BIP32
なぜ chain code が必要か?
ある private key が知られたら、その private key から導出される private key がすべて知られてしまう
pubkey の場合も同様で、pubkey が知られるのは通常のこと
key + chain code + index にすることで、key に加えて chain code も知らないといけない
hardened derivation
However, because the xpub contains the chain code, if a child private key is known, or somehow leaked, it can be used with the chain code to derive all the other child private keys. A single leaked child private key, together with a parent chain code, reveals all the private keys of all the children. Worse, the child private key together with a parent chain code can be used to deduce the parent private key.
https://gyazo.com/824fc5fde8eddb72259bad5341cccc90
hardened key の場合は
https://gyazo.com/4b18db562592cb95d6e18b66739eeded
Extended key is a set of a key + a chain code
0x00 || ser256(k) for private keys これはなぜ?