GitHub - Bit-Wasp/multisig: Demonstration of multi ...
BIP 0045 - Bitcoin Wiki
Please help alpha test Ninki Wallet, the worlds first social, BIP32 MultiSig Bitcoin wallet! https://ninkip2p.com
https://ninkip2p.com Here is a screenshot: http://imgur.com/6bW7UZ9 We currently only support Chrome, Safari and Firefox Ninki Wallet Hi, been working on this like madmen for the last few months. Looking for people to help out with an Alpha test. The wallet currently runs on a private TestNet, sign up and in "Add a Contact" put in ninki and hit "Add Contact" I'll send you some coin Some basic specs: Secure - Multi-sig 2 of 3 wallet, the user has 2 keys, we have 1. We do not know your private keys (or even your public keys), all data is encrypted with your password. Private - BIP32- addresses are never reused, communication between contacts uses RSA public/private key encryption Social- BIP32 Social, add contacts and automatically assign them to a BIP32 node. You never need to see a Bitcoin address again to send them coin, and they never need to ask you for an address to send! Master public key exchange is done via RSA public/private key encryption with an optional out of band validation code available. Transfer Limits- You can setup transfer limits which we control via our part of the multi-sig addresses. You need to setup 2FA to change these limits. They currently default to: Daily Transaction Limit: 0.1 Single Transaction Limit: 1 Number Of Transactions Per Day: 10 Number Of Transactions Per Hour: 4 The philosophy behind the wallet is bringing these advanced features of the Bitcoin protocol to a well designed and usable site. I'm sure there will be lots of questions and I am here to answer! Would really appreciate any bug reports / opinions on what needs to be improved / features to add.
Hello, Found an older wallet that I forgot about. It has PRE BSV split BCH in it. Can you still send these to CoinEx and the split appears with your BSV? Is there anything easier than that? I don't have the 12 word seed. (BIP 39?) I have an older version seed. This wallet was created many years ago on BTC.comBTC.com extraction tool is failing on me. I had that problem in the past. I HAVE NOT SENT THE BALANCE back to me so from what I understand I have not done any replay protection
Dear Groestlers, it goes without saying that 2020 has been a difficult time for millions of people worldwide. The groestlcoin team would like to take this opportunity to wish everyone our best to everyone coping with the direct and indirect effects of COVID-19. Let it bring out the best in us all and show that collectively, we can conquer anything. The centralised banks and our national governments are facing unprecedented times with interest rates worldwide dropping to record lows in places. Rest assured that this can only strengthen the fundamentals of all decentralised cryptocurrencies and the vision that was seeded with Satoshi's Bitcoin whitepaper over 10 years ago. Despite everything that has been thrown at us this year, the show must go on and the team will still progress and advance to continue the momentum that we have developed over the past 6 years. In addition to this, we'd like to remind you all that this is Groestlcoin's 6th Birthday release! In terms of price there have been some crazy highs and lows over the years (with highs of around $2.60 and lows of $0.000077!), but in terms of value– Groestlcoin just keeps getting more valuable! In these uncertain times, one thing remains clear – Groestlcoin will keep going and keep innovating regardless. On with what has been worked on and completed over the past few months.
UPDATED - Groestlcoin Core 2.18.2
This is a major release of Groestlcoin Core with many protocol level improvements and code optimizations, featuring the technical equivalent of Bitcoin v0.18.2 but with Groestlcoin-specific patches. On a general level, most of what is new is a new 'Groestlcoin-wallet' tool which is now distributed alongside Groestlcoin Core's other executables. NOTE: The 'Account' API has been removed from this version which was typically used in some tip bots. Please ensure you check the release notes from 2.17.2 for details on replacing this functionality.
Builds are now done through Gitian
Calls to getblocktemplate will fail if the segwit rule is not specified. Calling getblocktemplate without segwit specified is almost certainly a misconfiguration since doing so results in lower rewards for the miner. Failed calls will produce an error message describing how to enable the segwit rule.
A warning is printed if an unrecognized section name is used in the configuration file. Recognized sections are [test], [main], and [regtest].
Four new options are available for configuring the maximum number of messages that ZMQ will queue in memory (the "high water mark") before dropping additional messages. The default value is 1,000, the same as was used for previous releases.
The rpcallowip option can no longer be used to automatically listen on all network interfaces. Instead, the rpcbind parameter must be used to specify the IP addresses to listen on. Listening for RPC commands over a public network connection is insecure and should be disabled, so a warning is now printed if a user selects such a configuration. If you need to expose RPC in order to use a tool like Docker, ensure you only bind RPC to your localhost, e.g. docker run [...] -p 127.0.0.1:1441:1441 (this is an extra :1441 over the normal Docker port specification).
The rpcpassword option now causes a startup error if the password set in the configuration file contains a hash character (#), as it's ambiguous whether the hash character is meant for the password or as a comment.
The whitelistforcerelay option is used to relay transactions from whitelisted peers even when not accepted to the mempool. This option now defaults to being off, so that changes in policy and disconnect/ban behavior will not cause a node that is whitelisting another to be dropped by peers.
A new short about the JSON-RPC interface describes cases where the results of anRPC might contain inconsistencies between data sourced from differentsubsystems, such as wallet state and mempool state.
A new document introduces Groestlcoin Core's BIP174 interface, which is used to allow multiple programs to collaboratively work to create, sign, and broadcast new transactions. This is useful for offline (cold storage) wallets, multisig wallets, coinjoin implementations, and many other cases where two or more programs need to interact to generate a complete transaction.
The output script descriptor (https://github.com/groestlcoin/groestlcoin/blob/mastedoc/descriptors.md) documentation has been updated with information about new features in this still-developing language for describing the output scripts that a wallet or other program wants to receive notifications for, such as which addresses it wants to know received payments. The language is currently used in multiple new and updated RPCs described in these release notes and is expected to be adapted to other RPCs and to the underlying wallet structure.
A new --disable-bip70 option may be passed to ./configure to prevent Groestlcoin-Qt from being built with support for the BIP70 payment protocol or from linking libssl. As the payment protocol has exposed Groestlcoin Core to libssl vulnerabilities in the past, builders who don't need BIP70 support are encouraged to use this option to reduce their exposure to future vulnerabilities.
The minimum required version of Qt (when building the GUI) has been increased from 5.2 to 5.5.1 (the depends system provides 5.9.7)
getnodeaddresses returns peer addresses known to this node. It may be used to find nodes to connect to without using a DNS seeder.
listwalletdir returns a list of wallets in the wallet directory (either the default wallet directory or the directory configured bythe -walletdir parameter).
getrpcinfo returns runtime details of the RPC server. Currently, it returns an array of the currently active commands and how long they've been running.
deriveaddresses returns one or more addresses corresponding to an output descriptor.
getdescriptorinfo accepts a descriptor and returns information aboutit, including its computed checksum.
joinpsbts merges multiple distinct PSBTs into a single PSBT. The multiple PSBTs must have different inputs. The resulting PSBT will contain every input and output from all the PSBTs. Any signatures provided in any of the PSBTs will be dropped.
analyzepsbt examines a PSBT and provides information about what the PSBT contains and the next steps that need to be taken in order to complete the transaction. For each input of a PSBT, analyze psbt provides information about what information is missing for that input, including whether a UTXO needs to be provided, what pubkeys still need to be provided, which scripts need to be provided, and what signatures are still needed. Every input will also list which role is needed to complete that input, and analyzepsbt will also list the next role in general needed to complete the PSBT. analyzepsbt will also provide the estimated fee rate and estimated virtual size of the completed transaction if it has enough information to do so.
utxoupdatepsbt searches the set of Unspent Transaction Outputs (UTXOs) to find the outputs being spent by the partial transaction. PSBTs need to have the UTXOs being spent to be provided because the signing algorithm requires information from the UTXO being spent. For segwit inputs, only the UTXO itself is necessary. For non-segwit outputs, the entire previous transaction is needed so that signers can be sure that they are signing the correct thing. Unfortunately, because the UTXO set only contains UTXOs and not full transactions, utxoupdatepsbt will only add the UTXO for segwit inputs.
getpeerinfo now returns an additional minfeefilter field set to the peer's BIP133 fee filter. You can use this to detect that you have peers that are willing to accept transactions below the default minimum relay fee.
