Armory

**will** be upgrading to BIP32, but at the moment it uses it's own homegrown version of "Type 2" deterministic wallets. After all, it was the first application to implement them, so I couldn't really have followed any standard

But it's not homomorphic encryption. Homomorphic encryption is pretty neat and enables some pretty cool capabilities, in general, but I haven't thought about whether it could be useful for Bitcoin. I bet, if we upgraded the scripting environment, we could find something interesting, but I'm not sure how useful it would be. It would certainly be a fun discussion to have...

For reference, Armory's wallet chain together like this:

PrivKey[0] = Random(32)

Chaincode = Random(32)

PubKey[0] = Priv2Pub(PrivKey[0])

Then

PrivKey[i+1] = (hash256(PubKey[i]) XOR chaincode) * PrivKey[i]

PubKey[i+1] = (hash256(PubKey[i]) XOR chaincode) * PubKey[i]

Where the multiplication (*) is scalar-multiplication-mod-N in the first line, and it's elliptic-curve-point-mult-by-scalar on the second line. The magic of elliptic curve math is that if N is equal to the number of points on the elliptic curve, then you end up with matching private and public keychains on both sides.

I had actually been meaning to document this precisely somewhere. I guess this was my excuse.