ElectrumSV and seed-based wallet restoration

I have a memory of Craig Wright saying something like seeds were bad and people should just backup their wallet file — or something along those lines. At the time, I thought he was being a little extreme, but as time passes I have come to believe that the expectation that seeds can restore a wallet using only the blockchain and the wallet’s seed words, is a leftover fallacy from Bitcoin Core.

Bitcoin Core fallacies

Bitcoin addresses

Addresses are something only developers should see, not users. No-one should ever have to type one in, nor should anyone have to visually compare them. And anyone who gets one that came from your wallet, who sends funds to it, shouldn’t expect you to receive them. In fact, this should be synonymous with flushing money down the toilet.

Bitcoin Core could only think in addresses, so they locked down the protocol so that every transaction could be represented by an address. Standard payments were simple P2PKH-based transactions which can be built around one kind of address. And multi-signature payments were P2SH-based transactions which can be built around another kind of address. In theory payments could be made as P2PK (which sends to a public key, not an address) and bare multi-signature which sends to a given set of public keys, but they were pointless and crippled respectively.

Moving forward ElectrumSV will never reuse an address, and will quarantine all unsolicited funds — or pedo coins as I call them.

The network is the source of truth

For a long time, the way Electrum made a payment was:

  1. Send a payment. This created and signed a transaction paying to the specified address, and then broadcast it to the network. The wallet then no longer had the transaction, and had no idea which of it’s coins had been used to pay in it or any other broadcast transactions.
  2. Receive notification that one of it’s addresses had spend or receive activity. The wallet then went away and fetched the transactions it did not have, which generally meant the same ones that had been sent to the network and discarded seconds before!

If you’re making one payment at a time and not quickly enough to spend more coins before your wallet recovers from it’s forgetting the spend it just made, then this works kind of neatly. But it’s a very poor substitute for just keeping the transaction and building on that.

I haven’t used Electrum in a long time, but I hear it now has local transactions where you can sign transactions and track them and account for their spend coins, without broadcasting them into the mempool. ElectrumSV forked from Electrum when they got segwitted hard and deep, which was before those changes, but we’ve finally added our own local transaction support in our development branch.

As for monitoring all addresses you’ve ever possibly used, that’s something all Bitcoin SV wallets are, or should be moving away from.

Seed-based restoration

The problem is, that unless your wallet is almost useless like Bitcoin Core wallets were, this can never work as Bitcoin SV wallets become more useful.

The limitations of seed-based restoration

Wallets are no longer going to be a simple sequence of payments, instead they will have a variety of different usages within them. These include metanet usage — your own and by/with others, integration of unrelated keys that are not derived from your wallet master key, local transactions that have not been published.. and so on. There is no way to guarantee a wallet’s contents can be correctly or safely restored through just the seed words.

One way that has been bounced around for the past couple of years to make seed-based restoration work, is to publish the changes to the wallet state in some way to the blockchain. Then when the wallet is restored it first looks for all the published changes and restores from that. But this is a complicated additional system, and it is questionable if it is a good idea. While in the longer term ElectrumSV is open to supporting this, it has become somewhat less appealing for certain reasons.

Even if wallets continually published their changes on-chain, they couldn’t publish everything. An on-chain backup, even encrypted, may for instance be illegal. An example of this is personally identifiable information (PII), it is very useful to have this linked to your wallet in order to provide both functionality and an intuitive interface. If your on-chain backup has to discard this, among other things, then the seed based restoration can never be used for reliable backups. It is not possible to guarantee that an on-chain backup can contain all the wallet’s contents.

Future ElectrumSV usage

Creating a new wallet

As far as I know ElectrumSV seed words do not work in other wallets, and never have. Other wallets use the broken BIP44 model, and Electrum realising that this had a lot of problems decided to do it’s own superior seed word approach. So all ElectrumSV seed words have ever been good for is restoring your wallet, and they won’t be good for that much longer.

Restoring an older wallet

Not only will it not restore things mentioned above like local transactions that were never broadcast, who sent a payment, or who a payment was sent to and so on, but it will also mix in potential pedo coins. Moving forward you will get all your payments peer to peer, and you will know what contact paid you because their identity (whether Paymail or on-chain) has signed for it. So if someone sends to one of your old addresses, you will never see it, and even if you scan the wallet and it is found it will be quarantined.

You should never accept funds you did not solicit and do not know the source of. One aspect of taking unsolicited funds that arrive in one of your addresses, is that they might have been sent to try and identify your other transactions. But what if the unsolicited coins have been used in darknet payments, perhaps by pedophiles, and have been blacklisted or marked in some way. The people involved get some of your addresses and a portion of the coins that are tainted, blasting them out to your addresses among others. Should you send them back? No. Just use a wallet that never sees them and don’t scan your addresses like a chump. If wallets blindly incorporate these coins with the rest of their funds, their user is participating in money laundering and washing any portion the criminals keep for themselves.

Let me reiterate. Using the existing seed-based wallet restoration, if you do not remember all your transactions, pedo coins are indistinguishable from any other payment and become part of your wallet.

Wallet backups

We should be able to provide an integrated backup system that makes the process as easy as setting it up when the wallet is created, and then it just runs in the background.

Summing up

Seed based restoration is broken. It was always broken, and the only way it can ever be fixed is if it does not work the way it currently does. ElectrumSV may in the longer term implement the new seed based restoration that does not scan keys or addresses, but it involves a lot of work and it may not even be possible.

If at this point you are still asking why you can’t keep it working the way it is forever, good luck with your pedo coins and the broken wallet experience you will get, I guess..

Next, you can read about the cost of seed-based wallet recovery.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store