Open lehnberg opened 5 years ago
@yeastplume just realised perhaps this issue better belongs in grin-wallet these days. Feel free moving if so, can't seem to do it myself.
Reason is either something to do with paths as stored in bulletproofs or nothing at all, I need to look into it again to remind myself (and will do)
We currently use m/account/0/index
derivation path. As I understand this proposes to use m/account'/0'/index
which eliminates the private key leak problem. One caveat would be that we won't be able to do watch only wallets for the whole tree in the future, only on an account basis. Also a wallet restore might become more expensive because it will have to check both hardened and non hardened paths for backwards compatibility.
@mcdallas That's not really how restores work - at least not at the moment. What you're saying about checking both paths is true of bitcoin, but not Grin. Currently, the master seed is hashed with the commitment to come up with the 'nonce' used to generate the bulletproof. Anyone with that nonce can 'rewind' the bulletproof to get both the path and the blinding factor (although having both seems excessive - really only one is needed). So you can use completely random paths, and it won't affect restore time.
What is the reason for Grin not using hardened derivation paths? Is it worth adding?
Context