Bip32-Hd-Wallets

為什麼 BIP44 完全使用非硬化路徑?

  • March 20, 2015

BIP44在大多數級別上使用強化/私有派生:

m / purpose' / coin_type' / account' / change / address_index

但不在 change 和 address_index 級別。首先,硬化實現了什麼,其次,除了在該級別只有一半的 2³² 路徑之外,始終硬化的缺點是什麼?

據我了解,非強化路徑僅允許在存在一個簡單的私鑰的情況下,學習地址的 xpriv 密鑰,如果未強化,則下一個更高的 xpriv 密鑰一直到第一個強化小路。是這樣嗎?如果是的話,除了在該帳戶的外部提供 20 億個地址並更改路徑(假設允許溢出到硬化的地址空間)之外,它還有什麼優勢?

一些程式碼來看看我是否/我做對了:

   var wallet = HDPrivateKey()
   var hardened = wallet.derive(4, true)
   var nonHardened = hardened.derive(4, false)

   console.log(hardened.publicKey.toAddress().toString())
   // the payee gets this anyway
   console.log(hardened.publicKey.toString())
   // once I spend from my address, I have to reveal this. It's probably secure to
   // re-use the address but better not to.
   console.log(hardened.privateKey.toString())
   // at this point, you can spend funds that are received to above address and
   // only that
   console.log(hardened.xpubkey)
   // you now know all my addresses I could derive from hardened. Do you know any
   // private keys except for the one I explicitly shared a line before?
   console.log(hardened.xprivkey)
   // now you can spend from all the addresses derivable from hardened but learn
   // nothing else about wallet.

   console.log(nonHardened.publicKey.toAddress().toString())
   console.log(nonHardened.publicKey.toString())
   console.log(nonHardened.privateKey.toString())
   console.log(nonHardened.xpubkey)
   // in difference to the hardened case, you would now learn about nonHardened but
   // also (once again) about hardened? What could you actually learn?
   console.log(nonHardened.xprivkey)
   // would this line leak any information that wasn't already leaked in the last
   // block?

輸出:

   1c6dKRqvYPiCQx2R3u75pxGfy15g7jfU4
   0342619d3209b6859f4d88e3b1deaa1acee734c94d625b7d59b286b6842c90bd60
   4c461799315979063858208f6c3e8b33f29ceb10c42389690cd0a20427715845
   xpub68GCDysH8nE2Nuodq1ncV4jYiWvajzZyjVr6Pt8N46QAKC3CPxjj8G6AcE7sdvGypzXZFRRHYjRokhTty6LC8MErRifGiJFeTbTBYL9QfTg
   xprv9uGqpULPJQfjARjAizFc7vnpAV66LXr8NGvVbVikVksBSPi3rRRUaTmgkwDii6TFzWWFsch7Qc2v6eM1ZcJAJLv8ybvw7YY4qwLwvfFJoAp

   1NsxMLRhXasbHaskKVQK4qiJpBZgjTs3Aq
   026653baf78fb78cfb9845faa43080dfc452991422edc67f5ba085d02786364670
   afdb89aaf2f02987dfc47cc655fb4e1fb5cdd545af44875b4176805dc8f60852
   xpub69pTp8pV8Fcmkf3HuiWnzGE42MJcMrTtegoZaLApLUSvhugH6YNKgTtVfk2asMNZWKynCpFoCGePbHLfwJqsLtPskSv5cPF6j1FqmdaNCrE
   xprv9vq7QdHbHt4UYAxpogynd8HKUKU7xPk3HTsxmwmCn8uwq7M8Z1458fa1pVZCfWYWUWMG7p7b99NzJnSwZAnQR6EmN4awbcKZrfdrcmXAXqy

為什麼 BIP44 完全使用非硬化路徑?

想像一下,您有一個要出售商品的網站。您需要網站能夠生成地址,但您不希望它能夠從地址中消費。

好吧,你可以給網站一個賬戶級的擴展公鑰,它可以從中生成你需要的非硬化地址。您將無法創建強化地址;您需要帳戶私鑰來製作新的強化地址。

// you now know all my addresses I could derive from hardened. Do you know any
// private keys except for the one I explicitly shared a line before?

不,我知道私鑰,但我無法計算出父密鑰或任何兄弟姐妹。

// in difference to the hardened case, you would now learn about nonHardened but
// also (once again) about hardened? What could you actually learn? 

即使這個密鑰沒有被強化,我也不知道父密鑰的鏈碼,所以我不能破壞同級密鑰,甚至不能將該密鑰與它的任何同級密鑰相關聯。

// would this line leak any information that wasn't already leaked in the last
// block?

沒有。但是,如果你也暴露了

wallet.derive("m").xpubkey

那麼我就有足夠的資訊來破壞你的錢包。

引用自:https://bitcoin.stackexchange.com/questions/36512