The mempool RPCs, such as getrawmempool with verbose=true, now return an additional "bip125-replaceable" value indicating whether thetransaction (or its unconfirmed ancestors) opts-in to asking nodes and miners to replace it with a higher-feerate transaction spending any of the same inputs.
settxfee previously silently ignored attempts to set the fee below the allowed minimums. It now prints a warning. The special value of"0" may still be used to request the minimum value.
getaddressinfo now provides an ischange field indicating whether the wallet used the address in a change output.
importmulti has been updated to support P2WSH, P2WPKH, P2SH-P2WPKH, and P2SH-P2WSH. Requests for P2WSH and P2SH-P2WSH accept an additional witnessscript parameter.
importmulti now returns an additional warnings field for each request with an array of strings explaining when fields are being ignored or are inconsistent, if there are any.
getaddressinfo now returns an additional solvable Boolean field when Groestlcoin Core knows enough about the address's scriptPubKey, optional redeemScript, and optional witnessScript for the wallet to be able to generate an unsigned input spending funds sent to that address.
The getaddressinfo, listunspent, and scantxoutset RPCs now return an additional desc field that contains an output descriptor containing all key paths and signing information for the address (except for the private key). The desc field is only returned for getaddressinfo and listunspent when the address is solvable.
importprivkey will preserve previously-set labels for addresses or public keys corresponding to the private key being imported. For example, if you imported a watch-only address with the label "coldwallet" in earlier releases of Groestlcoin Core, subsequently importing the private key would default to resetting the address's label to the default empty-string label (""). In this release, the previous label of "cold wallet" will be retained. If you optionally specify any label besides the default when calling importprivkey, the new label will be applied to the address.
getmininginfo now omits currentblockweight and currentblocktx when a block was never assembled via RPC on this node.
The getrawtransaction RPC & REST endpoints no longer check the unspent UTXO set for a transaction. The remaining behaviors are as follows:
If a blockhash is provided, check the corresponding block.
If no blockhash is provided, check the mempool.
If no blockhash is provided but txindex is enabled, also check txindex.
unloadwallet is now synchronous, meaning it will not return until the wallet is fully unloaded.
importmulti now supports importing of addresses from descriptors. A desc parameter can be provided instead of the "scriptPubKey" in are quest, as well as an optional range for ranged descriptors to specify the start and end of the range to import. Descriptors with key origin information imported through importmulti will have their key origin information stored in the wallet for use with creating PSBTs.
listunspent has been modified so that it also returns witnessScript, the witness script in the case of a P2WSH orP2SH-P2WSH output.
createwallet now has an optional blank argument that can be used to create a blank wallet. Blank wallets do not have any keys or HDseed. They cannot be opened in software older than 2.18.2. Once a blank wallet has a HD seed set (by using sethdseed) or private keys, scripts, addresses, and other watch only things have been imported, the wallet is no longer blank and can be opened in 2.17.2. Encrypting a blank wallet will also set a HD seed for it.
signrawtransaction is removed after being deprecated and hidden behind a special configuration option in version 2.17.2.
The 'account' API is removed after being deprecated in v2.17.2 The 'label' API was introduced in v2.17.2 as a replacement for accounts. See the release notes from v2.17.2 for a full description of the changes from the 'account' API to the 'label' API.
addwitnessaddress is removed after being deprecated in version 2.16.0.
generate is deprecated and will be fully removed in a subsequent major version. This RPC is only used for testing, but its implementation reached across multiple subsystems (wallet and mining), so it is being deprecated to simplify the wallet-node interface. Projects that are using generate for testing purposes should transition to using the generatetoaddress RPC, which does not require or use the wallet component. Calling generatetoaddress with an address returned by the getnewaddress RPC gives the same functionality as the old generate RPC. To continue using generate in this version, restart groestlcoind with the -deprecatedrpc=generate configuration option.
Be reminded that parts of the validateaddress command have been deprecated and moved to getaddressinfo. The following deprecated fields have moved to getaddressinfo: ismine, iswatchonly,script, hex, pubkeys, sigsrequired, pubkey, embedded,iscompressed, label, timestamp, hdkeypath, hdmasterkeyid.
The addresses field has been removed from the validateaddressand getaddressinfo RPC methods. This field was confusing since it referred to public keys using their P2PKH address. Clients should use the embedded.address field for P2SH or P2WSH wrapped addresses, and pubkeys for inspecting multisig participants.
A new /rest/blockhashbyheight/ endpoint is added for fetching the hash of the block in the current best blockchain based on its height (how many blocks it is after the Genesis Block).
A new Window menu is added alongside the existing File, Settings, and Help menus. Several items from the other menus that opened new windows have been moved to this new Window menu.
In the Send tab, the checkbox for "pay only the required fee" has been removed. Instead, the user can simply decrease the value in the Custom Fee rate field all the way down to the node's configured minimumrelay fee.
In the Overview tab, the watch-only balance will be the only balance shown if the wallet was created using the createwallet RPC and thedisable_private_keys parameter was set to true.
The launch-on-startup option is no longer available on macOS if compiled with macosx min version greater than 10.11 (useCXXFLAGS="-mmacosx-version-min=10.11" CFLAGS="-mmacosx-version-min=10.11" for setting the deployment sdkversion)
A new groestlcoin-wallet tool is now distributed alongside Groestlcoin Core's other executables. Without needing to use any RPCs, this tool can currently create a new wallet file or display some basic information about an existing wallet, such as whether the wallet is encrypted, whether it uses an HD seed, how many transactions it contains, and how many address book entries it has.
Since version 2.16.0, Groestlcoin Core's built-in wallet has defaulted to generating P2SH-wrapped segwit addresses when users want to receive payments. These addresses are backwards compatible with all widely used software. Starting with Groestlcoin Core 2.20.1 (expected about a year after 2.18.2), Groestlcoin Core will default to native segwitaddresses (bech32) that provide additional fee savings and other benefits. Currently, many wallets and services already support sending to bech32 addresses, and if the Groestlcoin Core project sees enough additional adoption, it will instead default to bech32 receiving addresses in Groestlcoin Core 2.19.1. P2SH-wrapped segwit addresses will continue to be provided if the user requests them in the GUI or by RPC, and anyone who doesn't want the update will be able to configure their default address type. (Similarly, pioneering users who want to change their default now may set the addresstype=bech32 configuration option in any Groestlcoin Core release from 2.16.0 up.)
BIP 61 reject messages are now deprecated. Reject messages have no use case on the P2P network and are only logged for debugging by most network nodes. Furthermore, they increase bandwidth and can be harmful for privacy and security. It has been possible to disable BIP 61 messages since v2.17.2 with the -enablebip61=0 option. BIP 61 messages will be disabled by default in a future version, before being removed entirely.
The submitblock RPC previously returned the reason a rejected block was invalid the first time it processed that block but returned a generic "duplicate" rejection message on subsequent occasions it processed the same block. It now always returns the fundamental reason for rejecting an invalid block and only returns "duplicate" for valid blocks it has already accepted.
A new submitheader RPC allows submitting block headers independently from their block. This is likely only useful for testing.
The signrawtransactionwithkey and signrawtransactionwithwallet RPCs have been modified so that they also optionally accept a witnessScript, the witness script in the case of a P2WSH orP2SH-P2WSH output. This is compatible with the change to listunspent.
For the walletprocesspsbt and walletcreatefundedpsbt RPCs, if thebip32derivs parameter is set to true but the key metadata for a public key has not been updated yet, then that key will have a derivation path as if it were just an independent key (i.e. no derivation path and its master fingerprint is itself).
The -usehd configuration option was removed in version 2.16.0 From that version onwards, all new wallets created are hierarchical deterministic wallets. This release makes specifying -usehd an invalid configuration option.
This release allows peers that your node automatically disconnected for misbehaviour (e.g. sending invalid data) to reconnect to your node if you have unused incoming connection slots. If your slots fill up, a misbehaving node will be disconnected to make room for nodes without a history of problems (unless the misbehaving node helps your node in some other way, such as by connecting to a part of the Internet from which you don't have many other peers). Previously, Groestlcoin Core banned the IP addresses of misbehaving peers for a period (default of 1 day); this was easily circumvented by attackers with multiple IP addresses. If you manually ban a peer, such as by using the setban RPC, all connections from that peer will still be rejected.
