Bitcoin Forum
February 05, 2023, 05:20:39 AM *
News: Latest Bitcoin Core release: 24.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: BIP-32 hardened children  (Read 705 times)
justusranvier (OP)
Legendary
*
Offline Offline

Activity: 1400
Merit: 1006



View Profile
June 30, 2015, 10:05:38 PM
 #1

Can an observer prove that a given public key is the nth hardened child of a given xpub without access to any of the associated private keys if they know n?

Alternately, can the owner of the private keys create such a proof?
1675574439
Hero Member
*
Offline Offline

Posts: 1675574439

View Profile Personal Message (Offline)

Ignore
1675574439
Reply with quote  #2

1675574439
Report to moderator
1675574439
Hero Member
*
Offline Offline

Posts: 1675574439

View Profile Personal Message (Offline)

Ignore
1675574439
Reply with quote  #2

1675574439
Report to moderator
1675574439
Hero Member
*
Offline Offline

Posts: 1675574439

View Profile Personal Message (Offline)

Ignore
1675574439
Reply with quote  #2

1675574439
Report to moderator
Once a transaction has 6 confirmations, it is extremely unlikely that an attacker without at least 50% of the network's computation power would be able to reverse it.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
johoe
Full Member
***
Offline Offline

Activity: 217
Merit: 205


View Profile
July 01, 2015, 06:06:34 AM
 #2

To prove that a key is the nth hardened child, you need to provide I_L and prove that it is the result of a HMAC_SHA512 operation.  I don't see how you can prove the latter without giving the second operand of this operation.  However, for a hardened step this contains the private key.

Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!