v2.2.0 of Tezos Ledger Apps: Babylon Support and More

September 18, 2019

v2.2.0 of the Tezos Ledger applications is now available on Ledger Live! Tezos Wallet is available for the Nano S and Nano X, while Tezos Baking is currently only available for the Nano S.

In addition to Babylon support, this release introduces an improved bip32-ed25519 derivation scheme. We’ve also taken this opportunity to mention changes in how tezos-client represents hardened paths. We recommend all users upgrade at their earliest convenience.

Babylon Support

The Babylon amendment introduces changes to the binary format in common operations including transactions, delegations, originations, and reveals. v2.2.0 is the first release which can parse operations from both the Athens and the Babylon protocol. Prior versions will still be able to sign operations on Babylon, but they will not be able to parse them and show them on the Ledger device’s screen.

New bip32-ed25519 Derivation Scheme

Tezos now supports a new bip32-ed25519 derivation scheme! This feature was made possible by Ledger’s most recent firmware update (v1.5.5), support within the Tezos repository (!1164), and this update to our Tezos applications. We recommended all wallet providers, exchanges, and other services generating many addresses use this new ed25519 derivation scheme over the existing one because it provides better account security than the previous method. Another benefit is that it supports non-hardened paths, whereas the old ed25519 scheme is the only one which does not support them.

This feature is only visible if you are using a ledger application and version of tezos-client which supports it, otherwise tezos-client will not show it as an option. When available on the device, running list connected ledgers suggests 4 import secret key commands:

**tezos-client import secret key ledger_user “ledger://major-squirrel-thick-hedgehog/bip25519/0h/0h”**

tezos-client import secret key ledger_user “ledger://major-squirrel-thick-hedgehog/ed25519/0h/0h”

tezos-client import secret key ledger_user “ledger://major-squirrel-thick-hedgehog/secp256k1/0h/0h”

tezos-client import secret key ledger_user “ledger://major-squirrel-thick-hedgehog/P-256/0h/0h”

The first import command listed uses the new derivation scheme, bip25519. We’ve purposefully not changed the existing ed25519 scheme to preserve backwards compatibility. If you change nothing in your Tezos setup, expect no changes. However, we recommend that all new accounts use the bip25519 command instead of the legacy ed25519. After it is imported, the address can be treated the same as any other.

New Representation of Hardened Paths in tezos-client

Across all Tezos networks (mainnet, alphanet, and zeronet), hardened paths in ledger URIs are now represented with an (h) instead of a tick mark (').

Up until !1165, import secret key commands have been formatted as:

tezos-client import secret key ledger_user “ledger://major-squirrel-thick-hedgehog/ed25519/0**'**/0**'**”

The ' near the end of the URI indicates that the derivation path is hardened. In almost all cases, this formatting of hardened paths works fine. But there can be instances where terminal shells (like bash) interpret the tick marks on the hardened derivation paths as quotation marks, which changes the imported address. In the worst case, this can result in a different address being imported than the one you expect. To avoid this, we’ve switched to to denoting hardened paths with an h:

tezos-client import secret key ledger_user “ledger://major-squirrel-thick-hedgehog/ed25519/0**h**/0**h**”

Similar to the ed25519 derivation scheme, you can continue to use the legacy /0'/0' representation and it will still work, but we recommend upgrading to the new syntax.

Questions? Feedback? Email us at tezos@obsidian.systems, tweet us @obsidian_llc, join our slack group, or post your question on Tezos Stack Exchange! We’d love to hear from you.