Going from BIP39 (mnemonic) to BIP32 (public/private keys)

Question

I'm looking to develop some code, that creates Bitcoin private and public keys from a mnemonic. My current understanding of this process is:

entropy > nmemonic > seed > public/private keys > public address

I am using Trezor's nmemonic library and moneywagon in my code.

import string
from random import SystemRandom, randrange
from binascii import hexlify, unhexlify
from moneywagon import generate_keypair
from mnemonic import mnemonic

def gen_rand():
    foo = SystemRandom()
    length = 32
    chars = string.hexdigits
    return ''.join(foo.choice(chars) for _ in range(length))

mnemo = mnemonic.Mnemonic('english')

entropy = gen_rand()
# entropy = '00000000000000000000000000000000'

words = mnemo.to_mnemonic(unhexlify(entropy))
seed = hexlify(mnemo.to_seed(words, passphrase='apassphrase'))
address = generate_keypair('btc', seed)

print(words)  
print(seed)
print(address['public']['address'])
print(address['private']['hex'])

If you comment out the above entropy line, and run the code, you get:

abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about
b'05de15fb96dc0ab9f03c9d411bf84c586c72e7c30bddd413a304896f9f994ea65e7fcafd2c6b796141e310850e5f30b6abc2e6aec79a8ff81f4ba38fde81c403'
15GyM1xxxxxxxxxxxxxxxxxxxxxxTXrrvG
8ede10xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxcae501

My problem is none of this is reflected in iancoleman.io/bip39 or bip32jp.github.io for generating mnemonic codes and public/private keys.

Where am I going wrong?

moneywagon lib doesn't support BIP32. BIP32 defines how to generate private keys from seed, but moneywagon uses its own method (sha256 from seed). BIP32 derives private keys in more complex way. — Zergatul, Jan 22 '19 at 12:12
@zergatul would they generate the same outputs from the same inputs? — Robert Johnstone, Jan 22 '19 at 15:11
Yes, BIP32 generates the same addresses from the same inputs — Zergatul, Jan 22 '19 at 15:15

score 1 · Accepted Answer · answered Jan 27 '19 at 19:44

Both sites generate the same seed as you, given your mnemonic:

abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about

Also https://bip32jp.github.io/english/ gives this specific mnemonic given your forced entropy of

entropy = '00000000000000000000000000000000'

(you have to choose base 16 encoding, since your call to unhexlify interprets this string as such)

The first site https://iancoleman.io/bip39/#english seems to heuristically determine the string encoding for the entropy and recognising it as binary. This yields consequently to another result.

The values for

address['public']['address']
address['private']['hex']

differ from yours on both pages, since these pages use different derivation algorithms than moneywagon does. Moneywagon uses BIP38 a discouraged algorithm. I assume that is the reason for both sites not to offer it.

@Sevenearths I am not an expert on that. But it's the official result of that proposal as you can see at the provided link. I'd suggest asking developer(s) of moneywagon - I assume they've considered the pros and cons — jan.vogt, Jan 28 '19 at 19:02
@Sevenearths is there anything regarding the initial question I could help you with? If not, would you consider marking the answer as the accepted one? — jan.vogt, Jan 28 '19 at 19:06

Going from BIP39 (mnemonic) to BIP32 (public/private keys)

1 Answers1