Still three?

three?

also, this is 100%, not 80% of 6. 100% vs 20%, not 80% vs 20%.

Prefer to explicitly add (internal ? 1 : 0)

Seems like it would be better to just access the specific counter once with a post-increment, and use variables here.

IMO this is unintuitive and can lead to loss. If users set a keypool size of 100, they expect to be able to safely generate 100 addresses between backups. I usually round down to 90 in advice to give some breathing room, but 80% here will break even that.

Therefore, the full keypool size should be ensured on both chains.

Edit: Forgot this was HD. Less critical in that case.

Yes. This is a discussion point and I'd like to get others feedback (maybe @gmaxwell and @sipa).
The question is, if you want a keypool of 100 external + 50 (TBD) internals = total 150 keys, if you set the keypool to 100.

IMO user given values should be respected. If the user chooses keypool=100, the keypool should contain 100 keys. But as said, no strong opinion on that.

IMO it would be better to use an enum for internal vs external rather than a bool.

IMO it would be better to use an enum for internal vs external rather than a bool.

Why? Either its internal or external. Once we have more configurable HD key derivation (ext-pubkey-derivation, hd-multisig) we could switch to a enum or a more flexible design.

To avoid implicit casting when/if the type changes for this parameter. Also makes it clearer at the call-locations what the parameter is specifying.

It's called externalChainChildKey but it could be either.

update comment

/HD/HD split/?

I find it a bit confusing that this value goes from 0(non-existant) to -keypool then to -keypool*.2. Perhaps have it start at 0 on previous commit, then set it to non-0 here (unless there is reasoning).

I find it a bit confusing that this value goes from 0(non-existant) to -keypool then to -keypool*.2. Perhaps have it start at 0 on previous commit, then set it to non-0 here (unless there is reasoning).

Fixed. I decided to squash the two commit into a single one because the current PR is a non-splittable change.

Can we just set the target for both internal and external to nTargetSize? It seems super non-user-friendly that the setting which used to mean "can create this many keys/transactions" now means "can create this many keys, or 1/5th as many transactions". I dont think we care all that much about the performance hit, do we?

Some weeks back we discusses that and we came up with something that we should create less internal keys. But I'm fine with 100%/100%. Any objections?

I'd be fine with reducing the internal keypool significantly once we have rescan logic that can regenerate keys, but until then I think we absolutely need to have it be 100%.

Seems like a separate optimization?

Right. This is no longer required because we always derive at minimum 2 internal keys. And ReserveKeyFromKeyPool will topup the keypool.
Will remove that part.

Might make sense to explicitly count both types and use those counts if we foresee a future with more possible types rather than implicitly count total - external. You'd know better than me how likely that is.

I think it make sense to keep this as it is: keypoolsize should be alined with the -keypool conf. That's why keypoolsize in getwalletinfo responses only the external key-count in the keypool (-keypool conf arg also defines the external key count).

Sorry, I agree with what you're saying I just wasn't clear enough. I suppose it's along the lines of @luke-jr 's comment about enum, keeping flexible for the future. Not a blocker, just a suggestion. That can be deferred.

Right. This is generally a good idea. IMO the next possible HD extensions (far away) are maybe xpub watch-only-wallets, flexible keypath, hd-multisig.
I can't imagine any change the would require a third (or more then two) type(s) during key derivation as well as in the keypool.

"keypoolsizes": {"internal": N, "external": N} sounds like a good idea here.

I though about that, but this would break the API while the current PRs change does not.

also, this is 100%, not 80% of 6. 100% vs 20%, not 80% vs 20%.

This should set nInternalChainCounter for old versions - maybe use std::numeric_limits<uint32_t>::max() (and make it private, with all accessors throwing if it's not a sufficient version)?

Also, braces, please.

Where do you see the need to set the nInternalChainCounter for old versions here? Old Versions will always have the nInternalChainCounter set the 0 over SetNull() during the constructor call.

A new chain (which then will enable VERSION_HD_CHAIN_SPLIT) can only be created when a new HD master key will be set which again will enable FEATURE_HD_SPLIT.

It should be setup to prevent accidental usage. If any code were to attempt to use it without a wallet that supports it, we want to throw an error/exception, not silently generate keys we may not be able to recover.

To avoid implicit casting when/if the type changes for this parameter. Also makes it clearer at the call-locations what the parameter is specifying.

Is there a reason to do this check here, rather than inside DeriveNewChildKey?

A design question, but IMO DeriveNewChildKey should execute the derivation and not care about wallet versions and supported features.

Maybe move it to private: then?

Yea, really should be private, I think.

Seems like this could be significantly simplified with:

uint32_t &nChainCounter = (internal ? hdChain.nInternalChainCounter : hdChain.nExternalChainCounter);

Since almost everything here is different depending on internal/external, I think it'd be clearer to just make it if (internal) and separate the behaviors

I think this won't work if the user specifies a HD-but-not-split wallet version for -walletupgrade?

I think we should no longer allow non split HD versions.

This also forcibly upgrades the user's wallet (if from pre-split HD version) if they encrypt their wallet, which I think is unaccptable.

Note that if you change this need to set the newHdChain's version to the appropriate value prior to SetHDChain.

We could... one question is: if the users encrypt his 0.13 wallet (HD enabled but no chain split) in 0.14. Do we want to keep the non-hd split or do we want to enforce an upgrade to HD_Split. The later seems preferable from the users perspective (Is there a reason to not split the HD chains if we can?).

I believe it is policy to not upgrade a user's wallet unless they have specifically requested we do so, so, no, I dont think we should use HD_Split at that point.

Do we want internal to have a default? Should it be false? IIRC currently new keys default to change unless added to the address book, so this default seems to contradict the status quo.

I have set the default to false to keep the exiting behaviour.

My point is that the existing behaviour is closer to true than false.

Missing logic to initialise this version.

VERSION_HD_BASE is only there to identify versions that do not support HD SPLIT (first HD version introduced in 0.13).

keypoolsize should probably be the lower of the two and deprecated. There is no reason to assume prior use didn't look at it for info on change keys.

"keypoolsizes": {"internal": N, "external": N} sounds like a good idea here.

Shouldn't this use CanSupportFeature(FEATURE_HD_SPLIT)?

I think always reporting keypoolsize_hd_internal (with 0 in non HD-SPLIT case) can make parsing simpler.

Then always report it? Right now it's conditional on something more or less irrelevant.

But I'm not sure it makes sense to ever report 0 when there are indeed keys that will be used for internal outputs...

I think the 10% number is wrong? current code is 20, I believe? (and I think it should be changed to 100).

I think we really need to update this - keypoololdest is used to know when your backup has been invalidated. I know technically now that we have HD wallets arent invalidated, but until we have rebuilding-from-chain implemented I think we really need to make sure keypoololdest is still useable as "if your backup is older than this date, backup again".

This means keypoololdest needs to be max(oldest internal keypool, oldest external keypool) isntead.

Agree. But probably in a separate PR.

Not doing this would break some uses of walletbackup, I think, so I wouldnt be too happy with this slipping into a different release.

Maybe add a TODO comment (though this does seem to me like a desirable change to include in this PR).

Maybe add a TODO comment (though this does seem to me like a desirable change to include in this PR).

This is fixed in the current version.