critical flaw:
xpub derivation works by putting the chain code C and index I through a hash function to get a modifier private key m
using the base private key b, you can calculate the derived key as b + m
for public part, m can still be calculated (chain code and index are public), but you only get base public key B
you convert m to a public key M, and calculate B + M, and that is the public key for b + m
now if b + m, the derived key, gets leaked, and the base xpub is public, m can be calculated and subtracted from b + m, to get b
you can from there calculate any other derivation path
/ semisol
npub122…cgrkj
2024-08-18 13:43:36
in reply to nevent1q…g29g
Author Public Key
npub12262qa4uhw7u8gdwlgmntqtv7aye8vdcmvszkqwgs0zchel6mz7s6cgrkjPublished at
2024-08-18 13:43:36Event JSON
{
"id": "dca9dfb17cdf86bbef22ca94e1a2a384a4cdeac0997d230f872759b7c70abadb",
"pubkey": "52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd",
"created_at": 1723988616,
"kind": 1,
"tags": [
[
"e",
"02cbd5848d07520d845fc69a438d38dc2a5aeb247d43341950cd8d65b04bb000",
"",
"root"
],
[
"e",
"48586189de7559adfc08783f0886cd0632a1bf4edc0f9daf72aa5b37f1c2f937",
"",
"reply"
],
[
"p",
"460c25e682fda7832b52d1f22d3d22b3176d972f60dcdc3212ed8c92ef85065c"
],
[
"p",
"d0debf9fb12def81f43d7c69429bb784812ac1e4d2d53a202db6aac7ea4b466c"
]
],
"content": "critical flaw:\n\nxpub derivation works by putting the chain code C and index I through a hash function to get a modifier private key m\n\nusing the base private key b, you can calculate the derived key as b + m\n\nfor public part, m can still be calculated (chain code and index are public), but you only get base public key B\n\nyou convert m to a public key M, and calculate B + M, and that is the public key for b + m\n\nnow if b + m, the derived key, gets leaked, and the base xpub is public, m can be calculated and subtracted from b + m, to get b\n\nyou can from there calculate any other derivation path",
"sig": "f30a2647f5bae3c13dd6ab5bccc9f55a12e6b9378c7c56fbfd5b71648b2bef3a85264b2bebaf31c432bc395a9811dc28d985ad9ae1bce464cba4522c50893257"
}