Du kannst diesen Artikel auch auf Deutsch lesen.
We recently shared our plans to integrate a non-custodial Lightning wallet directly into the BitBoxApp, enabling fast and cheap bitcoin payments. The private keys for this Lightning wallet will be created and stored in the BitBoxApp, making it a hot wallet intended for smaller amounts of bitcoin. This is a happy medium, since it would be inconvenient and in some situations even dangerous to connect and unlock your BitBox02 every time you want to receive or send a payment on the Lightning network.
However, we still use the BitBox02 and your already existing backup when creating the Lightning wallet on the host device, making the recovery of your Lightning wallet as seamless and easy as possible. We call this a “unified backup”, since you won’t have to worry at all about managing additional backups – your BitBox02 will always remember the path to recover the keys for your Lightning funds. Let’s explore how this process actually works and, most importantly, why it doesn’t affect the private keys used for cold storage of your bitcoin.
Derivation paths
Modern bitcoin wallets are able to create an arbitrary amount of key pairs, even though your backup only consists of mere 12 or 24 recovery words. This is enabled by using cryptographic hash functions such as SHA-2, which also happens to secure the Bitcoin network right now in a process we all know as mining.
These mathematical functions have a unique and very important property: They only work one-way! While it is easy to verify a given input results in a certain hash value, it is impossible to do the same in reverse – the best you can do is take a guess.
Below, you can see the resulting SHA-256 hash value of the word “BitBox”. You can easily verify this result with e.g. this online tool. However, you won’t be able to calculate or even guess the original input value used for the second hash value:
Now, to derive several private keys from just one single seed, we can use hash functions many times in a row, slightly altering the input each time, resulting in completely different values. This is great, because if we know the initial seed value, we can always recreate or “derive” all private keys from scratch, as long as we know the correct derivation path – which is just a fancy word for a guidepost on “how to get to the keys”. Almost all bitcoin wallets today, including the BitBox02, work like this and usually implement the same standardized derivation paths, allowing users to recover their wallet, independent of the hardware and software in use. We refer to these keys derived from the initial seed as child keys.
The graphic below shows the (simplified) derivation of two child key pairs and their respective Bitcoin addresses from the recovery words. For the expert-readers: This would be the default native segwit path starting at m/84’/0’/0’/0/0.
The path to Lightning
In order to provide the BitBoxApp with entropy, i.e. a random number it can use to create the Lightning wallet, the BitBox02 first derives a child key on a special derivation path, exclusively reserved for this purpose. Because it is derived from your recovery words, the BitBox02 can always recreate this key – that is, if it has access to your backup, of course. Now, this value is hashed and sent to the BitBoxApp.
This general approach is an already established standard outlined in BIP-85 and referred to as creating “deterministic entropy”. To avoid conflicts with other wallet implementations and to make sure the random number created is only used for the purpose of a Lightning hot wallet, the BitBox02 will use an application specific version of this BIP-85 derivation path.
Remember the “one-way” property of hash functions? Because the random number the BitBox02 derived is the result of thousands of iterations of such a hash function, it is not possible to calculate the initial input, i.e. your recovery words, even if this random number is known.
This is why it is safe for the BitBox02 to provide entropy to the BitBoxApp. Essentially, any random number can be converted into recovery words and used to create a new wallet – which is exactly what the BitBoxApp will do with the entropy it received, as shown in the overview below. From this point on, the Lightning wallet can be easily restored on other devices with the help of your BitBox02 and your backup. Of course, to create the Lightning wallet in the first place, users will have to confirm this action directly on the BitBox02.
Conclusion
As we enter the closed alpha testing phase of Lightning in the BitBoxApp, we are getting closer to our goal of creating a non-custodial Lightning experience that integrates seamlessly with the BitBox02. Unified backups, which we explained in more detail in this post, are just one exciting aspect of this journey, and we are eager to share more bits and pieces in the near future. Make sure to subscribe to our newsletter or follow us online and stay tuned!
Don’t own a BitBox yet?
Keeping your crypto secure doesn't have to be hard. The BitBox02 hardware wallet stores the private keys for your cryptocurrencies offline. So you can manage your coins safely.
The BitBox02 also comes in Bitcoin-only version, featuring a radically focused firmware: less code means less attack surface, which further improves your security when only storing Bitcoin.
Shift Crypto is a privately-held company based in Zurich, Switzerland. Our team of Bitcoin contributors, crypto experts, and security engineers builds products that enable customers to enjoy a stress-free journey from novice to mastery level of cryptocurrency management. The BitBox02, our second generation hardware wallet, lets users store, protect, and transact Bitcoin and other cryptocurrencies with ease - along with its software companion, the BitBoxApp.