I gotta say, it's surprising how little info is out there about BIP-85. It's such a cool feature in the Bitcoin code that really helps those of us with multiple seeds since we often have to create new ones for different devices or situations.
A lot of folks use more than one recovery seed for different wallets or uses which just turns the backup process into a real hassle. While digging around online, I stumbled on this Reddit article that does a decent job explaining BIP-85, so I used it as my starting point and threw in some more technical bits.
BIP39 mnemonics hold a ton of data: a hex seed that creates the BIP32 root key (xpriv), letting you generate endless addresses from various paths, and with a passphrase, new BIP32 extended keys or child keys. Basically, BIP-85 is a function that mathematically derives new values like mnemonics, extended keys, WIF keys, and even passwords from your seed, serving as a parent or master seed. The seeds derived from it are totally unique and don’t connect to each other in any way; you can't use one child seed to figure out another derived seed, nor can they link back to the parent seed value. But you can always use the parent seed to recreate any of its derived seeds.
Just like your recovery seed consistently generates the same keys and addresses for a wallet, BIP-85 ensures your seed will always produce the same child seeds using an index number. Oh, and I should mention that nobody with only a child seed can...
I use the child SEED (generated from the master SEED on my Passport 2 which follows BIP 85 path) to feed my Tangem 2 wallet and find this to be very easy-to-handle as it eliminates the need for extra backup. The child SEED I use can be always restored from the master SEED ( backed up in the way described here) using either Passport2 or even iancoleman tool kept by airgapped Tails.
Besides, Passport 2 has a strong entropy source ( Avalanche diode), thus I trust both master and child Seeds as nothing else.
I must say that you've done a great job in your explanation, though I only understood to some extent. When trying to grasp/understand certain things that are related to Bitcoin, I always appreciate some kind of visual/graphical explanation, because it has really helped me in learning so many things. Aside that, here are my questions.
But, in as much as much as the parent seed happens to be very important, derived/child seeds exposure is a big risk to once wallet?.
I guess the second quoted text has answered my intial question already, so do you advice that passphrase should be used alongside the derived child seeds?.
I assume the current recovery seeds is used to recover the parent seed?,
And what if someone misplaces the current recovery seeds, how is the person going to go about making changes? and what will be the fate of those child seeds that has been generated?.
Original seed same as parent seeds right?.
I think I am interested in learning more about it, even though I won't be making use of the knowledge in real life practice anytime soon.
Just as i recommend using passphrases, it's ideal to generate child seeds using a passphrase, remembering that you can use a passphrase in the child seed as well, so you will have 2 passphrases in this case. However, for many people, this is a lot to maintain and the risk of losing one of the two can be high.
Or you can generate a child seed without a passphrase and use a passphrase in the child seed.
If you lose your current recovery seed that is used as the parent seed, as long as you still have access to the child seed generated by it somewhere physically or on a device saved as a wallet, you will still have access to the funds in this child seed wallet.
Or you can use this child seed as a new parent seed to generate new child seeds, remembering that child seeds are common seeds like any other, there is no differentiation cryptographically speaking.
Yes.
Moving this BIP85 conversation here, from another thread...
Yup! On the Krux github, they've posted a script for doing it, or I'm sure you could just write one (or edit theirs to suit your needs if you have something you're working on). Krux doesn't use anything proprietary. It's all open source.
Yes, I'm referring to BIP85.
Let's say this is your parent seed and passphrase:
You could use that as a wallet, of course. But let's say you use it as a parent seed instead, to generate child seeds to use for all kinds of things.
For example, using the above parent seed and passphrase, here's a pair of child seeds:
Why not use the 24 word seed phrase as the seed for a wallet, and use the text from the 12 word child seed as the passphrase for the wallet?
That's a 24 word seed phrase with a 12 word passphrase. Uncrackable. And both parts are backed up by a master key, which is the parent seed & passphrase.
And let's say you want to create an encrypted disk image, to secure some personal stuff, or some work documents. Use a child seed from your parent seed as a decryption key:
If you ever lose that passphrase / decryption key, you can get it back by using BIP85 with your parent seed & passphrase.
Obviously, this makes securing your parent seed and passphrase very important, but that goes without saying for any seed.
I think BIP85 is a mostly overlooked gem. It's easy to look at it and think "Ooh, deterministic seeds. Nice!" But a seed phrase is also text, which means it can be used for much more than just a seed phrase.
Here's another example: Let's say you have a device that, for whatever reason, only allows numbers to be used as a password.
