2

Typical path notation for a BIP44 child private key would be something like:

m/44'/0'/0'

The public key is

point(m/44'/0'/0')

Where point is the ECC multiply function. Is there any better notation than this? It would not be right to use M/44'/0'/0' as this path is not derivable.

Is there any standard notation for the xpub calculated from a hardened child private key?

(Note: I'm looking for notation that would be useful to parse and then re-derive this key, not necessarily the type of notation that would be intuitive in an academic paper.)

morsecoder
  • 14,168
  • 2
  • 42
  • 94
  • 2
    This seems like more of a discussion topic than a question... wouldn't any answers be primarily opinion-based? That's my initial reaction anyways (but I'll comment further in a moment).... – Christopher Gurnee Jun 25 '15 at 15:37
  • I've always seen BIP-32 paths as being an input you pass to a derivation function, sort of like "SHA-256" is passed to HMAC to specify which PRF to use. IOW, derive_privkey("m/44'/0'/0'", k). Are you saying that "m/44'/0'/0'" is commonly used to express "the privkey derived from privkey m with path 44'/0'/0'"? I didn't think that notation was common; I could be wrong. So "M/44'/0'/0'" is "the privkey derived from pubkey M with path 44'/0'/0'" (impossible, as you said)? One more comment to follow.... – Christopher Gurnee Jun 25 '15 at 15:42
  • Again, this is just my limited experience, but I haven't commonly seen the notation point(k) being used to describe "the pubkey derived from privkey k" outside of its use in BIP-32. I've more commonly simply seen k × G (or k · G or just kG). Is point(k) more common than I think? – Christopher Gurnee Jun 25 '15 at 15:46
  • Re. my second (of four) comment above, you're right BIP-32 does use notation similar to what you use, which is itself a bit different than what BIP-44 uses. I agree it's not satisfactory.... – Christopher Gurnee Jun 25 '15 at 16:10
  • @ChristopherGurnee, It may be more of a discussion question than I first realized. Path/point notation may be common/not common, I'm not too sure. I know the bitcoin developer documentation uses point as well. – morsecoder Jun 25 '15 at 16:13
  • @StephenM347 I removed my answer as I misunderstood the question. – Wizard Of Ozzie Jun 26 '15 at 04:39

1 Answers1

2

Is there any standard notation for the xpub calculated from a hardened child private key?

I have chosen to use the below notation. Others may use it if they find it useful.

[m/44'/0'/0']

Is the public key derived from the hardened child private key. 

[m/44'/0'/0']/0/0

Is a child public key derived from the master private key m. However, [m/44'/0'/0'] may be stored as a separate public key, essentially as a checkpoint in the HD tree.

This notation has some useful characteristics:

  • Easy to parse.
  • Shows exactly where the private->public derivation was done. So, while [m/44'/0'/0']/0/0 and [m/44'/0'/0'/0]/0 my produce the same xpub, the calculations done to derive that xpub were quite different.
  • Inside of brackets, hardened notation may be used, but outside of brackets only non-hardened notation is permitted.
morsecoder
  • 14,168
  • 2
  • 42
  • 94