BIP 32: Add simpler explanations where I got confused originally reading this. #785

pull ddustin wants to merge 1 commits into bitcoin:master from ddustin:master changing 1 files +7 −2
  1. ddustin commented at 9:38 pm on June 5, 2019: contributor

    Essentially I added the simple explanation for some things next to the more complex ones originally used. If I had these in there when I first came upon this document, I would have had a much easier time digesting it.

    Hopefully these changes help the next peson who reads it.

  2. ddustin renamed this:
    Add simpler explanations where I got confused originally reading this.
    [BIP32] Add simpler explanations where I got confused originally reading this.
    on Jun 5, 2019
  3. ddustin renamed this:
    [BIP32] Add simpler explanations where I got confused originally reading this.
    BIP32: Add simpler explanations where I got confused originally reading this.
    on Jun 5, 2019
  4. ddustin renamed this:
    BIP32: Add simpler explanations where I got confused originally reading this.
    BIP 32: Add simpler explanations where I got confused originally reading this.
    on Jun 5, 2019
  5. luke-jr added the label Proposed BIP modification on Sep 19, 2019
  6. luke-jr commented at 10:28 pm on September 19, 2019: member
    @sipa
  7. in bip-0032.mediawiki:68 in 5cd93556b6 outdated 
    64@@ -64,6 +65,8 @@ In what follows, we will define a function that derives a number of child keys f
65 
66 We represent an extended private key as (k, c), with k the normal private key, and c the chain code. An extended public key is represented as (K, c), with K = point(k) and c the chain code.
67 
68+When deriving child keys, a 'hardened' child key can only be generated using a private key. This provides security advantages but reduces the usefulness of HD key derivation. It is typically used to seperate 'accounts' from each other.
    jonatack commented at 9:54 pm on April 26, 2024: 
    0When deriving child keys, a 'hardened' child key can only be generated using a private key. This provides security advantages but reduces the usefulness of HD key derivation. It is typically used to separate 'accounts' from each other.
  8. jonatack commented at 9:55 pm on April 26, 2024: member
    Pinging BIP author @sipa for feedback (thanks!)
  9. murchandamus assigned sipa on Apr 29, 2024
  10. in bip-0032.mediawiki:54 in 595c030923 outdated 
    50@@ -51,10 +51,11 @@ Addition (+) of two coordinate pair is defined as application of the EC group op
51 Concatenation (||) is the operation of appending one byte sequence onto another.
52 
53 As standard conversion functions, we assume:
54-* point(p): returns the coordinate pair resulting from EC point multiplication (repeated application of the EC group operation) of the secp256k1 base point with the integer p.
55+* point(p): returns the public key for p. This is the coordinate pair resulting from EC point multiplication (repeated application of the EC group operation) of the secp256k1 base point with the integer p.
    sipa commented at 3:27 pm on April 29, 2024:
    I find this to be somewhat cyclic. We define public/private keys in function of this operation (i.e., the corresponding public key to private key p is point(p)). The change here is adding the reverse that (i.e., defining point(p) as the public key to p).
    ProofOfKeags commented at 8:10 pm on April 30, 2024:
    Yeah I’m in agreement with @sipa here. Points are used as public keys but aren’t equivalent to them in certain use contexts.
    ddustin commented at 8:51 pm on July 11, 2024:

    How about this rewording:

    “point(p): returns the coordinate pair resulting from EC point multiplication (repeated application of the EC group operation) of the secp256k1 base point with the integer p (similar to making public key).”

  11. in bip-0032.mediawiki:68 in 595c030923 outdated 
    64@@ -64,6 +65,8 @@ In what follows, we will define a function that derives a number of child keys f
65 
66 We represent an extended private key as (k, c), with k the normal private key, and c the chain code. An extended public key is represented as (K, c), with K = point(k) and c the chain code.
67 
68+When deriving child keys, a 'hardened' child key can only be generated using a private key. This provides security advantages but reduces the usefulness of HD key derivation. It is typically used to separate 'accounts' from each other.
    ProofOfKeags commented at 8:09 pm on April 30, 2024:
    ACK this change.
    apoelstra commented at 10:42 am on May 1, 2024:
    I’d prefer the last sentence be dropped. Given the weird security properties of “normal” derivation, I think we should word things as though hardened derivation were the ordinary case, and non-hardened derivation is the one that has a sentence explaining why somebody would want to use it.
    ddustin commented at 8:51 pm on July 11, 2024:

    How about this wording to make it sound more ordinary:

    “When deriving child keys, a ‘hardened’ child key can only be generated using a private key. This provides security advantages and prevents adversarial public key tracing. It is typically used to separate ‘accounts’ from each other.”

    And another sentence added for non-hardened keys:

    This non-hardened result is typically used by a server to continually generate receive addresses without the ability to spend funds.

  12. jonatack commented at 9:36 pm on May 1, 2024: member
    @ddustin mind updating per the new feedback?
  13. murchandamus added the label PR Author action required on May 8, 2024
  14. ddustin commented at 1:17 am on May 9, 2024: contributor

    @ddustin mind updating per the new feedback?

