0
I'm learning about the details of how HD wallets work. After reading the BIP32 and BIP44 documents thoroughly and supplementing it with Mastering Bitcoin there's still on aspect that I can't figure out.
Say I derive an extended private key with the BIP44 first account, first address path path: m/44'/0'/0'/0/0 and then I convert the extended private key into an extended public key.
Based on what I've read so far proper way would be to take the extended public key and work with an entirely non-hardened path like: M/0/1 , M/0/2 ?
Is this the correct way to do it ? My problem is that a public key of M/44'/0'/0'/0/1 will not be the same as M/0/1.
I'm just trying to make sure I'm using the derivation paths correctly. Thanks a lot!
"Based on what I've read so far" -> where did you read this? Could be that the m in
m/0/1refers to the key derived fromm/44'/0'/0'/0/0and not the master key. – JBaczuk – 2019-01-21T17:02:34.667@JBaczuk ,
m/0/1refers exactly to the path it pertains to.m/44'/0'/0'/0/0is a bip44 path. Not sure which wallet usesm/0/1, if any. In any case, publicly deriving straight from the master key is a huge footgun. – arubi – 2019-01-21T18:12:18.147@arubi A wallet is not a good example for this because the wallet will have access to the private keys - hence it will allow for a lot more flexibility when deriving different paths. The constraint here is generating a chain of addresses just from a public key (say on a server) and reconciling them on the machine that holds the master keys (say an air-gapped computer). – tzumby – 2019-01-21T21:03:33.893
What I'm saying is, whatever you're doing, deriving non hardened paths straight from the extended private key seems like a footgun to me. You can easily derive non hardened keys from some standard path like bip44, or you could replace the hardened
44'with some other non-standard number to achieve the same result.m/0/1is not the way to go, imo. – arubi – 2019-01-21T21:45:38.000@arubi sorry I misunderstood what you meant. I completely agree, I would derive the BIP44 path to get the extended private + chain code, then convert that to an extended public + chain code, and I'd use that instead to generate the M/0/1 and so on. – tzumby – 2019-01-21T21:57:35.277