Why was ed25519 used instead of secp256k1 and is still compatible with BTC/ETH?

[oslfmt]

Apologies if my terminology is incorrect. As I understand, EdDSA is the algorithm reliant on the ed25519 elliptic curve, while ECDSA is the algorithm reliant on the secp256k1 curve.

I'm curious why ed25519 was used instead of secp256k1? Will this make the public keys generated unusable with blockchain systems reliant on secp256k1 like Bitcoin and Ethereum?

Come to think of it, I've never really thought too deeply on what exactly constitutes a valid vs invalid key pair. I've just always assumed that anything not following the standard (secp256k1) will have unintended consequences.

[jpopesculian]

Hi @victor-wei126! Sorry, I'm just seeing this! To answer your question, this repository is focused on providing derivation for use with EdDSA. There are many cryptocurrencies that use EdDSA instead of ECDSA; I believe mostly with the intent of being faster and equally secure. Some notable examples are Solana, Cardano and Stellar.

BIP-32 was specified specifically for secp256k1, but because HD wallet applications often like to derive one root secret for multiple different accounts and blockchains, derivation of ed25519 keys also have to be performed. This repository implements the derivation scheme used by Trezor compatible software.

There are many good crates for BIP-32 which focus on secp256k1, notably https://docs.rs/bitcoin/0.27.1/bitcoin/util/bip32/index.html