Fix: Add warnings to SLIP39 methods and enhance test coverage #92
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Add xprvs as per shamir spec
* recover_mnemonic: future deletion as it's misleading * generate_shares: note on the implications of this method
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR addresses the cryptographically incorrect and misleading SLIP39 to BIP39 recovery functionality identified in issue #90. The changes add clear warnings about the problematic nature of these methods and clarify their proper usage to prevent user confusion and potential fund loss.
Problem
The current SLIP39 implementation includes methods that can mislead users into thinking they can seamlessly convert between SLIP39 and BIP39 formats while maintaining the same wallet addresses. This is has several problematics:
recover_mnemonic is misleading: this method recovers the original BIP32 seed formatted as a BIP39 mnemonic, but using this mnemonic with standard BIP39 seed derivation (
mnemonic_to_seed) generates a completely different seed, resulting in a new wallet with different addresses.generate_shares usage confusion: while technically correct for creating new wallets, the method's documentation didn't clearly explain that it's not suitable for converting existing BIP39-backed wallets to SLIP39 while preserving addresses.
Solution
This PR implements the following changes:
recover_mnemonicthat the function will be removed in a future version. Clarifies that the returned BIP39 mnemonic will generate different addresses than the original wallet.generate_shares. This function is designed for creating NEW wallets from scratch. Explained that it does NOT convert existing BIP39-backed wallets while preserving addresses. Additional refactor is done in feat: add slip39 extendable flag #91.References
Future Work
recover_mnemonicmethod in a future major versionThis PR prioritizes user safety by making the cryptographic limitations explicit, preventing accidental fund loss while maintaining backward compatibility.