BIP85: Add Codex32 as application 93' #1958

pull BenWestgate wants to merge 1 commits into bitcoin:master from BenWestgate:codex32 changing 1 files +240 −2
  1. BenWestgate commented at 11:40 pm on September 7, 2025: none

    This allows wallets to derive codex32 secrets and codex32 shares from BIP-0032 master keys.

    Summary of changes

    Rationale

    • Mirrors the existing BIP-85 application for BIP-39.
    • Codex32 offers error correction, hand verification, identifiers, and secret sharing improvements vs BIP-39.
    • Deterministic generation produces auditable backups by avoiding reliance on local RNG, helping users who distrust device entropy.

    Specification

    • Adds Application 93’ to BIP-0085 using derivation path:
    0m/83696968'/93'/{hrp}'/{threshold}'/{n}'/{byte_length}'/{id0}'/{id1}'/{id2}'/{id3}'/{index}'
    • Uses the BIP-85 DRNG
    • Unspecified identifiers default to BIP-32 master seed fingerprint

    Tests Reference tests and new vectors are included in the reference implementation: https://github.com/ethankosakovsky/bip85/compare/master...BenWestgate:bip85:master

    Mailing List Discussion: https://groups.google.com/g/bitcoindev/c/--lHTAtq0Qc

    Status Ready for editorial review. This change is additive and does not modify existing BIP-85 behaviour.

  2. jonatack added the label Proposed BIP modification on Sep 8, 2025
  3. jonatack added the label Pending acceptance on Sep 8, 2025
  4. BenWestgate force-pushed on Sep 8, 2025
  5. BenWestgate marked this as a draft on Sep 8, 2025
  6. doc: Add codex32 application (93') to BIP-0085 6defa98018
  7. BenWestgate force-pushed on Sep 8, 2025
  8. BenWestgate marked this as ready for review on Sep 8, 2025
  9. BenWestgate renamed this:
    Add Codex32 (BIP-0093) as application 93' to BIP-0085
    BIP85: Add Codex32 application 93'
    on Sep 9, 2025
  10. BenWestgate renamed this:
    BIP85: Add Codex32 application 93'
    BIP85: Add Codex32 as application 93'
    on Sep 9, 2025
  11. akarve commented at 6:47 pm on September 10, 2025: contributor
    Documenting recent discussions: @BenWestgate Please see my mailing list comments to your thread with suggestions and simplifications (path, byte extraction, idx, etc.). Regarding 1.4.0 the main thing is we want to warrant full compatibility (all features) up to the prior version and (just saw you reopened 68) a PR to the 1.3.0 client is probably the easiest way to achieve that. Lmk if anything is unclear.
  12. BenWestgate commented at 3:24 pm on September 12, 2025: none

    Documenting recent discussions: @BenWestgate Please see my mailing list comments to your thread with suggestions and simplifications (path, byte extraction, idx, etc.). Regarding 1.4.0 the main thing is we want to warrant full compatibility (all features) up to the prior version and (just saw you reopened 68) a PR to the 1.3.0 client is probably the easiest way to achieve that. Lmk if anything is unclear.

    1.3.0 client seems to deeply expect not more than two path parameters before the bip85 index.

    To make our akarve/bipsea PR as simple as possible, we need to consolidate hrp, threshold, n, byte_length and identifier paths into two. There’s plenty of space.

    There’s a few ways to do this, if you have a favorite or one that immediately stands out as obvious let me know, otherwise I’ll try a few until I like how it looks.

    I think `m/83696968’/93’/{hrp}’/{cat({n} {threshold} {byte_length}}’/{index}’

    hrp is alone as it’s unknown how many future human-readable prefixes there may be.

    n will always be ‘‘1’’ through ‘‘31’’, t ‘‘0’’, or ‘‘2’’ through ‘‘9’’, byte_length ‘‘16’’ through ‘‘64’’. So we can decimal concatenate them with the max value being: 31 9 64 -> 31964’

    I’m thinking the identifier could be the bech32 encoding of the index, as the purpose of incrementing the index is to get new seeds, and BIP93 says “…the identifier SHOULD be distinct for all master seeds the user may need to disambiguate.”

    index = 0 -> identifier = qqqq, index = 1 -> identifier qqqp, and so on. A particular identifier can be selected by converting it to an integer {index} once index reaches 32^4, it can fall back to the default BIP-0032 fingerprint.


BenWestgate akarve

Labels
Proposed BIP modification Pending acceptance

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bips. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-09-13 09:10 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me