Does BIP44 key derivation path protects private keys derived within same account?

0

I understand that with

  • Un-hardened parent extended public key
  • child private key

This will leads to compromise of parent private key and so all the private keys of siblings

BIP44 suggests the path m / purpose' / coin_type' / account' / change / address_index

Let's say I use the path m/44'/0'/0'/0 to derive public keys for account 0

Since The change and address_index is not hardened. And in my application I will have the extended public key at level m/44'/0'/0'/0 revealed (to derive addresses), does it means that if any of the private keys derived at the address_index level is compromised, all the private keys within the same account may also be compromised?

So with this path only avoid further compromise up to

  • Other accounts and
  • Further up to the master key?

Am I correct?

Calvin Lau

Posted 2018-03-05T08:20:24.097

Reputation: 143

Answers

1

Bip44 doesn't protect anything, if the user has master root key, they could get access to all the other accounts private keys.

Your path is wrong, it should be like that:

m / purpose' / coin_type' / account' / change / address_index

What you should do is generating child master private key for the following path:

m/44'/0'/1'/

Now the user has access only to account number "1" and should generate addresses using that child master private key and the following path:

m/changeAddress/addressIndex

Adam

Posted 2018-03-05T08:20:24.097

Reputation: 3 215

Thanks for point out the mistake. I will try to clarify my misconception and make my question clear. I understand hardening is helps to protect the parent private key being compromised if extended public key + child private key is compromised. However, I realize in BIP44, the change and address_index is non-hardened. That's why I am concerned that if any private key I derived from this path got compromised, does it means all the other private keys with the same account derived from the path is compromised as well.Calvin Lau 2018-03-05T08:50:45.960

Never, they'll need the master private key to get access to other accounts private keys.Adam 2018-03-05T08:57:20.020

How about within the same account? e.g. the private key for m/44'/0'/1'/0/0 get compromised, with the extended public key, does it means private keys of m/44'/0'/1'/0/n are all said to be compromised?Calvin Lau 2018-03-05T08:58:01.773

Not using WIF private key, they need the account master private key.Adam 2018-03-05T08:59:34.963

with the extended public key they may just see the addresses, but never the private keys.Adam 2018-03-05T09:01:56.680

Let us continue this discussion in chat.

Calvin Lau 2018-03-05T09:09:43.217

Oh I just notice in your answer you mention generate addresses using that child master private key. In my case I want to use an extended public key to generate address (because I need to generate address on the fly). So what I will putting in my application would be the extended public key at path m/44'/0'/1'/0. Does it means the vulnerability I mentions is valid?Calvin Lau 2018-03-05T09:13:37.037

I have rethink the whole thing and try to summarize. Does it means that: 1) If I use a master private key to derive a public key, it is a hardened public key and I do not need to worry about compromise of parent or siblings private key if child private key is exposed. 2) If I decide to use an extended public key to derive addresses, then I am subject to the vulnerability, no matter I am using the BIP44 derivation path m/44'/0'/1'/0 or other path that ends without prime.Calvin Lau 2018-03-05T15:24:20.520

Asked: 2018-03-05T08:20:24.097

Viewed: 232 times

Active: 2018-03-05T08:47:25.483