ElectrumSV and seed-based wallet restoration

Roger Taylor
Dec 19, 2019 · 8 min read

I have a memory of Craig Wright saying something like seeds were bad and people should just backup their wallet file — or something along those lines. At the time, I thought he was being a little extreme, but as time passes I have come to believe that the expectation that seeds can restore a wallet using only the blockchain and the wallet’s seed words, is a leftover fallacy from Bitcoin Core.

Bitcoin Core fallacies

You already know, or are soon going to be confronted with the first real open frontier of Bitcoin development — on Bitcoin SV. If you cling to the Bitcoin Core fallacies, you are probably going to have to write and maintain your own tools. Wallets and applications with any real future on Bitcoin SV cannot be designed around them.

Bitcoin addresses

If as a user you ever see a Bitcoin address, whatever you are doing is more than likely being done badly. If you ever have to use a QR code with a Bitcoin address in it, whatever you are doing is more than likely being done badly.

Addresses are something only developers should see, not users. No-one should ever have to type one in, nor should anyone have to visually compare them. And anyone who gets one that came from your wallet, who sends funds to it, shouldn’t expect you to receive them. In fact, this should be synonymous with flushing money down the toilet.

Bitcoin Core could only think in addresses, so they locked down the protocol so that every transaction could be represented by an address. Standard payments were simple P2PKH-based transactions which can be built around one kind of address. And multi-signature payments were P2SH-based transactions which can be built around another kind of address. In theory payments could be made as P2PK (which sends to a public key, not an address) and bare multi-signature which sends to a given set of public keys, but they were pointless and crippled respectively.

Moving forward ElectrumSV will never reuse an address, and will quarantine all unsolicited funds — or pedo coins as I call them.

The network is the source of truth

Because there was no payment infrastructure, there was an expectation that you could be paid on any address you ever gave out. So a wallet had to monitor all the addresses you might ever have used, and obtain any transactions for payments that others make to them whenever they happen.

For a long time, the way Electrum made a payment was:

  1. Send a payment. This created and signed a transaction paying to the specified address, and then broadcast it to the network. The wallet then no longer had the transaction, and had no idea which of it’s coins had been used to pay in it or any other broadcast transactions.
  2. Receive notification that one of it’s addresses had spend or receive activity. The wallet then went away and fetched the transactions it did not have, which generally meant the same ones that had been sent to the network and discarded seconds before!

If you’re making one payment at a time and not quickly enough to spend more coins before your wallet recovers from it’s forgetting the spend it just made, then this works kind of neatly. But it’s a very poor substitute for just keeping the transaction and building on that.

I haven’t used Electrum in a long time, but I hear it now has local transactions where you can sign transactions and track them and account for their spend coins, without broadcasting them into the mempool. ElectrumSV forked from Electrum when they got segwitted hard and deep, which was before those changes, but we’ve finally added our own local transaction support in our development branch.

As for monitoring all addresses you’ve ever possibly used, that’s something all Bitcoin SV wallets are, or should be moving away from.

Seed-based restoration

The way that seed-based restoration works is that eventually when you manage to guess the right derivation path, and you’ve found where your wallet usage was, the new wallet enumerates the receiving and change addresses. It keeps on enumerating addresses until it finds 20 consecutive addresses which have not been used in any transactions. At that point it considers the wallet fully restored.

The problem is, that unless your wallet is almost useless like Bitcoin Core wallets were, this can never work as Bitcoin SV wallets become more useful.

The limitations of seed-based restoration

Let’s look in a bit more detail why seed-based restoration will not work.

Wallets are no longer going to be a simple sequence of payments, instead they will have a variety of different usages within them. These include metanet usage — your own and by/with others, integration of unrelated keys that are not derived from your wallet master key, local transactions that have not been published.. and so on. There is no way to guarantee a wallet’s contents can be correctly or safely restored through just the seed words.

One way that has been bounced around for the past couple of years to make seed-based restoration work, is to publish the changes to the wallet state in some way to the blockchain. Then when the wallet is restored it first looks for all the published changes and restores from that. But this is a complicated additional system, and it is questionable if it is a good idea. While in the longer term ElectrumSV is open to supporting this, it has become somewhat less appealing for certain reasons.

