Enhance wallet backup and recovery with a mnemonic hsm_secret and standard taproot wallet derivations#8400
Merged
rustyrussell merged 35 commits intoElementsProject:masterfrom Oct 26, 2025
Merged
Conversation
rustyrussell
requested changes
Jul 8, 2025
sangbida
force-pushed
the
bip39-hsm
branch
2 times, most recently
from
5de3e77 to
1ae8dc0
Compare
sangbida
force-pushed
the
bip39-hsm
branch
3 times, most recently
from
e8c0864 to
3e25fd9
Compare
Comment on lines
+194
to
+196
| *err = HSM_SECRET_OK; | ||
| return hsms; | ||
| } |
Collaborator
Author
There was a problem hiding this comment.
This gets called extract_hsm_secret and expects the err field to be populated.
Contributor
rustyrussell
left a comment
rustyrussell
left a comment
There was a problem hiding this comment.
Excellent work! Minor tweaks and some reshuffling...
| hsmd_mutual_version = maxversion < our_maxversion ? maxversion : our_maxversion; | ||
| return req_reply(conn, c, hsmd_init(hsm_secret, hsmd_mutual_version, | ||
|
|
||
| /* This was tallocated off NULL, and memleak complains if we don't free it */ |
Contributor
There was a problem hiding this comment.
Yeah, really, it's because not freeing it is wrong! Don't complain about your tools!
sangbida
force-pushed
the
bip39-hsm
branch
18 times, most recently
from
cee3a15 to
c8177fa
Compare
RIP to this commit there's a good chance a lot of this code doesn't even make this into the final PR. Pour one out for the fallen lines of code. This commit is doing the rest of the derivation. There was a significant overlap between the bip32_pubkey derivation and the bip86_pubkey derivation so that has been refactored in one place.
Add the UTXO_P2TR_BIP86 in preparation to add BIP86 wallet functions such as newaddr, listaddr etc. We also add a new index in the database for BIP86 as this is using a completely different derivation path and hsm_secret.
We should now be able to get BIP86 Taproot addresses through lightning-cli! For now we're just adding taproot addresses.
In the case where we receive a taproot utxo we want to be able to tell if it was derived using a BIP32 seed or a BIP86 seed. Considering we will only be supporting BI86 type wallet addresses for mnemonics we can check if the out secret is 64 bytes long and if it is we can use our BIP86 for the withdrawal.
This commit is updating hsmtool and exposesecrets to use the new pattern for storing the secret, which is the secret_data and secret_len, to support both 64 byte and 32 byte seeds.
This commit fixes an issue where BIP86 addresses were not being discovered during wallet recovery/rescan operations. The root cause was that init_txfilter() only populated the transaction filter with BIP32-derived keys, preventing lightningd from recognizing BIP86 UTXOs during blockchain scans. Now both BIP32 and BIP86 derived scripts are included in the filter when BIP86 derivation is enabled. This ensures that wallets restored from BIP39 mnemonics can properly discover and display previously funded BIP86 addresses without requiring manual address generation first. [ We also move the slightly-lost comment about libbacktrace so it is where we actually include <backtrace.h> --RR ]
We're removing --use-bip86-derivation. Since a mnemonic will now be the standard hsm_secret BIP86 base wallet addresses will also be the standard.
This simplifies the UTXO type system by removing the separate BIP86 enum value. P2TR addresses will now use unified derivation logic based on the wallet's HSM secret type rather than having separate enum values."
Add TLV field to hsmd_init_reply_v4 to communicate the HSM secret type (mnemonic vs legacy) from HSM to lightningd. This allows lightningd to automatically determine whether to use BIP86 or BIP32 derivation without needing separate address types.
…IP32 approach Simplify wallet address generation by using a unified approach where the derivation method (BIP86 vs BIP32) is determined by the wallet's HSM secret type rather than having separate address types.
Copy corpora, since it's the same code paths. Thanks Claude! Signed-off-by: Rusty Russell <[email protected]>
Changelog-Removed: Remove hsm_encryption files as they have now been replaced by hsm_secret
This schema change updates newaddr to remove bip86 which was previously added, since don't want to make unnecessary schema changes this is being removed. The generated files for the exposesecret schema change are also being added
Introduces a generic utility function to replace the repeated pattern of sodium_mlock() + tal_add_destructor()
Signed-off-by: Rusty Russell <[email protected]>
…_file_raw! Signed-off-by: Rusty Russell <[email protected]>
Signed-off-by: Rusty Russell <[email protected]>
Instead of having a separate field to derive the bip86 base key, we return it in the hsmd init reply once we know that the hsm_secret is of mnemonic type
rustyrussell
force-pushed
the
bip39-hsm
branch
from
f3fa2d7 to
d1bde4d
Compare
Signed-off-by: Rusty Russell <[email protected]>
Collaborator
|
edit: moving this comment over to the issue thread as that is probably a better place to discuss it: #8804 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR significantly changes how the hsm_secret works in Core Lightning. It's now being changed from 32 bytes to a BIP39 mnemonic with an option for passphrase.
Changes
Closes #8381
Checklist
Before submitting the PR, ensure the following tasks are completed. If an item is not applicable to your PR, please mark it as checked: