Score:1

Is it possible to have a Hierarchical Deterministic KD for ECC with child key leak not impacting parent key?

cn flag

From what I understand, in BIP 32, the knowledge of the parent public key and the child private key provides the parent private key, in a non-hardened path. Indeed, it's only a matter of substracting the part provides by the current path from the child's key to get back the parent's key.

I have an application in which I would like:

  • the people to be able to derive the public key of a given ID ("child public key"), based on a parent public key
  • not revealing the parent private key if a child private key is known

For instance, I would like to generate a key pair for "John Doe" with the path ROOT_ORG / ORG1 / JohnDoe and give it to him; and have externals people able to generate the corresponding public key from the public key of ROOT_ORG or ROOT_ORG / ORG1.

I'm using the Curve25519, but I'm interested in the general ECC case.

From what I understand, I'm looking to a $f$ and $g$ function such that:

  • $f(kG, input) = k'G$ (public key derivation)
  • $h(k, input) = k'$ (private key derivation)
  • $k' \not\rightarrow k$ (hiding: knowing $k'$ do not reveal $k$)

Does such a scheme exists?

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.