2
Suppose I know a specific address and I know a full HD Public Key. Is it possible to determine if the address is a hash of one public keys generated from the HD public key in constant time, or in other words without checking every possibility?
2
Suppose I know a specific address and I know a full HD Public Key. Is it possible to determine if the address is a hash of one public keys generated from the HD public key in constant time, or in other words without checking every possibility?
2
No, it is impossible to know. You would have to check every possibility.
Thanks, that makes sense to me intuitively, but do you know of any way to prove it? – Loourr – 2017-10-11T12:42:54.117
A strong hash function should have output that is indistinguishable from random data. Both SHA256 and Ripemd160 (tthe two hash functions involved here) are not known to be broken. There is no known way to find a relationship between the hash and the preimage. This means that you can't even figure out what the pubkey for an address is. Furthermore, deriving additional keys uses SHA512 (related to SHA256) which means that there is no way to find a relationship between the derived key and its parent except through brute force. – Andrew Chow – 2017-10-11T14:22:42.117
That makes sense. Would it be possible in Etherium given (at least as far as I understand it) that the address is just the truncated private key? – Loourr – 2017-10-11T17:47:24.203
I don't use Ethereum or study it, so I don't know. – Andrew Chow – 2017-10-11T18:00:50.907