0/1, m/0/2 etc. (which are actually equivalent to: m/84'/0'/0'/0/0 etc)

You can test this using Ian Coleman's BIP39 mnemonic converter:

Code: (Test Mnemonic)

humble shoe steel champion good fall manual okay carbon eye bamboo minimum

Code: (BIP32 Root Key)

zprvAWgYBBk7JR8GjBZDbo7MdVF9joK6GY581EeVAFTuPrqnDimH8bCqnSr7UNCr9Xo2YV8637rAAUNtGqqBNNF14NY37fu4B6WmV3wUxHmoMAB

Select BIP84 tab... gives us these account extended keys:


and this address:


So wee get an Account extended private key of:

Code: (BIP32 ACCOUNT Extended Private Key)

zprvAe4w8ERG69nfgjYSwkzaRokCDBrnaXPQykiBv6fDpFTkDiWDjBHJhQkeXJAKFAGdruUzict2rq5FfKPZRfv4qmvBrYzTLVXwoF2qXXjpHWy

and the matching account extended public key:

Code: (BIP32 ACCOUNT Extended Public Key)

zpub6s4HXjx9vXLxuDcv3nXanwgvmDhGyz7GLydniV4qNazj6WqNGibZFD58NYQBKk7yLcx3jTo87vxqG86CjpqFpXdUeSXQRTubZaxehpSvnEY

Which matches the one displayed by Electrum:



And these are the keys that Electrum stores in a BIP39 keystore/wallet file:



If we use this account extended private key as the BIP32 root key at the top:



Select BIP141 and use "m/0":



We can see we derive the same addresses, with the path m/0/0:



And because it's not hardened, you are able to derive all the addresses from the the matching "account extended pubkey"... you can also test this by putting the account extended pubkey in as the BIP32 root key, selecting BIP141 tab and setting derivation to m/0... you'll get the same bc1qs702fa457e4qyqwz7e0pcwlp2cz0400h8lfu6h address

I suspect this is "by design", so you can actually use the "pubkey" to create watching-only wallets for cold storage setups etc.

[o_e_l_e_o]

Hardened adrresses still have an extended public key it's just that it's harder (could be impossible) to find a private key given another private key of the wallet and the extended public key.

The parent extended public key is not used at all in the generation of hardened children. Hardened children are derived solely from the parent extended private key and the index. For this reason, it is indeed impossible to derive the private keys of hardened siblings by knowing a single private key and the parent extended public key.

[pooya87]

Hardened adrresses still have an extended public key it's just that it's harder (could be impossible) to find a private key given another private key of the wallet and the extended public key.

The parent extended public key is not used at all in the generation of hardened children. Hardened children are derived solely from the parent extended private key and the index. For this reason, it is indeed impossible to derive the private keys of hardened siblings by knowing a single private key and the parent extended public key.

is there any implementation that uses hardened keys?
all the paths i have seen with hardened paths use hardened indexes all the way to the child then the child key itself is regular. like BIP-44 where the path for each key is m/44'/0'/0'/0/0 m/44'/0'/0'/0/1,...

[o_e_l_e_o]

is there any implementation that uses hardened keys?

Well, Bitcoin Core uses m/0'/0'/i' as default, so hardened keys all the way down to the address index.

I suppose some other older wallets which still use BIP 32 for their derivation paths rather than the more common BIP 44/49/84 may still use hardened keys at all levels, but given almost all wallets now follow BIP 44/49/84, I'm not familiar with any.

[pooya87]

is there any implementation that uses hardened keys?

Well, Bitcoin Core uses m/0'/0'/i' as default, so hardened keys all the way down to the address index.

I suppose some other older wallets which still use BIP 32 for their derivation paths rather than the more common BIP 44/49/84 may still use hardened keys at all levels, but given almost all wallets now follow BIP 44/49/84, I'm not familiar with any.

that makes sense.
i believe wallets that are designed like Electrum that have focused on both BIP-32 (HD wallets) and cold storage mode (offline-online) must use non-hardened addresses because if they don't the online-offline mode won't work since it requires master public key only on the online wallet.
core doesn't have this feature so it gets away with it.

[MOCOSAARGENTINA]

is there any implementation that uses hardened keys?

Well, Bitcoin Core uses m/0'/0'/i' as default, so hardened keys all the way down to the address index.

I suppose some other older wallets which still use BIP 32 for their derivation paths rather than the more common BIP 44/49/84 may still use hardened keys at all levels, but given almost all wallets now follow BIP 44/49/84, I'm not familiar with any.

that makes sense.
i believe wallets that are designed like Electrum that have focused on both BIP-32 (HD wallets) and cold storage mode (offline-online) must use non-hardened addresses because if they don't the online-offline mode won't work since it requires master public key only on the online wallet.
core doesn't have this feature so it gets away with it.

i whave a question.. Hugs from Argentina.
I have Electrum Wallet.
Standard wallet.
Native Segwit
BIP32

where can i get the path? is just m/0 ?
if i use https://iancoleman.io/bip39/
give me an error because my wallet still use bip32, (but is native segwit)

i 'm just  learning...
have you clear this subject?
 

[HCP]

i whave a question.. Hugs from Argentina.
I have Electrum Wallet.
Standard wallet.
Native Segwit
BIP32

where can i get the path? is just m/0 ?
if i use https://iancoleman.io/bip39/
give me an error because my wallet still use bip32, (but is native segwit)

Do you have an Electrum seed mnemonic (ie. one that was generated by Electrum)... or is it a BIP39 compatible seed mnemonic (generated somewhere else)?

If it is an Electrum Seed mnemonic, you will not be able to use Ian Coleman's tool... as Electrum Seed mnemonics are slightly different to BIP39 seed mnemonics... and Ian Coleman's tool only works with BIP39 seeds.

If you have an Electrum Seed and want to test it... try this: https://github.com/FarCanary/ElectrumSeedTester

Is it a fork of Ian Coleman's tool, that has been modified to work with Electrum seeds. It should generate the same addresses as Electrum does. Download it and run it offline... it is just a single .html file to download and open in your browser.

[pooya87]

I have Electrum Wallet.
Standard wallet.
Native Segwit
where can i get the path? is just m/0 ?

Native SegWit addresses in a standard wallet in Electrum are derived using m/0'/0/ path. It is hard coded in Electrum's source code[1] and is different based on the address type.
You can't use IanColeman tool because as HCP said it doesn't work for Electrum mnemonics since they use a different algorithm compared to BIP39.
By the way you must never enter your actual seed phrase in any website ever. If you want to try these online tools then you should go to their github repository and download the source code and run it offline. If you have done otherwise you should move your funds to a new wallet since your seed could be compromised already.

[1] https://github.com/spesmilo/electrum/blob/29d13eb32f2ed26b426aef7f3ed1ddcd93a6135d/electrum/keystore.py#L1045-L1064

[MOCOSAARGENTINA]

i whave a question.. Hugs from Argentina.
I have Electrum Wallet.
Standard wallet.
Native Segwit
BIP32

where can i get the path? is just m/0 ?
if i use https://iancoleman.io/bip39/
give me an error because my wallet still use bip32, (but is native segwit)

Do you have an Electrum seed mnemonic (ie. one that was generated by Electrum)... or is it a BIP39 compatible seed mnemonic (generated somewhere else)?

If it is an Electrum Seed mnemonic, you will not be able to use Ian Coleman's tool... as Electrum Seed mnemonics are slightly different to BIP39 seed mnemonics... and Ian Coleman's tool only works with BIP39 seeds.

If you have an Electrum Seed and want to test it... try this: https://github.com/FarCanary/ElectrumSeedTester

Is it a fork of Ian Coleman's tool, that has been modified to work with Electrum seeds. It should generate the same addresses as Electrum does. Download it and run it offline... it is just a single .html file to download and open in your browser.

Thanks HCP and pooya87 to respond. I have the 12 words on Electrum bip32, yes. Generated by them.

i tried and it works fine! thanks! that was!.