2
I've been reading about HD wallet derivation key mechanism. I understood that if an attacker gets somehow a child's private key plus the chaincode used to derive that child' key, then he could calculate the parent's private key. How could that be possible? Through a sort of brute force attack?
Furthermore, how can the hardened derivation scheme neutralize this problem by using the parent's private key instead of his public key as input for the HMAC-SHA512 functions?
3
Here is a solid answer by Andrew Chow. Can we derive parent’s private key using child’s private key?
As for the specific questions:
How could that be possible?
Once again, Andrew Chow: Derivation of parent private key from non-hardened child
Furthermore, how can the hardened derivation scheme neutralize this problem by using the parent's private key instead of his public key as input for the HMAC-SHA512 functions?
(From the linked post above) Hardened derivation protects against this because it generates the child private key by hashing the parent private key. However this also means that you cannot generate the child public key from the parent public key.
So...the hardened derivation solve the problems because an attacker with just a child's private key plus the chaincode can't perform the HMAC-SHA512 (he should also have the parent's private key). Correct? – dc_Bita98 – 2018-12-18T20:38:30.960
To the best of my knowledge and understanding (knowing i'm not an expert) that is correct. I don't think many people could answer with absolute certainty on here outside of Andrew Chow. There needs to be a third component to reliably crack the hardened wallet. My suggestion, it you require an expert answer would be to pose this question within the "Derivation of parent private key from non-hardened child" post above and hope that Andrew responds. (Forgive me if this is not how this forum is designed to work and i'm providing poor guidance on getting the attention of an expert. Still new here!) – cleanmarker – 2018-12-19T17:09:15.213