[bitcoindev] [BIP Draft] Bitcoin Encrypted Backup

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: pyth <pyth@pythcoiner•dev>
To: bitcoindev@googlegroups.com
Subject: [bitcoindev] [BIP Draft] Bitcoin Encrypted Backup
Date: Thu, 04 Sep 2025 08:58:57 +0200	[thread overview]
Message-ID: <e0b1a14c74645e34c1b2e1d5bb1b60ea69dd6437.camel@pythcoiner.dev> (raw)

Hi all,

At WizardSardine (where we’re building Liana wallet) we have been
discussing an encryption scheme for descriptors for at least two years.

A few months ago Salvatore Ingala published on delvingbitcoin a clear
scheme that matches our requirements.  
I have been working on implementing this scheme over the past few weeks
and would like to share a draft implementations & BIP in order to
collect feedback, remarks, and reviews.

Draft BIP: https://github.com/bitcoin/bips/pull/1951
Rust implementation + CLI:
https://github.com/pythcoiner/encrypted_backup
A simple GUI using rust implem: https://github.com/pythcoiner/bed
Salvatore delving post:
https://delvingbitcoin.org/t/a-simple-backup-scheme-for-wallet-accounts

**Open questions**

- **Deterministic nonce:** Currently the nonce is generated randomly.
Is it safe to produce a deterministic nonce, e.g. `hash("NONCE" ||
plaintext || key_1 || … || key_n)`, or are there known security
concerns with this approach?  
- **Cipher choice:** I arbitrarily chose AES‑GCM‑256. Is this the best
choice for this use case, or would another construction be preferable?
- **Byte order:** All fields are defined to be encoded in big‑endian.
Is there any reason to consider a different endianness?

Any thoughts, suggestions, or references are welcome.

Thanks,  
pyth  

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups•com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/e0b1a14c74645e34c1b2e1d5bb1b60ea69dd6437.camel%40pythcoiner.dev.

                 reply	other threads:[~2025-09-04  9:27 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e0b1a14c74645e34c1b2e1d5bb1b60ea69dd6437.camel@pythcoiner.dev \
    --to=pyth@pythcoiner$(echo .)dev \
    --cc=bitcoindev@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox