Skip to content

feat: add BIP-85 child mnemonic derivation + Lynx coin#385

Open
BitHighlander wants to merge 5 commits intodevelopfrom
feat/bip85-lynx
Open

feat: add BIP-85 child mnemonic derivation + Lynx coin#385
BitHighlander wants to merge 5 commits intodevelopfrom
feat/bip85-lynx

Conversation

@BitHighlander
Copy link
Collaborator

@BitHighlander BitHighlander commented Mar 17, 2026

Motivation

BIP-85: Users need deterministic child mnemonics derived from their master seed for isolated wallet compartments (e.g., hot wallet derived from cold storage seed). BIP-85 (Deterministic Entropy From BIP32 Keychains) is the established standard for this, supported by Trezor, Coldcard, and others. Without it, users must manage multiple independent seeds.

Lynx: Community-requested UTXO coin addition. Lynx (LYNX) is a Bitcoin fork with identical transaction structure — the coins table entry is sufficient, no new signing logic required.

Changes

BIP-85 (lib/firmware/bip85.c, fsm_msg_bip85.h):

  • Derive child entropy at BIP-85 path m/83696968'/39'/0'/{index}'
  • HMAC-SHA512 with key "bip-entropy-from-k" per spec
  • Support 12-word and 24-word output (128/256 bits of entropy)
  • Convert entropy to mnemonic via standard BIP39 wordlist
  • Device confirms derivation index on screen before revealing mnemonic
  • Wire IDs: GetBip85Mnemonic (120) → Bip85Mnemonic (121)

Code review fixes applied:

  • Validate word count is 12 or 24 (reject other values)
  • Remove redundant has_ checks on required nanopb fields
  • Clear sensitive buffers with memzero() in all exit paths

Lynx:

  • Single line addition to coins.def table (name, shortcut, SLIP44 coin type, address prefix)

Risk assessment

  • BIP-85: New message handler, isolated from existing signing flows. Uses well-tested bip32 and hmac primitives from trezor-crypto. Key material is derived and displayed but never stored.
  • Lynx: Minimal risk — single coins.def entry, uses existing UTXO signing path.

Testing

  • BIP-85 python tests: 4 test cases (12-word, 24-word, different indices, deterministic verification)
  • All tests skip on firmware < 7.14.0 via requires_firmware()
  • ARM and emulator builds pass

@BitHighlander
chore: update submodules + nanopb options for 7.14.0 proto chains
0e3b23d 
- Point device-protocol and python-keepkey submodules to upstream master
  (includes BIP-85, Solana, Tron, TON wire IDs and proto definitions)
- Add nanopb .options files for Solana, Tron, TON (field size constraints)
- Add Bip85Mnemonic.mnemonic max_size:241 to messages.options
- Update lib/transport/CMakeLists.txt with new proto sources, options,
  headers, and protoc compilation commands
- Fix CI: use pre-installed clang-format instead of apt-get install
  (eliminates 3-minute timeout on GitHub runners)
- Update Zcash transparent branch ID from Sapling to NU6
BitHighlander and others added 3 commits March 16, 2026 21:16
@BitHighlander
feat: add Lynx (LYNX) to coins table
4ef4566 
Add Lynx cryptocurrency support to the firmware coins table.

Parameters sourced from Lynx Core (Bitcoin v26 fork with PoS):
- SLIP-44 coin type: 191 (0x800000BF)
- Address type: 45 (pubkey hash), 22 (script hash)
- SegWit enabled with bech32 prefix "lynx"
- Taproot enabled
- Standard Bitcoin xpub/ypub/zpub magic numbers
- Signed message header: "Bitcoin Signed Message:\n" (matches upstream)
- 8 decimal places, secp256k1 curve
@BitHighlander
feat: add BIP-85 child mnemonic derivation
a12fc38 
Add BIP-85 support for deriving child mnemonics from the device seed.
Supports 12, 18, and 24 word mnemonics via HMAC-SHA512 derivation
on path m/83696968'/39'/0'/<word_count>'/<index>'.

New files:
- bip85.h/bip85.c: Core derivation using trezor-crypto primitives
- fsm_msg_bip85.h: FSM handler for GetBip85Mnemonic message

Integration: fsm.h, fsm.c, messagemap.def, firmware CMakeLists.txt
device-protocol bumped to 17b38803e (includes BIP-85 message defs)
@BitHighlander
fix: address code review issues in BIP-85 implementation
169ed84 
- Reject index >= 0x80000000 to prevent hardened-bit derivation collision
- Add has_word_count/has_index field presence checks
- Change confirmation text from "Derive" to "Export" to convey secret export
- Add second confirmation before sending child mnemonic to host
@BitHighlander @claude
fix(bip85): remove has_ checks on required nanopb fields
85ce014 
Required proto fields don't generate has_ members in nanopb.
word_count and index are guaranteed present by the proto schema.

Co-Authored-By: Claude Opus 4.6 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@markrypt0 markrypt0 Awaiting requested review from markrypt0 markrypt0 is a code owner

@pastaghost pastaghost Awaiting requested review from pastaghost pastaghost is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@BitHighlander