[Bitcoin-development] BIP0032

Michael Gronager gronager at ceptacle.com
Mon May 27 13:10:04 UTC 2013


Commenting on my own mail...

Rereading the BIP, it occurs to me that the private derivation is
actually intentional. So:
(m/i/j/k)*G = (M/i/j/k), but (m/i'/j/k)*G <> (M/i/j/k) (M/i'/j/k => ERROR)

But: ((m/i')*G)/j/k = (m/i'/j/k)*G

So, the motivation for the private derivation is to avoid the known (K,
c) and known k_i => k known too! I fear that many will fall in this
trap, though...

/Michael






More information about the bitcoin-dev mailing list