#StackBounty: #wallets #private-key #hd-wallets #bip32 #bip39 Is possible to continue the BIP32/BIP39 algorithm from a Pk and Sk pair a…

Bounty: 50

A few days reading about the BIP algorithm and the generation of the key pairs.

Found that on the BIP 32 Paper:

enter image description here

Child key derivation (CKD) functions
Given a parent extended key and an index i, it is possible to compute the corresponding child extended key. The algorithm to do so depends on whether the child is a hardened key or not (or, equivalently, whether i ≥ 231), and whether we’re talking about private or public keys.

Private parent key → private child key The function CKDpriv((kpar,
cpar), i) → (ki, ci) computes a child extended private key from the
parent extended private key:

Check whether i ≥ 231 (whether the child is a hardened key). If so
(hardened child): let I = HMAC-SHA512(Key = cpar, Data = 0x00 ||
ser256(kpar) || ser32(i)). (Note: The 0x00 pads the private key to
make it 33 bytes long.) If not (normal child): let I = HMAC-SHA512(Key
= cpar, Data = serP(point(kpar)) || ser32(i)). Split I into two 32-byte sequences, IL and IR. The returned child key ki is
parse256(IL) + kpar (mod n). The returned chain code ci is IR. In case
parse256(IL) ≥ n or ki = 0, the resulting key is invalid, and one
should proceed with the next value for i. (Note: this has probability
lower than 1 in 2127.) The HMAC-SHA512 function is specified in RFC
4231. Public parent key → public child key The function CKDpub((Kpar, cpar), i) → (Ki, ci) computes a child extended public key from the
parent extended public key. It is only defined for non-hardened child
keys.

Check whether i ≥ 231 (whether the child is a hardened key). If so
(hardened child): return failure If not (normal child): let I =
HMAC-SHA512(Key = cpar, Data = serP(Kpar) || ser32(i)). Split I into
two 32-byte sequences, IL and IR. The returned child key Ki is
point(parse256(IL)) + Kpar. The returned chain code ci is IR. In case
parse256(IL) ≥ n or Ki is the point at infinity, the resulting key is
invalid, and one should proceed with the next value for i.

I was wondering then, if mnemonic seed only gives you access to the first key pair and then, that key pair, gives you the next.

This will mean that you can execute the BIP 32 algorithm from a Pk,Sk combination that belongs to the herarchy marked by the mnemonic seed.

So I wanted to know if it’s possible to scale from a Pk,Sk pair to the mnemonic seed (12 or 15 words from a dictionary).

Does anyne know about that?

Thanks.


Get this bounty!!!

Leave a Reply