Even if wallets continually published their changes on-chain, they couldn’t publish everything. An on-chain backup, even encrypted, may for instance be illegal. An example of this is personally identifiable information (PII), it is very useful to have this linked to your wallet in order to provide both functionality and an intuitive interface. If your on-chain backup has to discard this, among other things, then the seed based restoration can never be used for reliable backups. It is not possible to guarantee that an on-chain backup can contain all the wallet’s contents.

Future ElectrumSV usage

At this point you should realise that ElectrumSV can no longer support seed word based restoration, without choosing to stay a useless Bitcoin Core wallet that cannot do the interesting things happening and coming on the Bitcoin SV blockchain. But let’s look at how the wallet experience will change.

Creating a new wallet

We will no longer show or allow the user to copy down a seed when they create a wallet in ElectrumSV. The wallet creation process will instead just ask for a password and for it to be confirmed (unpassworded wallets will no longer be possible), and then the wallet will be created.

As far as I know ElectrumSV seed words do not work in other wallets, and never have. Other wallets use the broken BIP44 model, and Electrum realising that this had a lot of problems decided to do it’s own superior seed word approach. So all ElectrumSV seed words have ever been good for is restoring your wallet, and they won’t be good for that much longer.

Restoring an older wallet

We will of course allow people to import their seed words into an ElectrumSV wallet, and we will give the ability to scan the addresses. This will even eventually be superior to how it is currently done, but we will warn the user strongly that they should only be doing this for historical wallets, and even then it is risky.

Not only will it not restore things mentioned above like local transactions that were never broadcast, who sent a payment, or who a payment was sent to and so on, but it will also mix in potential pedo coins. Moving forward you will get all your payments peer to peer, and you will know what contact paid you because their identity (whether Paymail or on-chain) has signed for it. So if someone sends to one of your old addresses, you will never see it, and even if you scan the wallet and it is found it will be quarantined.

You should never accept funds you did not solicit and do not know the source of. One aspect of taking unsolicited funds that arrive in one of your addresses, is that they might have been sent to try and identify your other transactions. But what if the unsolicited coins have been used in darknet payments, perhaps by pedophiles, and have been blacklisted or marked in some way. The people involved get some of your addresses and a portion of the coins that are tainted, blasting them out to your addresses among others. Should you send them back? No. Just use a wallet that never sees them and don’t scan your addresses like a chump. If wallets blindly incorporate these coins with the rest of their funds, their user is participating in money laundering and washing any portion the criminals keep for themselves.

Let me reiterate. Using the existing seed-based wallet restoration, if you do not remember all your transactions, pedo coins are indistinguishable from any other payment and become part of your wallet.

Wallet backups

With seed-based restoration no longer being an option, our users will need ways to keep their wallets backed up. This is no problem, the simplest solution to begin with is to do regular wallet file backups. And we can even do simple incremental journaling of changes that have not been applied to the last file backup, so that every wallet change can be reapplied to that file if the need arises.

We should be able to provide an integrated backup system that makes the process as easy as setting it up when the wallet is created, and then it just runs in the background.

Summing up

With the Genesis upgrade, Bitcoin SV is no longer broken like Bitcoin Core and Bitcoin Cash are. People will be able to write smart contracts, and with the removal of the standard transaction rules, no longer be limited to P2PK, P2PKH, P2SH and bare multi-signature transactions. There will be no way to say for this sequence of keys these are the transactions I am looking for on the blockchain. It will be impossible for seed based restoration to work the way it currently does. It will simply fail to find your wallet activity.

Seed based restoration is broken. It was always broken, and the only way it can ever be fixed is if it does not work the way it currently does. ElectrumSV may in the longer term implement the new seed based restoration that does not scan keys or addresses, but it involves a lot of work and it may not even be possible.

If at this point you are still asking why you can’t keep it working the way it is forever, good luck with your pedo coins and the broken wallet experience you will get, I guess..

Next, you can read about the cost of seed-based wallet recovery.

Roger Taylor

Written by

ElectrumSV developer

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade