4

I'm trying to understand if the feature "Hierarchical Deterministic Wallets" in Bitcoin allows for complete privacy of all derived keys, and if any of those keys can be associated with each other after they are generated.

Knowing the answer to this will greatly impact the scenarios these keys are usable in.

Patriot
  • 3,132
  • 3
  • 18
  • 65
makerofthings7
  • 2,621
  • 1
  • 20
  • 36

1 Answers1

4

I recently came across a paper that may interest you that I think answers your question. To quote from the abstract:

Unfortunately, in all existing HD wallets---including BIP32 wallets---an attacker can easily recover the master private key given the master public key and any child private key. This vulnerability precludes use cases such as a combined treasurer-auditor, and some in the Bitcoin community have suspected that this vulnerability cannot be avoided.

Combine this with the fact that child private keys are generated from the master private key, and it appears the answer to your question is no, they do not offer complete privacy.

mikeazo
  • 38,563
  • 8
  • 112
  • 180
  • In normal use the master public key is not shared. So while this is important to remember for some of the more eclectic uses of HD wallets, it doesn't apply to 99% of usage. – eMansipater Mar 05 '15 at 22:04
  • Agreed @eMansipater but to add: in normal use a child wallet's private key isn't shared either. – mikemaccana Jun 28 '22 at 20:57