Add ability to restore the zcashd wallet from the emergency recovery phrase (mnemonic seed).

[nuttycom]

We need to be able to recover:

• keys derived from the legacy Sapling HD seed;
• keys derived from the mnemonic seed under the legacy account ID:
  • keys produced by z_getnewaddress post-zcashd v4.7.0;
  • transparent keys produced by getnewaddress post-zcashd v4.7.0;
• keys derived from the mnemonic seed according to ZIP 316.

For recovery of transparent and legacy-Sapling keys, we need to implement the gap limit logic from BIP 44. Once we have fully recovered the wallet from Sapling activation to the tip, we will only continue to scan with keys at indices for which funds were found, plus indices some small constant beyond the last index for which funds were found.

For keys derived according to ZIP 316, the user should explicitly specify the account ids they want to recover keys for. Alternatively, we could increment the index by one whenever we find funds, essentially using a gap limit of 1.

[autotunafish]

I think this should definitely be a priority. I've read other posts here about adding orchard key import/export abilities which also sounds like a great idea assuming it's practical and the new mnemonic seed and account (of a height) recovery method is the designed implementation but there should be at least one.

[daira]

We have a draft PR for this (https://github.com/zcash/zcash/pull/6102); I think I can finish it and get it into 5.6.0.

[zine999]

Hi I don't quite understand. If z_getnewaddress is deprecated, and there is no way to restore/recover a unified address, and zcash-cli says that we must use unified addresses, how does this make sense as a safe policy? Maybe I'm misunderstanding?

[daira]

It's not a safe policy. We're aware that this is missing functionality that could lead to loss or inaccessibility of funds. I apologize for the delay in implementing it.