Tom Honzik
How does the bitcoin source code define its 21 million cap?
Many of bitcoin’s staunchest critics have expressed doubt about its 21 million cap, but perhaps the most mindless criticism relates…
,For independent control over your bitcoin, you must hold the keys to those funds, eliminating your reliance on other people’s keys. But that’s not all—it’s also important to ensure you aren’t dependent upon your wallet application.
Your wallet application is the place where you see your bitcoin balance, and can initiate transactions. It exists as a program on your computer or phone. If the application shuts down or experiences an issue, you may need to use an alternative application to regain control of your wallet. This will involve importing your wallet configuration (in some contexts called a wallet descriptor) into that alternative. Without knowledge or possession of the wallet configuration information, your current wallet application could potentially be a single point of failure.
Wallet configurations are therefore crucial to the topic of wallet recovery, especially in the context of multisig wallets. Learning about them unlocks the confidence that you have everything you need to retain access to your bitcoin, even in unusual circumstances related to your wallet application. When you build a multisig vault within Unchained’s wallet application, you always have the ability to easily save your wallet configuration, so that you are never forced to rely on our platform, website, or business.
In this article, we’ll take a deeper dive into the information contained within a wallet configuration, so that you can better understand its importance!
Seed phrases are merely the foundation
If you’ve researched or engaged in bitcoin custody, you should be familiar with a seed phrase. As a brief review, a seed phrase is a set of words used to create and recreate a master private key. This master private key can then be used to control numerous bitcoin addresses and wallets.
You may believe that as long as you have your seed phrase (plus any optional passphrases), then you have the complete information you will need to retain access to your bitcoin. However, this belief is predicated on certain assumptions that may or may not be true. To ensure a wallet can be rebuilt without difficulties, you may need to keep track of additional information, such as the derivation paths and script type used. Multisig wallets also require additional context about the quorum size and all of the keys involved.
A wallet configuration is a compilation of all of the information that is required or useful for wallet recovery beyond the relevant seed phrase(s). You can think of the seed phrase(s) as the foundation for rebuilding the wallet, while the wallet configuration is the architectural blueprint for what will be constructed upon the foundation. The components of this blueprint, and their importance, will vary slightly depending on whether it’s a singlesig wallet or multisig wallet.
Singlesig configurations
As discussed in our article about bitcoin wallet anatomy, singlesig wallets are built using one extended public key, or “xpub”, that is produced from one master private key (one seed phrase). That one xpub can then easily produce all of the plain public keys that will be used to build the addresses for the wallet.
A master private key creates one xpub out of many possibilities. That xpub represents the singlesig wallet, and it can produce many different addresses to receive and hold bitcoin on the blockchain.
The structure of a singlesig wallet is fairly basic, and therefore the information comprising the wallet configuration is also relatively simple. There are just a few components.
The master fingerprint
A master key can produce a fingerprint, which is 8 hexadecimal characters (for example: d26a3f72). This fingerprint doesn’t expose any sensitive information that could be used to spend funds, but it can serve as a unique identifier for that specific master key. While not technically required for wallet recovery, if someone is dealing with multiple master private keys, the fingerprint can be a helpful reminder to identify the one that is relevant to the wallet.
The xpub itself
The xpub is needed to calculate the addresses for the wallet, so that the total wallet balance can be discovered and monitored, and new deposits can be made. Including the xpub in the wallet configuration allows for these actions to be taken without the seed phrase or any private keys present. This creates a safer environment if the wallet owner isn’t currently interested in transferring funds out of the wallet—which would require the private keys produced by the seed phrase.
If the seed phrase is indeed present, then rather than possessing the xpub upfront, the xpub could instead be calculated from the seed phrase by using the derivation path.
The derivation path
A seed phrase is capable of producing practically infinite xpubs, each of which can be used for a unique wallet. Therefore, if you’re trying to recover a particular wallet using their seed phrase, you will need to know how to navigate to the specific xpub that is relevant, and its corresponding private keys. The instructions for how to navigate from the seed phrase to a specific key amongst its offspring is called a derivation path. It could look something like m/84’/0’/0’ and you can learn more in our article dedicated to this topic.
If the wallet was originally built according to popular standards, then there are some likely candidates for the derivation path that was used, which could be guessed through trial and error if the wallet configuration isn’t known. Currently, the most common formula is m/x’/0’/y’ where x is dependent on the script type, and y is usually 0, but might have been incremented if the seed phrase was used for more than one wallet of the same script type. However, not all wallets use this formula, as demonstrated by walletsrecovery.org, which is a fantastic resource for someone trying to recover a more obscure wallet.
The derivation path is the most important part of a singlesig wallet configuration. Even if the xpub itself is known, the derivation path is still required to calculate the private keys that can actually sign off on spending bitcoin out of the wallet.
The script type
Properly rebuilding a wallet within a new application also requires knowledge of the wallet’s script type, or the formatting of the wallet’s addresses. A singlesig wallet can be one of four script types: P2PKH, P2SH-P2WPKH, P2WPKH, or P2TR. If the wallet addresses begin with a “1”, then the script type is P2PKH and the derivation path is likely to begin with m/44’/. If the wallet addresses begin with a “3”, then the script type is P2SH-P2WPKH and the derivation path is likely to begin with m/49’/. If the wallet addresses begin with a “bc1q”, then the script type is P2WPKH and the derivation path is likely to begin with m/84’/. And if the wallet addresses begin with a “bc1p”, then the script type is P2TR and the derivation path is likely to begin with m/86’/.
An example of a singlesig wallet configuration, expressed in the BIP388 wallet policy format.
Summary of singlesig recovery
If you have your seed phrase (plus optional passphrase), then it’s possible that you could recover your singlesig bitcoin using a new wallet application without knowing any other information. The new application will likely assume that derivation paths were chosen according to popular standards, and so if the wallet was indeed originally built using those standards, the transition to the new application would be seamless. The derivation path would indicate the script type and be able to reproduce the xpub from the seed phrase. From there, the addresses could be calculated to find the wallet balances, and the private keys could be calculated to sign off on spending the funds.
However, it’s not ideal to rely on the assumption that certain standards were used, especially since standards can change over time. If your original wallet application used a different system than the new one being used for recovery, the incompatibility could create a situation where no bitcoin is immediately discovered, and a balance of zero is shown. To help avoid this stressful and confusing situation, it would be prudent to learn about your wallet configuration and save the information. Then, as long as you have that information and your seed phrase, you can feel confident that you have everything you need to retain access to the funds in the singlesig wallet, even if it involves needing to change the settings within a new application.
Multisig configurations
Upon understanding how singlesig wallets are configured, multisig wallet configurations will begin to make more sense. As we covered in our article about bitcoin wallet anatomy, multisig wallets are built using one xpub from each master private key (each seed phrase) that is involved. For example, in a 2-of-3 multisig wallet there will be three xpubs, and in a 3-of-5 multisig wallet there will be five xpubs. Each address for the wallet is then built with one plain public key from each xpub, and each of those plain public keys are arranged lexicographically, a standard set by BIP67. At Unchained, we’ve suggested that this can be conceptualized using the Braid Model.
In a 2-of-3 multisig wallet, three master private keys each create one xpub. The quorum of three xpubs represent the multisig wallet, and together they can produce many different addresses to receive and hold bitcoin on the blockchain.
The structure of a multisig wallet is more complex than singlesig, and therefore the configuration is also more elaborate. Backing up multisig configurations is considered especially critical, because they could be more challenging to recreate.
Many of the components of a multisig configuration are similar to a singlesig configuration, but some of these components must be duplicated for each key involved.
The master fingerprints
As we covered above, a master fingerprint is a hexadecimal identifier for a particular master key. In a multisig wallet, there are several different master keys involved, and each has its own fingerprint. This is helpful because it means each key can easily be differentiated, ensuring that each derivation path is being applied to the proper master key, and mixups are avoided. It’s also popular within multisig software to enforce that all fingerprints are unique, to prevent using the same master key more than once for the same wallet.
