Author: Watson Ladd 2012-12-05 03:36:29
Published on: 2012-12-05T03:36:29+00:00
In an email conversation between Gregory Maxwell and Mike Koss, Koss proposed a new alternative to the BIP 32 proposal. His proposal was based on a hierarchical string representation, rather than hierarchy of integers as proposed in BIP 32. Koss named keys using this representation style. However, Maxwell pointed out that it was not possible to blindly iterate through strings, which implies that Koss' proposal loses the backup recoverability property that is part of the point of a deterministic wallet. If there is a backup before a new string name is established, there must also be a reliable backup of the string itself. Maxwell also noted that both BIP 32 and Koss' proposal have a missing feature: being able to spend a coin sent to an address generated by this scheme implies being able to spend any coin generated by this scheme. He suggested that the easiest deterministic wallet construction is simply to use a stream cipher to generate random bytes used as the private keys in a wallet.Additionally, Maxwell mentioned that Koss' extended hierarchy of multipliers made him uncomfortable. On the other hand, the multipliers at each level in BIP 32 are unstructured, but the ones in the next level are products of the ones before. This creates a multiplication tree with random-looking branches. Although the cofactor could be annoying, the order of the basepoint is prime or a small cofactor times a prime, so this usually isn't an issue. The email ended with a quote from Benjamin Franklin.
Updated on: 2023-06-06T09:40:38.510500+00:00