Transcript for #bitcoin-dev 2017/05/14

18:55 corinrose is there any reason we cant use bip32 nmemonics to sign transactions in the same way that someone inputs their credit card number to send a payment?
18:56 arubi corinrose, bip32 doesn't have mnemonics at all
18:56 arubi that's bip39
18:56 corinrose oh yeah my bad i meant bip39
18:56 arubi bip39 doesn't know about signing, just creating seeds
18:58 corinrose well yeah but you can use that seed to generate an hd wallet
18:58 arubi that's bip32, but it doesn't deal with signing either
18:59 corinrose uh huh, but with a generated wallet you have a bunch of keypairs you can use to sign transactions
18:59 arubi but you need a specific keypair to sign a specific input
19:00 arubi that's not something you generate on the fly, you need to keep that somewhere
19:00 arubi like a wallet
19:01 arubi signing process itself is well defined, and only the hashing part of it involves bitcoin stuff at all
19:01 arubi the math itself doesn't know you're sending coins around :)
19:02 corinrose but you can scan for available balances when you re-generate a HD wallet, right? so if someone wanted to lets say pay someone else 5 btc, they input their bip39 nmemonic, some client side js generates a seed, uses that to generate an hd wallet, looks for adresses with available blances that add up to 5 btc (or a bit more with change) and signs those as inputs
19:03 corinrose im noobish so i could be missing something but wouldnt that work?
19:03 arubi why not keep it simple and just do all the generation and signing yourself?
19:04 arubi someone expects a payment from you? let them give you an address, and your job is to fund it with enough balance to cover a purchase
19:04 arubi the shouldn't care which keys signed it, or which transactions paid to it. only that their balance is now enough for clearance
19:05 arubi they*
19:05 arubi if services start implementing anything different than that (and seems like they already do to some extent), then bitcoin isn't doing very well
19:08 corinrose im a little confused. what im suggesting is essentially using a bip39 mnemonic as a master key to your wallet. that way the only time your private keys exist to be stolen is when they're being generated on the fly to sign a transaction, after which they go away. i feel like that would be a lot simpler for the average user
19:08 arubi bip39 mnemonics are already used as seeds for your wallet
19:09 arubi but you don't have to enter it every time you use the wallet
19:09 arubi it's actually working better than you're suggesting already
19:10 arubi and also, wallets try to minimize that point where your keys can be stolen to 0 by not letting keys leave the wallet
19:26 corinrose yeah, im suggesting a completely different system where a user doesnt really have a wallet. itd work more like a credit card. you have a balance which you can check (just with your extended public key), and in order to send a payment you enter your nmemonic and the service does all the generating and signing for you. so then, your private keys dont even exist until when theyre being used and then theyre gone
19:26 corinrose so what that means is that web wallets are suddenly not anywhere near the security risk they are now
19:27 corinrose no ones storing your keys for you so you actually own your bitcoin, but you still can go onto a website to make a payment to anyone you want without having to transmit any of your information anywhere, other than the actual transaction itself onto the bitcoin network
19:38 arubi corinrose, that's not how bitcoin transactions work. it's actually a lot simpler than that. there doesn't need to be context in key generation to making payments. it's really a lot better that way
19:40 arubi since you can't really sign with an extended public key, I'm not sure what you mean. I think if you write up something more formal then it'll be easier to go through. right now you mostly keep rephrasing it with longer and longer sentences
19:44 corinrose you're right i should write something more formal up but let me try one more time. what im picturing is a website where you have a watch only wallet that uses your extended public key to keep track of your balance. theres no harm in storing that information centrally cause so what if someone hacks it. then when you want to pay someone, you enter their address, the amount you want to pay, and your nmemonic, and some client si
19:44 corinrose money, creates a transaction, and broadcasts it to the network
19:45 arubi what if someone hacks it and then follows your transactions around?
19:46 arubi they can't steal your money, but you're out of privacy forever if they get the master public key
19:46 arubi why not... never keep your keys, public or private on a website online, and just use a wallet?
19:47 arubi why enter a mnemonic when you can enter a password or a pin code on a wallet you own and control?
19:47 arubi why this whole back and forth of using an online 3rd party service to enter a 24 word mnemonic just so they can have your keys to sign for you?
19:47 arubi signing isn't hard even to a calculator
19:50 corinrose okay yeah thats valid i hadnt thought of that, but the website doesnt NEED to keep track of the public keys either. i think for the average person this would be more appealing and safer than keeping a wallet, at least with the current wallet tech we have. but i see what you mean, im just trying to flesh out an idea ive been thinking about
19:51 corinrose but the main thing im thinking about is usability, not for the current average bitcoin user but for the average human
19:51 arubi corinrose, if you have a smartphone, you should try "mycelium testnet"
19:51 arubi see what a wallet is like, it doesn't need a website to work, and it's a lot easier that what you're suggesting
19:56 corinrose i generally use electrum on my desktop, and im familiar with how wallets work. the thing is a lot of users are using web wallets these days whether they're safe or not just because they're lazy or bad with computers or any number of reasons. yes a desktop wallet is just objectively better, but i think if people are gonna be using web wallets anyway, they might as well have less risk, which i think this would accomplish maybe
19:56 corinrose desktop or smartphone wallet i should say
19:56 arubi you're not suggesting less risk by sharing private keys with a 3rd party service
19:57 corinrose when are you sharing private keys? all of the crypto is done client side, the only thing that ever gets shared is the transaction itself (and i was thinking the xpubkey but you're right that thats a bad idea)
19:57 arubi why do that at all then?
19:58 corinrose im not sure what you mean, do what?
19:58 arubi if you're signing locally, at what point and for what purpose do you need to share the details with anyone else in the first place?
19:59 corinrose you dont, im not suggesting you do
20:00 arubi "if people are gonna be using web wallets anyway"..
20:00 arubi web wallets sign for you, or don't they?
20:01 arubi so what I figured is that you're suggesting using a web wallet that just knows the master public key, and not the private keys
20:01 arubi but then, why bother?
20:04 arubi anyway, maybe it's the time and I'm too tired to follow :). night corinrose, cya around
20:04 corinrose thanks for hearing me out, ill try to formalize my thoughts, night! :)