arno
/
trezor-firmware
mirror of https://github.com/trezor/trezor-firmware.git
1
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fc4b71ae06'
${ noResults }
trezor-firmware/docs/coins
History
Tomas Susanka fc4b71ae06
docs: coin paths final modifications (hopefully) 		6 years ago
..
README.md docs: coin paths final modifications (hopefully) 6 years ago
bitcoin-path-check.svg

README.md

BIP-44 derivation paths

Each coin uses BIP-44 derivation path scheme. If the coin supports normal derivation we use BIP-32. If not (because the underlying curve does not support it for example) we're using Stellar's SEP-0005. In a nutshell, these paths are derived using SLIP-0010 and have only three-part BIP-44 path 44'/c'/a'.

List of used derivation paths

coin curve getPublicKey getAddress sign derivation note
Bitcoin secp256k 44'/0'/a' 44'/0'/a'/y/i 44'/0'/a'/y/i BIP-32 6
Ethereum secp256k 44'/60'/0' 44'/60'/0'/0/i 44'/60'/0'/0/i BIP-32 1
Ripple secp256k - 44'/144'/a'/0/0 44'/144'/a'/0/0 BIP-32 2
Cardano ed25519 44'/1815'/a' 44'/1815'/a'/0/i 44'/1815'/a'/0/i Cardano's own3
Stellar ed25519 - 44'/148'/a' 44'/148'/a' SLIP-0010
Lisk ed25519 44'/134'/a' 44'/134'/a' 44'/134'/a' SLIP-0010
NEM ed25519 - 44'/43'/a' 44'/43'/a' SLIP-0010 4
Monero ed25519 44'/128'/a'5 44'/128'/a' 44'/128'/a' SLIP-0010

Paths that do not conform to this table are allowed, but user needs to confirm a warning on Trezor. For getPublicKey we do not check if the path is followed by other non-hardened items (anyone can derive those anyway). This is beneficial for Ethereum and its MEW compatibility, which sends 44'/60'/0'/0 for getPublicKey.

Notes

  1. We believe we should use 44'/60'/a' for Ethereum, because it is account-based, rather than UTXO-based. Unfortunately, lot of Ethereum tools (MEW, Metamask) do not use such scheme and set a = 0 and then iterate the address index i. Therefore for compatibility reasons we use the same scheme: 44'/60'/0'/0/i and only the i is being iterated.

  2. Similar to Ethereum this should be 44'/144'/a'. But for compatibility with other HW vendors we use 44'/144'/a'/0/0.

  3. Which allows normal derivation on ed25519.

  4. NEM's path should be 44'/60'/a' as per SEP-0005, but we allow 44'/60'/a'/0'/0' as well for compatibility reasons with NanoWallet.

  5. Actually it is GetWatchKey for Monero.

  6. It is a bit more complicated for Bitcoin-like coins. The following diagram shows how path should be validated for Bitcoin-like coins:

bitcoin-path-check