secp256k1 – Why is BIP32 not merely PublicKey multiplication?


I perceive that:

pubkey(a + b) = pubkey(a) * pubkey(b)

the place a and b are secret keys. (See:

If, below the circumstances:

  • Alice publishes pubkey(alice_secret).
  • Bob creates an one-use, random secret key x_secret.
  • Bob publishes x_secret.

Do the next circumstances maintain?

  • Solely Alice can signal messages with the key key (alice_secret + x_secret), as no-one else is aware of each secret keys.
  • Anybody can confirm such a message’s signature utilizing pubkey(alice_secret) * pubkey(x_secret), as pubkey(x_secret) could be calculated from the revealed x_secret.

If that’s the case, why is BIP32 extra advanced than this?

Supply hyperlink

Leave a reply