The quorum size
Most multisig wallet operators will be familiar with the quorum of keys being used, such as 2-of-3 or 3-of-5. The quorum fundamentally defines how the wallet funds can be unlocked. Despite being easy to remember, it’s also a necessary part of a multisig configuration. If three xpubs are brought together to form a multisig wallet, there are a few different quorum possibilities: 1-of-3, 2-of-3, or 3-of-3. Depending on which quorum is chosen, it will result in an entirely different wallet with entirely different addresses.
All of the xpubs
One of the most important-yet-misunderstood aspects of a multisig wallet is that all of the xpubs are required to access the funds. Often people make the incorrect assumption that if they are using a 2-of-3 multisig wallet, and they have two of the master private keys (or seed phrases) on hand, then they will have everything they need to access the funds in the wallet. However, they would also need the xpub from the third master private key.
This means they need to either:
- Be using a wallet application that is remembering the wallet configuration (and thus all of the xpubs), or
- Possess the wallet configuration (and thus all of the xpubs) and import it into the chosen wallet application, or
- Find a way to get access to the third xpub or master private key to try to recreate the wallet configuration
All of the derivation paths
As discussed in the singlesig configuration section above, the derivation path that navigates from a master private key to the relevant xpub is critically important. This is also true for each one of the xpubs in a multisig wallet.
The derivation paths used within a multisig wallet could possibly be guessed by assuming standards were followed, but if any of the derivation paths are guessed incorrectly, it can get in the way of withdrawing funds. This means there is an even higher propensity for errors or confusion if someone doesn’t have the multisig wallet configuration. Once again, walletsrecovery.org can be a helpful resource for finding the derivation paths used by various wallet applications.
The script type
A multisig wallet can be one of four script types: P2SH, P2SH-P2WSH, P2WSH, or P2TR. If the wallet addresses begin with a “3”, then the script type could be one of two things. It could be P2SH in which case the derivation path is likely to begin with m/45’/, or it could be P2SH-P2WSH in which case the derivation path is likely to begin with m/48’/ and include an extra path depth with a /1’ as described in BIP48. If the wallet addresses begin with a “bc1q”, then the script type is P2WSH and the derivation path is likely to begin with m/48’ and include an extra path depth with a /2’ as a result of BIP48. And if the wallet addresses begin with a “bc1p”, then the script type is P2TR and the derivation path is likely to begin with m/86’/.
An example of a 2-of-3 multisig wallet configuration, expressed in the BIP388 wallet policy format.
Summary of multisig recovery
Multisig wallet recovery within a new wallet application can be challenging—if not impossible— without the wallet configuration. All of the xpubs are needed, meaning that if they aren’t being recorded within a wallet configuration, and any one master private key is lost or destroyed, a subset of the remaining keys will not be enough to recover the funds. Or, if the wallet configuration is missing and one of the keys is using an obscure derivation path, recovering funds could also be extremely arduous, frustrating, or unsuccessful.
Multisig is a powerful tool for securing bitcoin without single points of failure, which is a requirement for institutional-grade custody. However, if the multisig wallet configuration isn’t backed up in a secondary location, the chosen wallet application may be the only place the configuration is stored. Depending on the details of the setup, this could potentially turn the wallet application into a single point of failure. All multisig users should understand this to ensure their bitcoin is sufficiently protected, or choose to work alongside bitcoin experts in a collaborative custody arrangement.
Get started with collaborative custody
A huge benefit of using collaborative custody multisig is that collaborative partners can help save the wallet configuration information, and provide expert education related to recovery. For example, the wallet application within your Unchained account includes easily accessible wallet configuration information for each vault. We take pride in providing resources on how to back up the information and use it in a recovery scenario. This gives you peace of mind, knowing that even if Unchained’s website experiences downtime, you can always choose your own open-source tools to access your bitcoin independently and permissionlessly.