Closed SimoneBronzini closed 6 years ago
This is correct, the proposed solution is fine by me
Well, actually, we are finding some further problems about privacy and entropy that the proposed solution would worsen. We will follow up soon with issues about those topics and move the discussion further about this solution.
By using 4 chunks of 3 bytes padded with 8 zero bits we keep 96 bit of entropy
This would highly reduce horizontal derivation entropy while highly increasing vertical derivation entropy. I guess it is also simpler implementation-wise. I didn't fully do the math on entropy but think it might work.
This issue refers to an old and obsolete version of RGB. See "old rgb" issue tag in our wiki.
K
is 12-bytes long and is split into three 4-bytes chunks, which are then used to derive from anxpub
. 4 bytes can represent derivation indices ranging from 0 to 232-1. However, as per BIP32, indexes 231 through 232-1 are used for hardened child derivation, which is not possible without having thexpriv
corresponding to thexpub
.A solution would require having the most significant bit of every chunk of
J
andK
always set to 0 and randomly generating the other bits.