Pages:
Author

Topic: Ian Coleman BIP39 / Derive P2SH addresses from Electrum generated Seed (Read 799 times)

newbie
Activity: 8
Merit: 10
The method you used obviously works, but it's generally not recommended.

If you're going to use this method to store your funds there are some factors of which you should make note.  Since you're relying on a specific piece of software to decipher the correct derivation path, it's a good idea to make sure you always have a verified version stored locally.  You should also make backups of your wallet files and store them on another device.  Another pitfall is if you do lose all your backups and have to restore the wallet from the seed phrase several years from now, are you going to remember the steps you took?  You may want to include instructions for yourself and store them with the seed phrase, in case you forget.

If your goal is to have multiple desktop wallets, of different address types, that are all backed-up by one seed, you are probably better off starting with a Bip39 phrase.  The advantage is you can always restore it with many desktop clients or hardware wallets, and they'll be able to determine the correct derivation path without all fuss.  And of course, that includes Electrum.

All good, never stored funds on an Electrum generated wallet and not planing to do so, I just wanted to know how to do all of this out of curiosity. By now I'm using hardware wallets only and also keep my seeds safe in a unqiue way. I already donated to everyone years ago, learned the hard way how important the things you mentioned are. Btw, really appreciate the way you and everyone else is generously helping and answering questions in here!

Actually, you can use iancoleman without changing the source code.
All you need to do is to get your wallet's master private key and click the right options.

As the final goal of all this was to be able to bruteforce a wrong word of an incorrectly remembered 12 word seed phrase created by Electrum, while only knowing the incorrect seed and one correct address, I theoretically wasn't allowed to use the master private key. That's why I needed to go the long way of editing the source code.

Short answer: Electrum seed phrases and BIP39 seed phrases differ in the way they handle passphrases. Since you are entering the seed phrase as a BIP39 phrase, you use the BIP39 method, which uses the word "mnemonic" rather than the word "electrum".

Longer answer: When your seed phrase is used to generate your private keys, the first step is to pass it through a key stretching function called PBKDF2. The PBKDF2 function used has two input parameters. The first input parameter is your seed phrase. The second input parameter for BIP39 seeds is the word "mnemonic" concatenated with your passphrase. You can see this in lines 810 and 811 of the Electrum code here: https://github.com/spesmilo/electrum/blob/9d0bb295e6f55a2bff9f5b6770fa744c16af6e8a/electrum/keystore.py#L810.

Conversely, when using Electrum seeds, instead of using the word "mnemonic", it instead uses the word "electrum" concatenated with your passphrase. See line 164 here: https://github.com/spesmilo/electrum/blob/a0b096dcb2292c2826f7beae173c529d335142f0/electrum/mnemonic.py#L164.

Even although your seed was generated by Electrum, since we are using it as an (invalid) BIP39 seed we need to follow the BIP39 method. This will hold true even if you don't use a passphrase, as the word "mnemonic" will still be used as an input for PBKDF2, just without any additional characters attached.



I would echo DireWolfM14's warning above, though. This is a very non standard way to generate a wallet, and you could run in to serious problems down the line trying to recover it. If you want a P2WPKH-P2SH wallet in Electrum, then the best method is to generate a BIP39 phrase elsewhere and import it.

Got it, thanks again!
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
-snip-
If @21sats used only step 1, he already has native segwit right?, step 4 must be select P2WPKH not P2WPKH nested in P2SH
another way if @21sats select legacy in begining, must be select BIP 32 to same with electrum legacy address
As per the first quoted post, 21sats forcibly used a SegWit Electrum seed phrase to create a P2SH-SegWit wallet.
Click the 1st quote in my previous reply to see the full post with the "same steps you've (21sats) mentioned".

He wanted to restore the same address using iancoleman (actually looking for the correct code to edit).
Since the issue was solved by the link, I just gave him a method to use iancoleman to restore those "P2WPKH nested in P2SH"
addresses without editing anything.
legendary
Activity: 2268
Merit: 18748
21sats isn't actually creating an Electrum SegWit or Legacy wallet though. He is talking about going through the motions of doing that just so Electrum will generate a seed phrase for him. He then takes that seed phrase and restores a wallet with it, forcing it through as an invalid BIP39 phrase to create a nested SegWit wallet.

nc50lc's instructions are correct if OP has access to his master private key, with with caveat being that it is better to back up a seed phrase than it is a master private key.

