3
2
Does BIP 32 always implicitly assume secp256k1 elliptic curve cryptography (ECC) is to be applied, or can BIP 32 technology also be applied to create extended public or private keys that can readily be converted to say ed25519 private/public keypairs? One of the reasons I ask is because if a mathematical or computational backdoor is ever discovered for secp256k1, can ed25519 slide right in or does BIP 32 need to be re-engineered to support ed25519? Ed25519 can also be applied to provide Schnorr Signature capabilities.
3That's not exactly correct. BIP32 at least needs a small tweak to be usable on curves with a cofactor different from one. Ed25519 also uses a key generation scheme that forcibly sets some bits to 0 and 1, which would make BIP32 derived keys technically invalid Ed25519 keys. – Pieter Wuille – 2016-08-24T07:19:59.913
@PieterWuille thanks. How is a cofactor greater than 1 a problem? And I wasn't aware that Ed25519 had restrictions on the keys, I'll update my answer. – morsecoder – 2016-08-24T12:12:32.747
@StephenM347. Ed25519 isn't used for ECDSA, it is used for EDDSA. It will be really nice to be able to generate a few billion ed25519 public keys from a xpub extended key without knowledge of xprv extended keys. I'm assuming a cofactor will fix this, any idea how? Related ed25519 posting.
– skaht – 2016-08-24T20:21:03.707