Author

Topic: How to backup multiple seeds derived from one: BIP-85 (Read 203 times)

hero member
Activity: 1120
Merit: 540
Duelbits - Play for Free | Win for Real
I guess the second quoted text has answered my intial question already, so do you advice that passphrase should be used alongside the derived child seeds?.
Just as i recommend using passphrases, it's ideal to generate child seeds using a passphrase, remembering that you can use a passphrase in the child seed as well, so you will have 2 passphrases in this case. However, for many people, this is a lot to maintain and the risk of losing one of the two can be high.

Or you can generate a child seed without a passphrase and use a passphrase in the child seed.

Quote
I assume the current recovery seeds is used to recover the parent seed?,
And what if someone misplaces the current recovery seeds, how is the person going to go about making changes? and what will be the fate of those child seeds that has been generated?.
If you lose your current recovery seed that is used as the parent seed, as long as you still have access to the child seed generated by it somewhere physically or on a device saved as a wallet, you will still have access to the funds in this child seed wallet.

Or you can use this child seed as a new parent seed to generate new child seeds, remembering that child seeds are common seeds like any other, there is no differentiation cryptographically speaking.

Quote
Original seed same as parent seeds right?.
Yes.
full member
Activity: 238
Merit: 174
cout << "Bitcoin";
I must say that you've done a great job in your explanation, though I only understood to some extent. When trying to grasp/understand certain things that are related to Bitcoin, I always appreciate some kind of visual/graphical explanation, because it has really helped me in learning so many things. Aside that, here are my questions.

Derived seeds are unique and have no relation to each other; you cannot use a child seed to calculate another seed derived from the parent seed, nor can they be traced back to the value of the parent seed. You can use the parent seed to recreate any derived seed.

The derived seed cannot be reverse engineered to determine the parent seed. If one or more seeds are compromised, the parent seed will still be safe.

With the deterministic entropy generated by BIP85 from your parent seed, you can create a variety of seeds to set up virtually any type of wallet or for friends and family by assigning an index to each of them, remembering that each index generates a different child seed.
Quote
Child seeds derived from the parent seed with passphrase = Your parent seed, even if compromised, anyone who has your parent seed but not the passphrase, DOES NOT have access to the child seeds derived from your seed through BIP85 in conjunction with the passphrase,

But, in as much as much as the parent seed happens to be very important, derived/child seeds exposure is a big risk to once wallet?.

I guess the second quoted text has answered my intial question already, so do you advice that passphrase should be used alongside the derived child seeds?.

Quote
You can use your current recovery seed or create a new one if you prefer, but don't use it as your wallet. Instead, use that seed as a parent seed with a BIP85 index number to generate child seeds.

I assume the current recovery seeds is used to recover the parent seed?,
And what if someone misplaces the current recovery seeds, how is the person going to go about making changes? and what will be the fate of those child seeds that has been generated?.

Quote
When adding a passphrase, the derived child seeds will be completely different due to the use of the passphrase, so if you are going to use a passphrase, you must save the parent seed, passphrase and the index number, otherwise you will not be able to derive the seeds derived by the original seed + passphrase

Original seed same as parent seeds right?.

Quote
It's very complex for beginners, so at least in my opinion, i do not encourage its use if you are a complete beginner, because despite the practicality and extra security provided, it can bring a big headache if you don't have enough knowledge and are not aware of the risks.

I think I am interested in learning more about it, even though I won't be making use of the knowledge in real life practice anytime soon.
hero member
Activity: 714
Merit: 1298


Have you ever used the BIP85? Do you think it adds any practicality to your setup?



I use the child SEED (generated from the master SEED on my Passport 2 which follows BIP 85 path) to feed my Tangem 2 wallet and find this to be very easy-to-handle as it eliminates the need for extra backup. The child SEED I use can be always restored from the master SEED ( backed up in the way described here) using either Passport2  or even iancoleman tool kept by airgapped Tails.

Besides, Passport 2 has a strong entropy source ( Avalanche diode), thus I trust both master and child Seeds as nothing else.
hero member
Activity: 1120
Merit: 540
Duelbits - Play for Free | Win for Real
I'm impressed by how little content there is related to BIP-85, which is one of the most interesting features ever implemented in the Bitcoin code and which makes life easier for those who maintain multiple seeds due to having to create seeds for each occasion or device.

Many people use more than one recovery seed for different purposes or on different wallets, making the backup process laborious and tedious, doing some research on Google, I found this reddit article and so far it is the best explanation about BIP-85. I used it as a basis to write this post and added more technical details.

