1
HD Wallets have a flaw that revealing a private key and its parent master public key will reveal its parent master private key. (Described here[1] and here[2]).
Isn't there a similar concept with master public key and master private key that does not suffer from this issue. (Does not have to be ECDSA. I just want a deterministic private-public keypair generator that can publish its master public key).
[1] https://bitcoinmagazine.com/8396/deterministic-wallets-advantages-flaw/
[2] https://eprint.iacr.org/2014/998.pdf (chapter 3)
This makes generating master public key useless as it is unable to generate public keys in children, which is something I want to have. – Pavol Rusnak – 2015-07-29T18:41:06.393
@PavolRusnak, you can't have it both ways, unfortunately. Either the parent-pub and child-pub are related by an ECC key for which the private key is known, or it's not. But you can use both hardened and standard keys in the same tree structure! Best practice is to use Hardened keys for upper levels of the tree, and non-hardened only for the lower levels.
– morsecoder – 2015-07-29T19:00:50.267See Bip44: you can use m / 44'/0'/0'/0/k, where k is your key. Losing private key k together with parent/k would not reveal the whole chain because you do : m/44'/0'/0>'</0/0 (mint the >.<) – Jonas Schnelli – 2015-07-30T06:10:31.993