    Absolutely, will do. Traveling at the moment 👍

  15. 5twelve approved
  16. Add simpler explanations where I got confused originally reading this. 
    Essentially I added the simple explanation for some things next to the more complex ones originally used. If I had these in there when I first came upon this document, I would have had a much easier time digesting it.

Hopefully these changes help the next peson who reads it.
    b39b409c26
  17. ddustin force-pushed on Jul 11, 2024
  18. jonatack removed the label PR Author action required on Jul 11, 2024
  19. in bip-0032.mediawiki:54 in b39b409c26 
    50@@ -51,10 +51,11 @@ Addition (+) of two coordinate pair is defined as application of the EC group op
51 Concatenation (||) is the operation of appending one byte sequence onto another.
52 
53 As standard conversion functions, we assume:
54-* point(p): returns the coordinate pair resulting from EC point multiplication (repeated application of the EC group operation) of the secp256k1 base point with the integer p.
55+* point(p): returns the coordinate pair resulting from EC point multiplication (repeated application of the EC group operation) of the secp256k1 base point with the integer p (similar to making public key).
    murchandamus commented at 3:30 pm on July 16, 2024:

    There seems to be a word missing here:

    0* point(p): returns the coordinate pair resulting from EC point multiplication (repeated application of the EC group operation) of the secp256k1 base point with the integer p (similar to making a public key).
    sipa commented at 2:43 pm on March 21, 2025:
    Agree with adding “a” here (https://github.com/bitcoin/bips/pull/785/files#r1679635273).
  20. murchandamus requested review from sipa on Jul 16, 2024
  21. murchandamus added the label Pending acceptance on Aug 21, 2024
  22. in bip-0032.mediawiki:57 in b39b409c26 
    50@@ -51,10 +51,11 @@ Addition (+) of two coordinate pair is defined as application of the EC group op
51 Concatenation (||) is the operation of appending one byte sequence onto another.
52 
53 As standard conversion functions, we assume:
54-* point(p): returns the coordinate pair resulting from EC point multiplication (repeated application of the EC group operation) of the secp256k1 base point with the integer p.
55+* point(p): returns the coordinate pair resulting from EC point multiplication (repeated application of the EC group operation) of the secp256k1 base point with the integer p (similar to making public key).
56 * ser<sub>32</sub>(i): serialize a 32-bit unsigned integer i as a 4-byte sequence, most significant byte first.
57 * ser<sub>256</sub>(p): serializes the integer p as a 32-byte sequence, most significant byte first.
58-* ser<sub>P</sub>(P): serializes the coordinate pair P = (x,y) as a byte sequence using SEC1's compressed form: (0x02 or 0x03) || ser<sub>256</sub>(x), where the header byte depends on the parity of the omitted y coordinate.
59+* ser<sub>P</sub>(P): serializes the coordinate pair P = (x,y) (aka. the public key) as a byte sequence using [https://github.com/bitcoin-core/secp256k1/blob/master/include/secp256k1.h#L177 SEC1]'s compressed form: (0x02 or 0x03) || ser<sub>256</sub>(x), where the header byte depends on the parity of the omitted y coordinate.
    sipa commented at 2:42 pm on March 21, 2025:
    Don’t use a link to the master branch here, as it’ll grow outdated over time.
  23. in bip-0032.mediawiki:68 in b39b409c26 
    64@@ -64,6 +65,8 @@ In what follows, we will define a function that derives a number of child keys f
65 
66 We represent an extended private key as (k, c), with k the normal private key, and c the chain code. An extended public key is represented as (K, c), with K = point(k) and c the chain code.
67 
68+When deriving child keys, a 'hardened' child key can only be generated using a private key. This provides security advantages and prevents adversarial public key tracing. It is typically used to separate 'accounts' from one another.
    sipa commented at 2:47 pm on March 21, 2025:
    I don’t think the sentence with the word “typically” belongs here. BIP32 is a proposed specification, written in 2012. It’s not a description of how things are in 2025. Any language here should relate to what it proposed in 2012.
  24. in bip-0032.mediawiki:111 in b39b409c26 
    107@@ -105,6 +108,8 @@ To compute the public child key of a parent private key:
108 * CKDpub(N(k<sub>par</sub>, c<sub>par</sub>), i) (works only for non-hardened child keys).
109 The fact that they are equivalent is what makes non-hardened keys useful (one can derive child public keys of a given parent key without knowing any private key), and also what distinguishes them from hardened keys. The reason for not always using non-hardened keys (which are more useful) is security; see further for more information.
110 
111+The non-hardened result is typically used by a server to continually generate receive addresses without the ability to spend funds.
    sipa commented at 2:48 pm on March 21, 2025:

    Again, this is describing a 2025 state of affairs, not a 2012 proposal.

    I could see a separate section about “later adoption” being added perhaps, if that’s considered useful, describing which parts of the proposal ended up being mainstream, and which ones weren’t, but it should make it clear that that’s separate from the historical proposal.

  25. murchandamus added the label PR Author action required on Mar 21, 2025


ddustin luke-jr jonatack sipa ProofOfKeags apoelstra 5twelve murchandamus

Labels
Proposed BIP modification Pending acceptance PR Author action required

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bips. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-03-31 19:10 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me