The key metadata will need to be upgraded the first time that the HDseed is available. For unencrypted wallets this will occur on wallet loading. For encrypted wallets this will occur the first time the wallet is unlocked.
Newly encrypted wallets will no longer require restarting the software. Instead such wallets will be completely unloaded and reloaded to achieve the same effect.
A sub-project of Bitcoin Core now provides Hardware Wallet Interaction (HWI) scripts that allow command-line users to use several popular hardware key management devices with Groestlcoin Core. See their project page for details.
This release changes the Random Number Generator (RNG) used from OpenSSL to Groestlcoin Core's own implementation, although entropy gathered by Groestlcoin Core is fed out to OpenSSL and then read back in when the program needs strong randomness. This moves Groestlcoin Core a little closer to no longer needing to depend on OpenSSL, a dependency that has caused security issues in the past. The new implementation gathers entropy from multiple sources, including from hardware supporting the rdseed CPU instruction.
On macOS, Groestlcoin Core now opts out of application CPU throttling ("app nap") during initial blockchain download, when catching up from over 100 blocks behind the current chain tip, or when reindexing chain data. This helps prevent these operations from taking an excessively long time because the operating system is attempting to conserve power.
How to Upgrade?
Windows If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), then run the installer. OSX If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), run the dmg and drag Groestlcoin Core to Applications. Ubuntu http://groestlcoin.org/forum/index.php?topic=441.0
ALL NEW - Groestlcoin Moonshine iOS/Android Wallet
Built with React Native, Moonshine utilizes Electrum-GRS's JSON-RPC methods to interact with the Groestlcoin network. GRS Moonshine's intended use is as a hot wallet. Meaning, your keys are only as safe as the device you install this wallet on. As with any hot wallet, please ensure that you keep only a small, responsible amount of Groestlcoin on it at any given time.
Groestlcoin Mainnet & Testnet supported
Multiple wallet support
Electrum - Support for both random and custom peers
Biometric + Pin authentication
Custom fee selection
Import mnemonic phrases via manual entry or scanning
BIP39 Passphrase functionality
Support for Segwit-compatible & legacy addresses in settings
Support individual private key sweeping
UTXO blacklisting - Accessible via the Transaction Detail view, this allows users to blacklist any utxo that they do not wish to include in their list of available utxo's when sending transactions. Blacklisting a utxo excludes its amount from the wallet's total balance.
Ability to Sign & Verify Messages
Support BitID for password-free authentication
Coin Control - This can be accessed from the Send Transaction view and basically allows users to select from a list of available UTXO's to include in their transaction.
HODL GRS connects directly to the Groestlcoin network using SPV mode and doesn't rely on servers that can be hacked or disabled. HODL GRS utilizes AES hardware encryption, app sandboxing, and the latest security features to protect users from malware, browser security holes, and even physical theft. Private keys are stored only in the secure enclave of the user's phone, inaccessible to anyone other than the user. Simplicity and ease-of-use is the core design principle of HODL GRS. A simple recovery phrase (which we call a Backup Recovery Key) is all that is needed to restore the user's wallet if they ever lose or replace their device. HODL GRS is deterministic, which means the user's balance and transaction history can be recovered just from the backup recovery key.
Simplified payment verification for fast mobile performance
Groestlcoin Seed Savior is a tool for recovering BIP39 seed phrases. This tool is meant to help users with recovering a slightly incorrect Groestlcoin mnemonic phrase (AKA backup or seed). You can enter an existing BIP39 mnemonic and get derived addresses in various formats. To find out if one of the suggested addresses is the right one, you can click on the suggested address to check the address' transaction history on a block explorer.
If a word is wrong, the tool will try to suggest the closest option.
If a word is missing or unknown, please type "?" instead and the tool will find all relevant options.
NOTE: NVidia GPU or any CPU only. AMD graphics cards will not work with this address generator. VanitySearch is a command-line Segwit-capable vanity Groestlcoin address generator. Add unique flair when you tell people to send Groestlcoin. Alternatively, VanitySearch can be used to generate random addresses offline. If you're tired of the random, cryptic addresses generated by regular groestlcoin clients, then VanitySearch is the right choice for you to create a more personalized address. VanitySearch is a groestlcoin address prefix finder. If you want to generate safe private keys, use the -s option to enter your passphrase which will be used for generating a base key as for BIP38 standard (VanitySearch.exe -s "My PassPhrase" FXPref). You can also use VanitySearch.exe -ps "My PassPhrase" which will add a crypto secure seed to your passphrase. VanitySearch may not compute a good grid size for your GPU, so try different values using -g option in order to get the best performances. If you want to use GPUs and CPUs together, you may have best performances by keeping one CPU core for handling GPU(s)/CPU exchanges (use -t option to set the number of CPU threads).
Fixed size arithmetic
Fast Modular Inversion (Delayed Right Shift 62 bits)
SecpK1 Fast modular multiplication (2 steps folding 512bits to 256bits using 64 bits digits)
Use some properties of elliptic curve to generate more keys
SSE Secure Hash Algorithm SHA256 and RIPEMD160 (CPU)
Groestlcoin EasyVanity 2020 is a windows app built from the ground-up and makes it easier than ever before to create your very own bespoke bech32 address(es) when whilst not connected to the internet. If you're tired of the random, cryptic bech32 addresses generated by regular Groestlcoin clients, then Groestlcoin EasyVanity2020 is the right choice for you to create a more personalised bech32 address. This 2020 version uses the new VanitySearch to generate not only legacy addresses (F prefix) but also Bech32 addresses (grs1 prefix).
Ability to continue finding keys after first one is found
Includes warning on start-up if connected to the internet
Ability to output keys to a text file (And shows button to open that directory)
Show and hide the private key with a simple toggle switch
Show full output of commands
Ability to choose between Processor (CPU) and Graphics Card (GPU) ( NVidia ONLY! )
Features both a Light and Dark Material Design-Style Themes
Free software - MIT. Anyone can audit the code.
Written in C# - The code is short, and easy to review.
Groestlcoin WPF is an alternative full node client with optional lightweight 'thin-client' mode based on WPF. Windows Presentation Foundation (WPF) is one of Microsoft's latest approaches to a GUI framework, used with the .NET framework. Its main advantages over the original Groestlcoin client include support for exporting blockchain.dat and including a lite wallet mode. This wallet was previously deprecated but has been brought back to life with modern standards.
Works via TOR or SOCKS5 proxy
Can use bootstrap.dat format as blockchain database
Import/Export blockchain to/from bootstrap.dat
Import wallet.dat from Groestlcoin-qt wallet
Export wallet to wallet.dat
Use both groestlcoin-wpf and groestlcoin-qt with the same addresses in parallel. When you send money from one program, the transaction will automatically be visible on the other wallet.
Rescan blockchain with a simple mouse click
Works as a full node and listens to port 1331 (listening port can be changed)
Fast Block verifying, parallel processing on multi-core CPUs
Mine Groestlcoins with your CPU by a simple mouse click
All private keys are kept encrypted on your local machine (or on a USB stick)
Lite - Has a lightweight "thin client" mode which does not require a new user to download the entire Groestlcoin chain and store it
Free and decentralised - Open Source under GNU license
Fixed Import/Export to wallet.dat
Rescan wallet option
Change wallet password option
Address type and Change type options through *.conf file
Import from bootstrap.dat - It is a flat, binary file containing Groestlcoin blockchain data, from the genesis block through a recent height. All versions automatically validate and import the file "grs.bootstrap.dat" in the GRS directory. Grs.bootstrap.dat is compatible with Qt wallet. GroestlCoin-Qt can load from it.
In Full mode file %APPDATA%\Groestlcoin-WPF\GRS\GRS.bootstrap.dat is full blockchain in standard bootstrap.dat format and can be used with other clients.
