Alright, something that might sound like it belongs in a sci-fi movie: Hierarchical Deterministic Key Derivation for Unlinkable Child Keys! Chill out, don’t worry, we won’t be using any fancy jargon or mind-bending theories. Instead, we’ll break down this concept into simple English and provide some examples to help you understand it better.
First things first: what is Hierarchical Deterministic Key Derivation (HD)? It’s a protocol that simplifies wallet backups, eliminates the need for repeated communication between multiple programs using the same wallet, allows creation of child accounts with independent operations, and provides monitoring or control over children even if they are compromised.
Let’s kick this off with how it works: HD key derivation takes four inputs a parent private key, a parent public key, a chain code (which is 256 bits of seemingly-random data), and an index number (a 32-bit integer specified by the program). By combining these inputs using some math magic, we can create child keys that are unlinkable to their parents.
Here’s how it works: let’s say you have a parent private key and public key pair. To create a child key, we first combine the chain code with the index number using a hash function (which is like a mathematical shortcut). The resulting output from this combination will be 256 bits of seemingly-random data that we can use to derive either a child private key or a child public key.
To create a child private key, we add the parent private key and the lefthand hash output (which is the first half of the combined chain code/index number) using some math magic called modular arithmetic. The resulting value will be between 0 and G (where G is a mathematical constant), which represents our child private key.
To create a child public key, we take the point on the curve that corresponds to the parent private key and add another point on the curve using the lefthand hash output as a vector. This gives us the child public key.
By repeating this process for different index numbers, we can create unlinkable grandchild keys (which are essentially great-grandchildren). And because each child key gets its own chain code, even if one chain code is compromised, it won’t necessarily compromise the integer sequence for the whole hierarchy. This allows us to continue using our master chain code even if a web-based public key distribution program gets hacked!
And remember, always keep your private keys safe and secure!