I am reading about Hardened and Normal child key in chapter 5 of the book "Mastering Bitcoin" by Andreas, along with this detailed thread and BIP-32. Here are some of my understanding about these two procedures:
k: private key // K: public key // i index // c chain code // H HMAC hashing result // Hleft the first 32 bits of the hash result. // n order of Elliptic Curve. // G starting point of Elliptic Curve
Normal Key Derivation
Case 1: parPrivkey -> childPrivkey (and from that, childPubkey)
H = HMAC(cpar, Kpar || ichild)
=> kchild = (kpar + Hleft) mod n
=> Kchild = G*kchild = G*[ (kpar + Hleft) mod n)]
Case 2: parPubkey -> childPubkey
H = HMAC(cpar, Kpar || ichild)
=> Kchild = G*Hleft + Kpar
Hardened Key Derivation`
Case 3: parPrivkey -> childPrivkey (and from that childPubkey)
H = HMAC(cpar, kpar || ichild)
=> kchild = (kpar + Hleft) mod n
=> Kchild = G*kchild = G*[ (kpar + Hleft) mod n]
Given these 3 methods, I am somewhat confused:
- the difference in the generation equation between cases 1 and 2 is quite subtle, such that we only need to multiply
kchild = (kpar + Hleft) mod n by G to get that in case 2. Nevertheless, since there is a factor mod n at the end, I couldn't tell whether Kchild of Case 1 will relate to that of Case 2. If it does not, then what's the point of generating just public key without being able to spend the funds sent to to it?
- This is not related to the above question, but rather about the generation of the master private key: I have read that after getting the Root seed, the seed was put into HMAC-SHA512 function to get a 512-bit hash, the first 32 bytes of which serves as master private key. So my question is since HMAC function takes in 2 input which are
key and text, what is the "key" in this case? If there is no "key", then why not using just SHA-512 hashing function?
Thank you very much in advance.
