Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 917B4C0001 for ; Fri, 19 Mar 2021 19:52:04 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 8C9674AF73 for ; Fri, 19 Mar 2021 19:52:04 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: 0.603 X-Spam-Level: X-Spam-Status: No, score=0.603 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp4.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=gazeta.pl Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1UPAr8-5gIBy for ; Fri, 19 Mar 2021 19:52:03 +0000 (UTC) X-Greylist: delayed 00:05:18 by SQLgrey-1.8.0 Received: from smtpo63.poczta.onet.pl (smtpo63.poczta.onet.pl [141.105.16.13]) by smtp4.osuosl.org (Postfix) with ESMTPS id 020C84AEF5 for ; Fri, 19 Mar 2021 19:52:02 +0000 (UTC) Received: from pmq7v.m5r2.onet (pmq7v.m5r2.onet [10.174.35.192]) by smtp.poczta.onet.pl (Onet) with ESMTP id 4F2Dsy0P02zljZVN for ; Fri, 19 Mar 2021 20:46:30 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gazeta.pl; s=2013; t=1616183190; bh=6RiUpVVFaxchvV7f+SeO+vLQMfL41qPQKpU0AJCDEQY=; h=From:To:Date:Subject:From; b=jXrczFjXf4gl+8gufRopUUFhyIfffuib/R76crLwXKalz2LbuprHcL1GLyrXSGe00 UVkoWxmEsJRKzHULUmwfWN3J7xX8LBm/nXPsNuk81AucaKWNcYFwz0O1X3qRlkMxkB dt5zHMDjiWcsImm/joGquF41hIp7wApWQRs43w5c= Content-Type: multipart/alternative; boundary="===============2760371583508157338==" MIME-Version: 1.0 Received: from [5.173.253.132] by pmq7v.m5r2.onet via HTTP id 202103192045438790010001; Fri, 19 Mar 2021 20:46:30 +0100 From: vjudeu X-Priority: 3 To: "bitcoin-dev@lists.linuxfoundation.org" Date: Fri, 19 Mar 2021 20:46:26 +0100 Message-Id: <125859088-3f93e6aca40d5c3244243540270cdb84@pmq7v.m5r2.onet> X-Mailer: onet.poczta X-Onet-PMQ: ;5.173.253.132;PL;1 X-Mailman-Approved-At: Fri, 19 Mar 2021 23:28:19 +0000 Subject: [bitcoin-dev] An alternative to BIP 32? X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Mar 2021 19:52:04 -0000 This is a multi-part message in MIME format. --===============2760371583508157338== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable I recently found some interesting and simple HD wallet design here: https:/= /bitcointalk.org/index.php?topic=3D5321992.0 Could anyone see any flaws in such design or is it safe enough to implement= it and use in practice? If I understand it correctly, it is just pure ECDSA and SHA-256, nothing el= se: masterPublicKey =3D masterPrivateKey * G masterChildPublicKey =3D masterPublicKey + ( SHA-256( masterPublicKey || no= nce ) mod n ) * G masterChildPrivateKey =3D masterPrivateKey + ( SHA-256( masterPublicKey || = nonce ) mod n ) Also, it has some nice properties, like all keys starting with 02 prefix an= d allows potentially unlimited custom derivation path by using 256-bit nonc= e. --===============2760371583508157338== Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable
I recently found some interesting and simple HD wallet design here: ht= tps://bitcointalk.org/index.php?topic=3D5321992.0
Could anyone see any f= laws in such design or is it safe enough to implement it and use in practic= e?
If I understand it correctly, it is just pure ECDSA and SHA-256, noth= ing else:

masterPublicKey =3D masterPrivateKey * G
masterChildPub= licKey =3D masterPublicKey + ( SHA-256( masterPublicKey || nonce ) mod n ) = * G
masterChildPrivateKey =3D masterPrivateKey + ( SHA-256( masterPublic= Key || nonce ) mod n )

Also, it has some nice properties, like all k= eys starting with 02 prefix and allows potentially unlimited custom derivat= ion path by using 256-bit nonce.
--===============2760371583508157338==--