BIP39 mnemonics carry an incredible amount of information: a hex seed that generates the BIP32 root key (xpriv), from which you can generate infinite addresses for each derivation path, and if you add a passphrase, you can generate new BIP32 extended keys, child keys, etc. BIP-85 is simply a function that mathematically derives in a deterministically way new values ​​such as mnemonics, extended keys, WIF keys (and even passwords) from your seed, acting as a parent seed or master seed. Derived seeds are unique and have no relation to each other; you cannot use a child seed to calculate another seed derived from the parent seed, nor can they be traced back to the value of the parent seed. You can use the parent seed to recreate any derived seed.

Just as your recovery seed always generates the same keys and addresses for a wallet, with BIP85, your seed will always generate the same child seeds using an index number. I should also mention that it is impossible for anyone with a child seed and its index number to calculate the parent seed that generated it. The derived seed cannot be reverse engineered to determine the parent seed. If one or more seeds are compromised, the parent seed will still be safe.

With the deterministic entropy generated by BIP85 from your parent seed, you can create a variety of seeds to set up virtually any type of wallet or for friends and family by assigning an index to each of them, remembering that each index generates a different child seed. Since the calculations involved are repeatable (deterministic), you only need to backup the parent seed and remember the index number, and whenever you want, you can use the parent seed to derive the child seed by specifying the index number of the child seed.

How will BIP85 help you make the most of your wallet?

You can use your current recovery seed or create a new one if you prefer, but don't use it as your wallet. Instead, use that seed as a parent seed with a BIP85 index number to generate child seeds.

For example, you can assign an index like "0" to use as your desktop wallet, you can use index "1" to use as your mobile wallet, and so on. You have saved 2 seeds in one (parent seed).

Combining BIP85 + Passphrase

It's extremely important that you have come this far and fully understand how the passphrase and BIP85 work, otherwise you run the risk of doing something you may regret! This is where we start to add more complexity by bringing more security.

When adding a passphrase, the derived child seeds will be completely different due to the use of the passphrase, so if you are going to use a passphrase, you must save the parent seed, passphrase and the index number, otherwise you will not be able to derive the seeds derived by the original seed + passphrase.

Combining BIP85 by deriving a new child seed adds an extra layer of security with the passphrase, the generated child seeds will be fully protected by the passphrase. You can think of this as a second factor of authentication, so even if your parent seed is compromised, since your child seeds are protected by the passphrase, these child seeds will only be accessible if you have the combination: parent seed + passphrase + index number used.

In short...

Child seeds derived from the parent seed without passphrase = Anyone who has your parent seed has access to all child seeds derived from the parent seed through their index numbers. All the attacker can do is try to guess your child seed with a balance by trial and error or by using a computer to brute force it.

Child seeds derived from the parent seed with passphrase = Your parent seed, even if compromised, anyone who has your parent seed but not the passphrase, DOES NOT have access to the child seeds derived from your seed through BIP85 in conjunction with the passphrase, because to generate the same child seeds, both the parent seed + passphrase are needed and there is also the index number, in case the user used a completely random index number.

Disadvantages...

Unfortunately, despite being an incredible feature, it's present in few wallets, even in most hardware wallets it's not present, but you can use the iancoleman script and similar ones to run it offline and generate your child seeds.

It's very complex for beginners, so at least in my opinion, i do not encourage its use if you are a complete beginner, because despite the practicality and extra security provided, it can bring a big headache if you don't have enough knowledge and are not aware of the risks.

Some wallets that I am aware of that support BIP-85:

  • Coldcard
  • Passport
  • Bitbox02
  • SeedSigner DYM
  • Specter DIY
  • Airgap

There are more wallets that have such support, but i didn't mention them here for these reasons: i don't recommend them and/or I've never used them.

Have you ever used the BIP85? Do you think it adds any practicality to your setup?

Below i leave all the links I have gathered that address the subject.



https://github.com/bitcoin/bips/blob/master/bip-0085.mediawiki

https://bip85.com/

https://www.reddit.com/r/Bitcoin/comments/1bawk6a/tutorial_using_bip85_to_back_up_your_seeds/

https://bitcointalksearch.org/topic/m.64107683

https://airgapit.medium.com/secure-mnemonic-management-with-bip85-9af386159657

https://jirijakes.com/text/bip85/

https://www.reddit.com/r/BitcoinBeginners/comments/11sk6k6/help_me_better_understand_bip85/

https://guides.bitcoinsupport.com/guides/v/coldcard/more-features/bip-85-wallets
Jump to: