Skip to content

Commit

Permalink
ZIP 32: Define an arbitrary key derivation process
Browse files Browse the repository at this point in the history
  • Loading branch information
@str4d
str4d committed Oct 1, 2024
1 parent f7fb94a commit 672bddc
Showing 1 changed file with 41 additions and 0 deletions.
41 changes: 41 additions & 0 deletions zips/zip-0032.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -508,6 +508,47 @@ valid diversifiers.
The default diversifier for :math:`(\mathsf{sk}_i, \mathsf{c}_i)` is defined to be :math:`d_{i,0}.`


Specification: Arbitrary key derivation
=======================================

In some contexts there is a need for deriving arbitrary keys with the same derivation path as
existing key material (for example, deriving an arbitrary account-level key), without the need for
ecosystem-wide coordination. The following instantiation of the hardened key generation process may
be used for this purpose.

Let :math:`\mathsf{ContextString}` be a globally-unique non-empty sequence of at most 65535 bytes
that identifies the desired context.

We instantiate the hardened key generation process with the following constants:

- :math:`\mathsf{Arbitrary.MKGDomain} = \texttt{“ZcashArbitraryKD”}`
- :math:`\mathsf{Arbitrary.CKDDomain} = [\texttt{0xAB}]`

Arbitrary master key generation
-------------------------------

Let :math:`S` be a seed byte sequence of a chosen length, which MUST be at least 32 and at most 252 bytes.

The master extended arbitrary key is:

:math:`m_\mathsf{Arbitrary} = \mathsf{MKGh}^\mathsf{Arbitrary}(`
:math:`\mathsf{I2LEOSP}_{16}(\mathsf{length}(\mathsf{ContextString}))\,||\,\mathsf{ContextString}\,||\,`
:math:`[\mathsf{length}(S)]\,||\,S)`.

Arbitrary child key derivation
------------------------------

:math:`\mathsf{CKDarb}((\mathsf{sk}_{par}, \mathsf{c}_{par}), i)`:math:`\rightarrow (\mathsf{sk}_i, \mathsf{c}_i)`

- Return :math:`\mathsf{CKDh}^\mathsf{Arbitrary}((\mathsf{sk}_{par}, \mathsf{c}_{par}), i)`

If the context requires a 64-byte key (for example, to avoid an entropy bottleneck in its particular
subsequent operations), and :math:`i` is the last element of an HD path, the concatenation
:math:`\mathsf{sk}_i\,||\,\mathsf{c}_i` MAY be used as a key. In this case,
:math:`(\mathsf{sk}_i, \mathsf{c}_i)` MUST NOT be given as input to :math:`\mathsf{CKDarb}` (this
is a restatement of the requirement that :math:`i` is the last element of an HD path).


Specification: Wallet usage
===========================

Expand Down

0 comments on commit 672bddc

Please sign in to comment.