Hi all, At WizardSardine (where we’re building Liana wallet) we have been discussing an encryption scheme for descriptors for at least two years.
A few months ago Salvatore Ingala published on delvingbitcoin a clear scheme that matches our requirements. I have been working on implementing this scheme over the past few weeks and would like to share a draft implementations & BIP in order to collect feedback, remarks, and reviews. Draft BIP: https://github.com/bitcoin/bips/pull/1951 Rust implementation + CLI: https://github.com/pythcoiner/encrypted_backup A simple GUI using rust implem: https://github.com/pythcoiner/bed Salvatore delving post: https://delvingbitcoin.org/t/a-simple-backup-scheme-for-wallet-accounts **Open questions** - **Deterministic nonce:** Currently the nonce is generated randomly. Is it safe to produce a deterministic nonce, e.g. `hash("NONCE" || plaintext || key_1 || … || key_n)`, or are there known security concerns with this approach? - **Cipher choice:** I arbitrarily chose AES‑GCM‑256. Is this the best choice for this use case, or would another construction be preferable? - **Byte order:** All fields are defined to be encoded in big‑endian. Is there any reason to consider a different endianness? Any thoughts, suggestions, or references are welcome. Thanks, pyth -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/e0b1a14c74645e34c1b2e1d5bb1b60ea69dd6437.camel%40pythcoiner.dev.
