Avoiding xpub+derivation reuse across wallets, in a UX-friendly manner

Apr 29 - May 19, 2025

  • The ongoing discussions among cryptocurrency experts highlight a focused pursuit of balancing privacy with user-friendliness in wallet backup and key management strategies.

A notable proposal involves integrating randomness into the derivation path of wallet keys, suggesting a method that combines a standard export path with random values to enhance user privacy without sacrificing usability across different software solutions. However, concerns about the practicality of this approach with current hardware signers and the depth of randomness required for privacy protection underline the complexity of achieving an optimal solution. The dialogue emphasizes the delicate equilibrium between adding security through intricate path structures and ensuring a seamless user experience.

In the context of single and multi-signature wallets, the discourse shifts towards the simplicity and efficiency of managing such configurations. For single signature wallets, maintaining a straightforward approach to purpose and account derivations is advocated to align with existing standards and facilitate ease of use. Conversely, the conversation around multi-signature setups advocates for the inclusion of Unix time in unhardened derivation paths to simplify the backup process and improve integration with hardware wallets. This strategy aims to mitigate issues related to the reuse of extended public keys by proposing a backup scheme that enhances both security and user convenience.

Further discussions reveal significant challenges in managing extended public keys within the framework set by BIP43, pointing out the shortcomings in addressing privacy and user experience adequately. The standard's encouragement of public key reuse and the cumbersome process of managing multiple xpubs across devices are identified as major obstacles. Proposals to overcome these include utilizing unhardened derivations for better UX and incorporating coin_type in the initial steps of derivation paths to segregate keys across different networks, enhancing both security and organization. Yet, the potential for ransom attacks during critical security procedures due to increased entropy in descriptors raises concerns about finding the right balance between privacy and user experience.

Moreover, innovative solutions like the "xpub request" QR code mechanism are proposed to address the inconveniences faced by users in air-gapped wallet scenarios. This method streamlines the transfer of xpub information to hardware devices, showcasing a commitment to enhancing user experience without compromising security. The concept of using output descriptors as a means to prevent extended public key reuse surfaces as a promising approach to circumvent the limitations of traditional methods, suggesting a shift towards more explicit recording of derivation paths to protect user privacy effectively.

Lastly, the dialogue acknowledges the complexities involved in transitioning away from mnemonic phrases and standard derivation paths towards output descriptors, especially in single sig wallets. The intricacies of ensuring cross-vendor compatibility, privacy preservation, and the feasibility of new standards like randomized paths or encrypted backup sync servers are discussed as essential considerations in evolving cryptocurrency wallet security and privacy. This multifaceted approach underlines the necessity of developing comprehensive strategies that prioritize security, privacy, and user experience in equal measure.

Bitcoin Logo

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

ChatBTC imageBitcoin searchBitcoin TranscriptsSaving SatoshiBitcoin Transcripts Review
Built with 🧡 by the Bitcoin Dev Project
View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback