Author: vjudeu 2021-03-20 20:25:03
Published on: 2021-03-20T20:25:03+00:00
The discussion revolves around the safety and suitability of a simple HD wallet design that uses pure ECDSA and SHA-256. The design involves generating a master public key and child public keys using SHA-256 and a nonce. The concern raised is whether this design is safe to implement in practice, given that SHA-256 suffers from certain attacks, such as length extension attacks. Erik Aronesty suggests using SHA3-256 instead, as it does not suffer from padding-related vulnerabilities. The main question posed by Arik Sosman is whether using sha256-hmac(nonce, publicKeyPoint) would be a safer alternative to SHA-256. However, Erik Aronesty maintains that SHA3-256 is still the better option. It should be noted that even if someone obtains a child public key, they cannot reverse-engineer it to obtain the parent public key as the output of SHA-256 is unknown. The scheme allows for potentially unlimited custom derivation paths by using a 256-bit nonce and all keys generated start with a 02 prefix.
Updated on: 2023-06-14T19:43:37.135721+00:00