Groestlcoin Electrum Personal Server aims to make using Electrum Groestlcoin wallet more secure and more private. It makes it easy to connect your Electrum-GRS wallet to your own full node. It is an implementation of the Electrum-grs server protocol which fulfils the specific need of using the Electrum-grs wallet backed by a full node, but without the heavyweight server backend, for a single user. It allows the user to benefit from all Groestlcoin Core's resource-saving features like pruning, blocks only and disabled txindex. All Electrum-GRS's feature-richness like hardware wallet integration, multi-signature wallets, offline signing, seed recovery phrases, coin control and so on can still be used, but connected only to the user's own full node. Full node wallets are important in Groestlcoin because they are a big part of what makes the system be trust-less. No longer do people have to trust a financial institution like a bank or PayPal, they can run software on their own computers. If Groestlcoin is digital gold, then a full node wallet is your own personal goldsmith who checks for you that received payments are genuine. Full node wallets are also important for privacy. Using Electrum-GRS under default configuration requires it to send (hashes of) all your Groestlcoin addresses to some server. That server can then easily spy on your transactions. Full node wallets like Groestlcoin Electrum Personal Server would download the entire blockchain and scan it for the user's own addresses, and therefore don't reveal to anyone else which Groestlcoin addresses they are interested in. Groestlcoin Electrum Personal Server can also broadcast transactions through Tor which improves privacy by resisting traffic analysis for broadcasted transactions which can link the IP address of the user to the transaction. If enabled this would happen transparently whenever the user simply clicks "Send" on a transaction in Electrum-grs wallet. Note: Currently Groestlcoin Electrum Personal Server can only accept one connection at a time.
Use your own node
Uses less CPU and RAM than ElectrumX
Used intermittently rather than needing to be always-on
Doesn't require an index of every Groestlcoin address ever used like on ElectrumX
UPDATED – Android Wallet 7.38.1 - Main Net + Test Net
The app allows you to send and receive Groestlcoin on your device using QR codes and URI links. When using this app, please back up your wallet and email them to yourself! This will save your wallet in a password protected file. Then your coins can be retrieved even if you lose your phone.
Add confidence messages, helping users to understand the confidence state of their payments.
Handle edge case when restoring via an external app.
Count devices with a memory class of 128 MB as low ram.
Introduce dark mode on Android 10 devices.
Reduce memory usage of PIN-protected wallets.
Tapping on the app's version will reveal a checksum of the APK that was installed.
Fix issue with confirmation of transactions that empty your wallet.
Groestlcoin Sentinel is a great solution for anyone who wants the convenience and utility of a hot wallet for receiving payments directly into their cold storage (or hardware wallets). Sentinel accepts XPUB's, YPUB'S, ZPUB's and individual Groestlcoin address. Once added you will be able to view balances, view transactions, and (in the case of XPUB's, YPUB's and ZPUB's) deterministically generate addresses for that wallet. Groestlcoin Sentinel is a fork of Groestlcoin Samourai Wallet with all spending and transaction building code removed.
bitWallet is a solid choice for iOS users wanting a free mobile wallet on the App Store. Very polished and feature rich, with minor pushtx workaround for spending. Not enough Apple/iOS users know about this app yet.
Hi! One of the wallet main devs here. Sorry about not having posted much status on reddit, but we've been very busy with the firm goal of releasing soon. (note about perks, I think Cody will be updating soon on those, we're not managing that so please keep this topic for wallet development questions or feedback) Anyways, we have been starting more public communications, starting from the mailing list:
This week we have been delayed due to personal reasons, but hope we can meet the deadline for next week (sorry ppl). Alpha will mean big features are complete (multisig, coinjoin, stealth) and must support testnet. We are very close to "feature complete" on the chrome version, firefox version shouldn't take much once we have the chrome one running where we're basing our testing. The idea is as soon as we can finish off coinjoin (missing just a few things there) we will be looking into testnet release in order to release an alpha where ppl can test with fake coins. There is also some details about multisig spending we need a few days to finish off (at least to make it more automatic like the coinjoin). All in all, most of the hard work is already behind us, we have the following:
Robust bip32 implementation (on top of bitcoinjs-lib that we personally review and will review more), using it extensively for "pocket" support (high level coin control).
Multisig creation and importing (also creating spends without signatures... easier spending will come soon)
Stealth impementation (current version needs testing but we've already successfully tested a previous version)
Secure logical communication channel (using Curve25519) - this means the communications could go on top of different transports without security requirements, this is what coinjoin is built on at the moment. Whe have chosen curve25519 since it will allow more advanced cryptographic protocols than plain bitcoin curves, we did test the same thing before using bitcoin curve encryption only. 25519 supports blind signatures.
Multi identity. This means you can switch identity at any moment, and we could even run several at the same time (for now just run one simultaneusly).
Qr scanning of course
Identicons as visual hashes for checking fingerprints
Showing as different btc units
Show balance or pay using any other fiat (as supported by bitcoinavg at the moment) as denomination.
Not to forget the work done also on the backend that Amir is leading:
Lots of stabilization, testing and improments on libbitcoin and obelisk
Gateway working as frontend for the wallets
Transaction broadcaster with radar for better feedback
Some screenshots of current state (thanks zodman for taking the time to take those): http://i.imgur.com/SmlZ7Bb.pnghttp://i.imgur.com/JZPv9pz.pnghttp://i.imgur.com/CcLLecf.pnghttp://i.imgur.com/DPM4jAd.pnghttp://i.imgur.com/FA7TIA6.png We are aiming for a full featured wallet, and I think we're delivering soon, maybe it can take a bit more of time in development, but we're putting an incredible amount of effort and love into the wallet. Also, this is just the beginning, this is a infrastructure where soon we can layer much more functionality and we will do it. Also, don't think the project is the kind where we want to do a rushed release, rather delay a bit for really good testing and hardening. For people that want more specific dates, we can say we will release "when it's ready" and it's the right thing to do, but as said, I think we can take one week to release an alpha on testnet, then about two more weeks to stabilize and tie up things for a beta. During that period we will also be releasing technical documents on bitcointalk to validate our approaches to cryptographic techniques. We welcome ppl who want to test or check the code: https://github.com/darkwallet/darkwallet/blob/develop/README.md But only recommend it for more technical ppl at the moment (several reasons, check the readme where it says Pre-Alpha!). When we can release the alpha we'll make it better so it's safe to test for anyone. We are already at the point where the wallet is always working, just features are still dropping. If you want to support us, you can send BTC to the following multisig address: 32wRDBezxnazSBxMrMqLWqD1ajwEqnDnMc (https://wiki.unsystem.net/index.php/DarkWallet/Project_multisig_fund for details) Of course, all feedback or questions welcome! Kisses and thanks to all the supporters, we couldn't be doing this without you!!
A lot of apps do this automatically for you now, but I just wanted to share my old grandpa way of ballparking fees with anyone in case it ever comes in handy. Note this will differ with multisig and whatnot. Most transactions are using one or two inputs and generate two outputs, keeping the overall size of the transaction under 1 kb. However, some people who receive tons of small inputs from faucets are shocked to find that they are paying huge fees, or in the case of blockchain.info (which you can set your own fees if you want) they set a low fee and are shocked when it doesn't confirm. First let's make an assumption, you are creating two outputs. One is your sending amount, and the other is sent back to your wallet. This takes up 34 bytes x number of outputs (for normal bitcoin addresses with a 1, for multisig, it's actually one byte less, but negligible.) So now we have 68 bytes. Then, we add up all the metadata, input counts, output counts etc... that will add up to 10 bytes in almost any transaction I've seen. So now we have 78 bytes. Then we have to consider whether the keys we're using are compressed or not... the most difficult part.
if you're using blockchain.info or Electrum (any wallet generated pre-2.0), they're uncompressed.
if you're using any wallet with BIP32 enabled (recently Bitcoin Wallet, Mycelium, etc. have switched over) and the bitcoin you received is bitcoin received to one of those addresses, they're compressed.
if your WIF private key starts with a 5, uncompressed... with a K or L, it's compressed.
For each input, there are 2 bytes of wiggle room for the signatures. (this is due to padding of the DER encoded signatures based on the numbers that resulted) Uncompressed inputs: 179 - 181 bytes Compressed inputs: 147 - 149 bytes If we assume the largest every time just to err on the side of too much fees, just in case... that means to fill up 1 kb, we take out 78 bytes and add inputs to get: Uncompressed: 5 inputs x 181 bytes + 78 bytes = 983 bytes Compressed: 6 inputs x 149 bytes + 78 bytes = 972 bytes So think of how many receiving transactions you have, and whether those are uncompressed or not, and if you wanted to move the whole balance, you will need to divide that number by 5 or 6 and then you'll get a super rough estimate of how many kb your transaction will be. Then just multiply kb times 0.00001, and maybe add a little extra to account for the small amount of pre-0.9.0 nodes, and you should be good. Edit: Included the fact that Electrum (pre-2.0) is uncompressed. Some people seem to think pre-2.0 Electrum is BIP32, but it's not... (it was the INSPIRATION for BIP32 in fact)
Electrum 2.0 has been tagged | Thomas Voegtlin | Mar 01 2015
Thomas Voegtlin on Mar 01 2015: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Bitcoin devs, I just tagged version 2.0 of Electrum: https://github.com/spesmilo/electrum/tree/2.0 The electrum.org website will be updated later today. The release notes are a bit dense, due to the large amount of changes and new features in this release. In the coming weeks we will be adding more detailed documentation to the wiki and to the website. There has been a very long hiatus in Electrum releases, because it took me a lot of time to decide about the new seed derivation method and wallet structure. Now that this part is done, I hope that we will resume to a faster release pace. I would like to thank all the people who contributed to this release, developers, beta testers, but also people from this list who provided useful feedback. Cheers, Thomas RELEASE-NOTES
Before you upgrade, make sure you have saved your wallet seed on
New seed derivation method (not compatible with BIP39). The seed
phrase includes a version number, that refers to the wallet structure. The version number also serves as a checksum, and it will prevent the import of seeds from incompatible wallets. Old Electrum seeds are still supported.
New address derivation (BIP32). Standard wallets are single account
and use a gap limit of 20.
Support for Multisig wallets using parallel BIP32 derivations and
P2SH addresses ("2 of 2", "2 of 3").
Compact serialization format for unsigned or partially signed
transactions, that includes the BIP32 master public key and derivation needed to sign inputs. Serialized transactions can be sent to cosigners or to cold storage using QR codes (using Andreas Schildbach's base 43 idea).
Support for BIP70 payment requests:
Verification of the chain of signatures uses tlslite.
In the GUI, payment requests are shown in the 'Invoices' tab.
Support for hardware wallets: Trezor (Satoshilabs) and Btchip (Ledger).
Two-factor authentication service by TrustedCoin. This service uses
"2 of 3" multisig wallets and Google Authenticator. Note that wallets protected by this service can be deterministically restored from seed, without Trustedcoin's server.
Cosigner Pool plugin: encrypted communication channel for multisig
wallets, to send and receive partially signed transactions.
Audio Modem plugin: send and receive transactions by sound.
OpenAlias plugin: send bitcoins to aliases verified using DNSSEC.
New 'Receive' tab in the GUI:
create and manage payment requests, with QR Codes
the former 'Receive' tab was renamed to 'Addresses'
the former Point of Sale plugin is replaced by a resizeable
window that pops up if you click on the QR code
The 'Send' tab in the Qt GUI supports transactions with multiple
outputs, and raw hexadecimal scripts.
The GUI can connect to the Electrum daemon: "electrum -d" will
start the daemon if it is not already running, and the GUI will connect to it. The daemon can serve several clients. It times out if no client uses if for more than 5 minutes.
The install wizard can be used to import addresses or private
keys. A watching-only wallet is created by entering a list of addresses in the wizard dialog.
New file format: Wallets files are saved as JSON. Note that new
wallet files cannot be read by older versions of Electrum. Old wallet files will be converted to the new format; this operation may take some time, because public keys will be derived for each address of your wallet.
The client accepts servers with a CA-signed SSL certificate.
ECIES encrypt/decrypt methods, availabe in the GUI and using
the command line: encrypt decrypt
The Android GUI has received various updates and it is much more
stable. Another script was added to Android, called Authenticator, that works completely offline: it reads an unsigned transaction shown as QR code, signs it and shows the result as a QR code. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJU8y7fAAoJECvVgkt/lHDm78oP/2uIqCyOwLsAJGkAI3CPFxtw WssFJlnCnFiA4tPv5pd7HdOgxQkTaPbUHftexfdd/lpfmFvxZVoHcA/32IIKFH63 BU2bnEyYOaW1A4XfNDQH6VG7eT2er1HOlHCtIgzRl0KJNmVggU6DnXnHkUs1PVvg pyEIR7Xv3GiK7rcS4qCS/9COroqQGFOXJAiLnOaQP5KszT1bMUdoL7mBPTfavnla LM+2MgKJOWv+JpHQCDp3XwAXX62LLsS2BjdK1Jt6OpGA6IuVQGBSaTIn5K81S+Yh M6RDKbP3kObYQ+bzLvtWrzgUD3sdht/V8L5ZPS3+Jibvmhae2zRrm/YpJZ77Yjd4 7QliCFGH0+Gwle72yOempFGWULwq7p6yo4dVZXpj1G3XmbZXuvFg4jYeC/usCx+T kQgMBPWME2m80fCzhJew1pRChSs/lzVreB0Lh6Tm/5Pibmy721J4oUr6oLkaR9Uy NMrYqnSy0+tCEOXHrpCYhqogyzzdjOlv0gWKqB2uSkO5TkEHv2eyHeiZttAn11qO sb85q/k0kYQBZZEvKJ9022eyKHjejDhQjKsCVIHhb81BJ1QYnZFIxBiKkVMxf0u5 sT2TTi18eOrYCUGD2WJ+ALyI1zN1sHO0/sn5+XzlC0jg+1KUXoo0j8NYnzmHb0Yx 5lbdlcaw0Uo7iWkFdMYT =IGGP -----END PGP SIGNATURE----- original: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-March/007620.html
New BIP32 structure for P2SH multisig wallets [BIP-45] | Jean-Pierre Rupp | Oct 03 2015
Jean-Pierre Rupp on Oct 03 2015: Hello, I have been reviewing BIP-45 today. There is a privacy problem with it that should at least be mentioned in the document. When using the same extended public key for all multisig activity, and dealing with different cosigners in separate multisig accounts, reuse of the same set of public keys means that all cosigners from all accounts will be able to monitor multisig activity from every other cosigner, in every other account. Besides privacy considerations, HD wallet's non-reuse of public keys provide some defence against wallets that do not implement deterministic signing, and use poor entropy for signature nonces. Unless users are expected to establish a single cosigning account, this scheme will result in reuse of public keys, and degradation of privacy. I understand that for convenience it is useful to have a single extended public key that can be handed to every cosigner. This makes setting up accounts or recovering from data loss a easier. I suggest that privacy & potential security degradation due to increased public key reuse in the case of users with multiple multisig accounts should get a mention in the BIP-45 document. Greetings On 25/04/14 23:27, Manuel Araoz wrote:
Each party must generate their master private keys independently.
Use multisig P2SH for all addresses.
Use BIP32 to derive public keys, then create a multisig script, and
use the P2SH address for that.
The address generation process should not require communicating with
other parties. (Thus, all parties must be able to generate all public keys)
Transaction creation + signing requires communication between
parties, of course. Following BIP43, we're be using: m / purpose' / * where /purpose/ is the hardened derivation scheme based on the new BIP number. We then define the following levels: m / purpose' / cosigner_index / change / address_index Each level has a special meaning detailed below: /cosigner_index/ <http://en.wikipedia.org/wiki/Co-signing>: the index of the party creating this address. The indices can be determined independently by lexicographically sorting the master public keys of each cosigner. /change/: 0 for change, 1 for receive address. /address_index/: Addresses are numbered from index 0 in sequentially increasing manner. We're currently syncing the max used index for each branch between all parties when they connect, but we're open to considering removing the index sync and doing the more elegant used-address discovery via a gap limit, as discussed in BIP44 <https://github.com/bitcoin/bips/blob/mastebip-0044.mediawiki#address-gap-limit>. We feel 20 might be too low though. Wallet high-level description: Each party generates their own extended master keypair and shares the extended purpose' public key with the others, which is stored encrypted. Each party can generate any of the other's derived public keys, but only his own private keys. General address generation procedure: When generating an address, each party can independently generate the N needed public keys. They do this by deriving the public key in each of the different trees, but using the same path. They can then generate the multisig script and the corresponding p2sh address. In this way, each path corresponds to an address, but the public keys for that address come from different trees. Receive address case: Each cosigner generates addresses only on his own branch. One of the n cosigners wants to receive a payment, and the others are offline. He knows the last used index in his own branch, because only he generates addresses there. Thus, he can generate the public keys for all of the others using the next index, and calculate the needed script for the address. /Example: /Cosigner #2 wants to receive a payment to the shared wallet. His last used index on his own branch is 4. Then, the path for the next receive address is m/$purpose/2/1/5. He uses this same path in all of the cosigners trees to generate a public key for each one, and from that he gets the new p2sh address. Change address case: Again, each cosigner generates addresses only on his own branch. One of the n cosigners wants to create an outgoing payment, for which he'll need a change address. He generates a new address using the same procedure as above, but using a separate index to track the used change addresses. / Example: /Cosigner #5 wants to send a payment from the shared wallet, for which he'll need a change address. His last used change index on his own branch is 11. Then, the path for the next change address is m/$purpose/5/0/12. He uses this same path in all of the cosigners trees to generate a public key for each one, and from that he gets the new p2sh address. Transaction creation and signing: When creating a transaction, first one of the parties creates a Transaction Proposal. This is a transaction that spends some output stored in any of the p2sh multisig addresses (corresponding to any of the copayers' branches). This proposal is sent to the other parties, who decide if they want to sign. If they approve the proposal, they can generate their needed private key for that specific address (using the same path that generated the public key in that address, but deriving the private key instead), and sign it. Once the proposal reaches m signatures, any cosigner can broadcast it to the network, becoming final. The specifics of how this proposal is structured, and the protocol to accept or reject it, belong to another BIP, in my opinion. Final comments:
We're currently lexicographically sorting the public keys for each
address separately. We've read Mike Belshe's comments about sorting the master public keys and then using the same order for all derived addresses, but we couldn't think of any benefits of doing that (I mean, the benefits of knowing whose public key is which).
We originally thought we would need a non-hardened version of purpose
for the path, because we needed every party to be able to generate all the public keys of the others. With the proposed path, is it true that the cosigners will be able to generate them, by knowing the extended purpose public key for each copayer? (m/purpose')
The reason for using separate branches for each cosigner is we don't
There are yield generator bots running at #joinmarket-segpit on freenode, feel free to try joining with them
Some highlights of what we need to think about:
Why? The main advantage to joinmarket is lower fees: savings of 30-50% are going to be common according to my napkin-level calculations (we could go into more detail if you like). The other advantages of segregated witness have been discussed at length elsewhere (malleability, soft forks etc)
New order types: swrelorder and swabsorder. This is a proposal, but to explain: current joinmarket bots will ignore order types they don't understand, so using a new ordertype creates the appropriate compatibility between new and old bots. Additionally, we cannot use the same ordertype transparently, since by their nature segregated witness signatures are different, and so our !sig message must be different.
Addresses: these bots will use P2SH addresses initially (so starting with '3' on mainnet). Keeping it high level, segwit outputs are different than existing P2PKH outputs, but can be "hidden" under P2SH, ensuring backward compatibility with wallets that already know how to spend to P2SH, even if they know nothing about segwit. Technically, according to the proposal, JM will use P2SH-P2WPKH (terminology from BIP141).
Wallets - the current code simply creates an entirely separate BIP32 tree for segwit outputs, and the user chooses to "look at" the normal (p2pkh) tree or segwit tree depending on command line flags. As belcher_ pointed out, it makes a lot more sense to have two "sub-trees" under the same master private key (at the very least, it's less confusing..); from the user POV it would just be a matter of choice whether to use segwit or not.
Transactions can have mixed segwit/non-segwit inputs and outputs, of course. But that raises: The obvious issue is about different addresses as markers. The first maker bot to use P2SH addresses stands out and has a trivial marker on his outputs and inputs. And let's say all the makers use P2SH - now we have an even worse problem for takers that don't! The obvious solution is: if you're a taker, and you use P2SH (which could be segwit, or could also just be ordinary multisig) in your wallet, then you respond to swrelorder and swabsorder only; that way, all your inputs and outputs are P2SH. One tiny problem: Joinmarket doesn't yet support P2SH inputs! :) So effectively, today, it becomes a partitioned joinmarket pit: segwit-enabled taker bots join with segwit-enabled maker bots, and the other non-segwit bots just ignore them. I think that works fine, and quite likely there would be a rapid migration, because segwit will be significantly cheaper. But, lots to think about before that :) If you'd like to help test, you'll need sipa's segwit branch built and then grab some segnet coins, run my segwit branch of joinmarket above, and use the channel mentioned above on freenode. Lastly, a note on timing: this is a way off! the PR of segwit into Core is apparently fairly imminent, but we are probably looking at some meaningful amount of time before this is available (and of course, it's not required) This is just a first effort (although it has "cleared" the issue of the underlying bitcoin code). Thoughts welcome on how to proceed, help even more so.
Hi everyone, Well, since I'm upgrading Synala (http://envrin.com/synala) right away, whether I like it or not, I thought I'd open the floor for suggestions. For those who don't know, Synala is an excellent little open-source wallet you can install on your server, and easily accept payments from others (eg. clients, customers, etc.). Fully supports products, invoices, multiple BIP32 wallets, multisig, and more. If wanted, full details and online demo at: http://envrin.com/synala I've been using it myself for a couple years now since I first developed it, and it's a great little wallet. I use it for all my personal funds, and have never had a problem. Just looking for any feature suggestions you'd like to see implemented, since I have to do an upgrade on it anyway due to Segwit. Obviously, it's a free, open-source system so I'm not going to go overkill, but happy to add some cool features. Here's a few I can personally think of: 1.) Obviously, replace the requirement of Bitcoin Core to built-in SPV node or similar. 2.) Coin management, so you can select which inputs to use for outgoing txs. 3.) Escrow support, so multiple parties can sign a tx separately on their own time. Aside from that, not really sure. I don't want to bloat the functionality too much, and would prefer to keep it a "clean & mean" system. For example, I'm not going to add support for fiat payments and buy / sell coin features, as that's what the commercial packages are for. If anyone has any suggestions though, please feel free to post them below. I'll see what I can add in. If anyone wants to help out on the project, please don't hesitate. :) PS. If you're going to download Synala, please grab the archive from the Github page (https://github.com/peterscott78/synala) as there's a couple minor fixes (eg. high S-value error) that are fixed in Github, but not in the archives available on the Envrin site.
Is there a greasemonkey script that can sign transactions?
That seems rather useful for bitcoin, especially when it comes to multisig. It could greatly simplify it, making multisignature transactions way user friendly and it would work just fine with NoScript installed. I am sure that such a tool would become an instant hit with the DarkNet Markets. All the user would need to do is enter their BIP32 passphrase, and let the script make the transaction which would then be entered into the proper location on the site.
Brainwallet idea: Please pick it apart and tell me why this won't work.
Premise: Brain wallets have a bunch of gotchas in that people are not as random as they think. But truly random brain wallets are not as easily remembered. I am looking for something easy to memorize and still very secure. My first thought is to add process to further obfuscate but I know that you can get too clever and actually introduce collisions that make the whole thing less secure. In any case, here is my idea for a brainwallet. Description: The idea is to combine BIP32 and 3 of 3 multisig addresses. The user enters two strings. The first is the brainwallet phrase, the second is a password or PIN. The BIP32 masterKey is derived from the brainwallet phrase. The three public keys that are used to create the multisig address are derived from the masterKey. The way the ordinals are determined is that you get a HMAC-512 hash using the brain wallet phrase as the message and the passphrase as the key. Just take 9 digits from different parts of the hash and use those as the indexes for the derived keys. This is better explained with code. I am using pybitcointools:
import sys, os sys.path.append('pybitcointools') import bitcoin import hmac, hashlib bip32seed = raw_input('Your secret phrase: ').strip() pin = raw_input('Your passphrase (or PIN): ').strip() indexFrom = bitcoin.changebase(hmac.new(pin,bip32seed,hashlib.sha512).hexdigest(),16,10) // get hash and change it to decimal keyIndex = [int(indexFrom[:9]), int(indexFrom[9:18]), int(indexFrom[-9:])] masterKey = bitcoin.bip32_master_key(bip32seed) // each key is derived from the previous level1Priv = bitcoin.bip32_ckd(masterKey, keyIndex) level2Priv = bitcoin.bip32_ckd(level1Priv, keyIndex) level3Priv = bitcoin.bip32_ckd(level2Priv, keyIndex) // get the public keys pubKey1 = bitcoin.privtopub(bitcoin.bip32_extract_key(level1Priv)) pubKey2 = bitcoin.privtopub(bitcoin.bip32_extract_key(level2Priv)) pubKey3 = bitcoin.privtopub(bitcoin.bip32_extract_key(level3Priv)) // make the 3 of 3 multisig address script = bitcoin.mk_multisig_script(pubKey1, pubKey2, pubKey3, 3, 3) myAddress = bitcoin.scriptaddr(script)
My Conclusion: The reason brain wallets are attacked so effectively is because you are attacking a local copy of the blockchain and you are attacking all targets at once and not selecting a target. This process increases the surface area that must be attacked and requires additional processing time for each attack. The brain wallet phrase is what is typically attacked and just appending a passphrase increases entropy by itself. This process does not do that. Instead it uses BIP32 to spread the correct answer over an additional (109 * 109 * 109 = 1027) options. HMAC-512 is used to prescribe the random nature of the indexes. I would also assume that a 3 of 3 multisig address would be harder to break just as a matter of course. Anyway, there it is. I would definitely appreciate any insight on why this scheme or schemes like this might be one of those things that erroneously makes you feel safe.
BIP32 Index Randomisation | Matias Alejo Garcia | Mar 13 2015
Matias Alejo Garcia on Mar 13 2015: Hello everyone, We are working on bitcore-wallet-server (BWS), a HD multisig wallet 'facilitator'. We have a couple of questions regarding BIP32 path usage, and we would love to have feedback from you before moving forward. Currently the BWS instances hold the set of extended public keys of the wallet's peers to be able to derive addresses. Since this is a problem from the privacy point of view, we thought using pseudo-random BIP32 paths, with a seed only known be the peers, so the server will be able to verify that addresses submitted by peers belong to the wallet, but will not be able to derive future wallet addresses. The workflow would be something like: ``` Peer > getCurrentIndex < Server [index] Peer: pathSeed = PRNG(seed, index); Peer > createAddress(index, pathSeed); Server: derives the address and add it to the wallet. < Server new address Peer: Verifies the address and inform it the user. ``` This way, accessing server data won't reveal future wallet addresses. The seed (only known by the peers) could be derived from hashes of their xprivs, so wallet funds can still be recover with: 1) The complete set of xprivs 2) The quorum of xprivs + the complete set of xpubs + the address seed. Thanks a lot in advance for any comment on this schema. matías BitPay.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150313/af2f95d0/attachment.html> original: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-March/007688.html
I know this has been asked many times before and I've read many of those answers. I have been thinking about this for well over a year and I cant decide on the best solution ... How do you future proof (15 - 20 years!) your bitcoin cold storage? Multiple decades without touching them! And I'll preface this question with the following statement: Making backups with a future-obsolete solution makes it a non-starter. I'm not impressed with "backup your backups" - I'm not looking for redundancy! Solution #1: Paper wallet with QR code. Problem: QR code scanning device may become obsolete and hard to obtain. Also data inside QR code may change (?) requiring old QR scanning software. Solution #2: Hardware wallet, ie Trezor or USB drive Problem: Shit happens. Hardware can break over time. If your only device holding coins is this hardware, you're screwed. Also, it may be the case where connector cables become incompatible with modern computers or in 20 years computers wont have any inputs (ie wireless all the things!) Solution #3: Multi-sig that shit! Problem: Whoa hold up there! How exactly am I storing the keys? QR codes on paper? Multiple hardware devices? Hold one or multiple keys with different 3rd party companies? Give one key to your parents for safe-keeping? Does multi-sig only compound the problem of future proofing cold storage?? Solution #4: 12 words written on a piece of paper aaronvoisine BIP39 & BIP32 Hierarchical Deterministic Wallet allows for a list of 12 words to create a seed that can be used to generate deterministic wallets. The simplicity of human-readable words on a piece of paper not reliant on any other technology (such as qr scanners) and the future compatibility of BIPs make this one of the best solution I've found so far. But .... Solution #5: Write down the private key (Base58 Wallet Import Format) on a piece of paper BEST IN SHOW This may sound shockingly insecure, but I really think it could be the best future proof solution. This solution relies on nothing more than being able to import a private key or sign a message offline and broadcast to the network. I would love to read a discussion about this and how you'd go about future-proofing your bitcoin cold storage. Specifically, if you agree with my assessment that writing down a single (non-multisig) private key is the best way to go:
how would you store that paper?
what instructions would you include for your future-self?
could you include maths instructions to manually sign a transaction? (please show me how!!)
what "failsafes" should you include in your package? ie an old computer pre-installed with x, y and z
Hello! I am back again and after experimenting and tinkering with various different bitcoin wallets, I feel like GreenAddress has the most potential and I want to help, so here goes: 1) A fingerprint-free mode: This is something that electrum and carbonwallet does best for someone who's paranoid. What it does is that you don't have an "account" on the server, but rather your wallet are generated on the spot through your mnemonic, and in GreenWallet case, its your mnemonic + server BIP32 public key. -> Pros: - In case the server gets hacked, the user's private information isn't exposed (especially if they linked their social media account).
Independent of the server. In the case that GreenAddress server briefly goes offline, user's can still generate their wallet in read-only mode to check if anything gone wrong since the server public key can be stored on the Chrome/Android app.
-> Cons: - Lack of 2FA since 2FA is tied to an account. This can be circumvented by having the user input what they want to set as their 2FA whether it be email, SMS, or Google Authenticator, then whatever they put in becomes part of the mnemonic seed (kind of like the encrypted seed) during account setup, so in order to login and access the account they'd have to decrypt it with their 2FA first.
It could sometimes miss generating the last few address if you leave lots of gaps (address with no transactions) in your wallet because the number of address generated is determined by addresses with transactions in it.
No PIN, no watch-only mode, no contacts, and most importantly no...
2) ..nLockTime, something that should be a useful safety net becomes something really cumbersome for an average bitcoin user by having to download and update their nLockTime.zip every time a transaction occurs, and it becomes a nightmare for bitcoin miners who receives periodic rewards everyday. I know you can ignore this feature but it clogs up your mail box and if you disable it, you can't recover funds if the server get hit with an asteroid. Which brings me to the only reasonable solution: 2of3 multisig, ..dun dun DUNNNNNN! But rather than asking the user to save some long xpriv616Aw.... key, they can simply save an encrypted mnemonic version of it, then they could write it out on paper or remember it. And the best part is, the recovery process can be done through the same UI by simply prompting for the backup seed if they can't reach the server. P.S. I know you already mentioned this feature is being worked on as part of subwallet but it couldn't come any sooner! 3) Longer PINs (say 4-12), can't see why not. 4) Sending to multiple addresses at once. (You can't even bypass this currently because the server forces you to wait for previous transaction to get confirmed before sending another). 5) Online storage integration like Google Drive and Dropbox. Instead of having GreenAddress sign our transaction, we could optionally encrypt and store it on a secure google drive and use it's API to sign transactions for full independence from GreenAddress, still be secured as an attacker would have to compromise both your computer and Google themselves. Just a thought. P.S. I'll be back with more suggestions muwahahaha!
После того как упал blockchain.info решил все свои накопления перевести в кошелек на своем компютере. На сайте https://bitcoin.org есть несколько решений, но именно какой выбрать? Bitcoin Core Bitcoin Core - это полноценный клиент, составляющий основу сети. Для него характерен высокий уровень безопасности, конфиденциальности и стабильности. Однако, у него меньше опций и он занимает довольно много места на диске и оперативной памяти. mSIGNA mSIGNA - это продвинутый кошелек, который сочетает скорость, простоту и удобство с масштабируемостью уровня корпораций и отличной защищенностью. Он поддерживает BIP32, транзакции с несколькими подписями, оффлайн-хранение, синхронизацию нескольких устройств и зашифрованные онлайн и оффлайн бэкапы. Bither Bither is a simple and secure wallet on many platforms. With special designed Cold/Hot modes, user can easily get both safety and simplicity. Bither's XRANDOM uses different entropy sources to generate true random number for users. Also with HDM, users can have HD's advantages and Multisig's security MultiBit MultiBit - это легковесный клиент, главное преимущество которого - он быстр и прост в использовании. Синхронизация с сетью и подготовка к использованию происходит в течение нескольких минут. Armory Armory это продвинутый биткойн-клиент, который расширяет функционал для продвинутых биткойн-пользователей. Он предлагает много функций по шифрованию и созданию резервных копий, а также позволяет использование безопасного оффлайн-хранения на отключенных от сети компьютерах. Electrum Electrum быстр и прост в использовании и требует мало ресурсов. Использует удаленные сервера, которые обрабатывают наиболее сложные операции, позволяет вам восстановить кошелек с помощью пароля BitGo BitGo - это кошелек с мульти-подписью и крайне высоким уровнем безопасности. Каждая транзакция требует двух подписей, что защищает ваши биткойны от вредоносных программ и серверных атак. Секретные ключи находятся у пользователя, так что BitGo не имеет доступа к вашим биткойнам. Это хороший выбор для нетехнических пользователей. GreenAddress GreenAddress является удобным кошельком с мульти-подписью, улучшенной безопасностью и конфиденциальностью. Ваши ключи не передаются на сервера, даже в зашифрованном виде. По соображениям безопасности, вы всегда должны использовать 2-факторную авторизацию и расширение для браузера или Android приложение. Кто каким пользуеться? Может были замечены баги траблы? Я пока качаю биткоин кор, еще 30 недель осталось. И еще вопрос, как мне перевести свой валет в офлайн? Ну вопросы буду задавать по мере их поступления Wink
Hi all, The Marketplace has recently released a slew of updates targeted at decreasing the learning curve for new users. We feel that Multi Sig is an important tool and it is up to providers like The Marketplace, not customers, to make this transition bearable and to keep innovating. Our recent break has given us a new passion for TMP and we have listened to our users concerns. We know that many users have wished to try The Marketplace but have been scared that their funds may be lost due to the complexity of multi sig and we feel that our continued innovations have made this now impossible.
A large complaint from users is recording transaction ids.
Automatic transaction recording
We have now implemented an internal transaction recorder which automatically detects new transactions and records the transaction details. To pay for your order, you are now simply required to send funds to your multisig escrow address and your order page will instantly update to let you know the transaction was recorded when your payment is received, no need to click buttons or reload the page. It's almost easier than a traditional centralized marketplace with all the benefits of provable multi sig security to boot!
Updated UI & improved vendor search
Our new UI is also cleaner and easier to navigate, with fully responsive design that works even for small screen sizes. We have implemented changes to our search to recognize common variations of a vendors name so users searching for a specific vendor will be sent to their shop immediately.
A key concern for vendors is loss of their private keys or transactions going unredeemed when The Marketplace is seized.
To alleviate one of these concerns, we have implemented BIP32 and Electrum Deterministic address generation using Master Public Keys. Vendors must now only record a single master public key and The Marketplace will automatically generate a new deterministic address for every transaction, this removes the complexity of vendors wallet management which many vendors have complained about.
Time locked transactions
Another key concern is the ability to redeem transactions should The Marketplace be seized. Many vendors worry about their ability to redeem transactions because they cannot reach customers or private keys are lost. We have now released the first ever (clearnet & darknet) Time locked transaction implementation (see https://en.bitcoin.it/wiki/NLockTime). Time locked transactions are specially crafted transactions which are not valid till a specific date or block. This feature of the Bitcoin Protocol allows The Marketplace to provide verified vendors with a special transaction when they ship orders which is not valid for 2 months (sequence 0). This allows the vendor to know that upon shipping a product, they will be able to claim their payments if The Marketplace is seized in that time, albeit some months later. By utilizing the Bitcoin protocol, we are removing the need to trust third parties to help claim payments in the future and makes us the first marketplace to provide provable dead man switches in preparation for any seizure attempts. Many users will say that The Marketplace is one of the hardest to use marketplaces and will thus stay away, we have listened to all their concerns and feedback and we think it's now one of the easiest! Schultz
Last time I submitted a post about moving funds to a cold storage multisig wallet using www.ms-brainwallet.org and www.bip32.org I was met with people claiming that its not safe, as P2SH is still in alpha and might change in the future. If P2SH is dropped from bitcoin core wouldn't that create a huge loss in confidence as then there would be people with multisig holdings that couldn't access their funds. Am I not correct in assuming that P2SH will now be here forever, and creating a multisig wallet along with saving the private keys and redemption script will allow me access to those funds at any point in the future? Even if bip32.org and ms-brainwallet.org disapear i'm sure there will be similar tools available to take my private keys and redemption script and create the necessary raw transaction data to sign and propagate to the bitcoin network. Any informed advice would be highly appreciated.
bitWallet for iOS has been updated to v1.3 to include a Night theme. PushTx workaround remains intact. No jailbreak required.
Three screenshots A dark theme was one of my original feature requests, so it's cool to see it implemented. I think it looks pretty stylish. My big feature request is for bitWallet to become hierarchally deterministic (BIP32). I'm not satisfied with relying on iTunes backups, and since bitWallet is not deterministic, there's no good way to back up my private keys. At first I was importing private keys from paper wallets so I would at least have an offline copy, but I've taken it a step further to make it kind of deterministic. All I've done is created a new Electrum wallet (and seed) on my desktop machine, and imported 5-10 of the private keys into a fresh bitWallet. I will simply use those addresses instead of any generated by bitWallet, because I know that I can retrieve the keys easily from my desktop if necessary. This should make transaction management and record keeping much easier as well, since I can just export an Electrum .csv like I normally do. Please remember that no mobile or web wallet is a suitable substitution for proper cold storage. They should generally be used for daily spending, and not for storing hundreds or thousands of dollars! For anyone curious how long this bitcoin wallet will be available on the App Store, that's anybody's guess. I have placed a friendly bet with fellow user Introshine, who predicted Apple would pull bitWallet or force the removal of the pushtx workaround within three months (August 25th). For shits and giggles, we decided to place a friendly wager of 0.01 BTC using a multisig address via Bitrated. If that 0.01 BTC increases in value to $100, I'm perfectly okay with that whether I win or lose. ;) Here's a screenshot of our agreement.
a script with sample usage of the bitcoin library. a script with sample usage of the electrum library. a script with sample usage of the BIP32 library. a script demoing BIP32 key derivation for multisig. Licence. This is free and unencumbered software released into the public domain. Users create a vault with uploaded xpub keys to derive a secure 2-of-3 multisig address. Every time a withdrawal or transfer occurs, a new multisig address is derived from the vault keys. Users are provided with the information necessary to move funds outside Unchained’s system as a backup fail safe, including redeem scripts and BIP32 paths Multisig P2SH is used for all addresses. BIP32 is used to derive public keys, then create a multisig script, and the corresponding P2SH address for that script. Address generation should not require communication between parties. (Thus, all parties must be able to generate all public keys) This number is used as child index in BIP32 derivation. Public keys obtained at this level of the hierarchy are used to construct multisig deposit scripts, using a schema that is shared between the members as an out-of-band contract. Public derivation is used at this level. Compatible wallets  is the reference Bitcoin wallet for voting pools. After a lot of struggle, I found out that Electrum uses following root derivation for normal and multisig wallets. For example: root/0/0 for each cosigner. Example: m/44'/0'/0' ==> shared root key (x) x/0/0 ==> address for first receiving multisig (derive in all cosigners shared keys. all 3 keys must be lexicographically ordered).
A brief tutorial to setup a multi-signature wallet on the testnetwork. We’ll modify the wallet and sign it. If you want to add me as a co-signer, use this address. Cosigner address: TC5BNC ... How MultiSignature (multisig) wallets can benefit you.. If you like the content, you can support the channel by donating. Thank you! 😃 Coin base $10 https://... Demonstration of creating a new key for a multisig account without sharing that secret key with us. I used BIP32.org to make the key, and Brainwallet to sign the verification message. Read more ... How to Use Blockchain Receive Payments API V2 BIP32 xpub - Duration: 20:51. m1xolyd1an 17,003 views. ... DIY Multisig with Your Bitcoin Node & XAMPP - Duration: 14:32. m1xolyd1an 729 views. This tutorial goes over step-by-step on how to use blockchain.info's receive payments API v2 HD BIP32 xpub request and callbacks. Building Bitcoin Websites B...