The whole set up is still very suboptimal though. Better to just use a valid BIP39 seed.
legendary
Activity: 2366
Merit: 2054
Follow these steps:
  • 1. (skip if you have the wallet) Restore your Electrum wallet using the seed and the same steps you've mentioned.
  • 2. Open console tab (View->Show Console) and type getmasterprivate().
  • 3. Copy the master private key (yprv) and paste to iancoleman's "BIP32 Root Key".
  • 4. Select BIP141 tab and select "P2WPKH nested in P2SH" in the 'Script Semantics' drop-down menu.
  • 5. Check the addresses, it should be the same as Electrum's.
If @21sats used only step 1, he already has native segwit right?, step 4 must be select P2WPKH not P2WPKH nested in P2SH

another way if @21sats select legacy in begining, must be select BIP 32 to same with electrum legacy address
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
Initial Electrum wallet is segwit. I think I forced it through as an invalid BIP39 seed phrase cause the checksum=failed but I was still able to proceed.

Those are the exact steps I took in Electrum:
-snip-
Quote from: 21sats
Addresses didn't match the Electrum derived addresses so I tried with the latest version.
Actually, you can use iancoleman without changing the source code.
All you need to do is to get your wallet's master private key and click the right options.

Follow these steps:
  • 1. (skip if you have the wallet) Restore your Electrum wallet using the seed and the same steps you've mentioned.
  • 2. Open console tab (View->Show Console) and type getmasterprivate().
  • 3. Copy the master private key (yprv) and paste to iancoleman's "BIP32 Root Key".
  • 4. Select BIP141 tab and select "P2WPKH nested in P2SH" in the 'Script Semantics' drop-down menu.
  • 5. Check the addresses, it should be the same as Electrum's.
legendary
Activity: 2268
Merit: 18748
Is this also used together with trezor/ledger passphrases or any other known wallets?
Trezor and Ledger seed phrases and any optional passphrases follow the standard BIP39 protocol, i.e. using the word "mnemonic". This is also true of pretty much every other hierarchical deterministic wallet which exists these days. Electrum is pretty much the only one which has its own method for generating seed phrases.

If you want to read more in depth as to how seed phrases are combined with passphrases to generate your wallet, have a read of this: https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc#from-mnemonic-to-seed
jr. member
Activity: 87
Merit: 5
Short answer: Electrum seed phrases and BIP39 seed phrases differ in the way they handle passphrases. Since you are entering the seed phrase as a BIP39 phrase, you use the BIP39 method, which uses the word "mnemonic" rather than the word "electrum".

Longer answer: When your seed phrase is used to generate your private keys, the first step is to pass it through a key stretching function called PBKDF2. The PBKDF2 function used has two input parameters. The first input parameter is your seed phrase. The second input parameter for BIP39 seeds is the word "mnemonic" concatenated with your passphrase. You can see this in lines 810 and 811 of the Electrum code here: https://github.com/spesmilo/electrum/blob/9d0bb295e6f55a2bff9f5b6770fa744c16af6e8a/electrum/keystore.py#L810.

Conversely, when using Electrum seeds, instead of using the word "mnemonic", it instead uses the word "electrum" concatenated with your passphrase. See line 164 here: https://github.com/spesmilo/electrum/blob/a0b096dcb2292c2826f7beae173c529d335142f0/electrum/mnemonic.py#L164.


Is this also used together with trezor/ledger passphrases or any other known wallets?
legendary
Activity: 2268
Merit: 18748
Short answer: Electrum seed phrases and BIP39 seed phrases differ in the way they handle passphrases. Since you are entering the seed phrase as a BIP39 phrase, you use the BIP39 method, which uses the word "mnemonic" rather than the word "electrum".

Longer answer: When your seed phrase is used to generate your private keys, the first step is to pass it through a key stretching function called PBKDF2. The PBKDF2 function used has two input parameters. The first input parameter is your seed phrase. The second input parameter for BIP39 seeds is the word "mnemonic" concatenated with your passphrase. You can see this in lines 810 and 811 of the Electrum code here: https://github.com/spesmilo/electrum/blob/9d0bb295e6f55a2bff9f5b6770fa744c16af6e8a/electrum/keystore.py#L810.

Conversely, when using Electrum seeds, instead of using the word "mnemonic", it instead uses the word "electrum" concatenated with your passphrase. See line 164 here: https://github.com/spesmilo/electrum/blob/a0b096dcb2292c2826f7beae173c529d335142f0/electrum/mnemonic.py#L164.

Even although your seed was generated by Electrum, since we are using it as an (invalid) BIP39 seed we need to follow the BIP39 method. This will hold true even if you don't use a passphrase, as the word "mnemonic" will still be used as an input for PBKDF2, just without any additional characters attached.



I would echo DireWolfM14's warning above, though. This is a very non standard way to generate a wallet, and you could run in to serious problems down the line trying to recover it. If you want a P2WPKH-P2SH wallet in Electrum, then the best method is to generate a BIP39 phrase elsewhere and import it.
newbie
Activity: 8
Merit: 10
Right. In that case, in the instructions that HCP laid out in the post you linked to (https://bitcointalksearch.org/topic/m.24316954), you should ignore the second step of changing the word "mnemonic" to "electrum". Since you've done that already, change it back and reload your copy of iancoleman.

Enter your Electrum seed, and then select "BIP49" under Derivation Path. The addresses should now match those that show up in your Electrum wallet.

Wow, worked like a charm! Thanks for the help. High possibility that I won't get the explanation but why did I have to ignore the second step?
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
The method you used obviously works, but it's generally not recommended.

If you're going to use this method to store your funds there are some factors of which you should make note.  Since you're relying on a specific piece of software to decipher the correct derivation path, it's a good idea to make sure you always have a verified version stored locally.  You should also make backups of your wallet files and store them on another device.  Another pitfall is if you do lose all your backups and have to restore the wallet from the seed phrase several years from now, are you going to remember the steps you took?  You may want to include instructions for yourself and store them with the seed phrase, in case you forget.

If your goal is to have multiple desktop wallets, of different address types, that are all backed-up by one seed, you are probably better off starting with a Bip39 phrase.  The advantage is you can always restore it with many desktop clients or hardware wallets, and they'll be able to determine the correct derivation path without all fuss.  And of course, that includes Electrum.
legendary
Activity: 2268
Merit: 18748
Right. In that case, in the instructions that HCP laid out in the post you linked to (https://bitcointalksearch.org/topic/m.24316954), you should ignore the second step of changing the word "mnemonic" to "electrum". Since you've done that already, change it back and reload your copy of iancoleman.

Enter your Electrum seed, and then select "BIP49" under Derivation Path. The addresses should now match those that show up in your Electrum wallet.
newbie
Activity: 8
Merit: 10
Can you clarify first of all how you created the Electrum wallet? Electrum will not allow you to generate a P2WPKH-P2SH wallet - you can only restore such a wallet. Further, you can not restore such a wallet from an Electrum generated seed phrase unless you force the seed through as an invalid BIP39 seed phrase. Are these the steps you took? Was the initial Electrum wallet you create legacy or segwit?

Initial Electrum wallet is segwit. I think I forced it through as an invalid BIP39 seed phrase cause the checksum=failed but I was still able to proceed.

Those are the exact steps I took in Electrum:

Chose a new wallet name, next.
Standard wallet, next.
Create a new seed, next.
Segwit, next.
Copied the generated seed.
Aborted the process, restarted electrum.

Chose a new wallet name, next.
Standard wallet, next.
I already have a seed, next.
Pasted the seed, clicked options.
Check marked BIP39 seed, ok, next.
Chose p2sh-segwit(p2wpkh-p2sh), next.
Chose Password, done.


legendary
Activity: 2268
Merit: 18748
Can you clarify first of all how you created the Electrum wallet? Electrum will not allow you to generate a P2WPKH-P2SH wallet - you can only restore such a wallet. Further, you can not restore such a wallet from an Electrum generated seed phrase unless you force the seed through as an invalid BIP39 seed phrase. Are these the steps you took? Was the initial Electrum wallet you create legacy or segwit?
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
Meaning as the IanColeman tool views every seed put into it as a 100% standard BIP39 seed there is no way it will derive the correct addresses from the Electrum seed as it gives wrong information due to its different structure?

Correct.  Again, I'm not a good technical resource, but as I understand it when Electrum creates a seed the order or selection of specific words creates a checksum for Electrum to use as an additional piece of information for address determination.

Other wallets don't include that piece of code, it's specific to Electrum.


Edit: Is there a way to show the exact derivation path to a specific address in the Electrum wallet? I know I chose m/49'/0'/0' when generating but im curious if it really ended up beeing this path. Tried wallet.keystore.derivation in the Electrum console but this didn't work.

Not that I know of.  The information may exist in the wallet file but I don't know of any way to find that information through the GUI frontend.  I'm not aware of any console command that will provide the information either.  Another thing to keep in mind, I don't believe Electrum's seed generator will create a seed specific to Bip49 standard, only Bip44 (legacy) and Bip84 (native segwit.)
newbie
Activity: 8
Merit: 10
From what I've learned about Electrum, it uses it's own standard to generate seed phrases.  Although it may be based on Bip39, it's not 100% compatible with Bip39.  I'm not the right guy to divulge the technical details, but I believe Electrum includes a checksum that helps the software determine if the seed is for a legacy wallet, or a native segwit wallet.

The only way I know of to generated p2sh addresses using an Electrum generated seed is to trick the software into believing it's a Bip39 seed.  The more common method for generating p2sh addresses is by using an actual Bip39 seed, like one that was generated by Ian Coleman's tool or a hardware wallet.

Meaning as the IanColeman tool views every seed put into it as a 100% standard BIP39 seed there is no way it will derive the correct addresses from the Electrum seed as it gives wrong information due to its different structure?

Edit: Is there a way to show the exact derivation path to a specific address in the Electrum wallet? I know I chose m/49'/0'/0' when generating but im curious if it really ended up beeing this path. Tried wallet.keystore.derivation in the Electrum console but this didn't work.
newbie
Activity: 8
Merit: 10
You can easily have a seed phrase generating same p2wpkh-p2sh addresses in Electrum and iancoleman without any need to change the source code. (Maybe I am missing something?)
Go to iancoleman. Select BIP49.

https://i.imgur.com/q09RZiG.jpg

Generate a seed. iancoleman will give you some p2wpkh-p2sh addresses.

Then go to Electrum. Create a new wallet. Select "Standard Wallet" and then "I already have a seed". Enter the seed phrase generated by iancoleman. Don't forget to click on  "options" and check "BIP39".
Click on "next" and select "p2wpkh-p2sh" as the "script type". Electrum will give you same addresses.


Yep in this direction it's working properly for me too, Seed generated by Iancoleman shows same addresses when entered in Electrum.
But a seed generated by Electrum (non standard mnemonic) entered in iancoleman dosen't show the same addresses.

The source code edit is needed because the tool will give "Invalid mnemonic" error if we try to put in the Electrum generated seed.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
From what I've learned about Electrum, it uses it's own standard to generate seed phrases.  Although it may be based on Bip39, it's not 100% compatible with Bip39.  I'm not the right guy to divulge the technical details, but I believe Electrum includes a checksum that helps the software determine if the seed is for a legacy wallet, or a native segwit wallet.

The only way I know of to generate p2sh addresses using an Electrum-generated seed is to trick the software into believing it's a Bip39 seed.  The more common method for generating p2sh addresses is by using an actual Bip39 seed, like one that was generated by Ian Coleman's tool or a hardware wallet.
legendary
Activity: 2380
Merit: 5213
You can easily have a seed phrase generating same p2wpkh-p2sh addresses in Electrum and iancoleman without any need to change the source code. (Maybe I am missing something?)
Go to iancoleman. Select BIP49.



Generate a seed. iancoleman will give you some p2wpkh-p2sh addresses.

Then go to Electrum. Create a new wallet. Select "Standard Wallet" and then "I already have a seed". Enter the seed phrase generated by iancoleman. Don't forget to click on  "options" and check "BIP39".
Click on "next" and select "p2wpkh-p2sh" as the "script type". Electrum will give you same addresses.

newbie
Activity: 8
Merit: 10
Quote
Quoting for images.
Thanks!  Smiley
hero member
Activity: 1659
Merit: 687
LoyceV on the road. Or couch.
Pages:
Jump to: