Author: Pavol Rusnak 2014-08-08 13:19:38
Published on: 2014-08-08T13:19:38+00:00
The author of this post is proposing a change to the BIP32 protocol regarding invalidation of nodes. Currently, the protocol states that if a resulting key is invalid (due to various reasons, such as I_L being greater than or equal to n), one should proceed with the next value for i. However, the author suggests changing this to instead assign I_L := I_L mod n in all three cases (public CKD, private CKD, and master key generation). The rationale behind this change is that it is often difficult at the application level to implement skipping logic when marking a key as invalid. Instead, performing a modulo operation is more straightforward and may lead to more implementations actually checking for invalid keys. The author notes that there are still cases where a key may be invalid (such as when I_L = 0 or ki = 0 or ki = inf), but these have a low probability of occurring. The author asks if anyone has any concerns regarding the security implications of this proposed change.
Updated on: 2023-06-09T02:07:06.820626+00:00