It is well known that reusing the k in different signatures will leak the private key. The reuse of k is very obvious as the r for different signatures will be the same.
What about the case for BIP32 deterministic wallet? Let say an attacker knows the root public key and the chain code. If the private key holder signs 2 different messages using the same k, with 2 different addresses in the same (or different) branch of the deterministic wallet, is it possible for the attacker to detect it and deduce the private keys for the singing addresses (or even the root private key)?
You should clarify that you're talking about the non-hardened derivation, since obviously none of this applies to the hardened derivation.
But yes, that's insecure.
If you have two signatures with the same unknown nonce (k) you have two (r,s) signatures of message m_n, such that r_1==r_2 because r is just k*G. Normally you would write out s_1 - s_2 = k^-1 * (m_1 - m_2), simplifying from the signing equation, and divide m_1 - m_2 by that yielding k. If you replace the secret key in the signing equation by the secret key plus a known constant the first step simplifies out to s_1 - s_2 = k^-1 * (m_1 - m_2 - r*constant) since you have the chaining code you know the value of the constant so you can compute (m_1 - m_2 - r*constant) / (k^-1 * (m_1 - m_2 - r*constant)) = k. I haven't actually tried it, but I believe it will work. This also follows naturally that if you have one private key and the chaining code, you have all the private keys on a non-hardened chain.
You should treat all bip32 private keys on the same non-hardened chain as the same private key for security purposes. They're all just a constant private key plus a set of increment values known to attackers who know the chaining code. Additionally, even ignoring bip32 I would never reuse a nonce on signatures of different messages even with different keys.