No problem. Here's BIP85 index #5050 for that parent, as a standard Seed QR (the words are represented as numbers instead of plaintext).
Using a parent seed with BIP85 gives you a master backup for anything you could ever need a seed phrase or a strong passphrase for.
And, of course, everything needs to be documented for future reference so you'll know why you set everything up the way you did, and so you'll know how to get it all back if anything goes wrong, or if you just want to confirm something ("Did I make a mistake here? Both 'act' and 'actor' work to form the same checksum. Am I sure the correct word is 'act'?" Go back to your parent to confirm it by regenerating the child with the same index number. ("Yup. It's just 'act'. Good to know").
I especially like this for inheritance, because it creates a way for someone else, who gets the documentation, to rebuild everything manually in case anything goes wrong. "Here's the seed. Here's the passphrase. And if there's a problem, here's a more complicated way to prove the seed and the passphrase are correct."
P.S. Hopefully I didn't make any errors in my examples here. I just quickly rattled this off to further explain it. In real world use, when generating BIP85 child seeds, I like to doublecheck my work by using different devices that use different libraries. I tend to use Krux and a Blockstream Jade, or SeedSigner and a Jade, to doublecheck. I'm also a huge fan of testnet.
Because that last reply was from another thread... if anyone is interested, here's a quick recap / overview:
I. LOVE. BIP85.
I first heard about BIP85 a few years ago. As soon as I started testing it, it felt like a giant lightbulb lit up. It was like "Ah HA! This is incredible!!!"
Most people think of BIP85 as using a parent seed to generate child seeds.
Let's say you do multisig. You take a parent seed & generate 3 child seeds to use as the keys for your multisig. If you ever lose a key, you can get it back, using your parent seed with BIP85.
For example:
That's awesome. If you lose a key, you can always get it back by using your parent seed.
But I realized BIP85 can be used for so much more than that.
Because seed phrases are text - they're just words with a space between each word - you can use child seed phrases as passphrases or decryption-key text for anything.
Want to create an encrypted disk image with an uncrackable pecryption key? Use the text from a 12 word child seed phrase:
Maybe you don't want to use all 12 words for a passphrase? Just use the first 6, or the first 8, or whatever. Just make sure sure sure you document your work, so you'll always know how you set it up and why you set it up that way. Well, the why isn't necessary, but I like reminding myself why I set something up the way I did, for future reference.
Let's put it in context for use with a hardware wallet:
I use Krux.
Krux is free and open source firmware that runs on K210 devices, such as the Yahbook K210 visual module ($40 ish), or the WonderVM ($60 ish). Both of those are devices with a camera, 2 inch touchscreen, and no wifi or bluetooth. This makes them perfect for using as an airgapped hardware wallet.
Krux does BIP85, which makes generating child seeds easy. And did I mention airgapped?
Anything you could ever want a strong passphrase for... even if it has nothing to do with Bitcoin: use Krux to generate a QR for a child seed (choose "plaintext" to get the seed phrase as text, rather than as a seed QR, which is a more compact QR using numbers to represent the words).
Krux & BIP85 are a very powerful and surprisingly versatile combo.
That's good to know.
Using a child seed as a passphrase can be a good strategy, but BIP-85 allows deriving passwords with Base64 encoding... e.g: AwMJYOqM+ibwWt/s4BCcH.
However, most wallets that have implemented BIP-85 support only allow deriving child seeds, but BIP-85 also allows deriving WIFs, HEX, xpriv, and BIP-85 Passwords...
You can explore the features of BIP-85 Passwords here: https://bitcoiner.guide/seed/
Warning: Keep in mind that this is an online site, although it's open-source, and you can review what it does, unless you use it for your tests and playground, you should not use what this site generates as your seed or passwords!
What you can do is download the html file to use in an offline environment for greater security.
The only tool other than this that supports BIP-85 Passwords is Coldcard (MK4 or Q).
The site provided, as well as the encryption resources available through it, are safe as long as they are used in an offline environment, preferably with air-gapped for generating seeds, child seeds and BIP-85 passwords... preferably, use an existing seed, as the entropy generated by browsers' javascript is questionable, that is, it isn't good enough.
If I got it right what is meant here is the ability of device to generate the child seed from master SEED extended by passphrase, If this correct then Passport batch 2 also supports BIP-85 Passwords being the owner of this device I say this for certain. I utilize this feature to generate on passport 2the child SEED for my Tangem 2 which is used by me for on-the-go activity.
Yeah, I don't go anywhere near that. No way.
I know it's deterministic, and that's great, but I prefer using the text from 12 word child seeds as passphrases instead.
Imagine trying to write this down, by hand:
AwMJYOqM+ibwWt/s4BCcH
Now, imagine writing this:
core private bacon derive phone soon baby gun main local bench you
I love the simplicity of 12 words as easily readable text.
Good to know! I wasn't aware of that. Still, I'm going to stick with words, with a space between each word. as text. It's so easy and foolproof. But it's great to know what other options exist. Maybe I'll find a use for them someday. Even if I don't, I love learning about all of this stuff.
Krux supports BIP85 Base64 passwords too, but I don't use that feature. I only use BIP85 Mnemonics.
To be honest, I'm not convinced BIP85 Base64 passwords are a good idea. The point of BIP39 (the use of words to represent the numbers that generate xpub/xprv master keys) is to eliminate the errors that come with trying to write down meaningless strings of text. I say "meaningless" in the sense that this "305564451dba399e84433f865068547f" isn't meaningful to the eye, compared to "core private bacon" etc. One has characters that are easy to screw up. The other is made up of text where each word is meaningful, thus greatly reducing user error, and also making me wish I had some bacon. MMMmmm...
The use of words, instead of numbers or strings, reduces user error in many ways. I feel like BIP85 Base64 passwords re-creates the problem BIP39 was created to solve. That's my take, anyway.
If I go to the bitcoinhole website and I filter based on deterministic entropy (BIP-85) (on the top left and in the private keys portion), the site shows HW wallets supporting BIP85 to be: Jade, Jade Plus, Coldcard Mk4, Coldcard Q, Passport Batch 2, Passport Prime (not yet released), Bitbox02, SeedSigner, Specter DIY and Krux.
I thought only coldcard and seed.tools supported BIP-85 passwords, so Passport2 also has this feature? Thats great to know! I couldnt find anything about them announcing support for this feature.
However, there are services that will require you to register your passwords with specific criteria: lowercase and uppercase letters, special characters, and so on... In that case, what do you do? I use KeepassXC or Keepass2 to manage that for me.
All of these support BIP-85 for generating child seeds, but not for BIP-85 passwords like this set: KE2F23IB4STme9Xdx+5in.
However, as satscraper and Meuserna mentioned, it seems that both Krux and Passport2 also provide support for BIP-85 passwd.
You're absolutely right, that's a valid use for it.
I just fear that some folks will use it as a passphrase to secure their Bitcoin, and have it lead to disaster in the future.
They're either not going to back up their passphrase at all, or they'll make a mistake while writing it down, because writing down AwMJYOqM+ibwWt/s4BCcH opens up too many possibilities for errors.
But, sadly, most folks aren't going to realize they can use BIP85 child seeds as passphrases, because they're so stuck on the idea that it's a seed. Yeah, it's a seed, but it's also just text. Use it for any purpose.
The beauty of using BIP85 child seeds as plaintext passphrases is that if you also use a hardware wallet that generates QR codes, you can easily generate & scan your passphrase.
I use Krux for this. In fact, I use 2 Krux hardware wallets.
Krux A: Load the parent seed. Generate a 24 word child seed.
Krux B: Load the parent seed. Generate a 12 word child seed & display it as a plaintext QR.
Krux A: "Add a passphrase." Scan the QR on Krux B.
There's a SeedSigner fork that adds passphrase QR and display QR of a plaintext mnemonic (among other features), but I don't own 2 SeedSigners, so I haven't tried it yet. I tested it with one SeedSigner & a Krux. It's great.
That workflow goes like this:
SeedSigner: Load parent seed. Generate a 24 word child seed. Go back to the parent seed and generate a 12 word child seed.
Krux: Scan the 24 word child seed QR from SeedSigner. Add a passphrase by scanning the 12 word child seed as a plaintext QR on the SeedSigner.
The names in the list support BIP 85 but I noticed Electrum wasn't so I looked at their github. I don't know if it's rated higher in security but the devs probably decided BIP 85 wasn't needed or won't benefit Electrum. They're fine with the mnemonic way to recover wallets from seeds.
Use only when you are confident that you have learned it, you can test BIP-85 on the iancoleman website and understand the whole key generation scheme.
It's a tool recommended for offline use, but it works online too. Use the online version only for playground and exploring the utilities in it (like BIP-85). Never enter sensitive information on any online site, your computer may have spyware. You never know.
You're making altcoin posts you aren't using the forum for Development & Technical Discussion posts. If you're limit in cryptos broadens to trading you won't have to worry about BIP 85. As a beginner there's sizable study if you want to learn about BIPs it isn't easy.