-
@ c03rad0r
2025-03-15 07:52:55BIP-85 vs Hierarchically Deterministic wallets
Question
Please summarize the above BIP-85 for me. Whats the difference between this and the xpub based account derivation paths? How is address reuse with xpub based paths related to BIP-85 key derivation?
Hierarchical Deterministic (HD) Wallets (e.g., BIP32/BIP44/BIP49/BIP84)
- Single Entropy Source: All keys (xpub/xpriv) derive from one root seed (e.g., a BIP39 mnemonic).
- Hierarchical Structure: Keys are organized into accounts/chains (e.g.,
m/44'/0'/0'for Bitcoin legacy,m/84'/0'/0'for native SegWit). - Security Risk: If the root seed is compromised, all derived keys (past, present, and future) are exposed.
- Address Reuse: Reusing the same derivation path (e.g.,
m/84'/0'/0'/0/0) generates the same address repeatedly.
BIP-85 "Master Seed for Seeds"
- Generates Independent Entropy: From a single root seed, BIP-85 derives new, cryptographically isolated entropy for:
- New BIP39 mnemonics (12/24 words).
- WIF keys (e.g., for Bitcoin Core wallets).
- RSA/DICE keys, passwords, etc.
- Security Isolation: derived entropy is hardened via HMAC-SHA512. Compromising one derived seed does expose others or the root seed.
- Use Case: Manage multiple wallets (e.g., Bitcoin, Monero, GPG keys) with separate seeds from a single backup. For example:
m/83696968'/39'/0'/12'/0'→ 12-word BIP39 mnemonic (isolated from root).m/83696968'/2'/0'→ WIF key for Bitcoin Core.
Key Differences
| Feature | HD Wallets (BIP32/44) | BIP-85 | |------------------------|-------------------------------------------|------------------------------------------| | Root Dependency | All keys depend on the root entropy. | Generates new entropy per application. | | Security Scope | Single point of failure (root seed). | Compartmentalized; breaches are isolated. | | Output | Public/private keys (same entropy chain). | New seeds, mnemonics, or entropy. | | Backup Strategy | One for all keys. | One backup, but derived act like separate backups. |
Why BIP-85 Enhances Security
- No Shared Entropy: Unlike HD wallets, BIP-85-derived seeds are not mathematically linked to each other or the root. They’re hardened via HMAC-SHA512 to prevent reverse-engineering.
- Mitigates Address Reuse: By independent seeds, you avoid reusing the same address pool across wallets (e.g., using one seed for Lightning Network and another for cold storage).
Example Workflow
- Root Seed: Backup
abandon art ...(BIP39 mnemonic). - ive via BIP-85:
m/83696968'/39'/0'/24'/0'→ 24-word mnemonic for a hardware wallet.m/83696968'/707764'/32'/0'→ Base64 password for an exchange.- Security: If the exchange password is breached, your hardware wallet’s mnemonic remains secure.
In short, BIP-85 lets you compartmentalize security while maintaining a single backup, whereas HD wallets trade convenience for shared risk.
```mermaid flowchart TD subgraph "HD Wallets (BIP32/44/49/84)" RootSeed["Single Root Seed (Entropy)"] --> BIP32RootKey BIP32RootKey --> Account1["Account 1 (e.g., m/44'/0'/0')"] BIP32RootKey --> Account2["Account 2 (e.g., m/84'/0'/1')"] Account1 --> Address1A["Address A (m/44'/0'/0'/0/0)"] Account1 --> Address1B["Address B (m/44'/0'/0'/0/1)"] Account2 --> Address2A["Address X (m/84'/0'/1'/0/0)"] Account2 --> Address2B["Address Y (m/84'/0'/1'/0/1)"] style RootSeed fill:#f9f,stroke:#333 end
subgraph "BIP-85 Wallet" BIP85RootKey["Master Root Key"] --> HMAC["HMAC-SHA512 (bip-entropy-from-k)"] HMAC --> |"Truncated Entropy"| App1["BIP39 Mnemonic 1 (m/83696968'/39'/...)"] HMAC --> |"Truncated Entropy"| App2["WIF Key (m/83696968'/2'/...)"] HMAC --> |"Truncated Entropy"| App3["RSA Key (m/83696968'/828365'/...)"] App1 --> WalletA["Bitcoin Wallet"] App2 --> WalletB["Bitcoin Core Wallet"] App3 --> WalletC["GPG Key"] style BIP85RootKey fill:#f9f,stroke:#333 end RootSeed -.-> |"Same Initial Seed"| BIP85RootKey```