2

I've read about BIP32 key derivation functions, and also:

Any Elliptic Curve could work in the BIP32 scheme. The only property of a Curve that BIP32 relies on is that a * G + b *G = (a + b mod N) * G, which is true for any Elliptic Curve.

(from Is BIP 32 Technology Cryptographic Curve Agnostic?.)

Are there simpler forms of weak-child-only key derivations? (I'm guessing that the HMAC, splitting and concatenation is unneeded for a simpler/weaker scheme. Such a scheme would just have a large number of weak children and no layers/tree.)

Is a simpler scheme possible? (I'm asking about cryptography generally, not whether it's a good idea for Bitcoin.)

fadedbee
  • 143
  • 4
  • `SHA256(entropy | index)`. 1st key = `SHA256(entropy | 0x00000000)`, 2nd key = `SHA256(entropy | 0x00000001)`,... – Coding Enthusiast Jul 03 '20 at 16:10
  • @CodingEnthusiast Could you expand that into an answer, please? I can't understand how these keys relate to the parent keys, as they do not depend on them at all. In particular I want to derive child public keys from just a parent public key, knowing that the owner of the parent private key can derive the associated child private keys. – fadedbee Jul 04 '20 at 06:10
  • It is a **very very weak** way of deriving child _private_ keys from an initial entropy. If deriving pubkey in a _weak_ way is desired then a similar scheme to BIP-32 for non-hardened children could be used to compute `SHA256(parentPubKey | index)` where child _private_ key is the `parent+child % N` – Coding Enthusiast Jul 04 '20 at 08:35
  • Is `parentPrivKey+index % N` the private key for `parentPubKey | index`? (I cannot see how the unreversable SHA256 can help here at all, but that may well be my lack of knowledge.) – fadedbee Jul 04 '20 at 08:47

0 Answers0