Topic: bc1 Native Segwit with Electrum (Read 341 times)

exactly. plus since he has already revealed this method, if some day an attacker finds such backups with similar hints they can try using variations of this method to test the possible derivation paths in matter of seconds.
as i always say, people shouldn't try to re-invent methods to use instead of regular encryption techniques. just stick to what is known and recommended, namely AES encrypt everything...

Sure, and there's nothing to stop you from doing that. In my case, I don't think it would bring me any meaningful additional security. If someone was to discover one of my paper back ups, I would find out within a few hours at most, there is nothing they could do with the information contained without finding at least two other pieces of paper stored securely in entirely separate locations, and I would be moving all my funds to a new wallet immediately. Adding in some obscure derivation path is not going to change the fact that an attacker can't do anything if they find one of my back ups, and is only going to introduce a chance that I forget exactly how I go from the clue I left myself to the derivation path, or make my coins irrecoverable for my family after I die.

But you are already doing that. You are splitting your 24 words + password into N chunks of M words each and storing them in different places. It's just a tiny step further to attach a photo of your family, which immediately yields "m/19851023'/20100305/20110714" in your mind. Or you can state "Last updated: Wed May 15 18:17:48 UTC 2020", and very few people will suspect that the equivalent Unix epoch of 1589566668 means m/84'/15895'/66668'.


If most people don't use a custom DP, then only the really determined or paranoid attackers will try messing with it. That means that the few people that use a custom DP have a larger advantage than if everyone did it (in which case every attacker would try).

The more steps you have in your security set up, the more chance that you yourself either make a mistake or forget a step, and lock yourself out of your own wallets. Further, the more things you have to back up. You are now looking at writing your seed on paper and storing somewhere secure, doing the same for your passphrase and storing somewhere different, and the same again for your derivation path. Ideally, each thing should be backed up twice so your back up doesn't have a single point of failure.

It's always a trade off between security and accessibility. I could split my seed phrase in to 24 individual words, store them all in different locations, use a passphrase which is 1000 characters long split in to 100 character chunks and stored in 10 different locations, and use a custom derivation path which is 1000 characters long by adding hundreds of unnecessary branches split in to 100 character chunks and stored in 10 different locations. Such a set up is almost immune to a hacker discovering all the pieces, but is incredibly difficult and time consuming to set up or recover from, and there is a much higher chance of me losing a single piece of paper and losing access to my coins.

The reason most people don't use a custom derivation path is because the combination of a seed phrase and a strong passphrase backed up separately is already safe enough for almost everybody.

Why don't we have both

yes. an easier way is to simply add a seed extension by clicking on options in the seed entry step and choosing to extend the seed. different extension = different wallet. the extension can be any characters.

I know this kinda delves into security-by-obscurity territory but, doesn't this allow us to increase the "security" of our backups? I mean, provided that the attacker manages to obtain "domain average merry rare quarter again cute mango trend gasp strategy fade", they still need "m/12345'/54321'/12345'" in order to rob us. If they assume "m/84'/0'/0'" they will find an apparently empty set of addresses. Is this reasoning correct?

No... the script selection specifies the script to be used (ie. the type of address you want to generate, Legacy, Nested Segwit or Native Segwit). The derivation path is the path you want to use to start generating keys. Electrum will then follow the derivation path to start generating private keys... and from those keys, will use the specified script type to convert it to an address.

If you only use one account in Ledger Live... then, as Abdussamad suggests, you will NOT need to modify the derivation path, simply select the script type, the derivation path will default to the correct setting.

However, if you do use multiple "accounts" in Ledger Live (ie. You have Bitcoin Native 1 and Bitcoin Native 2)... then you WILL need to modify the derivation path AFTER selecting the script type, as Electrum only allows ONE account per wallet.

Also, you can use ANY derivation path you like, in combination with any script type... Electrum won't care. For instance, if I select "Native Segwit"... and ridiculous non-standard derivation path:


I get Native Segwit addresses:


If I select Legacy, with the same derivation path... I get Legacy addresses:



And you can see that because they have the same derivation path... they are created from the same private key... they just use a different script type:



Test BIP39 seed used: domain average merry rare quarter again cute mango trend gasp strategy fade

I got confused with this text, and I think the same as HCP.




The script is simple specifying a derivation path. To generate a segwit address from the seed you have to specify the proper derivation path, i.e. how to derive your keys to generate a proper segwit
 
It was defined in BIP 49, which defined a common derivation scheme for Segwit wallets.

https://github.com/bitcoin/bips/blob/master/bip-0049.mediawiki

Given that you can generate any script from a given private key, logically that makes sense... the radio buttons are telling Electrum what script type you want from generate from your keys... whereas the derivation path is just that, the path to use to get to the keys you want to use. The fact that certain script types default to specific derivation paths is irrelevant. You can use whatever you want, and Electrum will go ahead and use it.

Fancy generating native SegWit addresses from a BCash derivation path? Feel free!  

That's one of the beautiful things about Electrum, it lets you do a lot of weird and wonderful things. The onus is then on the user to remember whatever "non-standard" stuff they have choosen to do.

This is true, I just tested it.  Despite the fact that the text in that Electrum window states you can override the suggested settings, the radio buttons above must have your desired script type selected.  If you modify the script type in the derivation path, and it's in conflict with the radio buttons above, you'll get a wallet that complies to the selected radio button.

It appears that editing the derivation path is only effective for selecting the account.  I didn't check the main-net/test-net switch.

You do if you want to use (or you have already setup in Ledger Live) more than 1 account on your Ledger. As far as I'm aware, Electrum does not "search" for used addresses in accounts higher than the 'default' account of 0.

you have to select the script type. modifying the derivation path will not do it. in fact you need not touch the derivation path at all.

Yes, it is ridiculously easy to do.

When you do the initial wallet setup (note that it pays to Connect/unlock Ledger Device and select the Bitcoin App before you begin): New/Restore -> Standard Wallet -> Use a hardware device -> [Select your Ledger Device shown]...

You'll end up on this screen:



Simply select the script type that you want (Legacy, Nested Segwit or Native SegWit)... and optionally, as BitCryptex mentioned, modify the derivation path to see the account you want.

I can when using it with trezor. It asks for a pin, a password and then lets you pick your derivation path and address type...

Yes, while creating a wallet in Electrum, you will be asked to specify the type of address you used (in this case native SegWit - p2wpkh) and you will be able to modify the derivation path optionally. It should look like this:

m/84'/0'/0' - the last number is the number of your account. The first one is 0, the second one is 1 and so on.

If you want to restore your current native SegWit account then you should leave it at default.

I don't like Ledger Live app, and use it only for updating firmware. That is why I use Electrum wallet + Ledger HW.
Question I have:
Is it possible to have bc1 Native Segwit addresses from Ledger hardware wallet working in Electrum?