frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting

Browse Source
This commit is contained in:
Jonas Nick 2018-11-19 15:43:08 +00:00 committed by Andrew Poelstra
parent dec1b9ce27
commit e9fea74278
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/modules/whitelist/whitelist.md
View File

@ -93,4 +93,13 @@ the remaining public keys are verified out-of-band when setting up the system,
so there is no direct benefit to this. We do it only to reduce fragility and so there is no direct benefit to this. We do it only to reduce fragility and
increase safety of unforeseen uses. increase safety of unforeseen uses.
Having to access the offline key `Q_i` to compute the secret to the sum `W +
Q_i` for every authorization is onerous. Instead, if the whitelisted keys are
created using
[BIP32](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki)
unhardened derivation, the sum can be computed on an online machine. In order
to achieve that, the offline key `Q_j` is set to the negated last hardened
BIP32 derived parent key (typically, the public key corresponding to the xpub).
As a result `W + Q_i = I_L*G` where `I_L` is the public tweak used
to derive `W` and can be easily computed online using the extended public key
and the derivation path.