NIP-41: Key Invalidation; using HD (BIP32) derivation #450
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This proposed PR is a refinement of the existing NIP-41 PR, NIP-41: Key Invalidation. first draft. #158.
It attempts to solve the exact same problem, using the very same high level approach, but using a different approach for key derivation.
Viewable version of the NIP is here: https://github.com/catenocrypt/nips/blob/nip41-hd/41.md
I have created a new PR, as opposed to commenting/editing the existing one, mostly due to the fact that the key generation cryptography is different, and this is at the heart of the scheme.
But I fully acknowledge that the idea and solution was laid out in the original PR, and if the original authors prefer, I'm fine with incorporating these changes to the original PR.
I view this mainly a technical aspect (github).
A prototype implementation is available here: https://github.com/catenocrypt/nip41-hd-proto/
The similarities and differences of this scheme to the original PR:
An important question is a security analysis of how previously generated keys cannot be reconstructed, especially that chain code part of the new keys is published.
The short answer is that with a chain code compromised, it is possible to reconstruct other siblings and all descendants, but not ancestors.
An analysis should be added to the NIP text.