Author: vjudeu 2021-03-22 07:51:00
Published on: 2021-03-22T07:51:00+00:00
The security of a hierarchical deterministic (HD) wallet scheme that can be specified in three lines cannot be assumed without specifying the security goals, according to Tim Ruffing. The main issue with using a simple incrementation method for public keys is that all those keys can be linked together easily. However, by making the offset deterministic but less predictable, it should be secure enough. Offset equals SHA256(masterPublicKey || nonce), but it is not clear how the nonce is obtained. In a deterministic scheme, either the master private key is involved in the derivation of nonce, which would make the nonce unpredictable, or it's not, which would make the nonce predictable. It may also be possible to compute a parent private key from a private key. HD wallet schemes like BIP 32 address these concerns; however, there is no practical necessity to invent a new scheme as BIP 32 could be used in any application where this proposal could potentially be used. In an example provided, if you have '0/"bitcointalk.org"/5321992/"coinlatte"' derivation path, your first nonce is 256-bit zero value, your second nonce is SHA-256 of "bitcointalk.org," and so on. Finding attackerPublicKey in this scheme seems impossible, which shows how strong the scheme is.
Updated on: 2023-06-14T19:43:58.696718+00:00