On Mon, May 27, 2013 at 03:10:04PM +0200, Michael Gronager wrote: > Commenting on my own mail... > > Rereading the BIP, it occurs to me that the private derivation is > actually intentional. So: > (m/i/j/k)*G = (M/i/j/k), but (m/i'/j/k)*G <> (M/i/j/k) (M/i'/j/k => ERROR) > > But: ((m/i')*G)/j/k = (m/i'/j/k)*G > > So, the motivation for the private derivation is to avoid the known (K, > c) and known k_i => k known too! I fear that many will fall in this > trap, though...
I think the current formulation in the BIP text is a bit confusing, as there is both "public derivation" (namely: derivation that can be done using just the public key), and the "public derivation function" (the one that takes the public key as input). Any suggestion for better terminology is welcome. One possibility is calling it type-1 and type-2 derivation, but that's only enlightening if you of the origin of the concept. There is current "test vector generation" code on the 'detwallet' branch on my github repo, but this isn't useful for actual deterministic wallets. I'm working on having an implementation that nicely integrates with the key abstraction. Also, there are already other implementations available, such as this Python one https://github.com/FelixWeis/hdwallet, and Java code in Bits of Proof (with whom the test vectors match, after finding a bug in mine...) Of course, implementing a determinstic wallet is more than just key derivation. There is dealing with detecting new keys/chains being used, lookahead, how to use accounts (if at all), and internal/external subchains. I think this is much more likely to differ more between different implementations, and perhaps interesting applications -- Pieter ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
