BIP39/SEP-0005 Key Derivation Implementation Needs Verification and Test Vectors

[Nanle-code]

Overview

src/utils/mnemonic.rs is called from wallet.rs for --mnemonic wallet creation. The SEP-0005 derivation path m/44'/148'/index' must use HMAC-SHA512 on the BIP39 seed for hierarchical key derivation. Stellar's SEP-0005 uses a specific derivation that differs from Bitcoin's BIP32 in that it uses ed25519 keys with hardened-only paths. Without validation against official test vectors, silently wrong key derivation could cause users to generate keys they cannot recover.

Resolution

Implement SEP-0005 compliant derivation in mnemonic.rs: generate BIP39 seed from mnemonic + passphrase using bip39::Mnemonic::to_seed(passphrase). Then for each path component in m/44'/148'/account_index': derive the master key using HMAC-SHA512(key="ed25519 seed", data=seed_bytes) — the left 32 bytes are the private key, right 32 bytes the chain code. For child keys, compute HMAC-SHA512(key=chain_code, data=0x00 || private_key || ser32(index | 0x80000000)). Validate the output against known test vectors from the SEP-0005 spec. Add a starforge wallet derive --mnemonic --account-index 0..9 command that shows all 10 derived addresses, allowing users to identify which index their existing wallet used. Write unit tests with the official SEP-0005 test vectors.

[madisonsc52-del]

Hi! I’m a full-stack dev and UI/UX designer. I'd love to take this on to help improve the project. Could you please assign this issue to me? I'll get started right away.

[MicD746]

Hello Maintainer, please can I work on this issue and give you a better result

[nonso7]

Can i work on this issue

I am a blockchain developer with experience building decentralized applications, secure smart contracts, and user-focused Web3 products. My background spans smart contract development, protocol integration, security research, and frontend development using modern Web3 technologies. I have contributed to open-source ecosystems, built production-ready dApps, and worked on solutions involving payments, digital assets, and on-chain infrastructure. I am excited about Stellar's mission of enabling fast, low-cost, and accessible financial services, and I look forward to contributing solutions that expand financial inclusion and utility across emerging markets.

[nonso7]

Can i work on this issue

I am a blockchain developer with experience building decentralized applications, secure smart contracts, and user-focused Web3 products. My background spans smart contract development, protocol integration, security research, and frontend development using modern Web3 technologies. I have contributed to open-source ecosystems, built production-ready dApps, and worked on solutions involving payments, digital assets, and on-chain infrastructure. I am excited about Stellar's mission of enabling fast, low-cost, and accessible financial services, and I look forward to contributing solutions that expand financial inclusion and utility across emerging markets.

[grantfox-oss]

🦊 GrantFox — @nonso7 has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #7)
2. Your PR will be reviewed by the StarsForges maintainers

Good luck! Track your progress on GrantFox.