shea256
commented
8 years ago I think it should be "the master private key will be shared as well" here?
Correct. I will fix this.
Also, is the above "double spend" paragraph the main reason for using the HD derivation path approach rather than just choosing a random key for each attribute, and revealing the link by signing the random key with your publicly attached public key?
Yes, exactly.
And sharing the derived private key would not be enough here, right? You need to share the derivation path as well? ... It seems that as long as you keep the derivation path hidden you could still share the "over 21" private key with your friend (but you'd have to never reveal the derivation path to anyone so you won't be able to link it back to your public master key).
Hm, you might be on to something here. Let me think more about this.
In Selective Disclosure Of Identity @shea256 writes
"the "double spend" problem of identity proofs is solved whereby users cannot share their keys that have been verified to be "over 21" because sharing an unhardened descendant key of a master public key means that the master public key will be shared as well"
I think it should be "the master private key will be shared as well" here? And sharing the derived private key would not be enough here, right? You need to share the derivation path as well?
Also, is the above "double spend" paragraph the main reason for using the HD derivation path approach rather than just choosing a random key for each attribute, and revealing the link by signing the random key with your publicly attached public key? It seems that as long as you keep the derivation path hidden you could still share the "over 21" private key with your friend (but you'd have to never reveal the derivation path to anyone so you won't be able to link it back to your public master key).